GCC Middle and Back End API Reference
store.h
Go to the documentation of this file.
1/* Classes for modeling the state of memory.
2 Copyright (C) 2020-2026 Free Software Foundation, Inc.
3 Contributed by David Malcolm <dmalcolm@redhat.com>.
4
5This file is part of GCC.
6
7GCC is free software; you can redistribute it and/or modify it
8under the terms of the GNU General Public License as published by
9the Free Software Foundation; either version 3, or (at your option)
10any later version.
11
12GCC is distributed in the hope that it will be useful, but
13WITHOUT ANY WARRANTY; without even the implied warranty of
14MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15General Public License for more details.
16
17You should have received a copy of the GNU General Public License
18along with GCC; see the file COPYING3. If not see
19<http://www.gnu.org/licenses/>. */
20
21#ifndef GCC_ANALYZER_STORE_H
22#define GCC_ANALYZER_STORE_H
23
24#include "text-art/tree-widget.h"
25#include "analyzer/complexity.h"
26
27/* Implementation of the region-based ternary model described in:
28 "A Memory Model for Static Analysis of C Programs"
29 (Zhongxing Xu, Ted Kremenek, and Jian Zhang)
30 http://lcs.ios.ac.cn/~xuzb/canalyze/memmodel.pdf */
31
32/* The store models memory as a collection of "clusters", where regions
33 are partitioned into clusters via their base region.
34
35 For example, given:
36 int a, b, c;
37 struct coord { double x; double y; } verts[3];
38 then "verts[0].y" and "verts[1].x" both have "verts" as their base region.
39 Each of a, b, c, and verts will have their own clusters, so that we
40 know that writes to e.g. "verts[1].x".don't affect e.g. "a".
41
42 Within each cluster we store a map of bindings to values, where the
43 binding keys can be either concrete or symbolic.
44
45 Concrete bindings affect a specific range of bits relative to the start
46 of the base region of the cluster, whereas symbolic bindings affect
47 a specific subregion within the cluster.
48
49 Consider (from the symbolic-1.c testcase):
50
51 char arr[1024];
52 arr[2] = a; (1)
53 arr[3] = b; (2)
54 After (1) and (2), the cluster for "arr" has concrete bindings
55 for bits 16-23 and for bits 24-31, with svalues "INIT_VAL(a)"
56 and "INIT_VAL(b)" respectively:
57 cluster: {bits 16-23: "INIT_VAL(a)",
58 bits 24-31: "INIT_VAL(b)";
59 flags: {}}
60 Attempting to query unbound subregions e.g. arr[4] will
61 return "UNINITIALIZED".
62 "a" and "b" are each in their own clusters, with no explicit
63 bindings, and thus implicitly have value INIT_VAL(a) and INIT_VAL(b).
64
65 arr[3] = c; (3)
66 After (3), the concrete binding for bits 24-31 is replaced with the
67 svalue "INIT_VAL(c)":
68 cluster: {bits 16-23: "INIT_VAL(a)", (from before)
69 bits 24-31: "INIT_VAL(c)"; (updated)
70 flags: {}}
71
72 arr[i] = d; (4)
73 After (4), we lose the concrete bindings and replace them with a
74 symbolic binding for "arr[i]", with svalue "INIT_VAL(d)". We also
75 mark the cluster as having been "symbolically touched": future
76 attempts to query the values of subregions other than "arr[i]",
77 such as "arr[3]" are "UNKNOWN", since we don't know if the write
78 to arr[i] affected them.
79 cluster: {symbolic_key(arr[i]): "INIT_VAL(d)";
80 flags: {TOUCHED}}
81
82 arr[j] = e; (5)
83 After (5), we lose the symbolic binding for "arr[i]" since we could
84 have overwritten it, and add a symbolic binding for "arr[j]".
85 cluster: {symbolic_key(arr[j]): "INIT_VAL(d)"; (different symbolic
86 flags: {TOUCHED}} binding)
87
88 arr[3] = f; (6)
89 After (6), we lose the symbolic binding for "arr[j]" since we could
90 have overwritten it, and gain a concrete binding for bits 24-31
91 again, this time with svalue "INIT_VAL(e)":
92 cluster: {bits 24-31: "INIT_VAL(d)";
93 flags: {TOUCHED}}
94 The cluster is still flagged as touched, so that we know that
95 accesses to other elements are "UNKNOWN" rather than
96 "UNINITIALIZED".
97
98 Handling symbolic regions requires us to handle aliasing.
99
100 In the first example above, each of a, b, c and verts are non-symbolic
101 base regions and so their clusters are "concrete clusters", whereas given:
102 struct coord *p, *q;
103 then "*p" and "*q" are symbolic base regions, and thus "*p" and "*q"
104 have "symbolic clusters".
105
106 In the above, "verts[i].x" will have a symbolic *binding* within a
107 concrete cluster for "verts", whereas "*p" is a symbolic *cluster*.
108
109 Writes to concrete clusters can't affect other concrete clusters,
110 but can affect symbolic clusters; e.g. after:
111 verts[0].x = 42;
112 we bind 42 in the cluster for "verts", but the clusters for "b" and "c"
113 can't be affected. Any symbolic clusters for *p and for *q can be
114 affected, *p and *q could alias verts.
115
116 Writes to a symbolic cluster can affect other clusters, both
117 concrete and symbolic; e.g. after:
118 p->x = 17;
119 we bind 17 within the cluster for "*p". The concrete clusters for a, b,
120 c, and verts could be affected, depending on whether *p aliases them.
121 Similarly, the symbolic cluster to *q could be affected. */
122
123namespace ana {
124
125/* A class for keeping track of aspects of a program_state that we don't
126 know about, to avoid false positives about leaks.
127
128 Consider:
129
130 p->field = malloc (1024);
131 q->field = NULL;
132
133 where we don't know whether or not p and q point to the same memory,
134 and:
135
136 p->field = malloc (1024);
137 unknown_fn (p);
138
139 In both cases, the svalue for the address of the allocated buffer
140 goes from being bound to p->field to not having anything explicitly bound
141 to it.
142
143 Given that we conservatively discard bindings due to possible aliasing or
144 calls to unknown function, the store loses references to svalues,
145 but these svalues could still be live. We don't want to warn about
146 them leaking - they're effectively in a "maybe live" state.
147
148 This "maybe live" information is somewhat transient.
149
150 We don't want to store this "maybe live" information in the program_state,
151 region_model, or store, since we don't want to bloat these objects (and
152 potentially bloat the exploded_graph with more nodes).
153 However, we can't store it in the region_model_context, as these context
154 objects sometimes don't last long enough to be around when comparing the
155 old vs the new state.
