[committed] analyzer: rewrite of region and value-handling

Christophe Lyon christophe.lyon@linaro.org
Fri Aug 14 08:49:13 GMT 2020


Hi David,


On Thu, 13 Aug 2020 at 22:58, David Malcolm via Gcc-patches
<gcc-patches@gcc.gnu.org> wrote:
>
> This large patch reimplements how the analyzer tracks regions and
> values.
>
> Elimination of region_id and svalue_id
> **************************************
>
> The patch eliminates region_id and svalue_id in favor of simply
> using pointers.  I'd hoped that the ID classes would make it easier
> to compare states, avoiding having to compare long hexadecimal addresses
> in favor of small integers.  Unfortunately it added lots of complexity,
> with the need to remap IDs when comparing or purging states, and the
> need to "canonicalize" when comparing states.
>
> Various "state explosion" bugs in the old implementation were due to
> failures in canonicalization, where two states that ought to be equal
> were non-equal due to differences in ID ordering.  I spent a lot of
> time trying to fix canonicalization bugs, and there always seemed to
> be one more bug.  By eliminating IDs in this new implementation, lots
> of tricky canonicalization goes away and no ID remapping should be
> needed; almost all of the old validation code becomes redundant.
> There's still some canonicalization in the new implementation, mostly
> in constraint_manager, but much less than before.
>
> Ownership of regions and svalues
> ********************************
>
> In the old implementation, each region_model had its own copies of
> regions and svalues, so there was heap bloat and churn as lots of
> little objects were cloned when copying program_state instances.  In the
> new implementation the regions and svalues are immutable and are shared
> thoughout the analysis, rather than being per region_model.  They are
> owned by a manager class, and are effectively singletons.  Region and
> svalue instances can now be compared by pointer rather than by comparing
> their fields (the manager class takes care of uniqueness).
>
> This is a huge simplification, and (I hope) will avoid lots
> of heap churn as states are copied; all mutable state from regions and
> svalues is now stored in a "store" class in the region_model.
>
> Changes to the meaning of a "region"
> ************************************
>
> Region subclasses no longer represent internal structure, but instead
> represent how the regions are reached.  So e.g. a global "struct coord
> c;" is now a decl_region, rather than a struct_region.
>
> In the old implementation, the values for each region were stored in the
> region instances, but in the new implementation the regions are immutable.
> Memory is now modeled in a new "store" class: a mapping from keys to
> svalues, where the keys are both concrete bit-offsets from the start of
> a "base region", and "symbolic" keys (thus hopefully making unions,
> casts, aliasing etc easier to deal with).  So e.g. for assignments to
> the fields of a struct, it records the mapping from bit-offsets of e.g.
> field to the values; if that memory is cast to another type and written
> to, the appropriate clobbering of the bound values can happen.
>
> The concept of "what the current stack is" moves from the regions to
> being a field within the region_model ("m_current_frame").
>
> Bugs fixed by this patch
> ************************
>
> PR analyzer/93032 (missing leak diagnostic for zlib/contrib/minizip/mztools.c)
> PR analyzer/93938 (ICE in analyzer)
> PR analyzer/94011 (ICE in analyzer)
> PR analyzer/94099 (ICE in analyzer)
> PR analyzer/94399 (leak false positive with __attribute__((cleanup())))
> PR analyzer/94458 (leak false positive)
> PR analyzer/94503 (ICE on C++ return-value-optimization)
> PR analyzer/94640 (leak false positive)
> PR analyzer/94688 (ICE in analyzer)
> PR analyzer/94689 ("arrays of functions are not meaningful" error)
> PR analyzer/94839 (leak false positive)
> PR analyzer/95026 (leak false positive)
> PR analyzer/95042 (ICE merging const and non-const C++ object instances)
> PR analyzer/95240 (leak false positive)
>
> Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
> Pushed to master as 808f4dfeb3a95f50f15e71148e5c1067f90a126d.
>

Some of the new tests fail on arm and aarch64.

On arm:
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 19)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 20)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 21)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 22)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 23)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 24)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 25)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 26)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 36)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 37)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 38)
    gcc.dg/analyzer/casts-1.c  (test for warnings, line 39)
    gcc.dg/analyzer/casts-1.c (test for excess errors)
    gcc.dg/analyzer/init.c  (test for warnings, line 100)
    gcc.dg/analyzer/init.c  (test for warnings, line 101)
    gcc.dg/analyzer/init.c  (test for warnings, line 102)
    gcc.dg/analyzer/init.c  (test for warnings, line 124)
    gcc.dg/analyzer/init.c  (test for warnings, line 125)
    gcc.dg/analyzer/init.c  (test for warnings, line 126)
    gcc.dg/analyzer/init.c  (test for warnings, line 127)
    gcc.dg/analyzer/init.c  (test for warnings, line 128)
    gcc.dg/analyzer/init.c  (test for warnings, line 129)
    gcc.dg/analyzer/init.c  (test for warnings, line 30)
    gcc.dg/analyzer/init.c  (test for warnings, line 31)
    gcc.dg/analyzer/init.c  (test for warnings, line 51)
    gcc.dg/analyzer/init.c  (test for warnings, line 52)
    gcc.dg/analyzer/init.c  (test for warnings, line 72)
    gcc.dg/analyzer/init.c  (test for warnings, line 73)
    gcc.dg/analyzer/init.c  (test for warnings, line 74)
    gcc.dg/analyzer/init.c  (test for warnings, line 75)
    gcc.dg/analyzer/init.c  (test for warnings, line 99)
    gcc.dg/analyzer/init.c (test for excess errors)
    gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)

In my logs I can see:
/gcc/testsuite/gcc.dg/analyzer/casts-1.c: In function 'test_1':
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:19:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:20:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:21:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:22:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:23:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:24:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:25:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:26:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:29:3: warning: TRUE
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:30:3: warning: TRUE
/gcc/testsuite/gcc.dg/analyzer/casts-1.c: In function 'test_2':
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:36:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:37:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:38:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:39:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:41:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:43:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:45:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:47:3: warning: UNKNOWN

/gcc/testsuite/gcc.dg/analyzer/init.c:30:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:31:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:51:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:52:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:72:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:73:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:74:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:75:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:99:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:100:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:101:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:102:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:124:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:125:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:126:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:127:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:128:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:129:3: warning: UNKNOWN

FAIL: gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
Excess errors:
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:174:15: warning:
terminating analysis for this program point: EN: 213-217, EN: 475-477,
EN: 632 [-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:174:15: warning:
terminating analysis for this program point: EN: 213-217, EN: 475-477,
EN: 632 [-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:174:15: warning:
terminating analysis for this program point: EN: 213-217, EN: 475-477,
EN: 632 [-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]


on aarch64:
    gcc.dg/analyzer/init.c  (test for warnings, line 124)
    gcc.dg/analyzer/init.c  (test for warnings, line 125)
    gcc.dg/analyzer/init.c  (test for warnings, line 126)
    gcc.dg/analyzer/init.c  (test for warnings, line 127)
    gcc.dg/analyzer/init.c  (test for warnings, line 128)
    gcc.dg/analyzer/init.c  (test for warnings, line 129)
    gcc.dg/analyzer/init.c (test for excess errors)
    gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)

because:
/gcc/testsuite/gcc.dg/analyzer/init.c:124:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:125:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:126:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:127:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:128:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:129:3: warning: UNKNOWN

FAIL: gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
Excess errors:
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]


