Analyzer: generating raw state for rewinding data flow
The analyzer now retains raw state when rewinding data flow, improving diagnostic accuracy without disabling state purging.
The analyzer now retains raw state when rewinding data flow for diagnostics. This fixes an issue where state purging would eliminate pertinent information, leading to inaccurate or incomplete diagnostics, especially in divide-by-zero scenarios. The patch extends diagnostic_manager::annotate_exploded_path to build region model instances without state purging or merging. This allows the analyzer to reliably rewind state and provide more accurate diagnostics, removing the need to disable state purging in certain test cases.
In Details
This commit enhances the GCC analyzer's data flow rewinding mechanism. The analyzer now performs an initial forward walk through the exploded path, constructing region_model instances without state purging or merging. These models are then used by epath_rewind_context to rewind state for diagnostics. This resolves issues where state purging interfered with accurate rewinding, particularly in contexts like gcc.dg/analyzer/divide-by-zero-{4,5,6}.c. Toolchain developers should note the changes to diagnostic_manager::annotate_exploded_path and the introduction of m_src_model and `m_dst_…
For Context
The GCC static analyzer is a tool that attempts to find bugs in code by simulating its execution. One key feature is the ability to "rewind" the data flow to understand how a particular value was computed. To reduce memory usage, the analyzer normally purges or merges states, but this can sometimes remove important information needed for accurate diagnosis. This commit makes the analyzer retain raw states temporarily during rewinding, improving the accuracy of its warnings without sacrificing memory efficiency in general.