156
157 This class is a way to track a set of such svalues, so that we can
158 temporarily capture that they are in a "maybe live" state whilst
159 comparing old and new states. */
160
161class uncertainty_t
162{
163public:
164 typedef hash_set<const svalue *>::iterator iterator;
165
166 void on_maybe_bound_sval (const svalue *sval)
167 {
168 m_maybe_bound_svals.add (sval);
169 }
170 void on_mutable_sval_at_unknown_call (const svalue *sval)
171 {
172 m_mutable_at_unknown_call_svals.add (sval);
173 }
174
175 bool unknown_sm_state_p (const svalue *sval)
176 {
177 return (m_maybe_bound_svals.contains (sval)
178 || m_mutable_at_unknown_call_svals.contains (sval));
179 }
180
181 void dump_to_pp (pretty_printer *pp, bool simple) const;
182 void dump (bool simple) const;
183
184 iterator begin_maybe_bound_svals () const
185 {
186 return m_maybe_bound_svals.begin ();
187 }
188 iterator end_maybe_bound_svals () const
189 {
190 return m_maybe_bound_svals.end ();
191 }
192
193private:
194
195 /* svalues that might or might not still be bound. */
196 hash_set<const svalue *> m_maybe_bound_svals;
197
198 /* svalues that have mutable sm-state at unknown calls. */
199 hash_set<const svalue *> m_mutable_at_unknown_call_svals;
200};
201
202class byte_range;
203class concrete_binding;
204class symbolic_binding;
205
206/* Abstract base class for describing ranges of bits within a binding_map
207 that can have svalues bound to them. */
208
209class binding_key
210{
211public:
212 virtual ~binding_key () {}
213 virtual bool concrete_p () const = 0;
214 bool symbolic_p () const { return !concrete_p (); }
215
216 static const binding_key *make (store_manager *mgr, const region *r);
217
218 virtual void dump_to_pp (pretty_printer *pp, bool simple) const = 0;
219 void dump (bool simple) const;
220 label_text get_desc (bool simple=true) const;
221
222 static int cmp_ptrs (const void *, const void *);
223 static int cmp (const binding_key *, const binding_key *);
224
225 virtual const concrete_binding *dyn_cast_concrete_binding () const
226 { return nullptr; }
227 virtual const symbolic_binding *dyn_cast_symbolic_binding () const
228 { return nullptr; }
229};
230
231/* A concrete range of bits. */
232
233struct bit_range
234{
235 bit_range (bit_offset_t start_bit_offset, bit_size_t size_in_bits)
236 : m_start_bit_offset (start_bit_offset),
237 m_size_in_bits (size_in_bits)
238 {}
239
240 void dump_to_pp (pretty_printer *pp) const;
241 void dump () const;
242
243 std::unique_ptr<json::object> to_json () const;
244
245 bool empty_p () const
246 {
247 return m_size_in_bits == 0;
248 }
249
250 bit_offset_t get_start_bit_offset () const
251 {
252 return m_start_bit_offset;
253 }
258 bit_offset_t get_last_bit_offset () const
259 {
260 gcc_assert (!empty_p ());
261 return get_next_bit_offset () - 1;
262 }
263
264 bool contains_p (bit_offset_t offset) const
265 {
266 return (offset >= get_start_bit_offset ()
267 && offset < get_next_bit_offset ());
268 }
269
270 bool contains_p (const bit_range &other, bit_range *out) const;
271
272 bool operator== (const bit_range &other) const
273 {
274 return (m_start_bit_offset == other.m_start_bit_offset
275 && m_size_in_bits == other.m_size_in_bits);
276 }
277
278 bool intersects_p (const bit_range &other) const
279 {
280 return (get_start_bit_offset () < other.get_next_bit_offset ()
281 && other.get_start_bit_offset () < get_next_bit_offset ());
282 }
283 bool intersects_p (const bit_range &other,
284 bit_size_t *out_num_overlap_bits) const;
285 bool intersects_p (const bit_range &other,
286 bit_range *out_this,
287 bit_range *out_other) const;
288
289 bool exceeds_p (const bit_range &other,
290 bit_range *out_overhanging_bit_range) const;
291
292 bool falls_short_of_p (bit_offset_t offset,
293 bit_range *out_fall_short_bits) const;
294
295 static int cmp (const bit_range &br1, const bit_range &br2);
296
297 bit_range operator- (bit_offset_t offset) const;
298
299 static bool from_mask (unsigned HOST_WIDE_INT mask, bit_range *out);
300
301 bool as_byte_range (byte_range *out) const;
302
303 bool
304 operator< (const bit_range &other) const
305 {
306 if (m_start_bit_offset < other.m_start_bit_offset)
307 return true;
308 if (m_start_bit_offset > other.m_start_bit_offset)
309 return false;
310 return (m_size_in_bits < other.m_size_in_bits);
311 }
312
313 hashval_t hash () const
314 {
315 inchash::hash hstate;
316 hstate.add_wide_int (m_start_bit_offset);
317 hstate.add_wide_int (m_size_in_bits);
318 return hstate.end ();
319 }
320
321 bit_offset_t m_start_bit_offset;
322 bit_size_t m_size_in_bits;
323};
324
325/* A concrete range of bytes. */
326
327struct byte_range
328{
329 byte_range (byte_offset_t start_byte_offset, byte_size_t size_in_bytes)
330 : m_start_byte_offset (start_byte_offset),
331 m_size_in_bytes (size_in_bytes)
332 {}
333
334 void dump_to_pp (pretty_printer *pp) const;
335 void dump () const;
336
337 std::unique_ptr<json::object> to_json () const;
338
339 bool empty_p () const
340 {
341 return m_size_in_bytes == 0;
342 }
343
344 bool contains_p (byte_offset_t offset) const
345 {
346 return (offset >= get_start_byte_offset ()
347 && offset < get_next_byte_offset ());
348 }
349 bool contains_p (const byte_range &other, byte_range *out) const;
350
351 bool operator== (const byte_range &other) const
352 {
353 return (m_start_byte_offset == other.m_start_byte_offset
354 && m_size_in_bytes == other.m_size_in_bytes);
355 }
356
370
371 bit_range as_bit_range () const
372 {
373 return bit_range (m_start_byte_offset * BITS_PER_UNIT,
374 m_size_in_bytes * BITS_PER_UNIT);
375 }
376
377 bit_offset_t get_start_bit_offset () const
378 {
379 return m_start_byte_offset * BITS_PER_UNIT;
380 }
381 bit_offset_t get_next_bit_offset () const
382 {
383 return get_next_byte_offset () * BITS_PER_UNIT;
384 }
385
386 static int cmp (const byte_range &br1, const byte_range &br2);
387
388 byte_offset_t m_start_byte_offset;
389 byte_size_t m_size_in_bytes;
390};
391
392/* Concrete subclass of binding_key, for describing a non-empty
393 concrete range of bits within the binding_map (e.g. "bits 8-15"). */
394
395class concrete_binding : public binding_key
396{
397public:
398 /* This class is its own key for the purposes of consolidation. */
399 typedef concrete_binding key_t;
400
401 concrete_binding (bit_offset_t start_bit_offset, bit_size_t size_in_bits)
402 : m_bit_range (start_bit_offset, size_in_bits)
403 {
404 gcc_assert (m_bit_range.m_size_in_bits > 0);
405 }
406 bool concrete_p () const final override { return true; }
407
408 hashval_t hash () const { return m_bit_range.hash (); }
409 bool operator== (const concrete_binding &other) const
410 {
411 return m_bit_range == other.m_bit_range;
412 }
413
414 void dump_to_pp (pretty_printer *pp, bool simple) const final override;
415
416 const concrete_binding *dyn_cast_concrete_binding () const final override
417 { return this; }
418
419 const bit_range &get_bit_range () const { return m_bit_range; }
420 bool get_byte_range (byte_range *out) const;
421
422 bit_offset_t get_start_bit_offset () const
423 {
424 return m_bit_range.m_start_bit_offset;
425 }
426 bit_size_t get_size_in_bits () const
427 {
428 return m_bit_range.m_size_in_bits;
429 }
430 /* Return the next bit offset after the end of this binding. */
431 bit_offset_t get_next_bit_offset () const
432 {
433 return m_bit_range.get_next_bit_offset ();
434 }
435
436 bool overlaps_p (const concrete_binding &other) const;
437
438 static int cmp_ptr_ptr (const void *, const void *);
439
440 void mark_deleted () { m_bit_range.m_size_in_bits = -1; }
441 void mark_empty () { m_bit_range.m_size_in_bits = -2; }
442 bool is_deleted () const { return m_bit_range.m_size_in_bits == -1; }
443 bool is_empty () const { return m_bit_range.m_size_in_bits == -2; }
444
445private:
446 bit_range m_bit_range;
447};
448
449} // namespace ana
450
451template <>
452template <>
453inline bool
454is_a_helper <const ana::concrete_binding *>::test (const ana::binding_key *key)
455{
456 return key->concrete_p ();
457}
458
459template <> struct default_hash_traits<ana::concrete_binding>
460: public member_function_hash_traits<ana::concrete_binding>
461{
462 static const bool empty_zero_p = false;
463};
464
465namespace ana {
466
467/* Concrete subclass of binding_key, for describing a symbolic set of
468 bits within the binding_map in terms of a region (e.g. "arr[i]"). */
469
470class symbolic_binding : public binding_key
471{
472public:
473 /* This class is its own key for the purposes of consolidation. */
474 typedef symbolic_binding key_t;
475
476 symbolic_binding (const region *region) : m_region (region) {}
477 bool concrete_p () const final override { return false; }
478
479 hashval_t hash () const
480 {
481 return (intptr_t)m_region;
482 }
483 bool operator== (const symbolic_binding &other) const
484 {
485 return m_region == other.m_region;
486 }
487
488 void dump_to_pp (pretty_printer *pp, bool simple) const final override;
489
490 const symbolic_binding *dyn_cast_symbolic_binding () const final override
491 { return this; }
492
493 const region *get_region () const { return m_region; }
494
495 static int cmp_ptr_ptr (const void *, const void *);
496
497 void mark_deleted () { m_region = reinterpret_cast<const region *> (1); }
498 void mark_empty () { m_region = nullptr; }
499 bool is_deleted () const
500 { return m_region == reinterpret_cast<const region *> (1); }
501 bool is_empty () const { return m_region == nullptr; }
502
503private:
504 const region *m_region;
505};
506
507} // namespace ana
508
509template <> struct default_hash_traits<ana::symbolic_binding>
510: public member_function_hash_traits<ana::symbolic_binding>
511{
512 static const bool empty_zero_p = true;
513};
514
515namespace ana {
516
517/* A mapping from concrete bit_ranges to svalues, for use by
518 binding_cluster and compound_svalue.