HTH

Christophe

> At 1.1MB the patch exceeds the mailing list limit, so I'm attaching a
> gzipped copy.
> It can also be seen via:
> https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=808f4dfeb3a95f50f15e71148e5c1067f90a126d
>
> gcc/ChangeLog:
>         * Makefile.in (ANALYZER_OBJS): Add analyzer/region.o,
>         analyzer/region-model-impl-calls.o,
>         analyzer/region-model-manager.o,
>         analyzer/region-model-reachability.o, analyzer/store.o, and
>         analyzer/svalue.o.
>         * doc/analyzer.texi: Update for changes to analyzer
>         implementation.
>         * tristate.h (tristate::get_value): New accessor.
>
> gcc/analyzer/ChangeLog:
>         * analyzer-logging.cc: Ignore "-Wformat-diag".
>         (logger::enter_scope): Use inc_indent in both overloads.
>         (logger::exit_scope): Use dec_indent.
>         * analyzer-logging.h (logger::inc_indent): New.
>         (logger::dec_indent): New.
>         * analyzer-selftests.cc (run_analyzer_selftests): Call
>         analyzer_store_cc_tests.
>         * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
>         * analyzer.cc (get_stmt_location): New function.
>         * analyzer.h (class initial_svalue): New forward decl.
>         (class unaryop_svalue): New forward decl.
>         (class binop_svalue): New forward decl.
>         (class sub_svalue): New forward decl.
>         (class unmergeable_svalue): New forward decl.
>         (class placeholder_svalue): New forward decl.
>         (class widening_svalue): New forward decl.
>         (class compound_svalue): New forward decl.
>         (class conjured_svalue): New forward decl.
>         (svalue_set): New typedef.
>         (class map_region): Delete.
>         (class array_region): Delete.
>         (class frame_region): New forward decl.
>         (class function_region): New forward decl.
>         (class label_region): New forward decl.
>         (class decl_region): New forward decl.
>         (class element_region): New forward decl.
>         (class offset_region): New forward decl.
>         (class cast_region): New forward decl.
>         (class field_region): New forward decl.
>         (class string_region): New forward decl.
>         (class region_model_manager): New forward decl.
>         (class store_manager): New forward decl.
>         (class store): New forward decl.
>         (class call_details): New forward decl.
>         (struct svalue_id_merger_mapping): Delete.
>         (struct canonicalization): Delete.
>         (class function_point): New forward decl.
>         (class engine): New forward decl.
>         (dump_tree): New function decl.
>         (print_quoted_type): New function decl.
>         (readability_comparator): New function decl.
>         (tree_cmp): New function decl.
>         (class path_var): Move here from region-model.h
>         (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
>         (class region_offset): New class.
>         (get_stmt_location): New decl.
>         (struct member_function_hash_traits): New struct.
>         (class consolidation_map): New class.
>         Ignore "-Wformat-diag".
>         * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
>         (-param=analyzer-max-enodes-for-full-dump=): New param.
>         * call-string.cc: Ignore -Wformat-diag.
>         * checker-path.cc: Move includes of "analyzer/call-string.h" and
>         "analyzer/program-point.h" to before "analyzer/region-model.h",
>         and also include "analyzer/store.h" before it.
>         (state_change_event::state_change_event): Replace "tree var" param
>         with "const svalue *sval".  Convert "origin" param from tree to
>         "const svalue *".
>         (state_change_event::get_desc): Call get_representative_tree to
>         convert the var and origin from const svalue * to tree.  Use
>         svalue::get_desc rather than %qE when describing state changes.
>         (checker_path::add_final_event): Use get_stmt_location.
>         * checker-path.h (state_change_event::state_change_event): Port
>         from tree to const svalue *.
>         (state_change_event::get_lvalue): Delete.
>         (state_change_event::get_dest_function): New.
>         (state_change_event::m_var): Replace with...
>         (state_change_event::m_sval): ...this.
>         (state_change_event::m_origin): Convert from tree to
>         const svalue *.
>         * constraint-manager.cc: Include "analyzer/call-string.h",
>         "analyzer/program-point.h", and "analyzer/store.h" before
>         "analyzer/region-model.h".
>         (struct bound, struct range): Move to constraint-manager.h.
>         (compare_constants): New function.
>         (range::dump): Rename to...
>         (range::dump_to_pp): ...this.  Support NULL constants.
>         (range::dump): Reintroduce for dumping to stderr.
>         (range::constrained_to_single_element): Return result, rather than
>         writing to *OUT.
>         (range::eval_condition): New.
>         (range::below_lower_bound): New.
>         (range::above_upper_bound): New.
>         (equiv_class::equiv_class): Port from svalue_id to const svalue *.
>         (equiv_class::print): Likewise.
>         (equiv_class::hash): Likewise.
>         (equiv_class::operator==): Port from svalue_id to const svalue *.
>         (equiv_class::add): Port from svalue_id to const svalue *. Drop
>         "cm" param.
>         (equiv_class::del): Port from svalue_id to const svalue *.
>         (equiv_class::get_representative): Likewise.
>         (equiv_class::remap_svalue_ids): Delete.
>         (svalue_id_cmp_by_id): Rename to...
>         (svalue_cmp_by_ptr): ...this, porting from svalue_id to
>         const svalue *.
>         (equiv_class::canonicalize): Update qsort comparator.
>         (constraint::implied_by): New.
>         (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
>         (constraint_manager::dump_to_pp): Add "multiline" param
>         (constraint_manager::dump): Pass "true" for "multiline".
>         (constraint_manager::add_constraint): Port from svalue_id to
>         const svalue *.  Split out second part into...
>         (constraint_manager::add_unknown_constraint): ...this new
>         function.  Remove self-constraints when merging equivalence
>         classes.
>         (constraint_manager::add_constraint_internal): Remove constraints
>         that would be implied by the new constraint.  Port from svalue_id
>         to const svalue *.
>         (constraint_manager::get_equiv_class_by_sid): Rename to...
>         (constraint_manager::get_equiv_class_by_svalue): ...this, porting
>         from svalue_id to const svalue *.
>         (constraint_manager::get_or_add_equiv_class): Port from svalue_id
>         to const svalue *.
>         (constraint_manager::eval_condition): Make const.  Call
>         compare_constants and return early if it provides a known result.
>         (constraint_manager::get_ec_bounds): New.
>         (constraint_manager::eval_condition): New overloads.  Make
>         existing one const, and use compare_constants.
>         (constraint_manager::purge): Convert "p" param to a template
>         rather that an abstract base class.  Port from svalue_id to
>         const svalue *.
>         (class dead_svalue_purger): New class.
>         (constraint_manager::remap_svalue_ids): Delete.
>         (constraint_manager::on_liveness_change): New.
>         (equiv_class_cmp): Port from svalue_id to const svalue *.
>         (constraint_manager::canonicalize): Likewise.  Combine with
>         purging of redundant equivalence classes and constraints.
>         (class cleaned_constraint_manager): Delete.
>         (class merger_fact_visitor): Make "m_cm_b" const.  Add "m_merger"
>         field.
>         (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
>         Add special case for widening.
>         (constraint_manager::merge): Port from svalue_id to const svalue *.
>         (constraint_manager::clean_merger_input): Delete.
>         (constraint_manager::for_each_fact): Port from svalue_id to
>         const svalue *.
>         (constraint_manager::validate): Likewise.
>         (selftest::test_constraint_conditions): Provide a
>         region_model_manager when creating region_model instances.
>         Add test for self-equality not creating equivalence classes.
>         (selftest::test_transitivity): Provide a region_model_manager when
>         creating region_model instances.  Verify that EC-merging happens
>         when constraints are implied.
>         (selftest::test_constant_comparisons):  Provide a
>         region_model_manager when creating region_model instances.
>         (selftest::test_constraint_impl): Likewise.  Remove over-specified
>         assertions.
>         (selftest::test_equality): Provide a region_model_manager when
>         creating region_model instances.
>         (selftest::test_many_constants): Likewise.  Provide a
>         program_point when testing merging.
>         (selftest::run_constraint_manager_tests): Move call to
>         test_constant_comparisons to outside the transitivity guard.
>         * constraint-manager.h (struct bound): Move here from
>         constraint-manager.cc.
>         (struct range): Likewise.
>         (struct::eval_condition): New decl.
>         (struct::below_lower_bound): New decl.
>         (struct::above_upper_bound): New decl.
>         (equiv_class::add): Port from svalue_id to const svalue *.
>         (equiv_class::del): Likewise.
>         (equiv_class::get_representative): Likewise.
>         (equiv_class::remap_svalue_ids): Drop.
>         (equiv_class::m_cst_sid): Convert to..
>         (equiv_class::m_cst_sval): ...this.
>         (equiv_class::m_vars): Port from svalue_id to const svalue *.
>         (constraint::bool implied_by): New decl.
>         (fact_visitor::on_fact): Port from svalue_id to const svalue *.
>         (constraint_manager::constraint_manager): Add mgr param.
>         (constraint_manager::clone): Delete.
>         (constraint_manager::maybe_get_constant): Delete.
>         (constraint_manager::get_sid_for_constant): Delete.
>         (constraint_manager::get_num_svalues): Delete.
>         (constraint_manager::dump_to_pp): Add "multiline" param.
>         (constraint_manager::get_equiv_class): Port from svalue_id to
>         const svalue *.
>         (constraint_manager::add_constraint):  Likewise.
>         (constraint_manager::get_equiv_class_by_sid): Rename to...
>         (constraint_manager::get_equiv_class_by_svalue): ...this, porting
>         from svalue_id to const svalue *.
>         (constraint_manager::add_unknown_constraint): New decl.
>         (constraint_manager::get_or_add_equiv_class): Port from svalue_id
>         to const svalue *.
>         (constraint_manager::eval_condition): Likewise.  Add overloads.
>         (constraint_manager::get_ec_bounds): New decl.
>         (constraint_manager::purge): Convert to template.
>         (constraint_manager::remap_svalue_ids): Delete.
>         (constraint_manager::on_liveness_change): New decl.
>         (constraint_manager::canonicalize): Drop param.
>         (constraint_manager::clean_merger_input): Delete.
>         (constraint_manager::m_mgr): New field.
>         * diagnostic-manager.cc: Move includes of
>         "analyzer/call-string.h" and "analyzer/program-point.h" to before
>         "analyzer/region-model.h", and also include "analyzer/store.h"
>         before it.
>         (saved_diagnostic::saved_diagnostic): Add "sval" param.
>         (diagnostic_manager::diagnostic_manager): Add engine param.
>         (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
>         to saved_diagnostic ctor.  Update overload to pass NULL for it.
>         (dedupe_winners::dedupe_winners): Add engine param.
>         (dedupe_winners::add): Add "eg" param.  Pass m_engine to
>         feasible_p.
>         (dedupe_winner::m_engine): New field.
>         (diagnostic_manager::emit_saved_diagnostics): Pass engine to
>         dedupe_winners.  Pass &eg when adding candidates.  Pass svalue
>         rather than tree to prune_path.  Use get_stmt_location to get
>         primary location of diagnostic.
>         (diagnostic_manager::emit_saved_diagnostic): Likewise.
>         (get_any_origin): Drop.
>         (state_change_event_creator::on_global_state_change): Pass NULL
>         const svalue * rather than NULL_TREE trees to state_change_event
>         ctor.
>         (state_change_event_creator::on_state_change): Port from tree and
>         svalue_id to const svalue *.
>         (for_each_state_change): Port from svalue_id to const svalue *.
>         (struct null_assignment_sm_context): New.
>         (diagnostic_manager::add_events_for_eedge):  Add state change
>         events for assignment to NULL.
>         (diagnostic_manager::prune_path): Update param from tree to
>         const svalue *.
>         (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
>         by tree to by const svalue *.
>         * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
>         param.
>         (saved_diagnostic::m_sval): New field.
>         (diagnostic_manager::diagnostic_manager): Add engine param.
>         (diagnostic_manager::get_engine): New.
>         (diagnostic_manager::add_diagnostic): Add "sval" param.
>         (diagnostic_manager::prune_path): Likewise.
>         (diagnostic_manager::prune_for_sm_diagnostic): New overload.
>         (diagnostic_manager::m_eng): New field.
>         * engine.cc: Move includes of "analyzer/call-string.h" and
>         "analyzer/program-point.h" to before "analyzer/region-model.h",
