analyzer: fix ICEs seen with call summaries on PR 107060

analyzer: fix ICEs seen with call summaries on PR 107060

This doesn't fix the various false positives seen with
-fanalyzer-call-summaries on PR 107060, but stops it crashing at -O2.

gcc/analyzer/ChangeLog:
	PR analyzer/107060
	* call-summary.cc
	(call_summary_replay::convert_svalue_from_summary_1): Handle NULL
	results from convert_svalue_from_summary in SK_UNARY_OP and
	SK_BIN_OP.
	* engine.cc (impl_region_model_context::on_unknown_change): Bail
	out on svalues that can't have associated state.
	* region-model-impl-calls.cc
	(region_model::impl_call_analyzer_get_unknown_ptr): New.
	* region-model.cc (region_model::on_stmt_pre): Handle
	"__analyzer_get_unknown_ptr".
	* region-model.h
	(region_model::impl_call_analyzer_get_unknown_ptr): New decl.
	* store.cc (store::replay_call_summary_cluster): Avoid trying to
	create binding clusters for base regions that shouldn't have them.

gcc/ChangeLog:
	PR analyzer/107060
	* doc/analyzer.texi (__analyzer_get_unknown_ptr): Document.

gcc/testsuite/ChangeLog:
	PR analyzer/107060
	* gcc.dg/analyzer/analyzer-decls.h (__analyzer_get_unknown_ptr):
	New decl.
	* gcc.dg/analyzer/call-summaries-2.c
	(test_summarized_writes_param_to_ptr_unknown): New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>