519 The keys are ordered by the start offset, and must not overlap
520 The bound svalues may not be compound_svalues, so that we don't
521 nest these (for canonicalization). */
522
523class concrete_binding_map
524{
525public:
526 using map_t = std::map<bit_range, const svalue *>;
527 using const_iterator = map_t::const_iterator;
528 using iterator = map_t::iterator;
529
530 void clear () { m_map.clear (); }
531 bool empty_p () const { return m_map.empty (); }
532
533 bool
534 operator== (const concrete_binding_map &other) const
535 {
536 return m_map == other.m_map;
537 }
538 bool
539 operator!= (const concrete_binding_map &other) const
540 {
541 return m_map != other.m_map;
542 }
543
544 const_iterator begin () const { return m_map.begin (); }
545 const_iterator end () const { return m_map.end (); }
546 iterator begin () { return m_map.begin (); }
547 iterator end () { return m_map.end (); }
548
549 size_t size () const { return m_map.size (); }
550
551 void dump_to_pp (pretty_printer *pp, bool simple, bool multiline) const;
552 void dump (bool simple) const;
553
554 void add_to_tree_widget (text_art::tree_widget &parent_widget,
555 const text_art::dump_widget_info &dwi) const;
556
557 void validate () const;
558
559 static int
560 cmp (const concrete_binding_map &map1,
561 const concrete_binding_map &map2);
562
563 void
564 insert (const bit_range &bits, const svalue *sval)
565 {
566 m_map.insert ({bits, sval});
567 }
568
569 void
570 insert (const byte_range &bytes, const svalue *sval)
571 {
572 m_map.insert ({bytes.as_bit_range (), sval});
573 }
574
575 void
576 erase (const bit_range &bits)
577 {
578 m_map.erase (bits);
579 }
580
581 const svalue *
582 get_any_exact_binding (const bit_range &bits) const;
583
584 const_iterator
585 find (const bit_range &bits) const
586 {
587 return m_map.find (bits);
588 }
589 iterator
590 find (const bit_range &bits)
591 {
592 return m_map.find (bits);
593 }
594
595 complexity calc_complexity () const;
596
597 bool apply_ctor_to_region (const region *parent_reg, tree ctor,
598 region_model_manager *mgr);
599
600 void remove_overlapping_binding (store_manager *mgr,
601 const bit_range &bits_to_drop,
602 const bit_range &affected_bound_bits,
603 const svalue &old_sval);
604
605 void remove_overlapping_bindings (store_manager *mgr,
606 const bit_range &bits);
607
608private:
609 std::vector<std::pair<bit_range, const svalue &>>
610 get_overlapping_bindings (const bit_range &bits);
611
612 bool apply_ctor_val_to_range (const region *parent_reg,
613 region_model_manager *mgr,
614 tree min_index, tree max_index,
615 tree val);
616 bool apply_ctor_pair_to_child_region (const region *parent_reg,
617 region_model_manager *mgr,
618 tree index, tree val);
619
620 map_t m_map;
621};
622
623/* A mapping from binding_keys to svalues, for use by binding_cluster.
624 We store bindings at concrete bit ranges via a concrete_binding_map,
625 along with a vector of (symbolic key, svalue) pairs, but for now
626 this has maximum length of 1. */
627
628class binding_map
629{
630public:
631 struct symbolic_binding
632 {
633 bool operator== (const symbolic_binding &other) const
634 {
635 return (m_region == other.m_region
636 && m_sval == other.m_sval);
637 }
638
639 const region *m_region;
640 const svalue *m_sval;
641 };
642 using concrete_bindings_t = concrete_binding_map;
643 using symbolic_bindings_t = std::vector<symbolic_binding>;
644
645 struct binding_pair
646 {
647 binding_pair (const binding_key *key,
648 const svalue *sval)
649 : m_key (key),
650 m_sval (sval)
651 {
652 }
653
654 const binding_key *m_key;
655 const svalue *m_sval;
656 };
657
658 typedef class const_iterator
659 {
660 public:
661 const_iterator (const binding_map &map,
662 concrete_bindings_t::const_iterator concrete_iter,
663 symbolic_bindings_t::const_iterator symbolic_iter)
664 : m_map (map),
665 m_concrete (concrete_iter),
666 m_symbolic (symbolic_iter)
667 {
668 }
669 bool operator== (const const_iterator &other) const;
670 bool operator!= (const const_iterator &other) const
671 {
672 return !(*this == other);
673 }
674 const_iterator &operator++ ();
675
676 binding_pair operator* ();
677 const svalue *get_svalue () const;
678
679 private:
680 const binding_map &m_map;
681 concrete_bindings_t::const_iterator m_concrete;
682 symbolic_bindings_t::const_iterator m_symbolic;
683 } const_iterator_t;
684
685 typedef class iterator
686 {
687 public:
688 friend class binding_map;
689
690 iterator (const binding_map &map,
691 concrete_bindings_t::iterator concrete_iter,
692 symbolic_bindings_t::iterator symbolic_iter)
693 : m_map (map),
694 m_concrete (concrete_iter),
695 m_symbolic (symbolic_iter)
696 {
697 }
698 bool operator== (const iterator &other) const;
699 bool operator!= (const iterator &other) const
700 {
701 return !(*this == other);
702 }
703 iterator &operator++ ();
704
705 binding_pair operator* ();
706
707 const binding_key *get_key () const;
708
709 private:
710 const binding_map &m_map;
711 concrete_bindings_t::iterator m_concrete;
712 symbolic_bindings_t::iterator m_symbolic;
713 } iterator_t;
714
715 binding_map (store_manager &store_mgr);
716 binding_map (const binding_map &other);
717 binding_map& operator=(const binding_map &other);
718
719 bool operator== (const binding_map &other) const;
720 bool operator!= (const binding_map &other) const
721 {
722 return !(*this == other);
723 }
724
725 hashval_t hash () const;
726
727 const svalue *get (const binding_key *key) const;
728 void put (const binding_key *k, const svalue *v);
729 void overwrite (iterator_t &pos, const svalue *v);
730
731 void remove (const binding_key *k);
732 void clear ()
733 {
734 m_concrete.clear ();
735 m_symbolic.clear ();
736 }
737
738 bool empty_p () const
739 {
740 return m_concrete.empty_p () && m_symbolic.empty ();
741 }
742
743 const_iterator_t begin () const;
744 const_iterator_t end () const;
745 iterator_t begin ();
746 iterator_t end ();
747 size_t elements () const;
748
749 void dump_to_pp (pretty_printer *pp, bool simple, bool multiline) const;
750 void dump (bool simple) const;
751
752 void validate () const;
753
754 std::unique_ptr<json::object> to_json () const;
755
756 void add_to_tree_widget (text_art::tree_widget &parent_widget,
757 const text_art::dump_widget_info &dwi) const;
758
759 void remove_overlapping_bindings (store_manager *mgr,
760 const binding_key *drop_key,
761 uncertainty_t *uncertainty,
762 svalue_set *maybe_live_values,
763 bool always_overlap);
764
765 const concrete_bindings_t &
766 get_concrete_bindings () const { return m_concrete; }
767
768 const symbolic_bindings_t &
769 get_symbolic_bindings () const { return m_symbolic; }
770
771private:
772 void get_overlapping_bindings (const binding_key *key,
773 auto_vec<const binding_key *> *out);
774
775 store_manager &m_store_mgr;
776 concrete_bindings_t m_concrete;
777 symbolic_bindings_t m_symbolic;
778};
779
780/* All of the bindings within a store for regions that share the same
781 base region. */
782
783class binding_cluster
784{
785public:
786 friend class store;
787
788 typedef binding_map::const_iterator const_iterator_t;
789 typedef binding_map::iterator iterator_t;
790
791 binding_cluster (store_manager &store_mgr, const region *base_region);
792 binding_cluster (const binding_cluster &other);
793 binding_cluster& operator=(const binding_cluster &other);
794
795 bool operator== (const binding_cluster &other) const;
796 bool operator!= (const binding_cluster &other) const
797 {
798 return !(*this == other);
799 }
800
801 hashval_t hash () const;
802
803 bool symbolic_p () const;
804
805 const region *get_base_region () const { return m_base_region; }
806
807 void dump_to_pp (pretty_printer *pp, bool simple, bool multiline) const;
808 void dump (bool simple) const;
809
810 void validate () const;
811
812 std::unique_ptr<json::object> to_json () const;
813
814 std::unique_ptr<text_art::tree_widget>
815 make_dump_widget (const text_art::dump_widget_info &dwi,
816 store_manager *mgr) const;
817