>         and also include "analyzer/store.h" before it.
>         (impl_region_model_context::impl_region_model_context): Update for
>         removal of m_change field.
>         (impl_region_model_context::remap_svalue_ids): Delete.
>         (impl_region_model_context::on_svalue_leak): New.
>         (impl_region_model_context::on_svalue_purge): Delete.
>         (impl_region_model_context::on_liveness_change): New.
>         (impl_region_model_context::on_unknown_change): Update param
>         from svalue_id to const svalue *.  Add is_mutable param.
>         (setjmp_svalue::compare_fields): Delete.
>         (setjmp_svalue::accept): New.
>         (setjmp_svalue::add_to_hash): Delete.
>         (setjmp_svalue::dump_to_pp): New.
>         (setjmp_svalue::print_details): Delete.
>         (impl_sm_context::impl_sm_context): Drop "change" param.
>         (impl_sm_context::get_fndecl_for_call): Drop "m_change".
>         (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
>         "stmt" param.  Drop m_change.  Port from svalue_id to
>         const svalue *.
>         (impl_sm_context::warn_for_state): Drop m_change.  Port from
>         svalue_id to const svalue *.
>         (impl_sm_context::get_readable_tree): Rename to...
>         (impl_sm_context::get_diagnostic_tree): ...this.  Port from
>         svalue_id to const svalue *.
>         (impl_sm_context::is_zero_assignment): New.
>         (impl_sm_context::m_change): Delete field.
>         (leak_stmt_finder::find_stmt): Handle m_var being NULL.
>         (readability):  Increase penalty for MEM_REF.  For SSA_NAMEs,
>         slightly favor the underlying var over the SSA name.  Heavily
>         penalize temporaries.  Handle RESULT_DECL.
>         (readability_comparator): Make non-static.  Consider stack depths.
>         (impl_region_model_context::on_state_leak): Convert from svalue_id
>         to const svalue *, updating for region_model changes.  Use
>         id_equal.
>         (impl_region_model_context::on_inherited_svalue): Delete.
>         (impl_region_model_context::on_cast): Delete.
>         (impl_region_model_context::on_condition):  Drop m_change.
>         (impl_region_model_context::on_phi): Likewise.
>         (impl_region_model_context::on_unexpected_tree_code): Handle t
>         being NULL.
>         (point_and_state::validate): Update stack checking for
>         region_model changes.
>         (eg_traits::dump_args_t::show_enode_details_p): New.
>         (exploded_node::exploded_node): Initialize m_num_processed_stmts.
>         (exploded_node::get_processed_stmt): New function.
>         (exploded_node::get_dot_fillcolor): Add more colors.
>         (exploded_node::dump_dot): Guard the printing of the point and
>         state with show_enode_details_p.  Print the processed stmts for
>         this enode after the initial state.
>         (exploded_node::dump_to_pp): Pass true for new multiline param
>         of program_state::dump_to_pp.
>         (exploded_node::on_stmt): Drop "change" param.  Log the stmt.
>         Set input_location.  Implement __analyzer_describe.  Update
>         implementation of __analyzer_dump and __analyzer_eval.
>         Remove purging of sm-state for unknown fncalls from here.
>         (exploded_node::on_edge): Drop "change" param.
>         (exploded_node::on_longjmp): Port from region_id/svalue_id to
>         const region */const svalue *.  Call program_state::detect_leaks.
>         Drop state_change.
>         (exploded_node::detect_leaks): Update for changes to region_model.
>         Call program_state::detect_leaks.
>         (exploded_edge::exploded_edge): Drop ext_state and change params.
>         (exploded_edge::dump_dot): "args" is no longer used.  Drop dumping
>         of m_change.
>         (exploded_graph::exploded_graph): Pass engine to
>         m_diagnostic_manager ctor.  Use program_point::origin.
>         (exploded_graph::add_function_entry):  Drop ctxt.  Use
>         program_state::push_frame.  Drop state_change.
>         (exploded_graph::get_or_create_node): Drop "change" param.  Add
>         "enode_for_diag" param.  Update dumping calls for API changes.
>         Pass point to can_merge_with_p.  Show enode indices
>         within -Wanalyzer-too-complex diagnostic for hitting the per-point
>         limit.
>         (exploded_graph::add_edge): Drop "change" param.  Log which nodes
>         are being connected.  Update for changes to exploded_edge ctor.
>         (exploded_graph::get_per_program_point_data): New.
>         (exploded_graph::process_worklist): Pass point to
>         can_merge_with_p.  Drop state_change.  Update dumping call for API
>         change.
>         (exploded_graph::process_node):  Drop state_change.  Split the
>         node in-place if an sm-state-change occurs.  Update
>         m_num_processed_stmts.  Update dumping calls for API change.
>         (exploded_graph::log_stats): Call engine::log_stats.
>         (exploded_graph::dump_states_for_supernode): Update dumping
>         call.
>         (exploded_path::feasible_p): Add "eng" and "eg" params.
>         Rename "i" to "end_idx".  Pass the manager to the region_model
>         ctor.  Update for every processed stmt in the enode, not just the
>         first.  Keep track of which snodes have been visited, and call
>         loop_replay_fixup when revisiting one.
>         (enode_label::get_text): Update dump call for new param.
>         (exploded_graph::dump_exploded_nodes): Likewise.
>         (exploded_graph::get_node_by_index): New.
>         (impl_run_checkers): Create engine instance and pass its address
>         to extrinsic_state ctor.
>         * exploded-graph.h
>         (impl_region_model_context::impl_region_model_context): Drop
>         "change" params.
>         (impl_region_model_context::void remap_svalue_ids): Delete.
>         (impl_region_model_context::on_svalue_purge): Delete.
>         (impl_region_model_context::on_svalue_leak): New.
>         (impl_region_model_context::on_liveness_change): New.
>         (impl_region_model_context::on_state_leak): Update signature.
>         (impl_region_model_context::on_inherited_svalue): Delete.
>         (impl_region_model_context::on_cast): Delete.
>         (impl_region_model_context::on_unknown_change): Update signature.
>         (impl_region_model_context::m_change): Delete.
>         (eg_traits::dump_args_t::show_enode_details_p): New.
>         (exploded_node::on_stmt): Drop "change" param.
>         (exploded_node::on_edge): Likewise.
>         (exploded_node::get_processed_stmt): New decl.
>         (exploded_node::m_num_processed_stmts): New field.
>         (exploded_edge::exploded_edge): Drop ext_state and change params.
>         (exploded_edge::m_change): Delete.
>         (exploded_graph::get_engine): New accessor.
>         (exploded_graph::get_or_create_node): Drop "change" param.  Add
>         "enode_for_diag" param.
>         (exploded_graph::add_edge): Drop "change" param.
>         (exploded_graph::get_per_program_point_data): New decl.
>         (exploded_graph::get_node_by_index): New decl.
>         (exploded_path::feasible_p): Add "eng" and "eg" params.
>         * program-point.cc: Include "analyzer/store.h" before including
>         "analyzer/region-model.h".
>         (function_point::function_point): Move here from
>         program-point.h.
>         (function_point::get_function): Likewise.
>         (function_point::from_function_entry): Likewise.
>         (function_point::before_supernode): Likewise.
>         (function_point::next_stmt): New function.
>         * program-point.h (function_point::function_point): Move
>         implementation from here to program-point.cc.
>         (function_point::get_function): Likewise.
>         (function_point::from_function_entry): Likewise.
>         (function_point::before_supernode): Likewise.
>         (function_point::next_stmt): New decl.
>         (program_point::operator!=): New.
>         (program_point::origin): New.
>         (program_point::next_stmt): New.
>         (program_point::m_function_point): Make non-const.
>         * program-state.cc: Move includes of "analyzer/call-string.h" and
>         "analyzer/program-point.h" to before "analyzer/region-model.h",
>         and also include "analyzer/store.h" before it.
>         (extrinsic_state::get_model_manager): New.
>         (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
>         rather than pass the around.
>         (sm_state_map::clone_with_remapping): Delete.
>         (sm_state_map::print): Remove "sm" param in favor of "m_sm".  Add
>         "simple" and "multiline" params and support multiline vs single
>         line dumping.
>         (sm_state_map::dump): Remove "sm" param in favor of "m_sm".  Add
>         "simple" param.
>         (sm_state_map::hash): Port from svalue_id to const svalue *.
>         (sm_state_map::operator==): Likewise.
>         (sm_state_map::get_state): Likewise.  Call canonicalize_svalue on
>         input.  Handle inheritance of sm-state.  Call get_default_state.
>         (sm_state_map::get_origin): Port from svalue_id to const svalue *.
>         (sm_state_map::set_state): Likewise.  Pass in ext_state.  Reject
>         attempts to set state on UNKNOWN.
>         (sm_state_map::impl_set_state): Port from svalue_id to
>         const svalue *.  Pass in ext_state.  Call canonicalize_svalue on
>         input.
>         (sm_state_map::purge_for_unknown_fncall): Delete.
>         (sm_state_map::on_svalue_leak): New.
>         (sm_state_map::remap_svalue_ids): Delete.
>         (sm_state_map::on_liveness_change): New.
>         (sm_state_map::on_unknown_change): Reimplement.
>         (sm_state_map::on_svalue_purge): Delete.
>         (sm_state_map::on_inherited_svalue): Delete.
>         (sm_state_map::on_cast): Delete.
>         (sm_state_map::validate): Delete.
>         (sm_state_map::canonicalize_svalue): New.
>         (program_state::program_state): Update to pass manager to
>         region_model's ctor.  Constify num_states and pass state machine
>         and index to sm_state_map ctor.
>         (program_state::print): Update for changes to dump API.
>         (program_state::dump_to_pp): Ignore the summarize param.  Add
>         "multiline" param.
>         (program_state::dump_to_file): Add "multiline" param.
>         (program_state::dump): Pass "true" for new "multiline" param.
>         (program_state::push_frame): New.
>         (program_state::on_edge): Drop "change" param.  Call
>         program_state::detect_leaks.
>         (program_state::prune_for_point): Add enode_for_diag param.
>         Reimplement based on store class.  Call detect_leaks
>         (program_state::remap_svalue_ids): Delete.
>         (program_state::get_representative_tree): Port from svalue_id to
>         const svalue *.
>         (program_state::can_merge_with_p): Add "point" param.  Add early
>         reject for sm-differences.  Drop id remapping.
>         (program_state::validate): Drop region model and sm_state_map
>         validation.
>         (state_change::sm_change::dump): Delete.
>         (state_change::sm_change::remap_svalue_ids): Delete.
>         (state_change::sm_change::on_svalue_purge): Delete.
>         (log_set_of_svalues): New.
>         (state_change::sm_change::validate): Delete.
>         (state_change::state_change): Delete.
>         (state_change::add_sm_change): Delete.
>         (state_change::affects_p): Delete.
>         (state_change::dump): Delete.
>         (state_change::remap_svalue_ids): Delete.
>         (state_change::on_svalue_purge): Delete.
>         (state_change::validate): Delete.
>         (selftest::assert_dump_eq): Delete.
>         (ASSERT_DUMP_EQ): Delete.
>         (selftest::test_sm_state_map): Update for changes to region_model
>         and sm_state_map, porting from svalue_id to const svalue *.
>         (selftest::test_program_state_dumping): Likewise.  Drop test of
>         dumping, renaming to...
>         (selftest::test_program_state_1): ...this.
>         (selftest::test_program_state_dumping_2): Likewise, renaming to...
>         (selftest::test_program_state_2): ...this.
>         (selftest::test_program_state_merging): Update for changes to
>         region_model.
>         (selftest::test_program_state_merging_2): Likewise.
>         (selftest::analyzer_program_state_cc_tests): Update for renamed
>         tests.
>         * program-state.h (extrinsic_state::extrinsic_state): Add logger
>         and engine params.
>         (extrinsic_state::get_logger): New accessor.
>         (extrinsic_state::get_engine): New accessor.
>         (extrinsic_state::get_model_manager): New accessor.
>         (extrinsic_state::m_logger): New field.
>         (extrinsic_state::m_engine): New field.
>         (struct default_hash_traits<svalue_id>): Delete.
>         (pod_hash_traits<svalue_id>::hash): Delete.
>         (pod_hash_traits<svalue_id>::equal): Delete.
>         (pod_hash_traits<svalue_id>::mark_deleted): Delete.
>         (pod_hash_traits<svalue_id>::mark_empty): Delete.
>         (pod_hash_traits<svalue_id>::is_deleted): Delete.
>         (pod_hash_traits<svalue_id>::is_empty): Delete.
>         (sm_state_map::entry_t::entry_t): Port from svalue_id to
>         const svalue *.
>         (sm_state_map::entry_t::m_origin): Likewise.
>         (sm_state_map::map_t): Likewise.
>         (sm_state_map::sm_state_map): Add state_machine and index params.
>         (sm_state_map::clone_with_remapping): Delete.
>         (sm_state_map::print):  Drop sm param; add simple and multiline
>         params.
>         (sm_state_map::dump): Drop sm param; add simple param.
