search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
c++: new-expression is potentially constant in C++20
[official-gcc.git] / gcc / analyzer / region-model.h
blob1bfa56a8cd2226783afe697f38e2f56d0e3ee777
1 /* Classes for modeling the state of memory.
2 Copyright (C) 2019-2022 Free Software Foundation, Inc.
3 Contributed by David Malcolm <dmalcolm@redhat.com>.
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
11
12 GCC is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #ifndef GCC_ANALYZER_REGION_MODEL_H
22 #define GCC_ANALYZER_REGION_MODEL_H
23
24 /* Implementation of the region-based ternary model described in:
25 "A Memory Model for Static Analysis of C Programs"
26 (Zhongxing Xu, Ted Kremenek, and Jian Zhang)
27 http://lcs.ios.ac.cn/~xuzb/canalyze/memmodel.pdf */
28
29 #include "analyzer/svalue.h"
30 #include "analyzer/region.h"
31
32 using namespace ana;
33
34 namespace inchash
35 {
36 extern void add_path_var (path_var pv, hash &hstate);
37 } // namespace inchash
38
39 namespace ana {
40
41 template <typename T>
42 class one_way_id_map
43 {
44 public:
45 one_way_id_map (int num_ids);
46 void put (T src, T dst);
47 T get_dst_for_src (T src) const;
48 void dump_to_pp (pretty_printer *pp) const;
49 void dump () const;
50 void update (T *) const;
51
52 private:
53 auto_vec<T> m_src_to_dst;
54 };
55
56 /* class one_way_id_map. */
57
58 /* one_way_id_map's ctor, which populates the map with dummy null values. */
59
60 template <typename T>
61 inline one_way_id_map<T>::one_way_id_map (int num_svalues)
62 : m_src_to_dst (num_svalues)
63 {
64 for (int i = 0; i < num_svalues; i++)
65 m_src_to_dst.quick_push (T::null ());
66 }
67
68 /* Record that SRC is to be mapped to DST. */
69
70 template <typename T>
71 inline void
72 one_way_id_map<T>::put (T src, T dst)
73 {
74 m_src_to_dst[src.as_int ()] = dst;
75 }
76
77 /* Get the new value for SRC within the map. */
78
79 template <typename T>
80 inline T
81 one_way_id_map<T>::get_dst_for_src (T src) const
82 {
83 if (src.null_p ())
84 return src;
85 return m_src_to_dst[src.as_int ()];
86 }
87
88 /* Dump this map to PP. */
89
90 template <typename T>
91 inline void
92 one_way_id_map<T>::dump_to_pp (pretty_printer *pp) const
93 {
94 pp_string (pp, "src to dst: {");
95 unsigned i;
96 T *dst;
97 FOR_EACH_VEC_ELT (m_src_to_dst, i, dst)
98 {
99 if (i > 0)
100 pp_string (pp, ", ");
101 T src (T::from_int (i));
102 src.print (pp);
103 pp_string (pp, " -> ");
104 dst->print (pp);
105 }
106 pp_string (pp, "}");
107 pp_newline (pp);
108 }
109
110 /* Dump this map to stderr. */
111
112 template <typename T>
113 DEBUG_FUNCTION inline void
114 one_way_id_map<T>::dump () const
115 {
116 pretty_printer pp;
117 pp.buffer->stream = stderr;
118 dump_to_pp (&pp);
119 pp_flush (&pp);
120 }
121
122 /* Update *ID from the old value to its new value in this map. */
123
124 template <typename T>
125 inline void
126 one_way_id_map<T>::update (T *id) const
127 {
128 *id = get_dst_for_src (*id);
129 }
130
131 /* A mapping from region to svalue for use when tracking state. */
132
133 class region_to_value_map
134 {
135 public:
136 typedef hash_map<const region *, const svalue *> hash_map_t;
137 typedef hash_map_t::iterator iterator;
138
139 region_to_value_map () : m_hash_map () {}
140 region_to_value_map (const region_to_value_map &other)
141 : m_hash_map (other.m_hash_map) {}
142 region_to_value_map &operator= (const region_to_value_map &other);
143
144 bool operator== (const region_to_value_map &other) const;
145 bool operator!= (const region_to_value_map &other) const
146 {
147 return !(*this == other);
148 }
149
150 iterator begin () const { return m_hash_map.begin (); }
151 iterator end () const { return m_hash_map.end (); }
152
153 const svalue * const *get (const region *reg) const
154 {
155 return const_cast <hash_map_t &> (m_hash_map).get (reg);
156 }
157 void put (const region *reg, const svalue *sval)
158 {
159 m_hash_map.put (reg, sval);
160 }
161 void remove (const region *reg)
162 {
163 m_hash_map.remove (reg);
164 }
165
166 bool is_empty () const { return m_hash_map.is_empty (); }
167
168 void dump_to_pp (pretty_printer *pp, bool simple, bool multiline) const;
169 void dump (bool simple) const;
170
171 bool can_merge_with_p (const region_to_value_map &other,
172 region_to_value_map *out) const;
173
174 void purge_state_involving (const svalue *sval);
175
176 private:
177 hash_map_t m_hash_map;
178 };
179
180 /* Various operations delete information from a region_model.