818 void bind (store_manager *mgr, const region *, const svalue *);
819
820 void clobber_region (store_manager *mgr, const region *reg);
821 void purge_region (store_manager *mgr, const region *reg);
822 void fill_region (store_manager *mgr, const region *reg, const svalue *sval);
823 void zero_fill_region (store_manager *mgr, const region *reg);
824 void mark_region_as_unknown (store_manager *mgr,
825 const region *reg_to_bind,
826 const region *reg_for_overlap,
827 uncertainty_t *uncertainty,
828 svalue_set *maybe_live_values);
829 void purge_state_involving (const svalue *sval,
830 region_model_manager *sval_mgr);
831
832 const svalue *get_binding (store_manager *mgr, const region *reg) const;
833 const svalue *get_binding_recursive (store_manager *mgr,
834 const region *reg) const;
835 const svalue *get_any_binding (store_manager *mgr,
836 const region *reg) const;
837 const svalue *maybe_get_compound_binding (store_manager *mgr,
838 const region *reg) const;
839
840 void remove_overlapping_bindings (store_manager *mgr, const region *reg,
841 uncertainty_t *uncertainty,
842 svalue_set *maybe_live_values);
843
844 template <typename T>
845 void for_each_value (void (*cb) (const svalue *sval, T user_data),
846 T user_data) const
847 {
848 for (auto iter = m_map.begin (); iter != m_map.end (); ++iter)
849 cb (iter.get_svalue (), user_data);
850 }
851
852 static bool can_merge_p (const binding_cluster *cluster_a,
853 const binding_cluster *cluster_b,
854 binding_cluster *out_cluster,
855 store *out_store,
856 store_manager *mgr,
857 model_merger *merger);
858 void make_unknown_relative_to (const binding_cluster *other_cluster,
859 store *out_store,
860 store_manager *mgr);
861
862 void mark_as_escaped ();
863 void on_unknown_fncall (const gcall &call, store_manager *mgr,
864 const conjured_purge &p);
865 void on_asm (const gasm *stmt, store_manager *mgr,
866 const conjured_purge &p);
867
868 bool escaped_p () const;
869 bool touched_p () const { return m_touched; }
870
871 bool redundant_p () const;
872 bool empty_p () const { return m_map.empty_p (); }
873
874 void get_representative_path_vars (const region_model *model,
875 svalue_set *visited,
876 const region *base_reg,
877 const svalue *sval,
878 logger *logger,
879 auto_vec<path_var> *out_pvs) const;
880
881 const svalue *maybe_get_simple_value (store_manager *mgr) const;
882
883 const_iterator_t begin () const { return m_map.begin (); }
884 const_iterator_t end () const { return m_map.end (); }
885
886 iterator_t begin () { return m_map.begin (); }
887 iterator_t end () { return m_map.end (); }
888
889 const binding_map &get_map () const { return m_map; }
890 binding_map &get_map () { return m_map; }
891
892private:
893 const svalue *get_any_value (const binding_key *key) const;
894 void bind_compound_sval (store_manager *mgr,
895 const region *reg,
896 const compound_svalue *compound_sval);
897 void bind_key (const binding_key *key, const svalue *sval);
898
899 const region *m_base_region;
900
901 binding_map m_map;
902
903 /* Has a pointer to this cluster "escaped" into a part of the program
904 we don't know about (via a call to a function with an unknown body,
905 or by being passed in as a pointer param of a "top-level" function call).
906 Such regions could be overwritten when other such functions are called,
907 even if the region is no longer reachable by pointers that we are
908 tracking. */
909 bool m_escaped;
910
911 /* Has this cluster been written to via a symbolic binding?
912 If so, then we don't know anything about unbound subregions,
913 so we can't use initial_svalue, treat them as uninitialized, or
914 inherit values from a parent region. */
915 bool m_touched;
916};
917
918/* The mapping from regions to svalues.
919 This is actually expressed by subdividing into clusters, to better
920 handle aliasing. */
921
922class store
923{
924public:
925 typedef hash_map <const region *, binding_cluster *> cluster_map_t;
926
927 store ();
928 store (const store &other);
929 ~store ();
930
931 store &operator= (const store &other);
932
933 bool operator== (const store &other) const;
934 bool operator!= (const store &other) const
935 {
936 return !(*this == other);
937 }
938
939 hashval_t hash () const;
940
941 void dump_to_pp (pretty_printer *pp, bool summarize, bool multiline,
942 store_manager *mgr) const;
943 void dump (bool simple) const;
944 void summarize_to_pp (pretty_printer *pp, bool simple) const;
945
946 void validate () const;
947
948 std::unique_ptr<json::object> to_json () const;
949
950 std::unique_ptr<text_art::tree_widget>
951 make_dump_widget (const text_art::dump_widget_info &dwi,
952 store_manager *mgr) const;
953
954 const svalue *get_any_binding (store_manager *mgr, const region *reg) const;
955
956 bool called_unknown_fn_p () const { return m_called_unknown_fn; }
957
958 void set_value (store_manager *mgr, const region *lhs_reg,
959 const svalue *rhs_sval,
960 uncertainty_t *uncertainty);
961 void clobber_region (store_manager *mgr, const region *reg);
962 void purge_region (store_manager *mgr, const region *reg);
963 void fill_region (store_manager *mgr, const region *reg, const svalue *sval);
964 void zero_fill_region (store_manager *mgr, const region *reg);
965 void mark_region_as_unknown (store_manager *mgr, const region *reg,
966 uncertainty_t *uncertainty,
967 svalue_set *maybe_live_values);
968 void purge_state_involving (const svalue *sval,
969 region_model_manager *sval_mgr);
970
971 const binding_cluster *get_cluster (const region *base_reg) const;
972 binding_cluster *get_cluster (const region *base_reg);
973 binding_cluster *get_or_create_cluster (store_manager &store_mgr,
974 const region *base_reg);
975 void purge_cluster (const region *base_reg);
976
977 template <typename T>
978 void for_each_cluster (void (*cb) (const region *base_reg, T user_data),
979 T user_data) const
980 {
981 for (cluster_map_t::iterator iter = m_cluster_map.begin ();
982 iter != m_cluster_map.end (); ++iter)
983 cb ((*iter).first, user_data);
984 }
985
986 static bool can_merge_p (const store *store_a, const store *store_b,
987 store *out_store, store_manager *mgr,
988 model_merger *merger);
989
990 void mark_as_escaped (store_manager &mgr, const region *base_reg);
991 void on_unknown_fncall (const gcall &call, store_manager *mgr,
992 const conjured_purge &p);
993 bool escaped_p (const region *reg) const;
994
995 void get_representative_path_vars (const region_model *model,
996 svalue_set *visited,
997 const svalue *sval,
998 logger *logger,
999 auto_vec<path_var> *out_pvs) const;
1000
1001 cluster_map_t::iterator begin () const { return m_cluster_map.begin (); }
1002 cluster_map_t::iterator end () const { return m_cluster_map.end (); }
1003
1004 tristate eval_alias (const region *base_reg_a,
1005 const region *base_reg_b) const;
1006
1007 void canonicalize (store_manager *mgr);
1008 void loop_replay_fixup (const store *other_store,
1009 region_model_manager *mgr);
1010
1011 void replay_call_summary (call_summary_replay &r,
1012 const store &summary);
1013 void replay_call_summary_cluster (call_summary_replay &r,
1014 const store &summary,
1015 const region *base_reg);
1016 void on_maybe_live_values (store_manager &mgr,
1017 const svalue_set &maybe_live_values);
1018
1019private:
1020 void remove_overlapping_bindings (store_manager *mgr, const region *reg,
1021 uncertainty_t *uncertainty);
1022 tristate eval_alias_1 (const region *base_reg_a,
1023 const region *base_reg_b) const;
1024
1025 cluster_map_t m_cluster_map;
1026
1027 /* If this is true, then unknown code has been called, and so
1028 any global variable that isn't currently modelled by the store
1029 has unknown state, rather than being in an "initial state".
1030 This is to avoid having to mark (and thus explicitly track)
1031 every global when an unknown function is called; instead, they
1032 can be tracked implicitly. */
1033 bool m_called_unknown_fn;
1034};
1035
1036/* A class responsible for owning and consolidating binding keys
1037 (both concrete and symbolic).