>         (sm_state_map::get_state): Port from svalue_id to const svalue *.
>         Add ext_state param.
>         (sm_state_map::get_origin): Likewise.
>         (sm_state_map::set_state): Likewise.
>         (sm_state_map::impl_set_state): Likewise.
>         (sm_state_map::purge_for_unknown_fncall): Delete.
>         (sm_state_map::remap_svalue_ids): Delete.
>         (sm_state_map::on_svalue_purge): Delete.
>         (sm_state_map::on_svalue_leak): New.
>         (sm_state_map::on_liveness_change): New.
>         (sm_state_map::on_inherited_svalue): Delete.
>         (sm_state_map::on_cast): Delete.
>         (sm_state_map::validate): Delete.
>         (sm_state_map::on_unknown_change): Port from svalue_id to
>         const svalue *.  Add is_mutable and ext_state params.
>         (sm_state_map::canonicalize_svalue): New.
>         (sm_state_map::m_sm): New field.
>         (sm_state_map::m_sm_idx): New field.
>         (program_state::operator=): Delete.
>         (program_state::dump_to_pp): Drop "summarize" param, adding
>         "simple" and "multiline".
>         (program_state::dump_to_file): Likewise.
>         (program_state::dump): Rename "summarize" to "simple".
>         (program_state::push_frame): New.
>         (program_state::get_current_function): New.
>         (program_state::on_edge): Drop "change" param.
>         (program_state::prune_for_point): Likewise.  Add enode_for_diag
>         param.
>         (program_state::remap_svalue_ids): Delete.
>         (program_state::get_representative_tree): Port from svalue_id to
>         const svalue *.
>         (program_state::can_purge_p): Likewise.  Pass ext_state to get_state.
>         (program_state::can_merge_with_p): Add point param.
>         (program_state::detect_leaks): New.
>         (state_change_visitor::on_state_change): Port from tree and
>         svalue_id to a pair of const svalue *.
>         (class state_change): Delete.
>         * region.cc: New file.
>         * region-model-impl-calls.cc: New file.
>         * region-model-manager.cc: New file.
>         * region-model-reachability.cc: New file.
>         * region-model-reachability.h: New file.
>         * region-model.cc: Include "analyzer/call-string.h",
>         "analyzer/program-point.h", and "analyzer/store.h" before
>         "analyzer/region-model.h".  Include
>         "analyzer/region-model-reachability.h".
>         (dump_tree): Make non-static.
>         (dump_quoted_tree): Make non-static.
>         (print_quoted_type): Make non-static.
>         (path_var::dump): Delete.
>         (dump_separator): Delete.
>         (class impl_constraint_manager): Delete.
>         (svalue_id::print): Delete.
>         (svalue_id::dump_node_name_to_pp): Delete.
>         (svalue_id::validate): Delete.
>         (region_id::print): Delete.
>         (region_id::dump_node_name_to_pp): Delete.
>         (region_id::validate): Delete.
>         (region_id_set::region_id_set): Delete.
>         (svalue_id_set::svalue_id_set): Delete.
>         (svalue::operator==): Delete.
>         (svalue::hash): Delete.
>         (svalue::print): Delete.
>         (svalue::dump_dot_to_pp): Delete.
>         (svalue::remap_region_ids): Delete.
>         (svalue::walk_for_canonicalization): Delete.
>         (svalue::get_child_sid): Delete.
>         (svalue::maybe_get_constant): Delete.
>         (region_svalue::compare_fields): Delete.
>         (region_svalue::add_to_hash): Delete.
>         (region_svalue::print_details): Delete.
>         (region_svalue::dump_dot_to_pp): Delete.
>         (region_svalue::remap_region_ids): Delete.
>         (region_svalue::merge_values): Delete.
>         (region_svalue::walk_for_canonicalization): Delete.
>         (region_svalue::eval_condition): Delete.
>         (constant_svalue::compare_fields): Delete.
>         (constant_svalue::add_to_hash): Delete.
>         (constant_svalue::merge_values): Delete.
>         (constant_svalue::eval_condition): Move to svalue.cc.
>         (constant_svalue::print_details): Delete.
>         (constant_svalue::get_child_sid): Delete.
>         (unknown_svalue::compare_fields): Delete.
>         (unknown_svalue::add_to_hash): Delete.
>         (unknown_svalue::print_details): Delete.
>         (poison_kind_to_str): Move to svalue.cc.
>         (poisoned_svalue::compare_fields): Delete.
>         (poisoned_svalue::add_to_hash): Delete.
>         (poisoned_svalue::print_details): Delete.
>         (region_kind_to_str): Move to region.cc and reimplement.
>         (region::operator==): Delete.
>         (region::get_parent_region): Delete.
>         (region::set_value): Delete.
>         (region::become_active_view): Delete.
>         (region::deactivate_any_active_view): Delete.
>         (region::deactivate_view): Delete.
>         (region::get_value): Delete.
>         (region::get_inherited_child_sid): Delete.
>         (region_model::copy_region): Delete.
>         (region_model::copy_struct_region): Delete.
>         (region_model::copy_union_region): Delete.
>         (region_model::copy_array_region): Delete.
>         (region::hash): Delete.
>         (region::print): Delete.
>         (region::dump_dot_to_pp): Delete.
>         (region::dump_to_pp): Delete.
>         (region::dump_child_label): Delete.
>         (region::validate): Delete.
>         (region::remap_svalue_ids): Delete.
>         (region::remap_region_ids): Delete.
>         (region::add_view): Delete.
>         (region::get_view): Delete.
>         (region::region): Move to region.cc.
>         (region::add_to_hash): Delete.
>         (region::print_fields): Delete.
>         (region::non_null_p): Delete.
>         (primitive_region::clone): Delete.
>         (primitive_region::walk_for_canonicalization): Delete.
>         (map_region::map_region): Delete.
>         (map_region::compare_fields): Delete.
>         (map_region::print_fields): Delete.
>         (map_region::validate): Delete.
>         (map_region::dump_dot_to_pp): Delete.
>         (map_region::dump_child_label): Delete.
>         (map_region::get_or_create): Delete.
>         (map_region::get): Delete.
>         (map_region::add_to_hash): Delete.
>         (map_region::remap_region_ids): Delete.
>         (map_region::unbind): Delete.
>         (map_region::get_tree_for_child_region): Delete.
>         (map_region::get_tree_for_child_region): Delete.
>         (tree_cmp): Move to region.cc.
>         (map_region::can_merge_p): Delete.
>         (map_region::walk_for_canonicalization): Delete.
>         (map_region::get_value_by_name): Delete.
>         (struct_or_union_region::valid_key_p): Delete.
>         (struct_or_union_region::compare_fields): Delete.
>         (struct_region::clone): Delete.
>         (struct_region::compare_fields): Delete.
>         (union_region::clone): Delete.
>         (union_region::compare_fields): Delete.
>         (frame_region::compare_fields): Delete.
>         (frame_region::clone): Delete.
>         (frame_region::valid_key_p): Delete.
>         (frame_region::print_fields): Delete.
>         (frame_region::add_to_hash): Delete.
>         (globals_region::compare_fields): Delete.
>         (globals_region::clone): Delete.
>         (globals_region::valid_key_p): Delete.
>         (code_region::compare_fields): Delete.
>         (code_region::clone): Delete.
>         (code_region::valid_key_p): Delete.
>         (array_region::array_region): Delete.
>         (array_region::get_element): Delete.
>         (array_region::clone): Delete.
>         (array_region::compare_fields): Delete.
>         (array_region::print_fields): Delete.
>         (array_region::validate): Delete.
>         (array_region::dump_dot_to_pp): Delete.
>         (array_region::dump_child_label): Delete.
>         (array_region::get_or_create): Delete.
>         (array_region::get): Delete.
>         (array_region::add_to_hash): Delete.
>         (array_region::remap_region_ids): Delete.
>         (array_region::get_key_for_child_region): Delete.
>         (array_region::key_cmp): Delete.
>         (array_region::walk_for_canonicalization): Delete.
>         (array_region::key_from_constant): Delete.
>         (array_region::constant_from_key): Delete.
>         (function_region::compare_fields): Delete.
>         (function_region::clone): Delete.
>         (function_region::valid_key_p): Delete.
>         (stack_region::stack_region): Delete.
>         (stack_region::compare_fields): Delete.
>         (stack_region::clone): Delete.
>         (stack_region::print_fields): Delete.
>         (stack_region::dump_child_label): Delete.
>         (stack_region::validate): Delete.
>         (stack_region::push_frame): Delete.
>         (stack_region::get_current_frame_id): Delete.
>         (stack_region::pop_frame): Delete.
>         (stack_region::add_to_hash): Delete.
>         (stack_region::remap_region_ids): Delete.
>         (stack_region::can_merge_p): Delete.
>         (stack_region::walk_for_canonicalization): Delete.
>         (stack_region::get_value_by_name): Delete.
>         (heap_region::heap_region): Delete.
>         (heap_region::compare_fields): Delete.
>         (heap_region::clone): Delete.
>         (heap_region::walk_for_canonicalization): Delete.
>         (root_region::root_region): Delete.
>         (root_region::compare_fields): Delete.
>         (root_region::clone): Delete.
>         (root_region::print_fields): Delete.
>         (root_region::validate): Delete.
>         (root_region::dump_child_label): Delete.
>         (root_region::push_frame): Delete.
>         (root_region::get_current_frame_id): Delete.
>         (root_region::pop_frame): Delete.
>         (root_region::ensure_stack_region): Delete.
>         (root_region::get_stack_region): Delete.
>         (root_region::ensure_globals_region): Delete.
>         (root_region::get_code_region): Delete.
>         (root_region::ensure_code_region): Delete.
>         (root_region::get_globals_region): Delete.
>         (root_region::ensure_heap_region): Delete.
>         (root_region::get_heap_region): Delete.
>         (root_region::remap_region_ids): Delete.
>         (root_region::can_merge_p): Delete.
>         (root_region::add_to_hash): Delete.
>         (root_region::walk_for_canonicalization): Delete.
>         (root_region::get_value_by_name): Delete.
>         (symbolic_region::symbolic_region): Delete.
>         (symbolic_region::compare_fields): Delete.
>         (symbolic_region::clone): Delete.
>         (symbolic_region::walk_for_canonicalization): Delete.
>         (symbolic_region::print_fields): Delete.
>         (region_model::region_model): Add region_model_manager * param.
>         Reimplement in terms of store, dropping impl_constraint_manager
>         subclass.
>         (region_model::operator=): Reimplement in terms of store
>         (region_model::operator==): Likewise.
>         (region_model::hash): Likewise.
>         (region_model::print): Delete.
>         (region_model::print_svalue): Delete.
>         (region_model::dump_dot_to_pp): Delete.
>         (region_model::dump_dot_to_file): Delete.
>         (region_model::dump_dot): Delete.
>         (region_model::dump_to_pp): Replace "summarize" param with
>         "simple" and "multiline".  Port to store-based implementation.
>         (region_model::dump): Replace "summarize" param with "simple" and
>         "multiline".
>         (dump_vec_of_tree): Delete.
>         (region_model::dump_summary_of_rep_path_vars): Delete.
>         (region_model::validate): Delete.
>         (svalue_id_cmp_by_constant_svalue_model): Delete.
>         (svalue_id_cmp_by_constant_svalue): Delete.
>         (region_model::canonicalize): Drop "ctxt" param.  Reimplement in
>         terms of store and constraints.
>         (region_model::canonicalized_p): Remove NULL arg to canonicalize.
>         (region_model::loop_replay_fixup): New.
>         (poisoned_value_diagnostic::emit): Tweak wording of warnings.
>         (region_model::check_for_poison): Delete.
>         (region_model::get_gassign_result): New.
>         (region_model::on_assignment): Port to store-based implementation.
>         (region_model::on_call_pre): Delete calls to check_for_poison.
>         Move implementations to region-model-impl-calls.c and port to
>         store-based implementation.
>         (region_model::on_call_post): Likewise.
>         (class reachable_regions): Move to region-model-reachability.h/cc
>         and port to store-based implementation.
>         (region_model::handle_unrecognized_call): Port to store-based
>         implementation.
>         (region_model::get_reachable_svalues): New.
>         (region_model::on_setjmp): Port to store-based implementation.
>         (region_model::on_longjmp): Likewise.
>         (region_model::handle_phi): Drop is_back_edge param and the logic
>         using it.
>         (region_model::get_lvalue_1): Port from region_id to const region *.
>         (region_model::make_region_for_unexpected_tree_code): Delete.
>         (assert_compat_types): If the check fails, use internal_error to
>         show the types.
>         (region_model::get_lvalue): Port from region_id to const region *.
>         (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
>         (region_model::get_rvalue): Likewise.
>         (region_model::get_or_create_ptr_svalue): Delete.
>         (region_model::get_or_create_constant_svalue): Delete.
>         (region_model::get_svalue_for_fndecl): Delete.
>         (region_model::get_region_for_fndecl): Delete.
>         (region_model::get_svalue_for_label): Delete.
>         (region_model::get_region_for_label): Delete.
>         (build_cast): Delete.
>         (region_model::maybe_cast_1): Delete.