181
182 This struct tracks how many of each kind of entity were purged (e.g.
183 for selftests, and for debugging). */
184
185 struct purge_stats
186 {
187 purge_stats ()
188 : m_num_svalues (0),
189 m_num_regions (0),
190 m_num_equiv_classes (0),
191 m_num_constraints (0),
192 m_num_bounded_ranges_constraints (0),
193 m_num_client_items (0)
194 {}
195
196 int m_num_svalues;
197 int m_num_regions;
198 int m_num_equiv_classes;
199 int m_num_constraints;
200 int m_num_bounded_ranges_constraints;
201 int m_num_client_items;
202 };
203
204 /* A base class for visiting regions and svalues, with do-nothing
205 base implementations of the per-subclass vfuncs. */
206
207 class visitor
208 {
209 public:
210 virtual void visit_region_svalue (const region_svalue *) {}
211 virtual void visit_constant_svalue (const constant_svalue *) {}
212 virtual void visit_unknown_svalue (const unknown_svalue *) {}
213 virtual void visit_poisoned_svalue (const poisoned_svalue *) {}
214 virtual void visit_setjmp_svalue (const setjmp_svalue *) {}
215 virtual void visit_initial_svalue (const initial_svalue *) {}
216 virtual void visit_unaryop_svalue (const unaryop_svalue *) {}
217 virtual void visit_binop_svalue (const binop_svalue *) {}
218 virtual void visit_sub_svalue (const sub_svalue *) {}
219 virtual void visit_repeated_svalue (const repeated_svalue *) {}
220 virtual void visit_bits_within_svalue (const bits_within_svalue *) {}
221 virtual void visit_unmergeable_svalue (const unmergeable_svalue *) {}
222 virtual void visit_placeholder_svalue (const placeholder_svalue *) {}
223 virtual void visit_widening_svalue (const widening_svalue *) {}
224 virtual void visit_compound_svalue (const compound_svalue *) {}
225 virtual void visit_conjured_svalue (const conjured_svalue *) {}
226 virtual void visit_asm_output_svalue (const asm_output_svalue *) {}
227 virtual void visit_const_fn_result_svalue (const const_fn_result_svalue *) {}
228
229 virtual void visit_region (const region *) {}
230 };
231
232 } // namespace ana
233
234 namespace ana {
235
236 /* A class responsible for owning and consolidating region and svalue
237 instances.
238 region and svalue instances are immutable as far as clients are
239 concerned, so they are provided as "const" ptrs. */
240
241 class region_model_manager
242 {
243 public:
244 region_model_manager (logger *logger = NULL);
245 ~region_model_manager ();
246
247 /* svalue consolidation. */
248 const svalue *get_or_create_constant_svalue (tree cst_expr);
249 const svalue *get_or_create_int_cst (tree type, poly_int64);
250 const svalue *get_or_create_unknown_svalue (tree type);
251 const svalue *get_or_create_setjmp_svalue (const setjmp_record &r,
252 tree type);
253 const svalue *get_or_create_poisoned_svalue (enum poison_kind kind,
254 tree type);
255 const svalue *get_or_create_initial_value (const region *reg);
256 const svalue *get_ptr_svalue (tree ptr_type, const region *pointee);
257 const svalue *get_or_create_unaryop (tree type, enum tree_code op,
258 const svalue *arg);
259 const svalue *get_or_create_cast (tree type, const svalue *arg);
260 const svalue *get_or_create_binop (tree type,
261 enum tree_code op,
262 const svalue *arg0, const svalue *arg1);
263 const svalue *get_or_create_sub_svalue (tree type,
264 const svalue *parent_svalue,
265 const region *subregion);
266 const svalue *get_or_create_repeated_svalue (tree type,
267 const svalue *outer_size,
268 const svalue *inner_svalue);
269 const svalue *get_or_create_bits_within (tree type,
270 const bit_range &bits,
271 const svalue *inner_svalue);
272 const svalue *get_or_create_unmergeable (const svalue *arg);
273 const svalue *get_or_create_widening_svalue (tree type,
274 const program_point &point,
275 const svalue *base_svalue,
276 const svalue *iter_svalue);
277 const svalue *get_or_create_compound_svalue (tree type,
278 const binding_map &map);
279 const svalue *get_or_create_conjured_svalue (tree type, const gimple *stmt,
280 const region *id_reg,
281 const conjured_purge &p);
282 const svalue *
283 get_or_create_asm_output_svalue (tree type,
284 const gasm *asm_stmt,
285 unsigned output_idx,
286 const vec<const svalue *> &inputs);
287 const svalue *
288 get_or_create_const_fn_result_svalue (tree type,
289 tree fndecl,
290 const vec<const svalue *> &inputs);
291
292 const svalue *maybe_get_char_from_string_cst (tree string_cst,
293 tree byte_offset_cst);
294
295 /* Dynamically-allocated svalue instances.
296 The number of these within the analysis can grow arbitrarily.
297 They are still owned by the manager. */
298 const svalue *create_unique_svalue (tree type);
299
300 /* region consolidation. */
301 const stack_region * get_stack_region () const { return &m_stack_region; }
302 const heap_region *get_heap_region () const { return &m_heap_region; }
303 const code_region *get_code_region () const { return &m_code_region; }
304 const globals_region *get_globals_region () const
305 {
306 return &m_globals_region;
307 }
308 const function_region *get_region_for_fndecl (tree fndecl);
309 const label_region *get_region_for_label (tree label);
310 const decl_region *get_region_for_global (tree expr);
311 const region *get_field_region (const region *parent, tree field);
312 const region *get_element_region (const region *parent,
313 tree element_type,
314 const svalue *index);
315 const region *get_offset_region (const region *parent,
316 tree type,
317 const svalue *byte_offset);
318 const region *get_sized_region (const region *parent,
319 tree type,
320 const svalue *byte_size_sval);
321 const region *get_cast_region (const region *original_region,
322 tree type);
323 const frame_region *get_frame_region (const frame_region *calling_frame,
324 function *fun);
325 const region *get_symbolic_region (const svalue *sval);
326 const string_region *get_region_for_string (tree string_cst);
327 const region *get_bit_range (const region *parent, tree type,
328 const bit_range &bits);
329 const var_arg_region *get_var_arg_region (const frame_region *parent,
330 unsigned idx);
331
332 const region *get_unknown_symbolic_region (tree region_type);
333
334 const region *
335 get_region_for_unexpected_tree_code (region_model_context *ctxt,
336 tree t,
337 const dump_location_t &loc);
338
339 unsigned alloc_region_id () { return m_next_region_id++; }
340
341 store_manager *get_store_manager () { return &m_store_mgr; }
342 bounded_ranges_manager *get_range_manager () const { return m_range_mgr; }
343
344 /* Dynamically-allocated region instances.