1038 Key instances are immutable as far as clients are concerned, so they
1039 are provided as "const" ptrs. */
1040
1041class store_manager
1042{
1043public:
1044 store_manager (region_model_manager *mgr) : m_mgr (mgr) {}
1045
1046 logger *get_logger () const;
1047
1048 /* binding consolidation. */
1049 const concrete_binding *
1050 get_concrete_binding (bit_offset_t start_bit_offset,
1051 bit_offset_t size_in_bits);
1052 const concrete_binding *
1053 get_concrete_binding (const bit_range &bits)
1054 {
1055 return get_concrete_binding (bits.get_start_bit_offset (),
1056 bits.m_size_in_bits);
1057 }
1058 const concrete_binding *
1059 get_concrete_binding (const byte_range &bytes)
1060 {
1061 bit_range bits = bytes.as_bit_range ();
1062 return get_concrete_binding (bits);
1063 }
1064 const symbolic_binding *
1065 get_symbolic_binding (const region *region);
1066
1067 region_model_manager *get_svalue_manager () const
1068 {
1069 return m_mgr;
1070 }
1071
1072 void log_stats (logger *logger, bool show_objs) const;
1073
1074private:
1075 region_model_manager *m_mgr;
1076 consolidation_map<concrete_binding> m_concrete_binding_key_mgr;
1077 consolidation_map<symbolic_binding> m_symbolic_binding_key_mgr;
1078};
1079
1080} // namespace ana
1081
1082#endif /* GCC_ANALYZER_STORE_H */
ana::binding_cluster
Definition store.h:784
ana::binding_cluster::mark_as_escaped
void mark_as_escaped()
ana::binding_cluster::m_map
binding_map m_map
Definition store.h:901
ana::binding_cluster::end
const_iterator_t end() const
Definition store.h:884
ana::binding_cluster::bind
void bind(store_manager *mgr, const region *, const svalue *)
ana::binding_cluster::dump
void dump(bool simple) const
ana::binding_cluster::get_representative_path_vars
void get_representative_path_vars(const region_model *model, svalue_set *visited, const region *base_reg, const svalue *sval, logger *logger, auto_vec< path_var > *out_pvs) const
ana::binding_cluster::fill_region
void fill_region(store_manager *mgr, const region *reg, const svalue *sval)
ana::binding_cluster::binding_cluster
binding_cluster(store_manager &store_mgr, const region *base_region)
ana::binding_cluster::on_asm
void on_asm(const gasm *stmt, store_manager *mgr, const conjured_purge &p)
ana::binding_cluster::get_binding_recursive
const svalue * get_binding_recursive(store_manager *mgr, const region *reg) const
ana::binding_cluster::for_each_value
void for_each_value(void(*cb)(const svalue *sval, T user_data), T user_data) const
Definition store.h:845
ana::binding_cluster::get_map
binding_map & get_map()
Definition store.h:890
ana::binding_cluster::bind_compound_sval
void bind_compound_sval(store_manager *mgr, const region *reg, const compound_svalue *compound_sval)
ana::binding_cluster::make_dump_widget
std::unique_ptr< text_art::tree_widget > make_dump_widget(const text_art::dump_widget_info &dwi, store_manager *mgr) const
ana::binding_cluster::m_escaped
bool m_escaped
Definition store.h:909
ana::binding_cluster::store
friend class store
Definition store.h:786
ana::binding_cluster::mark_region_as_unknown
void mark_region_as_unknown(store_manager *mgr, const region *reg_to_bind, const region *reg_for_overlap, uncertainty_t *uncertainty, svalue_set *maybe_live_values)
ana::binding_cluster::binding_cluster
binding_cluster(const binding_cluster &other)
ana::binding_cluster::hash
hashval_t hash() const
ana::binding_cluster::validate
void validate() const
ana::binding_cluster::symbolic_p
bool symbolic_p() const
ana::binding_cluster::purge_region
void purge_region(store_manager *mgr, const region *reg)
ana::binding_cluster::clobber_region
void clobber_region(store_manager *mgr, const region *reg)
ana::binding_cluster::make_unknown_relative_to
void make_unknown_relative_to(const binding_cluster *other_cluster, store *out_store, store_manager *mgr)
ana::binding_cluster::operator==
bool operator==(const binding_cluster &other) const
ana::binding_cluster::iterator_t
binding_map::iterator iterator_t
Definition store.h:789
ana::binding_cluster::begin
iterator_t begin()
Definition store.h:886
ana::binding_cluster::begin
const_iterator_t begin() const
Definition store.h:883
ana::binding_cluster::bind_key
void bind_key(const binding_key *key, const svalue *sval)
ana::binding_cluster::empty_p
bool empty_p() const
Definition store.h:872
ana::binding_cluster::get_any_binding
const svalue * get_any_binding(store_manager *mgr, const region *reg) const
ana::binding_cluster::operator!=
bool operator!=(const binding_cluster &other) const
Definition store.h:796
ana::binding_cluster::operator=
binding_cluster & operator=(const binding_cluster &other)
ana::binding_cluster::purge_state_involving
void purge_state_involving(const svalue *sval, region_model_manager *sval_mgr)
ana::binding_cluster::get_any_value
const svalue * get_any_value(const binding_key *key) const
ana::binding_cluster::dump_to_pp
void dump_to_pp(pretty_printer *pp, bool simple, bool multiline) const
ana::binding_cluster::get_base_region
const region * get_base_region() const
Definition store.h:805
ana::binding_cluster::m_base_region
const region * m_base_region
Definition store.h:899
ana::binding_cluster::maybe_get_compound_binding
const svalue * maybe_get_compound_binding(store_manager *mgr, const region *reg) const
ana::binding_cluster::touched_p
bool touched_p() const
Definition store.h:869
ana::binding_cluster::get_map
const binding_map & get_map() const
Definition store.h:889
ana::binding_cluster::escaped_p
bool escaped_p() const
ana::binding_cluster::end
iterator_t end()
Definition store.h:887
ana::binding_cluster::const_iterator_t
binding_map::const_iterator const_iterator_t
Definition store.h:788
ana::binding_cluster::to_json
std::unique_ptr< json::object > to_json() const
ana::binding_cluster::remove_overlapping_bindings
void remove_overlapping_bindings(store_manager *mgr, const region *reg, uncertainty_t *uncertainty, svalue_set *maybe_live_values)
ana::binding_cluster::zero_fill_region
void zero_fill_region(store_manager *mgr, const region *reg)
ana::binding_cluster::get_binding
const svalue * get_binding(store_manager *mgr, const region *reg) const
ana::binding_cluster::can_merge_p
static bool can_merge_p(const binding_cluster *cluster_a, const binding_cluster *cluster_b, binding_cluster *out_cluster, store *out_store, store_manager *mgr, model_merger *merger)
ana::binding_cluster::on_unknown_fncall
void on_unknown_fncall(const gcall &call, store_manager *mgr, const conjured_purge &p)
ana::binding_cluster::redundant_p
bool redundant_p() const
ana::binding_cluster::m_touched
bool m_touched
Definition store.h:915
ana::binding_cluster::maybe_get_simple_value
const svalue * maybe_get_simple_value(store_manager *mgr) const
ana::binding_key
Definition store.h:210
ana::binding_key::dump
void dump(bool simple) const
ana::binding_key::make
static const binding_key * make(store_manager *mgr, const region *r)
ana::binding_key::cmp_ptrs
static int cmp_ptrs(const void *, const void *)
ana::binding_key::dyn_cast_symbolic_binding
virtual const symbolic_binding * dyn_cast_symbolic_binding() const
Definition store.h:227
ana::binding_key::concrete_p
virtual bool concrete_p() const =0
ana::binding_key::dump_to_pp
virtual void dump_to_pp(pretty_printer *pp, bool simple) const =0
ana::binding_key::~binding_key
virtual ~binding_key()
Definition store.h:212
ana::binding_key::symbolic_p
bool symbolic_p() const
Definition store.h:214
ana::binding_key::cmp
static int cmp(const binding_key *, const binding_key *)
ana::binding_key::get_desc
label_text get_desc(bool simple=true) const
ana::binding_key::dyn_cast_concrete_binding
virtual const concrete_binding * dyn_cast_concrete_binding() const
Definition store.h:225
ana::binding_map::const_iterator
Definition store.h:659
ana::binding_map::const_iterator::get_svalue
const svalue * get_svalue() const
ana::binding_map::const_iterator::operator++
const_iterator & operator++()
ana::binding_map::const_iterator::operator*
binding_pair operator*()
ana::binding_map::const_iterator::operator==
bool operator==(const const_iterator &other) const