>         (region_model::maybe_cast): Delete.
>         (region_model::get_field_region): Delete.
>         (region_model::get_store_value): New.
>         (region_model::region_exists_p): New.
>         (region_model::deref_rvalue): Port from svalue_id to const svalue *.
>         (region_model::set_value): Likewise.
>         (region_model::clobber_region): New.
>         (region_model::purge_region): New.
>         (region_model::zero_fill_region): New.
>         (region_model::mark_region_as_unknown): New.
>         (region_model::eval_condition): Port from svalue_id to
>         const svalue *.
>         (region_model::eval_condition_without_cm): Likewise.
>         (region_model::compare_initial_and_pointer): New.
>         (region_model::add_constraint): Port from svalue_id to
>         const svalue *.
>         (region_model::maybe_get_constant): Delete.
>         (region_model::get_representative_path_var): New.
>         (region_model::add_new_malloc_region): Delete.
>         (region_model::get_representative_tree): Port to const svalue *.
>         (region_model::get_representative_path_var): Port to
>         const region *.
>         (region_model::get_path_vars_for_svalue): Delete.
>         (region_model::set_to_new_unknown_value): Delete.
>         (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
>         (region_model::update_for_call_superedge): Port from svalue_id to
>         const svalue *.
>         (region_model::update_for_return_superedge): Port to store-based
>         implementation.
>         (region_model::update_for_call_summary): Replace
>         set_to_new_unknown_value with mark_region_as_unknown.
>         (region_model::get_root_region): Delete.
>         (region_model::get_stack_region_id): Delete.
>         (region_model::push_frame): Delete.
>         (region_model::get_current_frame_id): Delete.
>         (region_model::get_current_function): Delete.
>         (region_model::pop_frame): Delete.
>         (region_model::on_top_level_param): New.
>         (region_model::get_stack_depth): Delete.
>         (region_model::get_function_at_depth): Delete.
>         (region_model::get_globals_region_id): Delete.
>         (region_model::add_svalue): Delete.
>         (region_model::replace_svalue): Delete.
>         (region_model::add_region): Delete.
>         (region_model::get_svalue): Delete.
>         (region_model::get_region): Delete.
>         (make_region_for_type): Delete.
>         (region_model::add_region_for_type): Delete.
>         (region_model::on_top_level_param): New.
>         (class restrict_to_used_svalues): Delete.
>         (region_model::purge_unused_svalues): Delete.
>         (region_model::push_frame): New.
>         (region_model::remap_svalue_ids): Delete.
>         (region_model::remap_region_ids): Delete.
>         (region_model::purge_regions): Delete.
>         (region_model::get_descendents): Delete.
>         (region_model::delete_region_and_descendents): Delete.
>         (region_model::poison_any_pointers_to_bad_regions): Delete.
>         (region_model::can_merge_with_p): Delete.
>         (region_model::get_current_function): New.
>         (region_model::get_value_by_name): Delete.
>         (region_model::convert_byte_offset_to_array_index): Delete.
>         (region_model::pop_frame): New.
>         (region_model::get_or_create_mem_ref): Delete.
>         (region_model::get_stack_depth): New.
>         (region_model::get_frame_at_index): New.
>         (region_model::unbind_region_and_descendents): New.
>         (struct bad_pointer_finder): New.
>         (region_model::get_or_create_pointer_plus_expr): Delete.
>         (region_model::poison_any_pointers_to_descendents): New.
>         (region_model::get_or_create_view): Delete.
>         (region_model::can_merge_with_p): New.
>         (region_model::get_fndecl_for_call):  Port from svalue_id to
>         const svalue *.
>         (struct append_ssa_names_cb_data): New.
>         (get_ssa_name_regions_for_current_frame): New.
>         (region_model::append_ssa_names_cb): New.
>         (model_merger::dump_to_pp): Add "simple" param.  Drop dumping of
>         remappings.
>         (model_merger::dump): Add "simple" param to both overloads.
>         (model_merger::can_merge_values_p): Delete.
>         (model_merger::record_regions): Delete.
>         (model_merger::record_svalues): Delete.
>         (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
>         (svalue_id_merger_mapping::dump_to_pp): Delete.
>         (svalue_id_merger_mapping::dump): Delete.
>         (region_model::create_region_for_heap_alloc): New.
>         (region_model::create_region_for_alloca): New.
>         (region_model::record_dynamic_extents): New.
>         (canonicalization::canonicalization): Delete.
>         (canonicalization::walk_rid): Delete.
>         (canonicalization::walk_sid): Delete.
>         (canonicalization::dump_to_pp): Delete.
>         (canonicalization::dump): Delete.
>         (inchash::add): Delete overloads for svalue_id and region_id.
>         (engine::log_stats): New.
>         (assert_condition): Add overload comparing svalues.
>         (assert_dump_eq): Pass "true" for multiline.
>         (selftest::test_dump): Update for rewrite of region_model.
>         (selftest::test_dump_2): Rename to...
>         (selftest::test_struct): ...this.  Provide a region_model_manager
>         when creating region_model instance.  Remove dump test.  Add
>         checks for get_offset.
>         (selftest::test_dump_3): Rename to...
>         (selftest::test_array_1): ...this.  Provide a region_model_manager
>         when creating region_model instance.  Remove dump test.
>         (selftest::test_get_representative_tree): Port from svalue_id to
>         new API.  Add test coverage for various expressions.
>         (selftest::test_unique_constants): Provide a region_model_manager
>         for the region_model.  Add test coverage for comparing const vs
>         non-const.
>         (selftest::test_svalue_equality): Delete.
>         (selftest::test_region_equality): Delete.
>         (selftest::test_unique_unknowns): New.
>         (class purge_all_svalue_ids): Delete.
>         (class purge_one_svalue_id): Delete.
>         (selftest::test_purging_by_criteria): Delete.
>         (selftest::test_initial_svalue_folding): New.
>         (selftest::test_unaryop_svalue_folding): New.
>         (selftest::test_binop_svalue_folding): New.
>         (selftest::test_sub_svalue_folding): New.
>         (selftest::test_purge_unused_svalues): Delete.
>         (selftest::test_descendent_of_p): New.
>         (selftest::test_assignment): Provide a region_model_manager for
>         the region_model.  Drop the dump test.
>         (selftest::test_compound_assignment): Likewise.
>         (selftest::test_stack_frames): Port to new implementation.
>         (selftest::test_get_representative_path_var): Likewise.
>         (selftest::test_canonicalization_1): Rename to...
>         (selftest::test_equality_1): ...this.  Port to new API, and add
>         (selftest::test_canonicalization_2): Provide a
>         region_model_manager when creating region_model instances.
>         Remove redundant canicalization.
>         (selftest::test_canonicalization_3): Provide a
>         region_model_manager when creating region_model instances.
>         Remove param from calls to region_model::canonicalize.
>         (selftest::test_canonicalization_4): Likewise.
>         (selftest::assert_region_models_merge): Constify
>         out_merged_svalue.  Port to new API.
>         (selftest::test_state_merging): Provide a
>         region_model_manager when creating region_model instances.
>         Provide a program_point point when merging them.  Replace
>         set_to_new_unknown_value with usage of placeholder_svalues.
>         Drop get_value_by_name.  Port from svalue_id to const svalue *.
>         Add test of heap allocation.
>         (selftest::test_constraint_merging):  Provide a
>         region_model_manager when creating region_model instances.
>         Provide a program_point point when merging them.  Eliminate use
>         of set_to_new_unknown_value.
>         (selftest::test_widening_constraints): New.
>         (selftest::test_iteration_1): New.
>         (selftest::test_malloc_constraints): Port to store-based
>         implementation.
>         (selftest::test_var): New test.
>         (selftest::test_array_2): New test.
>         (selftest::test_mem_ref): New test.
>         (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
>         (selftest::test_malloc): New.
>         (selftest::test_alloca): New.
>         (selftest::analyzer_region_model_cc_tests): Update for renamings.
>         Call new functions.
>         * region-model.h (class path_var): Move to analyzer.h.
>         (class svalue_id): Delete.
>         (class region_id): Delete.
>         (class id_map): Delete.
>         (svalue_id_map): Delete.
>         (region_id_map): Delete.
>         (id_map<T>::id_map): Delete.
>         (id_map<T>::put): Delete.
>         (id_map<T>::get_dst_for_src): Delete.
>         (id_map<T>::get_src_for_dst): Delete.
>         (id_map<T>::dump_to_pp): Delete.
>         (id_map<T>::dump): Delete.
>         (id_map<T>::update): Delete.
>         (one_way_svalue_id_map): Delete.
>         (one_way_region_id_map): Delete.
>         (class region_id_set): Delete.
>         (class svalue_id_set): Delete.
>         (struct complexity): New.
>         (class visitor): New.
>         (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
>         SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
>         SK_COMPOUND, and SK_CONJURED.
>         (svalue::operator==): Delete.
>         (svalue::operator!=): Delete.
>         (svalue::clone): Delete.
>         (svalue::hash): Delete.
>         (svalue::dump_dot_to_pp): Delete.
>         (svalue::dump_to_pp): New.
>         (svalue::dump): New.
>         (svalue::get_desc): New.
>         (svalue::dyn_cast_initial_svalue): New.
>         (svalue::dyn_cast_unaryop_svalue): New.
>         (svalue::dyn_cast_binop_svalue): New.
>         (svalue::dyn_cast_sub_svalue): New.
>         (svalue::dyn_cast_unmergeable_svalue): New.
>         (svalue::dyn_cast_widening_svalue): New.
>         (svalue::dyn_cast_compound_svalue): New.
>         (svalue::dyn_cast_conjured_svalue): New.
>         (svalue::maybe_undo_cast): New.
>         (svalue::unwrap_any_unmergeable): New.
>         (svalue::remap_region_ids): Delete
>         (svalue::can_merge_p): New.
>         (svalue::walk_for_canonicalization): Delete
>         (svalue::get_complexity): New.
>         (svalue::get_child_sid): Delete
>         (svalue::accept): New.
>         (svalue::live_p): New.
>         (svalue::implicitly_live_p): New.
>         (svalue::svalue): Add complexity param.
>         (svalue::add_to_hash): Delete
>         (svalue::print_details): Delete
>         (svalue::m_complexity): New field.
>         (region_svalue::key_t): New struct.
>         (region_svalue::region_svalue): Port from region_id to
>         const region_id *.  Add complexity.
>         (region_svalue::compare_fields): Delete.
>         (region_svalue::clone): Delete.
>         (region_svalue::dump_dot_to_pp): Delete.
>         (region_svalue::get_pointee): Port from region_id to
>         const region_id *.
>         (region_svalue::remap_region_ids): Delete.
>         (region_svalue::merge_values): Delete.
>         (region_svalue::dump_to_pp): New.
>         (region_svalue::accept): New.
>         (region_svalue::walk_for_canonicalization): Delete.
>         (region_svalue::eval_condition): Make params const.
>         (region_svalue::add_to_hash): Delete.
>         (region_svalue::print_details): Delete.
>         (region_svalue::m_rid): Replace with...
>         (region_svalue::m_reg): ...this.
>         (is_a_helper <region_svalue *>::test): Convert to...
>         (is_a_helper <const region_svalue *>::test): ...this.
>         (template <> struct default_hash_traits<region_svalue::key_t>):
>         New.
>         (constant_svalue::constant_svalue): Add complexity.
>         (constant_svalue::compare_fields): Delete.
>         (constant_svalue::clone): Delete.
>         (constant_svalue::add_to_hash): Delete.
>         (constant_svalue::dump_to_pp): New.
>         (constant_svalue::accept): New.
>         (constant_svalue::implicitly_live_p): New.
>         (constant_svalue::merge_values): Delete.
>         (constant_svalue::eval_condition): Make params const.
>         (constant_svalue::get_child_sid): Delete.
>         (constant_svalue::print_details): Delete.
>         (is_a_helper <constant_svalue *>::test): Convert to...
>         (is_a_helper <const constant_svalue *>::test): ...this.
>         (class unknown_svalue): Update leading comment.
>         (unknown_svalue::unknown_svalue): Add complexity.
>         (unknown_svalue::compare_fields): Delete.
>         (unknown_svalue::add_to_hash): Delete.
>         (unknown_svalue::dyn_cast_unknown_svalue): Delete.
>         (unknown_svalue::print_details): Delete.
>         (unknown_svalue::dump_to_pp): New.
>         (unknown_svalue::accept): New.
>         (poisoned_svalue::key_t): New struct.
>         (poisoned_svalue::poisoned_svalue): Add complexity.
>         (poisoned_svalue::compare_fields): Delete.
>         (poisoned_svalue::clone): Delete.
>         (poisoned_svalue::add_to_hash): Delete.
>         (poisoned_svalue::dump_to_pp): New.
>         (poisoned_svalue::accept): New.
>         (poisoned_svalue::print_details): Delete.
>         (is_a_helper <poisoned_svalue *>::test): Convert to...