345 The number of these within the analysis can grow arbitrarily.
346 They are still owned by the manager. */
347 const region *create_region_for_heap_alloc ();
348 const region *create_region_for_alloca (const frame_region *frame);
349
350 void log_stats (logger *logger, bool show_objs) const;
351
352 void begin_checking_feasibility (void) { m_checking_feasibility = true; }
353 void end_checking_feasibility (void) { m_checking_feasibility = false; }
354
355 logger *get_logger () const { return m_logger; }
356
357 void dump_untracked_regions () const;
358
359 private:
360 bool too_complex_p (const complexity &c) const;
361 bool reject_if_too_complex (svalue *sval);
362
363 const svalue *maybe_fold_unaryop (tree type, enum tree_code op,
364 const svalue *arg);
365 const svalue *maybe_fold_binop (tree type, enum tree_code op,
366 const svalue *arg0, const svalue *arg1);
367 const svalue *maybe_fold_sub_svalue (tree type,
368 const svalue *parent_svalue,
369 const region *subregion);
370 const svalue *maybe_fold_repeated_svalue (tree type,
371 const svalue *outer_size,
372 const svalue *inner_svalue);
373 const svalue *maybe_fold_bits_within_svalue (tree type,
374 const bit_range &bits,
375 const svalue *inner_svalue);
376 const svalue *maybe_undo_optimize_bit_field_compare (tree type,
377 const compound_svalue *compound_sval,
378 tree cst, const svalue *arg1);
379 const svalue *maybe_fold_asm_output_svalue (tree type,
380 const vec<const svalue *> &inputs);
381
382 logger *m_logger;
383
384 unsigned m_next_region_id;
385 root_region m_root_region;
386 stack_region m_stack_region;
387 heap_region m_heap_region;
388
389 /* svalue consolidation. */
390 typedef hash_map<tree, constant_svalue *> constants_map_t;
391 constants_map_t m_constants_map;
392
393 typedef hash_map<tree, unknown_svalue *> unknowns_map_t;
394 unknowns_map_t m_unknowns_map;
395 const unknown_svalue *m_unknown_NULL;
396
397 typedef hash_map<poisoned_svalue::key_t,
398 poisoned_svalue *> poisoned_values_map_t;
399 poisoned_values_map_t m_poisoned_values_map;
400
401 typedef hash_map<setjmp_svalue::key_t,
402 setjmp_svalue *> setjmp_values_map_t;
403 setjmp_values_map_t m_setjmp_values_map;
404
405 typedef hash_map<const region *, initial_svalue *> initial_values_map_t;
406 initial_values_map_t m_initial_values_map;
407
408 typedef hash_map<region_svalue::key_t, region_svalue *> pointer_values_map_t;
409 pointer_values_map_t m_pointer_values_map;
410
411 typedef hash_map<unaryop_svalue::key_t,
412 unaryop_svalue *> unaryop_values_map_t;
413 unaryop_values_map_t m_unaryop_values_map;
414
415 typedef hash_map<binop_svalue::key_t, binop_svalue *> binop_values_map_t;
416 binop_values_map_t m_binop_values_map;
417
418 typedef hash_map<sub_svalue::key_t, sub_svalue *> sub_values_map_t;
419 sub_values_map_t m_sub_values_map;
420
421 typedef hash_map<repeated_svalue::key_t,
422 repeated_svalue *> repeated_values_map_t;
423 repeated_values_map_t m_repeated_values_map;
424
425 typedef hash_map<bits_within_svalue::key_t,
426 bits_within_svalue *> bits_within_values_map_t;
427 bits_within_values_map_t m_bits_within_values_map;
428
429 typedef hash_map<const svalue *,
430 unmergeable_svalue *> unmergeable_values_map_t;
431 unmergeable_values_map_t m_unmergeable_values_map;
432
433 typedef hash_map<widening_svalue::key_t,
434 widening_svalue */*,
435 widening_svalue::key_t::hash_map_traits*/>
436 widening_values_map_t;
437 widening_values_map_t m_widening_values_map;
438
439 typedef hash_map<compound_svalue::key_t,
440 compound_svalue *> compound_values_map_t;
441 compound_values_map_t m_compound_values_map;
442
443 typedef hash_map<conjured_svalue::key_t,
444 conjured_svalue *> conjured_values_map_t;
445 conjured_values_map_t m_conjured_values_map;
446
447 typedef hash_map<asm_output_svalue::key_t,
448 asm_output_svalue *> asm_output_values_map_t;
449 asm_output_values_map_t m_asm_output_values_map;
450
451 typedef hash_map<const_fn_result_svalue::key_t,
452 const_fn_result_svalue *> const_fn_result_values_map_t;
453 const_fn_result_values_map_t m_const_fn_result_values_map;
454
455 bool m_checking_feasibility;
456
457 /* "Dynamically-allocated" svalue instances.
458 The number of these within the analysis can grow arbitrarily.
459 They are still owned by the manager. */
460 auto_delete_vec<svalue> m_managed_dynamic_svalues;
461
462 /* Maximum complexity of svalues that weren't rejected. */
463 complexity m_max_complexity;
464
465 /* region consolidation. */
466
467 code_region m_code_region;
468 typedef hash_map<tree, function_region *> fndecls_map_t;
469 typedef fndecls_map_t::iterator fndecls_iterator_t;
470 fndecls_map_t m_fndecls_map;
471
472 typedef hash_map<tree, label_region *> labels_map_t;
473 typedef labels_map_t::iterator labels_iterator_t;
474 labels_map_t m_labels_map;
475
476 globals_region m_globals_region;
477 typedef hash_map<tree, decl_region *> globals_map_t;
478 typedef globals_map_t::iterator globals_iterator_t;
479 globals_map_t m_globals_map;
480
481 consolidation_map<field_region> m_field_regions;
482 consolidation_map<element_region> m_element_regions;
483 consolidation_map<offset_region> m_offset_regions;
484 consolidation_map<sized_region> m_sized_regions;
485 consolidation_map<cast_region> m_cast_regions;
486 consolidation_map<frame_region> m_frame_regions;
487 consolidation_map<symbolic_region> m_symbolic_regions;
488
489 typedef hash_map<tree, string_region *> string_map_t;
490 string_map_t m_string_map;
491
492 consolidation_map<bit_range_region> m_bit_range_regions;
493 consolidation_map<var_arg_region> m_var_arg_regions;
494
495 store_manager m_store_mgr;
496
497 bounded_ranges_manager *m_range_mgr;
498
499 /* "Dynamically-allocated" region instances.
500 The number of these within the analysis can grow arbitrarily.
501 They are still owned by the manager. */
502 auto_delete_vec<region> m_managed_dynamic_regions;
503 };
504
505 struct append_regions_cb_data;
506
507 /* Helper class for handling calls to functions with known behavior.