ana::binding_map::const_iterator::operator!=
bool operator!=(const const_iterator &other) const
Definition store.h:670
ana::binding_map::const_iterator::m_concrete
concrete_bindings_t::const_iterator m_concrete
Definition store.h:681
ana::binding_map::const_iterator::m_map
const binding_map & m_map
Definition store.h:680
ana::binding_map::const_iterator::m_symbolic
symbolic_bindings_t::const_iterator m_symbolic
Definition store.h:682
ana::binding_map::const_iterator::const_iterator
const_iterator(const binding_map &map, concrete_bindings_t::const_iterator concrete_iter, symbolic_bindings_t::const_iterator symbolic_iter)
Definition store.h:661
ana::binding_map::iterator
Definition store.h:686
ana::binding_map::iterator::operator!=
bool operator!=(const iterator &other) const
Definition store.h:699
ana::binding_map::iterator::operator==
bool operator==(const iterator &other) const
ana::binding_map::iterator::m_symbolic
symbolic_bindings_t::iterator m_symbolic
Definition store.h:712
ana::binding_map::iterator::m_map
const binding_map & m_map
Definition store.h:710
ana::binding_map::iterator::iterator
iterator(const binding_map &map, concrete_bindings_t::iterator concrete_iter, symbolic_bindings_t::iterator symbolic_iter)
Definition store.h:690
ana::binding_map::iterator::get_key
const binding_key * get_key() const
ana::binding_map::iterator::operator++
iterator & operator++()
ana::binding_map::iterator::operator*
binding_pair operator*()
ana::binding_map::iterator::binding_map
friend class binding_map
Definition store.h:688
ana::binding_map::iterator::m_concrete
concrete_bindings_t::iterator m_concrete
Definition store.h:711
ana::binding_map
Definition store.h:629
ana::binding_map::elements
size_t elements() const
ana::binding_map::operator=
binding_map & operator=(const binding_map &other)
ana::binding_map::end
const_iterator_t end() const
ana::binding_map::validate
void validate() const
ana::binding_map::concrete_bindings_t
concrete_binding_map concrete_bindings_t
Definition store.h:642
ana::binding_map::dump_to_pp
void dump_to_pp(pretty_printer *pp, bool simple, bool multiline) const
ana::binding_map::get_overlapping_bindings
void get_overlapping_bindings(const binding_key *key, auto_vec< const binding_key * > *out)
ana::binding_map::operator==
bool operator==(const binding_map &other) const
ana::binding_map::end
iterator_t end()
ana::binding_map::empty_p
bool empty_p() const
Definition store.h:738
ana::binding_map::dump
void dump(bool simple) const
ana::binding_map::hash
hashval_t hash() const
ana::binding_map::iterator_t
class ana::binding_map::iterator iterator_t
ana::binding_map::m_store_mgr
store_manager & m_store_mgr
Definition store.h:775
ana::binding_map::clear
void clear()
Definition store.h:732
ana::binding_map::binding_map
binding_map(store_manager &store_mgr)
ana::binding_map::get_symbolic_bindings
const symbolic_bindings_t & get_symbolic_bindings() const
Definition store.h:769
ana::binding_map::m_symbolic
symbolic_bindings_t m_symbolic
Definition store.h:777
ana::binding_map::begin
iterator_t begin()
ana::binding_map::begin
const_iterator_t begin() const
ana::binding_map::get
const svalue * get(const binding_key *key) const
ana::binding_map::to_json
std::unique_ptr< json::object > to_json() const
ana::binding_map::get_concrete_bindings
const concrete_bindings_t & get_concrete_bindings() const
Definition store.h:766
ana::binding_map::add_to_tree_widget
void add_to_tree_widget(text_art::tree_widget &parent_widget, const text_art::dump_widget_info &dwi) const
ana::binding_map::put
void put(const binding_key *k, const svalue *v)
ana::binding_map::const_iterator_t
class ana::binding_map::const_iterator const_iterator_t
ana::binding_map::symbolic_bindings_t
std::vector< symbolic_binding > symbolic_bindings_t
Definition store.h:643
ana::binding_map::m_concrete
concrete_bindings_t m_concrete
Definition store.h:776
ana::binding_map::operator!=
bool operator!=(const binding_map &other) const
Definition store.h:720
ana::binding_map::remove_overlapping_bindings
void remove_overlapping_bindings(store_manager *mgr, const binding_key *drop_key, uncertainty_t *uncertainty, svalue_set *maybe_live_values, bool always_overlap)
ana::binding_map::remove
void remove(const binding_key *k)
ana::binding_map::overwrite
void overwrite(iterator_t &pos, const svalue *v)
ana::binding_map::binding_map
binding_map(const binding_map &other)
ana::call_summary_replay
Definition call-summary.h:68
ana::compound_svalue
Definition svalue.h:1417
ana::concrete_binding_map
Definition store.h:524
ana::concrete_binding_map::find
iterator find(const bit_range &bits)
Definition store.h:590
ana::concrete_binding_map::begin
const_iterator begin() const
Definition store.h:544
ana::concrete_binding_map::map_t
std::map< bit_range, const svalue * > map_t
Definition store.h:526
ana::concrete_binding_map::find
const_iterator find(const bit_range &bits) const
Definition store.h:585
ana::concrete_binding_map::const_iterator
map_t::const_iterator const_iterator
Definition store.h:527
ana::concrete_binding_map::begin
iterator begin()
Definition store.h:546
ana::concrete_binding_map::cmp
static int cmp(const concrete_binding_map &map1, const concrete_binding_map &map2)
ana::concrete_binding_map::dump
void dump(bool simple) const
ana::concrete_binding_map::get_any_exact_binding
const svalue * get_any_exact_binding(const bit_range &bits) const
ana::concrete_binding_map::operator!=
bool operator!=(const concrete_binding_map &other) const
Definition store.h:539
ana::concrete_binding_map::validate
void validate() const
ana::concrete_binding_map::insert
void insert(const byte_range &bytes, const svalue *sval)
Definition store.h:570
ana::concrete_binding_map::get_overlapping_bindings
std::vector< std::pair< bit_range, const svalue & > > get_overlapping_bindings(const bit_range &bits)
ana::concrete_binding_map::add_to_tree_widget
void add_to_tree_widget(text_art::tree_widget &parent_widget, const text_art::dump_widget_info &dwi) const
ana::concrete_binding_map::calc_complexity
complexity calc_complexity() const
ana::concrete_binding_map::apply_ctor_to_region
bool apply_ctor_to_region(const region *parent_reg, tree ctor, region_model_manager *mgr)
ana::concrete_binding_map::end
const_iterator end() const
Definition store.h:545
ana::concrete_binding_map::m_map
map_t m_map
Definition store.h:620
ana::concrete_binding_map::apply_ctor_val_to_range
bool apply_ctor_val_to_range(const region *parent_reg, region_model_manager *mgr, tree min_index, tree max_index, tree val)
ana::concrete_binding_map::remove_overlapping_binding
void remove_overlapping_binding(store_manager *mgr, const bit_range &bits_to_drop, const bit_range &affected_bound_bits, const svalue &old_sval)
ana::concrete_binding_map::end
iterator end()
Definition store.h:547
ana::concrete_binding_map::dump_to_pp
void dump_to_pp(pretty_printer *pp, bool simple, bool multiline) const
ana::concrete_binding_map::remove_overlapping_bindings
void remove_overlapping_bindings(store_manager *mgr, const bit_range &bits)
ana::concrete_binding_map::iterator
map_t::iterator iterator
Definition store.h:528
ana::concrete_binding_map::empty_p
bool empty_p() const
Definition store.h:531
ana::concrete_binding_map::operator==
bool operator==(const concrete_binding_map &other) const
Definition store.h:534
ana::concrete_binding_map::erase
void erase(const bit_range &bits)
Definition store.h:576
ana::concrete_binding_map::clear
void clear()
Definition store.h:530
ana::concrete_binding_map::size
size_t size() const
Definition store.h:549
ana::concrete_binding_map::apply_ctor_pair_to_child_region
bool apply_ctor_pair_to_child_region(const region *parent_reg, region_model_manager *mgr, tree index, tree val)
ana::concrete_binding_map::insert
void insert(const bit_range &bits, const svalue *sval)
Definition store.h:564
ana::concrete_binding
Definition store.h:396
ana::concrete_binding::get_size_in_bits
bit_size_t get_size_in_bits() const
Definition store.h:426
ana::concrete_binding::get_byte_range
bool get_byte_range(byte_range *out) const
ana::concrete_binding::mark_empty
void mark_empty()