>         (is_a_helper <const poisoned_svalue *>::test): ...this.
>         (template <> struct default_hash_traits<poisoned_svalue::key_t>):
>         New.
>         (setjmp_record::add_to_hash): New.
>         (setjmp_svalue::key_t): New struct.
>         (setjmp_svalue::compare_fields): Delete.
>         (setjmp_svalue::clone): Delete.
>         (setjmp_svalue::add_to_hash): Delete.
>         (setjmp_svalue::setjmp_svalue): Add complexity.
>         (setjmp_svalue::dump_to_pp): New.
>         (setjmp_svalue::accept): New.
>         (setjmp_svalue::void print_details): Delete.
>         (is_a_helper <const setjmp_svalue *>::test): New.
>         (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
>         (class initial_svalue : public svalue): New.
>         (is_a_helper <const initial_svalue *>::test): New.
>         (class unaryop_svalue): New.
>         (is_a_helper <const unaryop_svalue *>::test): New.
>         (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
>         (class binop_svalue): New.
>         (is_a_helper <const binop_svalue *>::test): New.
>         (template <> struct default_hash_traits<binop_svalue::key_t>): New.
>         (class sub_svalue): New.
>         (is_a_helper <const sub_svalue *>::test): New.
>         (template <> struct default_hash_traits<sub_svalue::key_t>): New.
>         (class unmergeable_svalue): New.
>         (is_a_helper <const unmergeable_svalue *>::test): New.
>         (class placeholder_svalue): New.
>         (is_a_helper <placeholder_svalue *>::test): New.
>         (class widening_svalue): New.
>         (is_a_helper <widening_svalue *>::test): New.
>         (template <> struct default_hash_traits<widening_svalue::key_t>): New.
>         (class compound_svalue): New.
>         (is_a_helper <compound_svalue *>::test): New.
>         (template <> struct default_hash_traits<compound_svalue::key_t>): New.
>         (class conjured_svalue): New.
>         (is_a_helper <conjured_svalue *>::test): New.
>         (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
>         (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
>         RK_ARRAY.  Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
>         RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
>         (region_kind_to_str): Delete.
>         (region::~region): Move implementation to region.cc.
>         (region::operator==): Delete.
>         (region::operator!=): Delete.
>         (region::clone): Delete.
>         (region::get_id): New.
>         (region::cmp_ids): New.
>         (region::dyn_cast_map_region): Delete.
>         (region::dyn_cast_array_region): Delete.
>         (region::region_id get_parent): Delete.
>         (region::get_parent_region): Convert to a simple accessor.
>         (region::void set_value): Delete.
>         (region::svalue_id get_value): Delete.
>         (region::svalue_id get_value_direct): Delete.
>         (region::svalue_id get_inherited_child_sid): Delete.
>         (region::dyn_cast_frame_region): New.
>         (region::dyn_cast_function_region): New.
>         (region::dyn_cast_decl_region): New.
>         (region::dyn_cast_field_region): New.
>         (region::dyn_cast_element_region): New.
>         (region::dyn_cast_offset_region): New.
>         (region::dyn_cast_cast_region): New.
>         (region::dyn_cast_string_region): New.
>         (region::accept): New.
>         (region::get_base_region): New.
>         (region::base_region_p): New.
>         (region::descendent_of_p): New.
>         (region::maybe_get_frame_region): New.
>         (region::maybe_get_decl): New.
>         (region::hash): Delete.
>         (region::rint): Delete.
>         (region::dump_dot_to_pp): Delete.
>         (region::get_desc): New.
>         (region::dump_to_pp): Convert to vfunc, changing signature.
>         (region::dump_child_label): Delete.
>         (region::remap_svalue_ids): Delete.
>         (region::remap_region_ids): Delete.
>         (region::dump): New.
>         (region::walk_for_canonicalization): Delete.
>         (region::non_null_p): Drop region_model param.
>         (region::add_view): Delete.
>         (region::get_view): Delete.
>         (region::get_active_view): Delete.
>         (region::is_view_p): Delete.
>         (region::cmp_ptrs): New.
>         (region::validate): Delete.
>         (region::get_offset): New.
>         (region::get_byte_size): New.
>         (region::get_bit_size): New.
>         (region::get_subregions_for_binding): New.
>         (region::region): Add complexity param.  Convert parent from
>         region_id to const region *.  Drop svalue_id.  Drop copy ctor.
>         (region::symbolic_for_unknown_ptr_p): New.
>         (region::add_to_hash): Delete.
>         (region::print_fields): Delete.
>         (region::get_complexity): New accessor.
>         (region::become_active_view): Delete.
>         (region::deactivate_any_active_view): Delete.
>         (region::deactivate_view): Delete.
>         (region::calc_offset): New.
>         (region::m_parent_rid): Delete.
>         (region::m_sval_id): Delete.
>         (region::m_complexity): New.
>         (region::m_id): New.
>         (region::m_parent): New.
>         (region::m_view_rids): Delete.
>         (region::m_is_view): Delete.
>         (region::m_active_view_rid): Delete.
>         (region::m_cached_offset): New.
>         (is_a_helper <region *>::test): Convert to...
>         (is_a_helper <const region *>::test): ... this.
>         (class primitive_region): Delete.
>         (class space_region): New.
>         (class map_region): Delete.
>         (is_a_helper <map_region *>::test): Delete.
>         (class frame_region): Reimplement.
>         (template <> struct default_hash_traits<frame_region::key_t>):
>         New.
>         (class globals_region): Reimplement.
>         (is_a_helper <globals_region *>::test): Convert to...
>         (is_a_helper <const globals_region *>::test): ...this.
>         (class struct_or_union_region): Delete.
>         (is_a_helper <struct_or_union_region *>::test): Delete.
>         (class code_region): Reimplement.
>         (is_a_helper <const code_region *>::test): New.
>         (class struct_region): Delete.
>         (is_a_helper <struct_region *>::test): Delete.
>         (class function_region): Reimplement.
>         (is_a_helper <function_region *>::test): Convert to...
>         (is_a_helper <const function_region *>::test): ...this.
>         (class union_region): Delete.
>         (is_a_helper <union_region *>::test): Delete.
>         (class label_region): New.
>         (is_a_helper <const label_region *>::test): New.
>         (class scope_region): Delete.
>         (class stack_region): Reimplement.
>         (is_a_helper <stack_region *>::test): Convert to...
>         (is_a_helper <const stack_region *>::test): ...this.
>         (class heap_region): Reimplement.
>         (is_a_helper <heap_region *>::test): Convert to...
>         (is_a_helper <const heap_region *>::test): ...this.
>         (class root_region): Reimplement.
>         (is_a_helper <root_region *>::test): Convert to...
>         (is_a_helper <const root_region *>::test): ...this.
>         (class symbolic_region): Reimplement.
>         (is_a_helper <const symbolic_region *>::test): New.
>         (template <> struct default_hash_traits<symbolic_region::key_t>):
>         New.
>         (class decl_region): New.
>         (is_a_helper <const decl_region *>::test): New.
>         (class field_region): New.
>         (template <> struct default_hash_traits<field_region::key_t>): New.
>         (class array_region): Delete.
>         (class element_region): New.
>         (is_a_helper <array_region *>::test): Delete.
>         (is_a_helper <const element_region *>::test): New.
>         (template <> struct default_hash_traits<element_region::key_t>):
>         New.
>         (class offset_region): New.
>         (is_a_helper <const offset_region *>::test): New.
>         (template <> struct default_hash_traits<offset_region::key_t>):
>         New.
>         (class cast_region): New.
>         (is_a_helper <const cast_region *>::test): New.
>         (template <> struct default_hash_traits<cast_region::key_t>): New.
>         (class heap_allocated_region): New.
>         (class alloca_region): New.
>         (class string_region): New.
>         (is_a_helper <const string_region *>::test): New.
>         (class unknown_region): New.
>         (class region_model_manager): New.
>         (struct append_ssa_names_cb_data): New.
>         (class call_details): New.
>         (region_model::region_model): Add region_model_manager param.
>         (region_model::print_svalue): Delete.
>         (region_model::dump_dot_to_pp): Delete.
>         (region_model::dump_dot_to_file): Delete.
>         (region_model::dump_dot): Delete.
>         (region_model::dump_to_pp): Drop summarize param in favor of
>         simple and multiline.
>         (region_model::dump): Likewise.
>         (region_model::summarize_to_pp): Delete.
>         (region_model::summarize): Delete.
>         (region_model::void canonicalize): Drop ctxt param.
>         (region_model::void check_for_poison): Delete.
>         (region_model::get_gassign_result): New.
>         (region_model::impl_call_alloca): New.
>         (region_model::impl_call_analyzer_describe): New.
>         (region_model::impl_call_analyzer_eval): New.
>         (region_model::impl_call_builtin_expect): New.
>         (region_model::impl_call_calloc): New.
>         (region_model::impl_call_free): New.
>         (region_model::impl_call_malloc): New.
>         (region_model::impl_call_memset): New.
>         (region_model::impl_call_strlen): New.
>         (region_model::get_reachable_svalues): New.
>         (region_model::handle_phi): Drop is_back_edge param.
>         (region_model::region_id get_root_rid): Delete.
>         (region_model::root_region *get_root_region): Delete.
>         (region_model::region_id get_stack_region_id): Delete.
>         (region_model::push_frame): Convert from region_id and svalue_id
>         to const region * and const svalue *.
>         (region_model::get_current_frame_id): Replace with...
>         (region_model::get_current_frame): ...this.
>         (region_model::pop_frame): Convert from region_id to
>         const region *.  Drop purge and stats param.  Add out_result.
>         (region_model::function *get_function_at_depth): Delete.
>         (region_model::get_globals_region_id): Delete.
>         (region_model::add_svalue): Delete.
>         (region_model::replace_svalue): Delete.
>         (region_model::add_region): Delete.
>         (region_model::add_region_for_type): Delete.
>         (region_model::get_svalue): Delete.
>         (region_model::get_region): Delete.
>         (region_model::get_lvalue): Convert from region_id to
>         const region *.
>         (region_model::get_rvalue): Convert from svalue_id to
>         const svalue *.
>         (region_model::get_or_create_ptr_svalue): Delete.
>         (region_model::get_or_create_constant_svalue): Delete.
>         (region_model::get_svalue_for_fndecl): Delete.
>         (region_model::get_svalue_for_label): Delete.
>         (region_model::get_region_for_fndecl): Delete.
>         (region_model::get_region_for_label): Delete.
>         (region_model::get_frame_at_index (int index) const;): New.
>         (region_model::maybe_cast): Delete.
>         (region_model::maybe_cast_1): Delete.
>         (region_model::get_field_region): Delete.
>         (region_model::id deref_rvalue): Convert from region_id and
>         svalue_id to const region * and const svalue *.  Drop overload,
>         passing in both a tree and an svalue.
>         (region_model::set_value): Convert from region_id and svalue_id to
>         const region * and const svalue *.
>         (region_model::set_to_new_unknown_value): Delete.
>         (region_model::clobber_region (const region *reg);): New.
>         (region_model::purge_region (const region *reg);): New.
>         (region_model::zero_fill_region (const region *reg);): New.
>         (region_model::mark_region_as_unknown (const region *reg);): New.
>         (region_model::copy_region): Convert from region_id to
>         const region *.
>         (region_model::eval_condition): Convert from svalue_id to
>         const svalue *.
>         (region_model::eval_condition_without_cm): Likewise.
>         (region_model::compare_initial_and_pointer): New.
>         (region_model:maybe_get_constant): Delete.
>         (region_model::add_new_malloc_region): Delete.
>         (region_model::get_representative_tree): Convert from svalue_id to
>         const svalue *.
>         (region_model::get_representative_path_var): Delete decl taking a
>         region_id in favor of two decls, for svalue vs region, with an
>         svalue_set to ensure termination.
>         (region_model::get_path_vars_for_svalue): Delete.
>         (region_model::create_region_for_heap_alloc): New.
>         (region_model::create_region_for_alloca): New.
>         (region_model::purge_unused_svalues): Delete.
>         (region_model::remap_svalue_ids): Delete.
>         (region_model::remap_region_ids): Delete.
>         (region_model::purge_regions): Delete.
>         (region_model::get_num_svalues): Delete.
>         (region_model::get_num_regions): Delete.
>         (region_model::get_descendents): Delete.
>         (region_model::get_store): New.
>         (region_model::delete_region_and_descendents): Delete.
>         (region_model::get_manager): New.
>         (region_model::unbind_region_and_descendents): New.
>         (region_model::can_merge_with_p): Add point param.  Drop