508 Implemented in region-model-impl-calls.c. */
509
510 class call_details
511 {
512 public:
513 call_details (const gcall *call, region_model *model,
514 region_model_context *ctxt);
515
516 region_model_manager *get_manager () const;
517 region_model_context *get_ctxt () const { return m_ctxt; }
518 uncertainty_t *get_uncertainty () const;
519 tree get_lhs_type () const { return m_lhs_type; }
520 const region *get_lhs_region () const { return m_lhs_region; }
521
522 bool maybe_set_lhs (const svalue *result) const;
523
524 unsigned num_args () const;
525
526 const gcall *get_call_stmt () const { return m_call; }
527
528 tree get_arg_tree (unsigned idx) const;
529 tree get_arg_type (unsigned idx) const;
530 const svalue *get_arg_svalue (unsigned idx) const;
531 const char *get_arg_string_literal (unsigned idx) const;
532
533 tree get_fndecl_for_call () const;
534
535 void dump_to_pp (pretty_printer *pp, bool simple) const;
536 void dump (bool simple) const;
537
538 const svalue *get_or_create_conjured_svalue (const region *) const;
539
540 private:
541 const gcall *m_call;
542 region_model *m_model;
543 region_model_context *m_ctxt;
544 tree m_lhs_type;
545 const region *m_lhs_region;
546 };
547
548 /* A region_model encapsulates a representation of the state of memory, with
549 a tree of regions, along with their associated values.
550 The representation is graph-like because values can be pointers to
551 regions.
552 It also stores:
553 - a constraint_manager, capturing relationships between the values, and
554 - dynamic extents, mapping dynamically-allocated regions to svalues (their
555 capacities). */
556
557 class region_model
558 {
559 public:
560 typedef region_to_value_map dynamic_extents_t;
561
562 region_model (region_model_manager *mgr);
563 region_model (const region_model &other);
564 ~region_model ();
565 region_model &operator= (const region_model &other);
566
567 bool operator== (const region_model &other) const;
568 bool operator!= (const region_model &other) const
569 {
570 return !(*this == other);
571 }
572
573 hashval_t hash () const;
574
575 void print (pretty_printer *pp) const;
576
577 void dump_to_pp (pretty_printer *pp, bool simple, bool multiline) const;
578 void dump (FILE *fp, bool simple, bool multiline) const;
579 void dump (bool simple) const;
580
581 void debug () const;
582
583 void validate () const;
584
585 void canonicalize ();
586 bool canonicalized_p () const;
587
588 void
589 on_stmt_pre (const gimple *stmt,
590 bool *out_terminate_path,
591 bool *out_unknown_side_effects,
592 region_model_context *ctxt);
593
594 void on_assignment (const gassign *stmt, region_model_context *ctxt);
595 const svalue *get_gassign_result (const gassign *assign,
596 region_model_context *ctxt);
597 void on_asm_stmt (const gasm *asm_stmt, region_model_context *ctxt);
598 bool on_call_pre (const gcall *stmt, region_model_context *ctxt,
599 bool *out_terminate_path);
600 void on_call_post (const gcall *stmt,
601 bool unknown_side_effects,
602 region_model_context *ctxt);
603
604 void purge_state_involving (const svalue *sval, region_model_context *ctxt);
605
606 /* Specific handling for on_call_pre. */
607 void impl_call_alloca (const call_details &cd);
608 void impl_call_analyzer_describe (const gcall *call,
609 region_model_context *ctxt);
610 void impl_call_analyzer_dump_capacity (const gcall *call,
611 region_model_context *ctxt);
612 void impl_call_analyzer_dump_escaped (const gcall *call);
613 void impl_call_analyzer_eval (const gcall *call,
614 region_model_context *ctxt);
615 void impl_call_builtin_expect (const call_details &cd);
616 void impl_call_calloc (const call_details &cd);
617 bool impl_call_error (const call_details &cd, unsigned min_args,
618 bool *out_terminate_path);
619 void impl_call_fgets (const call_details &cd);
620 void impl_call_fread (const call_details &cd);
621 void impl_call_free (const call_details &cd);
622 void impl_call_malloc (const call_details &cd);
623 void impl_call_memcpy (const call_details &cd);
624 void impl_call_memset (const call_details &cd);
625 void impl_call_realloc (const call_details &cd);
626 void impl_call_strchr (const call_details &cd);
627 void impl_call_strcpy (const call_details &cd);
628 void impl_call_strlen (const call_details &cd);
629 void impl_call_operator_new (const call_details &cd);
630 void impl_call_operator_delete (const call_details &cd);
631 void impl_deallocation_call (const call_details &cd);
632
633 /* Implemented in varargs.cc. */
634 void impl_call_va_start (const call_details &cd);
635 void impl_call_va_copy (const call_details &cd);
636 void impl_call_va_arg (const call_details &cd);
637 void impl_call_va_end (const call_details &cd);
638
639 void handle_unrecognized_call (const gcall *call,
640 region_model_context *ctxt);
641 void get_reachable_svalues (svalue_set *out,
642 const svalue *extra_sval,
643 const uncertainty_t *uncertainty);
644
645 void on_return (const greturn *stmt, region_model_context *ctxt);
646 void on_setjmp (const gcall *stmt, const exploded_node *enode,
647 region_model_context *ctxt);
648 void on_longjmp (const gcall *longjmp_call, const gcall *setjmp_call,
649 int setjmp_stack_depth, region_model_context *ctxt);
650
651 void update_for_phis (const supernode *snode,
652 const cfg_superedge *last_cfg_superedge,
653 region_model_context *ctxt);
654
655 void handle_phi (const gphi *phi, tree lhs, tree rhs,
656 const region_model &old_state,
657 region_model_context *ctxt);
658
659 bool maybe_update_for_edge (const superedge &edge,
660 const gimple *last_stmt,
661 region_model_context *ctxt,
662 rejected_constraint **out);
663
664 void update_for_gcall (const gcall *call_stmt,
665 region_model_context *ctxt,
666 function *callee = NULL);
667
668 void update_for_return_gcall (const gcall *call_stmt,
669 region_model_context *ctxt);
670
671 const region *push_frame (function *fun, const vec<const svalue *> *arg_sids,
672 region_model_context *ctxt);
673 const frame_region *get_current_frame () const { return m_current_frame; }
674 function * get_current_function () const;
675 void pop_frame (tree result_lvalue,
676 const svalue **out_result,
677 region_model_context *ctxt);
678 int get_stack_depth () const;
679 const frame_region *get_frame_at_index (int index) const;
680
681 const region *get_lvalue (path_var pv, region_model_context *ctxt) const;
682 const region *get_lvalue (tree expr, region_model_context *ctxt) const;
683 const svalue *get_rvalue (path_var pv, region_model_context *ctxt) const;
684 const svalue *get_rvalue (tree expr, region_model_context *ctxt) const;
685
