From a1f28c8840aa55f196f412d47e67c2e0dee97672 Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Wed, 27 May 2020 12:45:44 -0400
Subject: [PATCH 184/315] FIXME: update store2.h intro

---
 gcc/analyzer/store2.h | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/gcc/analyzer/store2.h b/gcc/analyzer/store2.h
index 7aa3d464966..e568db81573 100644
--- a/gcc/analyzer/store2.h
+++ b/gcc/analyzer/store2.h
@@ -34,10 +34,11 @@ along with GCC; see the file COPYING3.  If not see
    are partitioned into clusters via their base region.
 
    For example, given:
-     int p, q, r;
-     struct coord { double x; double y; } c[3];}
-   then each of p, q, r, and c will have their own clusters, so that we
-   know that writes to e.g. "c[1].x".don't affect e.g. "p".
+     int a, b, c;
+     struct coord { double x; double y; } verts[3];
+   then "verts[0].y" and "verts[1].x" both have "verts" as their base region.
+   Each of a, b, c, and verts will have their own clusters, so that we
+   know that writes to e.g. "verts[1].x".don't affect e.g. "a".
 
    Within each cluster we store a map of bindings to values, where the
    binding keys can be either concrete or symbolic.
@@ -95,6 +96,33 @@ along with GCC; see the file COPYING3.  If not see
        accesses to other elements are "UNKNOWN" rather than
        "UNINITIALIZED".
 
+   Handling symbolic regions requires us to handle aliasing.
+
+   In the first example above, each of a, b, c and verts are non-symbolic
+   base regions and so their clusters are "concrete clusters", whereas given:
+       struct coord *p, *q;
+   then "*p" and "*q" are symbolic base regions, and thus "*p" and "*q"
+   have "symbolic clusters".
+
+   In the above, "verts[i].x" will have a symbolic *binding* within a
+   concrete cluster for "verts", whereas "*p" is a symbolic *cluster*.
+
+   Writes to concrete clusters can't affect other concrete clusters,
+   but can affect symbolic clusters; e.g. after:
+       verts[0].x = 42;
+   we bind 42 in the cluster for "verts", but the clusters for "b" and "c"
+   can't be affected.  Any symbolic clusters for *p and for *q can be
+   affected, *p and *q could alias verts.
+
+   Writes to a symbolic cluster can affect other clusters, both
+   concrete and symbolic; e.g. after:
+       p->x = 17;
+   we bind 17 within the cluster for "*p".  The concrete clusters for a, b,
+   c, and verts could be affected, depending on whether *p aliases them.
+   Similarly, the symbolic cluster to *q could be affected.
+
+   TODO: examples involving buffers and alignment.
+
    TODO: example of memset to zero.
    TODO: example of pointer aliasing.  */
 
-- 
2.26.2