analyzer: use ultimate alias target at calls (PR 93288)

analyzer: use ultimate alias target at calls (PR 93288)

PR analyzer/93288 reports an ICE in a C++ testcase when calling a
constructor.

The issue is that when building the supergraph, we encounter the
cgraph edge to "__ct_comp ", the DECL_COMPLETE_CONSTRUCTOR_P, and
this node's DECL_STRUCT_FUNCTION has a NULL CFG, which the analyzer
reads through, leading to the ICE.

This patch reworks function and fndecl lookup at calls throughout the
analyzer so that it looks for the ultimate_alias_target of the callee.
In the case above, this means using the "__ct_base " for the ctor,
which has a CFG, fixing the ICE.

Getting this right allows for some simple C++ cases involving ctors to
work, so the patch also adds some test coverage for that.

gcc/analyzer/ChangeLog:
	PR analyzer/93288
	* analysis-plan.cc (analysis_plan::use_summary_p): Look through
	the ultimate_alias_target when getting the called function.
	* engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
	"sm_ctxt".  Use the region_model's get_fndecl_for_call rather than
	gimple_call_fndecl.
	* region-model.cc (region_model::get_fndecl_for_call): Use
	ultimate_alias_target on fndecl.
	* supergraph.cc (get_ultimate_function_for_cgraph_edge): New
	function.
	(supergraph_call_edge): Use it when rejecting edges without
	functions.
	(supergraph::supergraph): Use it to get the function for the
	cgraph_edge when building interprocedural superedges.
	(callgraph_superedge::get_callee_function):  Use it.
	* supergraph.h (supergraph::get_num_snodes): Make param const.
	(supergraph::function_to_num_snodes_t): Make first type param
	const.

gcc/testsuite/ChangeLog:
	PR analyzer/93288
	* g++.dg/analyzer/malloc.C: Add test coverage for a double-free
	called in a constructor.
	* g++.dg/analyzer/pr93288.C: New test.