686 const region *deref_rvalue (const svalue *ptr_sval, tree ptr_tree,
687 region_model_context *ctxt) const;
688
689 const svalue *get_rvalue_for_bits (tree type,
690 const region *reg,
691 const bit_range &bits,
692 region_model_context *ctxt) const;
693
694 void set_value (const region *lhs_reg, const svalue *rhs_sval,
695 region_model_context *ctxt);
696 void set_value (tree lhs, tree rhs, region_model_context *ctxt);
697 void clobber_region (const region *reg);
698 void purge_region (const region *reg);
699 void fill_region (const region *reg, const svalue *sval);
700 void zero_fill_region (const region *reg);
701 void mark_region_as_unknown (const region *reg, uncertainty_t *uncertainty);
702
703 tristate eval_condition (const svalue *lhs,
704 enum tree_code op,
705 const svalue *rhs) const;
706 tristate eval_condition_without_cm (const svalue *lhs,
707 enum tree_code op,
708 const svalue *rhs) const;
709 tristate compare_initial_and_pointer (const initial_svalue *init,
710 const region_svalue *ptr) const;
711 tristate eval_condition (tree lhs,
712 enum tree_code op,
713 tree rhs,
714 region_model_context *ctxt);
715 bool add_constraint (tree lhs, enum tree_code op, tree rhs,
716 region_model_context *ctxt);
717 bool add_constraint (tree lhs, enum tree_code op, tree rhs,
718 region_model_context *ctxt,
719 rejected_constraint **out);
720
721 const region *create_region_for_heap_alloc (const svalue *size_in_bytes,
722 region_model_context *ctxt);
723 const region *create_region_for_alloca (const svalue *size_in_bytes,
724 region_model_context *ctxt);
725
726 tree get_representative_tree (const svalue *sval) const;
727 path_var
728 get_representative_path_var (const svalue *sval,
729 svalue_set *visited) const;
730 path_var
731 get_representative_path_var (const region *reg,
732 svalue_set *visited) const;
733
734 /* For selftests. */
735 constraint_manager *get_constraints ()
736 {
737 return m_constraints;
738 }
739
740 store *get_store () { return &m_store; }
741 const store *get_store () const { return &m_store; }
742
743 const dynamic_extents_t &
744 get_dynamic_extents () const
745 {
746 return m_dynamic_extents;
747 }
748 const svalue *get_dynamic_extents (const region *reg) const;
749 void set_dynamic_extents (const region *reg,
750 const svalue *size_in_bytes,
751 region_model_context *ctxt);
752 void unset_dynamic_extents (const region *reg);
753
754 region_model_manager *get_manager () const { return m_mgr; }
755 bounded_ranges_manager *get_range_manager () const
756 {
757 return m_mgr->get_range_manager ();
758 }
759
760 void unbind_region_and_descendents (const region *reg,
761 enum poison_kind pkind);
762
763 bool can_merge_with_p (const region_model &other_model,
764 const program_point &point,
765 region_model *out_model,
766 const extrinsic_state *ext_state = NULL,
767 const program_state *state_a = NULL,
768 const program_state *state_b = NULL) const;
769
770 tree get_fndecl_for_call (const gcall *call,
771 region_model_context *ctxt);
772
773 void get_regions_for_current_frame (auto_vec<const decl_region *> *out) const;
774 static void append_regions_cb (const region *base_reg,
775 struct append_regions_cb_data *data);
776
777 const svalue *get_store_value (const region *reg,
778 region_model_context *ctxt) const;
779
780 bool region_exists_p (const region *reg) const;
781
782 void loop_replay_fixup (const region_model *dst_state);
783
784 const svalue *get_capacity (const region *reg) const;
785
786 /* Implemented in sm-malloc.cc */
787 void on_realloc_with_move (const call_details &cd,
788 const svalue *old_ptr_sval,
789 const svalue *new_ptr_sval);
790
791 private:
792 const region *get_lvalue_1 (path_var pv, region_model_context *ctxt) const;
793 const svalue *get_rvalue_1 (path_var pv, region_model_context *ctxt) const;
794
795 path_var
796 get_representative_path_var_1 (const svalue *sval,
797 svalue_set *visited) const;
798 path_var
799 get_representative_path_var_1 (const region *reg,
800 svalue_set *visited) const;
801
802 bool add_constraint (const svalue *lhs,
803 enum tree_code op,
804 const svalue *rhs,
805 region_model_context *ctxt);
806 bool add_constraints_from_binop (const svalue *outer_lhs,
807 enum tree_code outer_op,
808 const svalue *outer_rhs,
809 bool *out,
810 region_model_context *ctxt);
811
812 void update_for_call_superedge (const call_superedge &call_edge,
813 region_model_context *ctxt);
814 void update_for_return_superedge (const return_superedge &return_edge,
815 region_model_context *ctxt);
816 void update_for_call_summary (const callgraph_superedge &cg_sedge,
817 region_model_context *ctxt);
818 bool apply_constraints_for_gcond (const cfg_superedge &edge,
819 const gcond *cond_stmt,
820 region_model_context *ctxt,
821 rejected_constraint **out);
822 bool apply_constraints_for_gswitch (const switch_cfg_superedge &edge,
823 const gswitch *switch_stmt,
824 region_model_context *ctxt,
825 rejected_constraint **out);
826 bool apply_constraints_for_exception (const gimple *last_stmt,
827 region_model_context *ctxt,
828 rejected_constraint **out);
829
830 int poison_any_pointers_to_descendents (const region *reg,
831 enum poison_kind pkind);
832
833 void on_top_level_param (tree param, region_model_context *ctxt);
834
835 bool called_from_main_p () const;
836 const svalue *get_initial_value_for_global (const region *reg) const;
837
838 const svalue *check_for_poison (const svalue *sval,
839 tree expr,
840 region_model_context *ctxt) const;
841 const region * get_region_for_poisoned_expr (tree expr) const;
842
843 void check_dynamic_size_for_taint (enum memory_space mem_space,
844 const svalue *size_in_bytes,
845 region_model_context *ctxt) const;
846
847 void check_region_for_taint (const region *reg,
848 enum access_direction dir,
849 region_model_context *ctxt) const;
850
851 void check_for_writable_region (const region* dest_reg,
852 region_model_context *ctxt) const;
853 void check_region_access (const region *reg,
854 enum access_direction dir,
855 region_model_context *ctxt) const;
856 void check_region_for_write (const region *dest_reg,
857 region_model_context *ctxt) const;
858 void check_region_for_read (const region *src_reg,
859 region_model_context *ctxt) const;
860
861 void check_call_args (const call_details &cd) const;
862 void check_external_function_for_access_attr (const gcall *call,
863 tree callee_fndecl,
864 region_model_context *ctxt) const;
865
866 /* Storing this here to avoid passing it around everywhere. */
867 region_model_manager *const m_mgr;
868
869 store m_store;
870
871 constraint_manager *m_constraints; // TODO: embed, rather than dynalloc?