Definition store.h:441
ana::concrete_binding::concrete_binding
concrete_binding(bit_offset_t start_bit_offset, bit_size_t size_in_bits)
Definition store.h:401
ana::concrete_binding::key_t
concrete_binding key_t
Definition store.h:399
ana::concrete_binding::get_bit_range
const bit_range & get_bit_range() const
Definition store.h:419
ana::concrete_binding::dump_to_pp
void dump_to_pp(pretty_printer *pp, bool simple) const final override
ana::concrete_binding::get_next_bit_offset
bit_offset_t get_next_bit_offset() const
Definition store.h:431
ana::concrete_binding::operator==
bool operator==(const concrete_binding &other) const
Definition store.h:409
ana::concrete_binding::concrete_p
bool concrete_p() const final override
Definition store.h:406
ana::concrete_binding::m_bit_range
bit_range m_bit_range
Definition store.h:446
ana::concrete_binding::is_empty
bool is_empty() const
Definition store.h:443
ana::concrete_binding::get_start_bit_offset
bit_offset_t get_start_bit_offset() const
Definition store.h:422
ana::concrete_binding::is_deleted
bool is_deleted() const
Definition store.h:442
ana::concrete_binding::mark_deleted
void mark_deleted()
Definition store.h:440
ana::concrete_binding::overlaps_p
bool overlaps_p(const concrete_binding &other) const
ana::concrete_binding::hash
hashval_t hash() const
Definition store.h:408
ana::concrete_binding::dyn_cast_concrete_binding
const concrete_binding * dyn_cast_concrete_binding() const final override
Definition store.h:416
ana::concrete_binding::cmp_ptr_ptr
static int cmp_ptr_ptr(const void *, const void *)
ana::conjured_purge
Definition svalue.h:1521
ana::logger
Definition analyzer-logging.h:36
ana::region_model_manager
Definition region-model-manager.h:32
ana::region_model
Definition region-model.h:294
ana::region
Definition region.h:127
ana::store_manager
Definition store.h:1042
ana::store_manager::m_symbolic_binding_key_mgr
consolidation_map< symbolic_binding > m_symbolic_binding_key_mgr
Definition store.h:1077
ana::store_manager::get_concrete_binding
const concrete_binding * get_concrete_binding(const bit_range &bits)
Definition store.h:1053
ana::store_manager::get_concrete_binding
const concrete_binding * get_concrete_binding(bit_offset_t start_bit_offset, bit_offset_t size_in_bits)
ana::store_manager::get_concrete_binding
const concrete_binding * get_concrete_binding(const byte_range &bytes)
Definition store.h:1059
ana::store_manager::m_mgr
region_model_manager * m_mgr
Definition store.h:1075
ana::store_manager::get_logger
logger * get_logger() const
ana::store_manager::get_svalue_manager
region_model_manager * get_svalue_manager() const
Definition store.h:1067
ana::store_manager::store_manager
store_manager(region_model_manager *mgr)
Definition store.h:1044
ana::store_manager::m_concrete_binding_key_mgr
consolidation_map< concrete_binding > m_concrete_binding_key_mgr
Definition store.h:1076
ana::store_manager::log_stats
void log_stats(logger *logger, bool show_objs) const
ana::store_manager::get_symbolic_binding
const symbolic_binding * get_symbolic_binding(const region *region)
ana::store::to_json
std::unique_ptr< json::object > to_json() const
ana::store::purge_state_involving
void purge_state_involving(const svalue *sval, region_model_manager *sval_mgr)
ana::store::dump
void dump(bool simple) const
ana::store::escaped_p
bool escaped_p(const region *reg) const
ana::store::store
store(const store &other)
ana::store::fill_region
void fill_region(store_manager *mgr, const region *reg, const svalue *sval)
ana::store::purge_region
void purge_region(store_manager *mgr, const region *reg)
ana::store::eval_alias
tristate eval_alias(const region *base_reg_a, const region *base_reg_b) const
ana::store::summarize_to_pp
void summarize_to_pp(pretty_printer *pp, bool simple) const
ana::store::mark_as_escaped
void mark_as_escaped(store_manager &mgr, const region *base_reg)
ana::store::operator==
bool operator==(const store &other) const
ana::store::operator=
store & operator=(const store &other)
ana::store::on_maybe_live_values
void on_maybe_live_values(store_manager &mgr, const svalue_set &maybe_live_values)
ana::store::cluster_map_t
hash_map< const region *, binding_cluster * > cluster_map_t
Definition store.h:925
ana::store::replay_call_summary_cluster
void replay_call_summary_cluster(call_summary_replay &r, const store &summary, const region *base_reg)
ana::store::end
cluster_map_t::iterator end() const
Definition store.h:1002
ana::store::make_dump_widget
std::unique_ptr< text_art::tree_widget > make_dump_widget(const text_art::dump_widget_info &dwi, store_manager *mgr) const
ana::store::get_representative_path_vars
void get_representative_path_vars(const region_model *model, svalue_set *visited, const svalue *sval, logger *logger, auto_vec< path_var > *out_pvs) const
ana::store::m_called_unknown_fn
bool m_called_unknown_fn
Definition store.h:1033
ana::store::loop_replay_fixup
void loop_replay_fixup(const store *other_store, region_model_manager *mgr)
ana::store::can_merge_p
static bool can_merge_p(const store *store_a, const store *store_b, store *out_store, store_manager *mgr, model_merger *merger)
ana::store::operator!=
bool operator!=(const store &other) const
Definition store.h:934
ana::store::called_unknown_fn_p
bool called_unknown_fn_p() const
Definition store.h:956
ana::store::set_value
void set_value(store_manager *mgr, const region *lhs_reg, const svalue *rhs_sval, uncertainty_t *uncertainty)
ana::store::m_cluster_map
cluster_map_t m_cluster_map
Definition store.h:1025
ana::store::get_cluster
const binding_cluster * get_cluster(const region *base_reg) const
ana::store::zero_fill_region
void zero_fill_region(store_manager *mgr, const region *reg)
ana::store::get_or_create_cluster
binding_cluster * get_or_create_cluster(store_manager &store_mgr, const region *base_reg)
ana::store::eval_alias_1
tristate eval_alias_1(const region *base_reg_a, const region *base_reg_b) const
ana::store::validate
void validate() const
ana::store::mark_region_as_unknown
void mark_region_as_unknown(store_manager *mgr, const region *reg, uncertainty_t *uncertainty, svalue_set *maybe_live_values)
ana::store::canonicalize
void canonicalize(store_manager *mgr)
ana::store::begin
cluster_map_t::iterator begin() const
Definition store.h:1001
ana::store::get_any_binding
const svalue * get_any_binding(store_manager *mgr, const region *reg) const
ana::store::hash
hashval_t hash() const
ana::store::get_cluster
binding_cluster * get_cluster(const region *base_reg)
ana::store::replay_call_summary
void replay_call_summary(call_summary_replay &r, const store &summary)
ana::store::dump_to_pp
void dump_to_pp(pretty_printer *pp, bool summarize, bool multiline, store_manager *mgr) const
ana::store::purge_cluster
void purge_cluster(const region *base_reg)
ana::store::for_each_cluster
void for_each_cluster(void(*cb)(const region *base_reg, T user_data), T user_data) const
Definition store.h:978
ana::store::remove_overlapping_bindings
void remove_overlapping_bindings(store_manager *mgr, const region *reg, uncertainty_t *uncertainty)
ana::store::clobber_region
void clobber_region(store_manager *mgr, const region *reg)
ana::store::on_unknown_fncall
void on_unknown_fncall(const gcall &call, store_manager *mgr, const conjured_purge &p)
ana::svalue
Definition svalue.h:92
ana::symbolic_binding
Definition store.h:471
ana::symbolic_binding::dump_to_pp
void dump_to_pp(pretty_printer *pp, bool simple) const final override
ana::symbolic_binding::is_empty
bool is_empty() const
Definition store.h:501
ana::symbolic_binding::mark_empty
void mark_empty()
Definition store.h:498
ana::symbolic_binding::operator==
bool operator==(const symbolic_binding &other) const
Definition store.h:483
ana::symbolic_binding::concrete_p
bool concrete_p() const final override
Definition store.h:477
ana::symbolic_binding::symbolic_binding
symbolic_binding(const region *region)
Definition store.h:476
ana::symbolic_binding::key_t
symbolic_binding key_t
Definition store.h:474
ana::symbolic_binding::dyn_cast_symbolic_binding
const symbolic_binding * dyn_cast_symbolic_binding() const final override
