And makes these options visible.

The fix is correct, but it significantly changes the behavior of the history
partitioning on some case studies.
Keep it for later, in order to fully understand the consequences.

[Datatype.Option] defines a different order than [Stdlib.Option.compare].

Type ['state partition] is a map from partition keys to states.
Such maps are converted into lists to be propagated through statements.
Changes in [Key.compare] impact the list order.
The list order impacts the heuristics used to remove redundant states before
propagating them (see Partitioning_index): redundant states may be propagated
or not depending of the list order.
This impacts the number of states propagated at some statements, and thus the
consumed slevel, and the precision of the analysis afterwards.

This commit reverts the change in the comparison of keys only to minimize
changes in the behavior of the analysis partitioning.

'Indeterminate' alarms are alarms about uninitialized memory, escaping pointers
and special floating-point values (infinite and NaN).

These alarms are emitted for functions specified by -eva-warn-copy-indeterminate
option, which is @all by default. These alarms can be disabled for some function
by -eva-warn-copy-indeterminate=-f, in which case they are also disabled for
the argument expressions of calls to [f].

However:
- the @all default value did not include functions without definition
  (for which a specification or a builtin is used).
- 'indeterminate' alarms were emitted anyway for the arguments of calls to
  functions without definition, except for builtins.
So no indeterminate alarms were emitted for the argument expressions of calls
to builtins (unless their definitions were included).

This commit fixes this behavior:
the @all default of -eva-warn-copy-indeterminate option include all functions
and special case for functions without definition or builtins are removed.

It still avoids to emit surch alarms on Eva directives such as Frama_C_show_each.

Cleans up and saves partial results on sigint signal.
Signal handlers are now registered at the start of an analysis, and previous
signal handlers are restored at the end.
New function [protect f ~cleanup] in value_util, that runs [f] and applies
[cleanup] in case of a user interruption or a Frama-C error, only if option
-save is set.

Catches Log.AbortError and Log.AbortFatal to properly clean-up the analysis
states on a failure.

The preconditions generated in place of behaviors leading to NaN or infinite
floating-point values are now named.

Andre Maroneze authored 3 years ago and David Bühler committed 3 years ago

The Linux manpage for tan states that only a floating-point exception
(FE_OVERFLOW) occurs in case of result overflow, but the POSIX manpage mentions
that errno can be set to ERANGE.

Renames the function [allowed_machdep].