872
873 const frame_region *m_current_frame;
874
875 /* Map from base region to size in bytes, for tracking the sizes of
876 dynamically-allocated regions.
877 This is part of the region_model rather than the region to allow for
878 memory regions to be resized (e.g. by realloc). */
879 dynamic_extents_t m_dynamic_extents;
880 };
881
882 /* Some region_model activity could lead to warnings (e.g. attempts to use an
883 uninitialized value). This abstract base class encapsulates an interface
884 for the region model to use when emitting such warnings.
885
886 Having this as an abstract base class allows us to support the various
887 operations needed by program_state in the analyzer within region_model,
888 whilst keeping them somewhat modularized. */
889
890 class region_model_context
891 {
892 public:
893 /* Hook for clients to store pending diagnostics.
894 Return true if the diagnostic was stored, or false if it was deleted. */
895 virtual bool warn (pending_diagnostic *d) = 0;
896
897 /* Hook for clients to add a note to the last previously stored pending diagnostic.
898 Takes ownership of the pending_node (or deletes it). */
899 virtual void add_note (pending_note *pn) = 0;
900
901 /* Hook for clients to be notified when an SVAL that was reachable
902 in a previous state is no longer live, so that clients can emit warnings
903 about leaks. */
904 virtual void on_svalue_leak (const svalue *sval) = 0;
905
906 /* Hook for clients to be notified when the set of explicitly live
907 svalues changes, so that they can purge state relating to dead
908 svalues. */
909 virtual void on_liveness_change (const svalue_set &live_svalues,
910 const region_model *model) = 0;
911
912 virtual logger *get_logger () = 0;
913
914 /* Hook for clients to be notified when the condition
915 "LHS OP RHS" is added to the region model.
916 This exists so that state machines can detect tests on edges,
917 and use them to trigger sm-state transitions (e.g. transitions due
918 to ptrs becoming known to be NULL or non-NULL, rather than just
919 "unchecked") */
920 virtual void on_condition (const svalue *lhs,
921 enum tree_code op,
922 const svalue *rhs) = 0;
923
924 /* Hooks for clients to be notified when an unknown change happens
925 to SVAL (in response to a call to an unknown function). */
926 virtual void on_unknown_change (const svalue *sval, bool is_mutable) = 0;
927
928 /* Hooks for clients to be notified when a phi node is handled,
929 where RHS is the pertinent argument. */
930 virtual void on_phi (const gphi *phi, tree rhs) = 0;
931
932 /* Hooks for clients to be notified when the region model doesn't
933 know how to handle the tree code of T at LOC. */
934 virtual void on_unexpected_tree_code (tree t,
935 const dump_location_t &loc) = 0;
936
937 /* Hook for clients to be notified when a function_decl escapes. */
938 virtual void on_escaped_function (tree fndecl) = 0;
939
940 virtual uncertainty_t *get_uncertainty () = 0;
941
942 /* Hook for clients to purge state involving SVAL. */
943 virtual void purge_state_involving (const svalue *sval) = 0;
944
945 /* Hook for clients to split state with a non-standard path.
946 Take ownership of INFO. */
947 virtual void bifurcate (custom_edge_info *info) = 0;
948
949 /* Hook for clients to terminate the standard path. */
950 virtual void terminate_path () = 0;
951
952 virtual const extrinsic_state *get_ext_state () const = 0;
953
954 /* Hook for clients to access the "malloc" state machine in
955 any underlying program_state. */
956 virtual bool get_malloc_map (sm_state_map **out_smap,
957 const state_machine **out_sm,
958 unsigned *out_sm_idx) = 0;
959 /* Likewise for the "taint" state machine. */
960 virtual bool get_taint_map (sm_state_map **out_smap,
961 const state_machine **out_sm,
962 unsigned *out_sm_idx) = 0;
963
964 /* Get the current statement, if any. */
965 virtual const gimple *get_stmt () const = 0;
966 };
967
968 /* A "do nothing" subclass of region_model_context. */
969
970 class noop_region_model_context : public region_model_context
971 {
972 public:
973 bool warn (pending_diagnostic *) override { return false; }
974 void add_note (pending_note *pn) override;
975 void on_svalue_leak (const svalue *) override {}
976 void on_liveness_change (const svalue_set &,
977 const region_model *) override {}
978 logger *get_logger () override { return NULL; }
979 void on_condition (const svalue *lhs ATTRIBUTE_UNUSED,
980 enum tree_code op ATTRIBUTE_UNUSED,
981 const svalue *rhs ATTRIBUTE_UNUSED) override
982 {
983 }
984 void on_unknown_change (const svalue *sval ATTRIBUTE_UNUSED,
985 bool is_mutable ATTRIBUTE_UNUSED) override
986 {
987 }
988 void on_phi (const gphi *phi ATTRIBUTE_UNUSED,
989 tree rhs ATTRIBUTE_UNUSED) override
990 {
991 }
992 void on_unexpected_tree_code (tree, const dump_location_t &) override {}
993
994 void on_escaped_function (tree) override {}
995
996 uncertainty_t *get_uncertainty () override { return NULL; }
997
998 void purge_state_involving (const svalue *sval ATTRIBUTE_UNUSED) override {}
999
1000 void bifurcate (custom_edge_info *info) override;
1001 void terminate_path () override;
1002
1003 const extrinsic_state *get_ext_state () const override { return NULL; }