Definition store.h:490
ana::symbolic_binding::get_region
const region * get_region() const
Definition store.h:493
ana::symbolic_binding::is_deleted
bool is_deleted() const
Definition store.h:499
ana::symbolic_binding::hash
hashval_t hash() const
Definition store.h:479
ana::symbolic_binding::m_region
const region * m_region
Definition store.h:504
ana::symbolic_binding::cmp_ptr_ptr
static int cmp_ptr_ptr(const void *, const void *)
ana::symbolic_binding::mark_deleted
void mark_deleted()
Definition store.h:497
ana::uncertainty_t
Definition store.h:162
ana::uncertainty_t::unknown_sm_state_p
bool unknown_sm_state_p(const svalue *sval)
Definition store.h:175
ana::uncertainty_t::dump
void dump(bool simple) const
ana::uncertainty_t::dump_to_pp
void dump_to_pp(pretty_printer *pp, bool simple) const
ana::uncertainty_t::on_mutable_sval_at_unknown_call
void on_mutable_sval_at_unknown_call(const svalue *sval)
Definition store.h:170
ana::uncertainty_t::end_maybe_bound_svals
iterator end_maybe_bound_svals() const
Definition store.h:188
ana::uncertainty_t::m_mutable_at_unknown_call_svals
hash_set< const svalue * > m_mutable_at_unknown_call_svals
Definition store.h:199
ana::uncertainty_t::on_maybe_bound_sval
void on_maybe_bound_sval(const svalue *sval)
Definition store.h:166
ana::uncertainty_t::iterator
hash_set< constsvalue * >::iterator iterator
Definition store.h:164
ana::uncertainty_t::begin_maybe_bound_svals
iterator begin_maybe_bound_svals() const
Definition store.h:184
ana::uncertainty_t::m_maybe_bound_svals
hash_set< const svalue * > m_maybe_bound_svals
Definition store.h:196
auto_vec
Definition vec.h:1667
consolidation_map
Definition common.h:611
hash_set::iterator
Definition hash-set.h:110
hash_set
Definition hash-set.h:37
inchash::hash
Definition inchash.h:38
inchash::hash::end
hashval_t end() const
Definition inchash.h:49
inchash::hash::add_wide_int
void add_wide_int(const generic_wide_int< T > &x)
Definition inchash.h:84
pretty_printer
Definition pretty-print.h:241
text_art::tree_widget
Definition tree-widget.h:32
tristate
Definition tristate.h:26
tree
union tree_node * tree
Definition coretypes.h:97
map
static struct string2counter_map map[debug_counter_number_of_counters]
Definition dbgcnt.cc:39
final
void final(rtx_insn *first, FILE *file, int optimize_p)
Definition final.cc:2009
T
static struct token T
Definition gengtype-parse.cc:45
ana
Definition access-diagram.h:30
ana::byte_size_t
offset_int byte_size_t
Definition common.h:207
ana::event_kind::stmt
@ stmt
Definition checker-event.h:38
ana::bit_offset_t
offset_int bit_offset_t
Definition common.h:204
ana::byte_offset_t
offset_int byte_offset_t
Definition common.h:206
ana::bit_size_t
offset_int bit_size_t
Definition common.h:205
ana::svalue_set
hash_set< const svalue * > svalue_set
Definition common.h:76
r
poly_int< N, C > r
Definition poly-int.h:774
ana::binding_map::binding_pair
Definition store.h:646
ana::binding_map::binding_pair::m_key
const binding_key * m_key
Definition store.h:654
ana::binding_map::binding_pair::binding_pair
binding_pair(const binding_key *key, const svalue *sval)
Definition store.h:647
ana::binding_map::binding_pair::m_sval
const svalue * m_sval
Definition store.h:655
ana::binding_map::symbolic_binding
Definition store.h:632
ana::binding_map::symbolic_binding::m_region
const region * m_region
Definition store.h:639
ana::binding_map::symbolic_binding::operator==
bool operator==(const symbolic_binding &other) const
Definition store.h:633
ana::binding_map::symbolic_binding::m_sval
const svalue * m_sval
Definition store.h:640
ana::bit_range
Definition store.h:234
ana::bit_range::operator-
bit_range operator-(bit_offset_t offset) const
ana::bit_range::operator==
bool operator==(const bit_range &other) const
Definition store.h:272
ana::bit_range::to_json
std::unique_ptr< json::object > to_json() const
ana::bit_range::exceeds_p
bool exceeds_p(const bit_range &other, bit_range *out_overhanging_bit_range) const
ana::bit_range::empty_p
bool empty_p() const
Definition store.h:245
ana::bit_range::intersects_p
bool intersects_p(const bit_range &other) const
Definition store.h:278
ana::bit_range::from_mask
static bool from_mask(unsigned HOST_WIDE_INT mask, bit_range *out)
ana::bit_range::falls_short_of_p
bool falls_short_of_p(bit_offset_t offset, bit_range *out_fall_short_bits) const
ana::bit_range::operator<
bool operator<(const bit_range &other) const
Definition store.h:304
ana::bit_range::intersects_p
bool intersects_p(const bit_range &other, bit_range *out_this, bit_range *out_other) const
ana::bit_range::m_size_in_bits
bit_size_t m_size_in_bits
Definition store.h:322
ana::bit_range::contains_p
bool contains_p(bit_offset_t offset) const
Definition store.h:264
ana::bit_range::get_next_bit_offset
bit_offset_t get_next_bit_offset() const
Definition store.h:254
ana::bit_range::m_start_bit_offset
bit_offset_t m_start_bit_offset
Definition store.h:321
ana::bit_range::intersects_p
bool intersects_p(const bit_range &other, bit_size_t *out_num_overlap_bits) const
ana::bit_range::dump_to_pp
void dump_to_pp(pretty_printer *pp) const
ana::bit_range::bit_range
bit_range(bit_offset_t start_bit_offset, bit_size_t size_in_bits)
Definition store.h:235
ana::bit_range::hash
hashval_t hash() const
Definition store.h:313
ana::bit_range::as_byte_range
bool as_byte_range(byte_range *out) const
ana::bit_range::dump
void dump() const
ana::bit_range::cmp
static int cmp(const bit_range &br1, const bit_range &br2)
ana::bit_range::contains_p
bool contains_p(const bit_range &other, bit_range *out) const
ana::bit_range::get_start_bit_offset
bit_offset_t get_start_bit_offset() const
Definition store.h:250
ana::bit_range::get_last_bit_offset
bit_offset_t get_last_bit_offset() const
Definition store.h:258
ana::byte_range
Definition store.h:328
ana::byte_range::operator==
bool operator==(const byte_range &other) const
Definition store.h:351
ana::byte_range::get_next_byte_offset
byte_offset_t get_next_byte_offset() const
Definition store.h:361
ana::byte_range::m_size_in_bytes
byte_size_t m_size_in_bytes
Definition store.h:389
ana::byte_range::get_last_byte_offset
byte_offset_t get_last_byte_offset() const
Definition store.h:365
ana::byte_range::contains_p
bool contains_p(byte_offset_t offset) const
Definition store.h:344
ana::byte_range::get_start_byte_offset
byte_offset_t get_start_byte_offset() const
Definition store.h:357
ana::byte_range::dump_to_pp
void dump_to_pp(pretty_printer *pp) const
ana::byte_range::dump
void dump() const
ana::byte_range::byte_range
byte_range(byte_offset_t start_byte_offset, byte_size_t size_in_bytes)
Definition store.h:329
ana::byte_range::cmp
static int cmp(const byte_range &br1, const byte_range &br2)
ana::byte_range::get_start_bit_offset
bit_offset_t get_start_bit_offset() const
Definition store.h:377
ana::byte_range::m_start_byte_offset
byte_offset_t m_start_byte_offset
Definition store.h:388
ana::byte_range::contains_p
bool contains_p(const byte_range &other, byte_range *out) const
ana::byte_range::empty_p
bool empty_p() const
Definition store.h:339
ana::byte_range::get_next_bit_offset
bit_offset_t get_next_bit_offset() const
Definition store.h:381
ana::byte_range::to_json
std::unique_ptr< json::object > to_json() const
ana::byte_range::as_bit_range
bit_range as_bit_range() const
Definition store.h:371
ana::complexity
Definition complexity.h:31
ana::model_merger
Definition region-model.h:1204
default_hash_traits< ana::concrete_binding >::empty_zero_p
static const bool empty_zero_p
Definition store.h:462
default_hash_traits< ana::symbolic_binding >::empty_zero_p
static const bool empty_zero_p
Definition store.h:512
default_hash_traits
Definition hash-traits.h:466
gasm
Definition gimple.h:552
gcall
Definition gimple.h:355
is_a_helper::test
static bool test(U *p)
member_function_hash_traits
Definition common.h:590
text_art::dump_widget_info
Definition dump-widget-info.h:31
gcc_assert
#define gcc_assert(EXPR)
Definition system.h:817
visited
static bitmap visited
Definition tree-ssa-dce.cc:664
size_in_bytes
tree size_in_bytes(const_tree t)
Definition tree.h:5283