>         svalue_id_merger_mapping.
>         (region_model::get_value_by_name): Delete.
>         (region_model::convert_byte_offset_to_array_index): Delete.
>         (region_model::get_or_create_mem_ref): Delete.
>         (region_model::get_or_create_pointer_plus_expr): Delete.
>         (region_model::get_or_create_view): Delete.
>         (region_model::get_lvalue_1): Convert from region_id to
>         const region *.
>         (region_model::get_rvalue_1): Convert from svalue_id to
>         const svalue *.
>         (region_model::get_ssa_name_regions_for_current_frame): New.
>         (region_model::append_ssa_names_cb): New.
>         (region_model::get_store_value): New.
>         (region_model::copy_struct_region): Delete.
>         (region_model::copy_union_region): Delete.
>         (region_model::copy_array_region): Delete.
>         (region_model::region_exists_p): New.
>         (region_model::make_region_for_unexpected_tree_code): Delete.
>         (region_model::loop_replay_fixup): New.
>         (region_model::poison_any_pointers_to_bad_regions): Delete.
>         (region_model::poison_any_pointers_to_descendents): New.
>         (region_model::dump_summary_of_rep_path_vars): Delete.
>         (region_model::on_top_level_param): New.
>         (region_model::record_dynamic_extents): New.
>         (region_model::m_mgr;): New.
>         (region_model::m_store;): New.
>         (region_model::m_svalues;): Delete.
>         (region_model::m_regions;): Delete.
>         (region_model::m_root_rid;): Delete.
>         (region_model::m_current_frame;): New.
>         (region_model_context::remap_svalue_ids): Delete.
>         (region_model_context::can_purge_p): Delete.
>         (region_model_context::on_svalue_leak): New.
>         (region_model_context::on_svalue_purge): Delete.
>         (region_model_context::on_liveness_change): New.
>         (region_model_context::on_inherited_svalue): Delete.
>         (region_model_context::on_cast): Delete.
>         (region_model_context::on_unknown_change): Convert from svalue_id to
>         const svalue * and add is_mutable.
>         (class noop_region_model_context): Update for region_model_context
>         changes.
>         (model_merger::model_merger): Add program_point.  Drop
>         svalue_id_merger_mapping.
>         (model_merger::dump_to_pp): Add "simple" param.
>         (model_merger::dump): Likewise.
>         (model_merger::get_region_a): Delete.
>         (model_merger::get_region_b): Delete.
>         (model_merger::can_merge_values_p): Delete.
>         (model_merger::record_regions): Delete.
>         (model_merger::record_svalues): Delete.
>         (model_merger::m_point): New field.
>         (model_merger::m_map_regions_from_a_to_m): Delete.
>         (model_merger::m_map_regions_from_b_to_m): Delete.
>         (model_merger::m_sid_mapping): Delete.
>         (struct svalue_id_merger_mapping): Delete.
>         (class engine): New.
>         (struct canonicalization): Delete.
>         (inchash::add): Delete decls for hashing svalue_id and region_id.
>         (test_region_model_context::on_unexpected_tree_code): Require t to
>         be non-NULL.
>         (selftest::assert_condition): Add overload comparing a pair of
>         const svalue *.
>         * sm-file.cc: Include "tristate.h", "selftest.h",
>         "analyzer/call-string.h", "analyzer/program-point.h",
>         "analyzer/store.h", and "analyzer/region-model.h".
>         (fileptr_state_machine::get_default_state): New.
>         (fileptr_state_machine::on_stmt): Remove calls to
>         get_readable_tree in favor of get_diagnostic_tree.
>         * sm-malloc.cc: Include "tristate.h", "selftest.h",
>         "analyzer/call-string.h", "analyzer/program-point.h",
>         "analyzer/store.h", and "analyzer/region-model.h".
>         (malloc_state_machine::get_default_state): New.
>         (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
>         (malloc_diagnostic::describe_state_change): Handle change.m_expr
>         being NULL.
>         (null_arg::emit): Avoid printing "NULL '0'".
>         (null_arg::describe_final_event): Avoid printing "(0) NULL".
>         (malloc_leak::emit): Handle m_arg being NULL.
>         (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
>         (malloc_state_machine::on_stmt): Don't call get_readable_tree.
>         Call get_diagnostic_tree when creating pending diagnostics.
>         Update for is_zero_assignment becoming a member function of
>         sm_ctxt.
>         Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
>         (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
>         vfunc implementation.
>         * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
>         get_diagnostic_tree and pass the result to warn_for_state.
>         * sm-signal.cc: Move includes of "analyzer/call-string.h" and
>         "analyzer/program-point.h" to before "analyzer/region-model.h",
>         and also include "analyzer/store.h" before it.
>         (signal_unsafe_call::describe_state_change): Use
>         get_dest_function to get handler.
>         (update_model_for_signal_handler): Pass manager to region_model
>         ctor.
>         (register_signal_handler::impl_transition): Update for changes to
>         get_or_create_node and add_edge.
>         * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
>         get_readable_tree, replacing them when calling warn_for_state with
>         calls to get_diagnostic_tree.
>         * sm.cc (is_zero_assignment): Delete.
>         (any_pointer_p): Move to within namespace ana.
>         * sm.h (is_zero_assignment): Remove decl.
>         (any_pointer_p): Move decl to within namespace ana.
>         (state_machine::get_default_state): New vfunc.
>         (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
>         (sm_context::get_readable_tree): Rename to...
>         (sm_context::get_diagnostic_tree): ...this.
>         (sm_context::is_zero_assignment): New vfunc.
>         * store.cc: New file.
>         * store.h: New file.
>         * svalue.cc: New file.
>
> gcc/testsuite/ChangeLog:
>         PR analyzer/93032
>         PR analyzer/93938
>         PR analyzer/94011
>         PR analyzer/94099
>         PR analyzer/94399
>         PR analyzer/94458
>         PR analyzer/94503
>         PR analyzer/94640
>         PR analyzer/94688
>         PR analyzer/94689
>         PR analyzer/94839
>         PR analyzer/95026
>         PR analyzer/95042
>         PR analyzer/95240
>         * g++.dg/analyzer/pr93212.C: Add dg-warning for dangling
>         reference.
>         * g++.dg/analyzer/pr93950.C: Remove xfail.
>         * g++.dg/analyzer/pr94011.C: New test.
>         * g++.dg/analyzer/pr94028.C: Remove leak false positives; mark as
>         failing on C++98.
>         * g++.dg/analyzer/pr94503.C: New test.
>         * g++.dg/analyzer/pr95042.C: New test.
>         * gcc.dg/analyzer/CVE-2005-1689-dedupe-issue-2.c: New test.
>         * gcc.dg/analyzer/CVE-2005-1689-dedupe-issue.c: Add xfail.
>         * gcc.dg/analyzer/CVE-2005-1689-minimal.c:
>         Include "analyzer-decls.h".
>         (test_4, test_5, test_6, test_7, test_8): New tests.
>         * gcc.dg/analyzer/abs-1.c: New test.
>         * gcc.dg/analyzer/aliasing-1.c: New test.
>         * gcc.dg/analyzer/aliasing-2.c: New test.
>         * gcc.dg/analyzer/analyzer-decls.h (__analyzer_describe): New
>         decl.
>         (__analyzer_dump_num_heap_regions): Remove.
>         * gcc.dg/analyzer/attribute-nonnull.c: Add dg-warnings for cases
>         where NULL is directly used as an argument.
>         * gcc.dg/analyzer/bzero-1.c: New test.
>         * gcc.dg/analyzer/casts-1.c: New test.
>         * gcc.dg/analyzer/casts-2.c: New test.
>         * gcc.dg/analyzer/compound-assignment-1.c
>         (test_4): Remove xfail from leak false positive.
>         (called_by_test_5a): Add "allocated here" expected message.
>         (called_by_test_5b): Make expected leak message more precise.
>         * gcc.dg/analyzer/compound-assignment-3.c: Update expected leak
>         message.
>         * gcc.dg/analyzer/compound-assignment-4.c: New test.
>         * gcc.dg/analyzer/compound-assignment-5.c: New test.
>         * gcc.dg/analyzer/conditionals-notrans.c: Remove xfails.
>         * gcc.dg/analyzer/data-model-1.c (test_12d): Update expected
>         results.
>         (test_13): Remove xfail.
>         (test_14): Remove xfail.
>         (test_15): Remove xfail.
>         (test_16): Remove xfails.  Add out-of-bounds access.
>         (test_16_alt): Remove xfails.
>         (test_23): Remove xfail.
>         (test_24): Remove xfail.
>         (test_25): Remove xfail.
>         (test_26): Update expected result.  Remove xfail.  Add xfail.
>         (test_27): Remove xfails.
>         (test_29): Add __analyzer_eval pointer comparisons.
>         (test_41): Generalize expected output for u.ptr comparison with
>         NULL for targets where this could be known to be false.
>         (test_42): Remove xfail.
>         (test_51): Remove xfails.
>         * gcc.dg/analyzer/data-model-13.c: Update for improvements to
>         source location and wording of leak message.
>         * gcc.dg/analyzer/data-model-14.c: Remove -fanalyzer-fine-grained.
>         (test_1): Update for improvement to expected message.
>         (test_2): Remove xfail.
>         * gcc.dg/analyzer/data-model-18.c: Remove xfail.
>         * gcc.dg/analyzer/data-model-20.c: New test.
>         * gcc.dg/analyzer/data-model-5.c: Add dg-warning for deref of
>         NULL.  Add xfailing false leak.
>         * gcc.dg/analyzer/data-model-5b.c: Add xfailing false leak.
>         * gcc.dg/analyzer/data-model-5c.c: Update xfailing false leak.
>         * gcc.dg/analyzer/data-model-5d.c: Reimplement.
>         * gcc.dg/analyzer/data-model-6.c: Delete test.
>         * gcc.dg/analyzer/data-model-8.c: Remove xfail.
>         * gcc.dg/analyzer/describe-1.c: New test.
>         * gcc.dg/analyzer/dot-output.c: Remove xfail.
>         * gcc.dg/analyzer/explode-1.c: Add expected leak warning.
>         * gcc.dg/analyzer/explode-2.c: Add expected leak warnings.  Mark
>         double-free warnings as xfail for now.
>         * gcc.dg/analyzer/feasibility-1.c: New test.
>         * gcc.dg/analyzer/first-field-1.c: New test.
>         * gcc.dg/analyzer/first-field-2.c: New test.
>         * gcc.dg/analyzer/init.c: New test.
>         * gcc.dg/analyzer/leak-2.c: New test.
>         * gcc.dg/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c: New test.
>         * gcc.dg/analyzer/loop-0-up-to-n-by-1.c: New test.
>         * gcc.dg/analyzer/loop-2a.c: Update expected behavior.
>         * gcc.dg/analyzer/loop-3.c: Mark use-after-free as xfail.  Add
>         expected warning about deref of unchecked pointer.
>         * gcc.dg/analyzer/loop-4.c: Remove -fno-analyzer-state-purge.
>         Update expected behavior.
>         * gcc.dg/analyzer/loop-n-down-to-1-by-1.c: New test.
>         * gcc.dg/analyzer/loop-start-down-to-end-by-1.c: New test.
>         * gcc.dg/analyzer/loop-start-down-to-end-by-step.c: New test.
>         * gcc.dg/analyzer/loop-start-to-end-by-step.c: New test.
>         * gcc.dg/analyzer/loop-start-up-to-end-by-1.c: New test.
>         * gcc.dg/analyzer/loop.c: Remove -fno-analyzer-state-purge.
>         Update expected behavior.
>         * gcc.dg/analyzer/malloc-1.c: Remove xfails from leak false
>         positives.  Update expected wording of global_link.m_ptr leak.
>         (test_49): New test.
>         * gcc.dg/analyzer/malloc-4.c: Remove leak false positive.  Update
>         expected wording of leak warning.
>         * gcc.dg/analyzer/malloc-in-loop.c: New test.
>         * gcc.dg/analyzer/malloc-ipa-8-double-free.c: Update expected path
>         to show call to wrapped_malloc.
>         * gcc.dg/analyzer/malloc-ipa-8-unchecked.c: Remove
>         -fanalyzer-verbose-state-changes.
>         * gcc.dg/analyzer/malloc-paths-9.c: Remove comment about duplicate
>         warnings.  Remove duplicate use-after-free paths.
>         * gcc.dg/analyzer/malloc-vs-local-1a.c: Add dg-warning for deref
>         of unchecked pointer.  Update expected number of enodes.
>         * gcc.dg/analyzer/malloc-vs-local-2.c: Likewise.
>         * gcc.dg/analyzer/malloc-vs-local-3.c: Add dg-warning for deref of
>         unchecked pointer.  Update expected number of enodes.  Avoid
>         overspecifying the leak message.
>         * gcc.dg/analyzer/memset-1.c: New test.
>         * gcc.dg/analyzer/paths-3.c: Update expected number of enodes.
>         * gcc.dg/analyzer/paths-4.c: Likewise.
>         * gcc.dg/analyzer/paths-6.c: Likewise.
>         * gcc.dg/analyzer/paths-7.c: Likewise.
>         * gcc.dg/analyzer/pr93032-mztools-simplified.c: New test.
>         * gcc.dg/analyzer/pr93032-mztools.c: New test.
>         * gcc.dg/analyzer/pr93382.c: Mark taint tests as failing.
>         * gcc.dg/analyzer/pr93938.c: New test.
>         * gcc.dg/analyzer/pr94099.c: Replace uninit dg-warning with
>         dg-warning for NULL dereference.
>         * gcc.dg/analyzer/pr94399.c: New test.
>         * gcc.dg/analyzer/pr94447.c: Add dg-warning for NULL dereference.
>         * gcc.dg/analyzer/pr94458.c: New test.
>         * gcc.dg/analyzer/pr94640.c: New test.
>         * gcc.dg/analyzer/pr94688.c: New test.
>         * gcc.dg/analyzer/pr94689.c: New test.
>         * gcc.dg/analyzer/pr94839.c: New test.
>         * gcc.dg/analyzer/pr95026.c: New test.
>         * gcc.dg/analyzer/pr95240.c: New test.
>         * gcc.dg/analyzer/refcounting-1.c: New test.
>         * gcc.dg/analyzer/single-field.c: New test.