1004
1005 bool get_malloc_map (sm_state_map **,
1006 const state_machine **,
1007 unsigned *) override
1008 {
1009 return false;
1010 }
1011 bool get_taint_map (sm_state_map **,
1012 const state_machine **,
1013 unsigned *) override
1014 {
1015 return false;
1016 }
1017
1018 const gimple *get_stmt () const override { return NULL; }
1019 };
1020
1021 /* A subclass of region_model_context for determining if operations fail
1022 e.g. "can we generate a region for the lvalue of EXPR?". */
1023
1024 class tentative_region_model_context : public noop_region_model_context
1025 {
1026 public:
1027 tentative_region_model_context () : m_num_unexpected_codes (0) {}
1028
1029 void on_unexpected_tree_code (tree, const dump_location_t &)
1030 final override
1031 {
1032 m_num_unexpected_codes++;
1033 }
1034
1035 bool had_errors_p () const { return m_num_unexpected_codes > 0; }
1036
1037 private:
1038 int m_num_unexpected_codes;
1039 };
1040
1041 /* Subclass of region_model_context that wraps another context, allowing
1042 for extra code to be added to the various hooks. */
1043
1044 class region_model_context_decorator : public region_model_context
1045 {
1046 public:
1047 bool warn (pending_diagnostic *d) override
1048 {
1049 return m_inner->warn (d);
1050 }
1051
1052 void add_note (pending_note *pn) override
1053 {
1054 m_inner->add_note (pn);
1055 }
1056
1057 void on_svalue_leak (const svalue *sval) override
1058 {
1059 m_inner->on_svalue_leak (sval);
1060 }
1061
1062 void on_liveness_change (const svalue_set &live_svalues,
1063 const region_model *model) override
1064 {
1065 m_inner->on_liveness_change (live_svalues, model);
1066 }
1067
1068 logger *get_logger () override
1069 {
1070 return m_inner->get_logger ();
1071 }
1072
1073 void on_condition (const svalue *lhs,
1074 enum tree_code op,
1075 const svalue *rhs) override
1076 {
1077 m_inner->on_condition (lhs, op, rhs);
1078 }
1079
1080 void on_unknown_change (const svalue *sval, bool is_mutable) override
1081 {
1082 m_inner->on_unknown_change (sval, is_mutable);
1083 }
1084
1085 void on_phi (const gphi *phi, tree rhs) override
1086 {
1087 m_inner->on_phi (phi, rhs);
1088 }
1089
1090 void on_unexpected_tree_code (tree t,
1091 const dump_location_t &loc) override
1092 {
1093 m_inner->on_unexpected_tree_code (t, loc);
1094 }
1095
1096 void on_escaped_function (tree fndecl) override
1097 {
1098 m_inner->on_escaped_function (fndecl);
1099 }
1100
1101 uncertainty_t *get_uncertainty () override
1102 {
1103 return m_inner->get_uncertainty ();
1104 }
1105
1106 void purge_state_involving (const svalue *sval) override
1107 {
1108 m_inner->purge_state_involving (sval);
1109 }
1110
1111 void bifurcate (custom_edge_info *info) override
1112 {
1113 m_inner->bifurcate (info);
1114 }
1115
1116 void terminate_path () override
1117 {
1118 m_inner->terminate_path ();
1119 }
1120
1121 const extrinsic_state *get_ext_state () const override
1122 {
1123 return m_inner->get_ext_state ();
1124 }
1125
1126 bool get_malloc_map (sm_state_map **out_smap,
1127 const state_machine **out_sm,
1128 unsigned *out_sm_idx) override
1129 {
1130 return m_inner->get_malloc_map (out_smap, out_sm, out_sm_idx);
1131 }
1132
1133 bool get_taint_map (sm_state_map **out_smap,
1134 const state_machine **out_sm,
1135 unsigned *out_sm_idx) override
1136 {
1137 return m_inner->get_taint_map (out_smap, out_sm, out_sm_idx);
1138 }
1139
1140 const gimple *get_stmt () const override
1141 {
1142 return m_inner->get_stmt ();
1143 }
1144
1145 protected:
1146 region_model_context_decorator (region_model_context *inner)
1147 : m_inner (inner)
1148 {
1149 gcc_assert (m_inner);
1150 }
1151
1152 region_model_context *m_inner;
1153 };
1154
1155 /* Subclass of region_model_context_decorator that adds a note
1156 when saving diagnostics. */
1157
1158 class note_adding_context : public region_model_context_decorator
1159 {
1160 public:
1161 bool warn (pending_diagnostic *d) override
1162 {
1163 if (m_inner->warn (d))
1164 {
1165 add_note (make_note ());
1166 return true;
1167 }
1168 else
1169 return false;
1170 }
1171
1172 /* Hook to make the new note. */
1173 virtual pending_note *make_note () = 0;
1174
1175 protected:
1176 note_adding_context (region_model_context *inner)
1177 : region_model_context_decorator (inner)
1178 {
1179 }
1180 };
1181
1182 /* A bundle of data for use when attempting to merge two region_model
1183 instances to make a third. */
1184
1185 struct model_merger
1186 {
1187 model_merger (const region_model *model_a,
1188 const region_model *model_b,
1189 const program_point &point,
1190 region_model *merged_model,
1191 const extrinsic_state *ext_state,
1192 const program_state *state_a,
1193 const program_state *state_b)
1194 : m_model_a (model_a), m_model_b (model_b),
1195 m_point (point),
1196 m_merged_model (merged_model),
1197 m_ext_state (ext_state),
1198 m_state_a (state_a), m_state_b (state_b)
1199 {
1200 }
1201
1202 void dump_to_pp (pretty_printer *pp, bool simple) const;
1203 void dump (FILE *fp, bool simple) const;
1204 void dump (bool simple) const;
1205
1206 region_model_manager *get_manager () const
1207 {
1208 return m_model_a->get_manager ();
1209 }
1210
1211 bool mergeable_svalue_p (const svalue *) const;
