Add attribute((null_terminated_string_arg(PARAM_IDX)))

Add attribute((null_terminated_string_arg(PARAM_IDX)))

This patch adds a new function attribute to GCC for marking that an
argument is expected to be a null-terminated string.

For example, consider:

  void test_a (const char *p)
    __attribute__((null_terminated_string_arg (1)));

which would indicate to humans and compilers that argument 1 of "test_a"
is expected to be a null-terminated string, with the idea:

- we should complain if it's not valid to read from *p up to the first
  '\0' character in the buffer

- we should complain if *p is not terminated, or if it's uninitialized
  before the first '\0' character

This is independent of the nonnull-ness of the pointer: if you also want
to express that the argument must be non-null, we already have
__attribute__((nonnull (N))), so the user can write e.g.:

  void test_b (const char *p)
    __attribute__((null_terminated_string_arg (1))
    __attribute__((nonnull (1)));

which can also be spelled as:

  void test_b (const char *p)
     __attribute__((null_terminated_string_arg (1),
                    nonnull (1)));

For a function similar to strncpy, we can use the "access" attribute to
express a maximum size of the read:

  void test_c (const char *p, size_t sz)
     __attribute__((null_terminated_string_arg (1),
                    nonnull (1),
                    access (read_only, 1, 2)));

The patch implements:
(a) C/C++ frontends: recognition of this attribute
(b) analyzer: usage of this attribute

gcc/analyzer/ChangeLog:
	* region-model.cc
	(region_model::check_external_function_for_access_attr): Split
	out, replacing with...
	(region_model::check_function_attr_access): ...this new function
	and...
	(region_model::check_function_attrs): ...this new function.
	(region_model::check_one_function_attr_null_terminated_string_arg):
	New.
	(region_model::check_function_attr_null_terminated_string_arg):
	New.
	(region_model::handle_unrecognized_call): Update for renaming of
	check_external_function_for_access_attr to check_function_attrs.
	(region_model::check_for_null_terminated_string_arg): Add return
	value to one overload.  Make both overloads const.
	* region-model.h: Include "stringpool.h" and "attribs.h".
	(region_model::check_for_null_terminated_string_arg): Add return
	value to one overload.  Make both overloads const.
	(region_model::check_external_function_for_access_attr): Delete
	decl.
	(region_model::check_function_attr_access): New decl.
	(region_model::check_function_attr_null_terminated_string_arg):
	New decl.
	(region_model::check_one_function_attr_null_terminated_string_arg):
	New decl.
	(region_model::check_function_attrs): New decl.

gcc/c-family/ChangeLog:
	* c-attribs.cc (c_common_attribute_table): Add
	"null_terminated_string_arg".
	(handle_null_terminated_string_arg_attribute): New.

gcc/ChangeLog:
	* doc/extend.texi (Common Function Attributes): Add
	null_terminated_string_arg.

gcc/testsuite/ChangeLog:
	* c-c++-common/analyzer/attr-null_terminated_string_arg-access-read_write.c:
	New test.
	* c-c++-common/analyzer/attr-null_terminated_string_arg-access-without-size.c:
	New test.
	* c-c++-common/analyzer/attr-null_terminated_string_arg-multiple.c:
	New test.
	* c-c++-common/analyzer/attr-null_terminated_string_arg-nonnull-2.c:
	New test.
	* c-c++-common/analyzer/attr-null_terminated_string_arg-nonnull-sized.c:
	New test.
	* c-c++-common/analyzer/attr-null_terminated_string_arg-nonnull.c:
	New test.
	* c-c++-common/analyzer/attr-null_terminated_string_arg-nullable-sized.c:
	New test.
	* c-c++-common/analyzer/attr-null_terminated_string_arg-nullable.c:
	New test.
	* c-c++-common/attr-null_terminated_string_arg.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>