analyzer: fix escaping of pointer arithmetic [PR105264]

analyzer: fix escaping of pointer arithmetic [PR105264]

PR analyzer/105264 reports that the analyzer can fail to treat
(PTR + IDX) and PTR[IDX] as referring to the same memory under
some situations.

There are various ways in which this can happen when IDX is a
symbolic value, due to having several ways in which such memory
regions can be referred to symbolically.  I attempted to fix this by
being smarter when folding svalues and regions, but this fix
seems too fiddly to attempt in stage 4.

Instead, this less ambitious patch fixes a false positive from
-Wanalyzer-use-of-uninitialized-value by making the analyzer's escape
analysis smarter, so that it treats *PTR as escaping when
(PTR + OFFSET) is passed to an external function, and thus
it treats *PTR as possibly-initialized (the "passing &PTR[IDX]" case
was already working).

gcc/analyzer/ChangeLog:
	PR analyzer/105264
	* region-model-reachability.cc (reachable_regions::handle_parm):
	Use maybe_get_deref_base_region rather than just region_svalue, to
	handle pointer arithmetic also.
	* svalue.cc (svalue::maybe_get_deref_base_region): New.
	* svalue.h (svalue::maybe_get_deref_base_region): New decl.

gcc/testsuite/ChangeLog:
	PR analyzer/105264
	* gcc.dg/analyzer/torture/symbolic-10.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>