1212
1213 const region_model *m_model_a;
1214 const region_model *m_model_b;
1215 const program_point &m_point;
1216 region_model *m_merged_model;
1217
1218 const extrinsic_state *m_ext_state;
1219 const program_state *m_state_a;
1220 const program_state *m_state_b;
1221 };
1222
1223 /* A record that can (optionally) be written out when
1224 region_model::add_constraint fails. */
1225
1226 class rejected_constraint
1227 {
1228 public:
1229 virtual ~rejected_constraint () {}
1230 virtual void dump_to_pp (pretty_printer *pp) const = 0;
1231
1232 const region_model &get_model () const { return m_model; }
1233
1234 protected:
1235 rejected_constraint (const region_model &model)
1236 : m_model (model)
1237 {}
1238
1239 region_model m_model;
1240 };
1241
1242 class rejected_op_constraint : public rejected_constraint
1243 {
1244 public:
1245 rejected_op_constraint (const region_model &model,
1246 tree lhs, enum tree_code op, tree rhs)
1247 : rejected_constraint (model),
1248 m_lhs (lhs), m_op (op), m_rhs (rhs)
1249 {}
1250
1251 void dump_to_pp (pretty_printer *pp) const final override;
1252
1253 tree m_lhs;
1254 enum tree_code m_op;
1255 tree m_rhs;
1256 };
1257
1258 class rejected_ranges_constraint : public rejected_constraint
1259 {
1260 public:
1261 rejected_ranges_constraint (const region_model &model,
1262 tree expr, const bounded_ranges *ranges)
1263 : rejected_constraint (model),
1264 m_expr (expr), m_ranges (ranges)
1265 {}
1266
1267 void dump_to_pp (pretty_printer *pp) const final override;
1268
1269 private:
1270 tree m_expr;
1271 const bounded_ranges *m_ranges;
1272 };
1273
1274 /* A bundle of state. */
1275
1276 class engine
1277 {
1278 public:
1279 engine (const supergraph *sg = NULL, logger *logger = NULL);
1280 const supergraph *get_supergraph () { return m_sg; }
1281 region_model_manager *get_model_manager () { return &m_mgr; }
1282
1283 void log_stats (logger *logger) const;
1284
1285 private:
1286 const supergraph *m_sg;
1287 region_model_manager m_mgr;
1288 };
1289
1290 } // namespace ana
1291
1292 extern void debug (const region_model &rmodel);
1293
1294 namespace ana {
1295
1296 #if CHECKING_P
1297
1298 namespace selftest {
1299
1300 using namespace ::selftest;
1301
1302 /* An implementation of region_model_context for use in selftests, which
1303 stores any pending_diagnostic instances passed to it. */
1304
1305 class test_region_model_context : public noop_region_model_context
1306 {
1307 public:
1308 bool warn (pending_diagnostic *d) final override
1309 {
1310 m_diagnostics.safe_push (d);
1311 return true;
1312 }
1313
1314 unsigned get_num_diagnostics () const { return m_diagnostics.length (); }
1315
1316 void on_unexpected_tree_code (tree t, const dump_location_t &)
1317 final override
1318 {
1319 internal_error ("unhandled tree code: %qs",
1320 get_tree_code_name (TREE_CODE (t)));
1321 }
1322
1323 private:
1324 /* Implicitly delete any diagnostics in the dtor. */
1325 auto_delete_vec<pending_diagnostic> m_diagnostics;
1326 };
1327
1328 /* Attempt to add the constraint (LHS OP RHS) to MODEL.
1329 Verify that MODEL remains satisfiable. */
1330
1331 #define ADD_SAT_CONSTRAINT(MODEL, LHS, OP, RHS) \
1332 SELFTEST_BEGIN_STMT \
1333 bool sat = (MODEL).add_constraint (LHS, OP, RHS, NULL); \
1334 ASSERT_TRUE (sat); \
1335 SELFTEST_END_STMT
1336
1337 /* Attempt to add the constraint (LHS OP RHS) to MODEL.
1338 Verify that the result is not satisfiable. */
1339
1340 #define ADD_UNSAT_CONSTRAINT(MODEL, LHS, OP, RHS) \
1341 SELFTEST_BEGIN_STMT \
1342 bool sat = (MODEL).add_constraint (LHS, OP, RHS, NULL); \
1343 ASSERT_FALSE (sat); \
1344 SELFTEST_END_STMT
1345
1346 /* Implementation detail of the ASSERT_CONDITION_* macros. */
1347
1348 void assert_condition (const location &loc,
1349 region_model &model,
1350 const svalue *lhs, tree_code op, const svalue *rhs,
1351 tristate expected);
1352
1353 void assert_condition (const location &loc,
1354 region_model &model,
1355 tree lhs, tree_code op, tree rhs,
1356 tristate expected);
1357
1358 /* Assert that REGION_MODEL evaluates the condition "LHS OP RHS"
1359 as "true". */
1360
1361 #define ASSERT_CONDITION_TRUE(REGION_MODEL, LHS, OP, RHS) \
1362 SELFTEST_BEGIN_STMT \
1363 assert_condition (SELFTEST_LOCATION, REGION_MODEL, LHS, OP, RHS, \
1364 tristate (tristate::TS_TRUE)); \
1365 SELFTEST_END_STMT
1366
1367 /* Assert that REGION_MODEL evaluates the condition "LHS OP RHS"
1368 as "false". */
1369
1370 #define ASSERT_CONDITION_FALSE(REGION_MODEL, LHS, OP, RHS) \
1371 SELFTEST_BEGIN_STMT \
1372 assert_condition (SELFTEST_LOCATION, REGION_MODEL, LHS, OP, RHS, \
1373 tristate (tristate::TS_FALSE)); \
1374 SELFTEST_END_STMT
1375
1376 /* Assert that REGION_MODEL evaluates the condition "LHS OP RHS"
1377 as "unknown". */
1378
1379 #define ASSERT_CONDITION_UNKNOWN(REGION_MODEL, LHS, OP, RHS) \
1380 SELFTEST_BEGIN_STMT \
1381 assert_condition (SELFTEST_LOCATION, REGION_MODEL, LHS, OP, RHS, \
1382 tristate (tristate::TS_UNKNOWN)); \
1383 SELFTEST_END_STMT
1384
1385 } /* end of namespace selftest. */
1386
1387 #endif /* #if CHECKING_P */
1388
1389 } // namespace ana
1390
1391 #endif /* GCC_ANALYZER_REGION_MODEL_H */
Mirror of the offical gcc git repository hosted at gcc.gnu.org