>         * gcc.dg/analyzer/stale-frame-1.c: New test.
>         * gcc.dg/analyzer/symbolic-1.c: New test.
>         * gcc.dg/analyzer/symbolic-2.c: New test.
>         * gcc.dg/analyzer/symbolic-3.c: New test.
>         * gcc.dg/analyzer/symbolic-4.c: New test.
>         * gcc.dg/analyzer/symbolic-5.c: New test.
>         * gcc.dg/analyzer/symbolic-6.c: New test.
>         * gcc.dg/analyzer/taint-1.c: Mark the "gets unchecked value"
>         events as failing for now.  Update dg-message directives to avoid
>         relying on numbering.
>         * gcc.dg/analyzer/torture/loop-inc-ptr-1.c: New test.
>         * gcc.dg/analyzer/torture/loop-inc-ptr-2.c: New test.
>         * gcc.dg/analyzer/torture/loop-inc-ptr-3.c: New test.
>         * gcc.dg/analyzer/unknown-fns-2.c: New test.
>         * gcc.dg/analyzer/unknown-fns-3.c: New test.
>         * gcc.dg/analyzer/unknown-fns-4.c: New test.
>         * gcc.dg/analyzer/unknown-fns.c: Update dg-warning to reflect fixed
>         source location for leak diagnostic.
>         * gcc.dg/analyzer/use-after-free.c: New test.
>         * gcc.dg/analyzer/vla-1.c: New test.
>         * gcc.dg/analyzer/zlib-4.c: Rewrite to avoid "exit" calls.  Add
>         expected leak warnings.
>         * gfortran.dg/analyzer/pr93993.f90: Remove leak of tm warning,
>         which seems to have been a false positive.
> ---
>  gcc/Makefile.in                               |    8 +-
>  gcc/analyzer/analyzer-logging.cc              |    8 +-
>  gcc/analyzer/analyzer-logging.h               |    2 +
>  gcc/analyzer/analyzer-selftests.cc            |    1 +
>  gcc/analyzer/analyzer-selftests.h             |    1 +
>  gcc/analyzer/analyzer.cc                      |   30 +
>  gcc/analyzer/analyzer.h                       |  192 +-
>  gcc/analyzer/analyzer.opt                     |    8 +
>  gcc/analyzer/call-string.cc                   |    2 +
>  gcc/analyzer/checker-path.cc                  |   52 +-
>  gcc/analyzer/checker-path.h                   |   12 +-
>  gcc/analyzer/constraint-manager.cc            | 1226 ++-
>  gcc/analyzer/constraint-manager.h             |  113 +-
>  gcc/analyzer/diagnostic-manager.cc            |  451 +-
>  gcc/analyzer/diagnostic-manager.h             |   20 +-
>  gcc/analyzer/engine.cc                        |  790 +-
>  gcc/analyzer/exploded-graph.h                 |   55 +-
>  gcc/analyzer/program-point.cc                 |   61 +
>  gcc/analyzer/program-point.h                  |   52 +-
>  gcc/analyzer/program-state.cc                 | 1271 +--
>  gcc/analyzer/program-state.h                  |  240 +-
>  gcc/analyzer/region-model-impl-calls.cc       |  352 +
>  gcc/analyzer/region-model-manager.cc          | 1088 ++
>  gcc/analyzer/region-model-reachability.cc     |  280 +
>  gcc/analyzer/region-model-reachability.h      |  117 +
>  gcc/analyzer/region-model.cc                  | 8931 +++++------------
>  gcc/analyzer/region-model.h                   | 3140 +++---
>  gcc/analyzer/region.cc                        | 1064 ++
>  gcc/analyzer/sm-file.cc                       |   26 +-
>  gcc/analyzer/sm-malloc.cc                     |  164 +-
>  gcc/analyzer/sm-sensitive.cc                  |    3 +-
>  gcc/analyzer/sm-signal.cc                     |   15 +-
>  gcc/analyzer/sm-taint.cc                      |    9 +-
>  gcc/analyzer/sm.cc                            |   21 +-
>  gcc/analyzer/sm.h                             |   35 +-
>  gcc/analyzer/store.cc                         | 2008 ++++
>  gcc/analyzer/store.h                          |  613 ++
>  gcc/analyzer/svalue.cc                        | 1004 ++
>  gcc/doc/analyzer.texi                         |  110 +-
>  gcc/testsuite/g++.dg/analyzer/pr93212.C       |    5 +-
>  gcc/testsuite/g++.dg/analyzer/pr93950.C       |    4 +-
>  gcc/testsuite/g++.dg/analyzer/pr94011.C       |   16 +
>  gcc/testsuite/g++.dg/analyzer/pr94028.C       |    4 +-
>  gcc/testsuite/g++.dg/analyzer/pr94503.C       |   25 +
>  gcc/testsuite/g++.dg/analyzer/pr95042.C       |   28 +
>  .../analyzer/CVE-2005-1689-dedupe-issue-2.c   |   30 +
>  .../analyzer/CVE-2005-1689-dedupe-issue.c     |    2 +-
>  .../gcc.dg/analyzer/CVE-2005-1689-minimal.c   |   61 +
>  gcc/testsuite/gcc.dg/analyzer/abs-1.c         |   22 +
>  gcc/testsuite/gcc.dg/analyzer/aliasing-1.c    |   25 +
>  gcc/testsuite/gcc.dg/analyzer/aliasing-2.c    |   32 +
>  .../gcc.dg/analyzer/analyzer-decls.h          |    7 +-
>  .../gcc.dg/analyzer/attribute-nonnull.c       |   12 +-
>  gcc/testsuite/gcc.dg/analyzer/bzero-1.c       |   11 +
>  gcc/testsuite/gcc.dg/analyzer/casts-1.c       |   49 +
>  gcc/testsuite/gcc.dg/analyzer/casts-2.c       |   15 +
>  .../gcc.dg/analyzer/compound-assignment-1.c   |    9 +-
>  .../gcc.dg/analyzer/compound-assignment-3.c   |    2 +-
>  .../gcc.dg/analyzer/compound-assignment-4.c   |   28 +
>  .../gcc.dg/analyzer/compound-assignment-5.c   |  142 +
>  .../gcc.dg/analyzer/conditionals-notrans.c    |   33 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-1.c  |   96 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-13.c |    7 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-14.c |    9 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-18.c |    4 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-20.c |   25 +
>  gcc/testsuite/gcc.dg/analyzer/data-model-5.c  |   13 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-5b.c |   12 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-5c.c |   13 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-5d.c |   61 +-
>  gcc/testsuite/gcc.dg/analyzer/data-model-6.c  |   14 -
>  gcc/testsuite/gcc.dg/analyzer/data-model-8.c  |    3 +-
>  gcc/testsuite/gcc.dg/analyzer/describe-1.c    |   11 +
>  gcc/testsuite/gcc.dg/analyzer/dot-output.c    |    3 +-
>  gcc/testsuite/gcc.dg/analyzer/explode-1.c     |    2 +-
>  gcc/testsuite/gcc.dg/analyzer/explode-2.c     |   16 +-
>  gcc/testsuite/gcc.dg/analyzer/feasibility-1.c |   62 +
>  gcc/testsuite/gcc.dg/analyzer/first-field-1.c |   24 +
>  gcc/testsuite/gcc.dg/analyzer/first-field-2.c |   33 +
>  gcc/testsuite/gcc.dg/analyzer/init.c          |  136 +
>  gcc/testsuite/gcc.dg/analyzer/leak-2.c        |    9 +
>  .../loop-0-up-to-n-by-1-with-iter-obj.c       |   73 +
>  .../gcc.dg/analyzer/loop-0-up-to-n-by-1.c     |   31 +
>  gcc/testsuite/gcc.dg/analyzer/loop-2a.c       |   10 +-
>  gcc/testsuite/gcc.dg/analyzer/loop-3.c        |    7 +-
>  gcc/testsuite/gcc.dg/analyzer/loop-4.c        |   13 +-
>  .../gcc.dg/analyzer/loop-n-down-to-1-by-1.c   |   35 +
>  .../analyzer/loop-start-down-to-end-by-1.c    |   35 +
>  .../analyzer/loop-start-down-to-end-by-step.c |   30 +
>  .../analyzer/loop-start-to-end-by-step.c      |   36 +
>  .../analyzer/loop-start-up-to-end-by-1.c      |   34 +
>  gcc/testsuite/gcc.dg/analyzer/loop.c          |    9 +-
>  gcc/testsuite/gcc.dg/analyzer/malloc-1.c      |   26 +-
>  gcc/testsuite/gcc.dg/analyzer/malloc-4.c      |    4 +-
>  .../gcc.dg/analyzer/malloc-in-loop.c          |   19 +
>  .../analyzer/malloc-ipa-8-double-free.c       |   82 +-
>  .../gcc.dg/analyzer/malloc-ipa-8-unchecked.c  |    6 +-
>  .../gcc.dg/analyzer/malloc-paths-9.c          |   59 +-
>  .../gcc.dg/analyzer/malloc-vs-local-1a.c      |   22 +-
>  .../gcc.dg/analyzer/malloc-vs-local-2.c       |   16 +-
>  .../gcc.dg/analyzer/malloc-vs-local-3.c       |    7 +-
>  gcc/testsuite/gcc.dg/analyzer/memset-1.c      |  100 +
>  gcc/testsuite/gcc.dg/analyzer/paths-3.c       |    4 +-
>  gcc/testsuite/gcc.dg/analyzer/paths-4.c       |   10 +-
>  gcc/testsuite/gcc.dg/analyzer/paths-6.c       |    4 +-
>  gcc/testsuite/gcc.dg/analyzer/paths-7.c       |    3 +-
>  .../analyzer/pr93032-mztools-simplified.c     |   22 +
>  .../gcc.dg/analyzer/pr93032-mztools.c         |  331 +
>  gcc/testsuite/gcc.dg/analyzer/pr93382.c       |    6 +-
>  gcc/testsuite/gcc.dg/analyzer/pr93938.c       |   13 +
>  gcc/testsuite/gcc.dg/analyzer/pr94099.c       |    3 +-
>  gcc/testsuite/gcc.dg/analyzer/pr94399.c       |   13 +
>  gcc/testsuite/gcc.dg/analyzer/pr94447.c       |    2 +-
>  gcc/testsuite/gcc.dg/analyzer/pr94458.c       |   23 +
>  gcc/testsuite/gcc.dg/analyzer/pr94640.c       |   17 +
>  gcc/testsuite/gcc.dg/analyzer/pr94688.c       |    6 +
>  gcc/testsuite/gcc.dg/analyzer/pr94689.c       |    8 +
>  gcc/testsuite/gcc.dg/analyzer/pr94839.c       |   20 +
>  gcc/testsuite/gcc.dg/analyzer/pr95026.c       |   17 +
>  gcc/testsuite/gcc.dg/analyzer/pr95240.c       |   27 +
>  gcc/testsuite/gcc.dg/analyzer/refcounting-1.c |   31 +
>  gcc/testsuite/gcc.dg/analyzer/single-field.c  |   37 +
>  gcc/testsuite/gcc.dg/analyzer/stale-frame-1.c |   15 +
>  gcc/testsuite/gcc.dg/analyzer/symbolic-1.c    |   43 +
>  gcc/testsuite/gcc.dg/analyzer/symbolic-2.c    |   32 +
>  gcc/testsuite/gcc.dg/analyzer/symbolic-3.c    |   12 +
>  gcc/testsuite/gcc.dg/analyzer/symbolic-4.c    |   20 +
>  gcc/testsuite/gcc.dg/analyzer/symbolic-5.c    |   29 +
>  gcc/testsuite/gcc.dg/analyzer/symbolic-6.c    |   24 +
>  gcc/testsuite/gcc.dg/analyzer/taint-1.c       |   22 +-
>  .../gcc.dg/analyzer/torture/loop-inc-ptr-1.c  |   15 +
>  .../gcc.dg/analyzer/torture/loop-inc-ptr-2.c  |   17 +
>  .../gcc.dg/analyzer/torture/loop-inc-ptr-3.c  |   18 +
>  gcc/testsuite/gcc.dg/analyzer/unknown-fns-2.c |  238 +
>  gcc/testsuite/gcc.dg/analyzer/unknown-fns-3.c |   67 +
>  gcc/testsuite/gcc.dg/analyzer/unknown-fns-4.c |   15 +
>  gcc/testsuite/gcc.dg/analyzer/unknown-fns.c   |    8 +-
>  .../gcc.dg/analyzer/use-after-free.c          |   12 +
>  gcc/testsuite/gcc.dg/analyzer/vla-1.c         |   13 +
>  gcc/testsuite/gcc.dg/analyzer/zlib-4.c        |   10 +-
>  .../gfortran.dg/analyzer/pr93993.f90          |    2 +-
>  gcc/tristate.h                                |    2 +
>  142 files changed, 16153 insertions(+), 10402 deletions(-)
>  create mode 100644 gcc/analyzer/region-model-impl-calls.cc
>  create mode 100644 gcc/analyzer/region-model-manager.cc
>  create mode 100644 gcc/analyzer/region-model-reachability.cc
>  create mode 100644 gcc/analyzer/region-model-reachability.h
>  create mode 100644 gcc/analyzer/region.cc
>  create mode 100644 gcc/analyzer/store.cc
>  create mode 100644 gcc/analyzer/store.h
>  create mode 100644 gcc/analyzer/svalue.cc
>  create mode 100644 gcc/testsuite/g++.dg/analyzer/pr94011.C
>  create mode 100644 gcc/testsuite/g++.dg/analyzer/pr94503.C
>  create mode 100644 gcc/testsuite/g++.dg/analyzer/pr95042.C
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/CVE-2005-1689-dedupe-issue-2.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/abs-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/aliasing-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/aliasing-2.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/bzero-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/casts-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/casts-2.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/compound-assignment-4.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/compound-assignment-5.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-20.c
>  delete mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-6.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/describe-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/feasibility-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/first-field-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/first-field-2.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/init.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/leak-2.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-0-up-to-n-by-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-n-down-to-1-by-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-start-down-to-end-by-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-start-down-to-end-by-step.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-start-to-end-by-step.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-start-up-to-end-by-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-in-loop.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/memset-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-simplified.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93938.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94399.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94458.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94640.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94688.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94689.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94839.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr95026.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr95240.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/refcounting-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/single-field.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/stale-frame-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-2.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-3.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-4.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-5.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-6.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/loop-inc-ptr-1.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/loop-inc-ptr-2.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/loop-inc-ptr-3.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/unknown-fns-2.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/unknown-fns-3.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/unknown-fns-4.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/use-after-free.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/vla-1.c
>


More information about the Gcc-patches mailing list