1 /* PR 35503 - Warn about restricted pointers
3 { dg-options "-O2 -Wrestrict -ftrack-macro-expansion=0" } */
5 #include "../gcc.dg/range.h"
12 # define restrict __restrict
16 extern void* memcpy (void* restrict
, const void* restrict
, size_t);
17 extern void* mempcpy (void* restrict
, const void* restrict
, size_t);
18 extern void* memmove (void*, const void*, size_t);
20 extern char* stpcpy (char* restrict
, const char* restrict
);
22 extern char* strcat (char* restrict
, const char* restrict
);
23 extern char* strcpy (char* restrict
, const char* restrict
);
24 extern char* strncpy (char* restrict
, const char* restrict
, size_t);
30 void sink (void*, ...);
39 /* Exercise memcpy with constant or known arguments. */
41 void test_memcpy_cst (void *d
, const void *s
)
44 #define T(dst, src, n) do { \
45 if (!LINE || LINE == __LINE__) { \
46 char a[9] = { 1, 2, 3, 4, 5, 6, 7, 8, 9 }; \
48 const void *ps = (src); \
49 memcpy (pd, ps, (n)); \
56 /* This isn't detected because memcpy calls with small power-of-2 sizes
57 are intentionally folded into safe copies equivalent to memmove.
58 It's marked xfail only because there is value in detecting such
59 invalid calls for portability, and as a reminder of why it isn't
61 T (a
, a
+ 1, 1); /* { dg-warning "\\\[-Wrestrict" "memcpy with a small power of 2 size" { xfail *-*-* } } */
63 T (a
, a
+ 3, 5); /* { dg-warning "\\\[-Wrestrict" "memcpy" } */
71 memcpy (d
, s
, sizeof a
[0]);
76 /* The following is only diagnosed for sizes that aren't small
78 memcpy (d
, s
, sizeof a
[0] + 2); /* { dg-warning "\\\[-Wrestrict" "memcpy" } */
83 memcpy (d
, s
, sizeof a
[0]);
88 memcpy (d
, s
, sizeof a
[0] + 2); /* { dg-warning "\\\[-Wrestrict" "memcpy" } */
102 memcpy (d
, s
, sizeof x
.a
);
107 memcpy (d
, s
, sizeof x
.a
); /* { dg-warning "\\\[-Wrestrict" "memcpy" } */
117 memcpy (d
, s
, 3); /* { dg-warning "\\\[-Wrestrict" "memcpy" } */
132 memcpy (d
, s
, sizeof x
.b
);
137 memcpy (d
, s
, sizeof x
.b
);
142 memcpy (d
, s
, sizeof x
.b
);
147 memcpy (d
, s
, sizeof x
.b
); /* { dg-warning "\\\[-Wrestrict" "memcpy" } */
153 #define T(dst, src, n) do { \
154 if (!LINE || LINE == __LINE__) { \
155 char a[9] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 }; \
156 memcpy ((dst), (src), (n)); \
161 /* Verify the offset of the overlap is the same regardless of whether
162 the destination is at lower or higher offset than the source. */
163 T (a
, a
+ 1, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and 1 overlaps 4 bytes at offset 1" "memcpy" } */
164 T (a
, a
+ 2, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and 2 overlaps 3 bytes at offset 2" "memcpy" } */
165 T (a
, a
+ 3, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and 3 overlaps 2 bytes at offset 3" "memcpy" } */
167 T (a
+ 1, a
, 5); /* { dg-warning "accessing 5 bytes at offsets 1 and 0 overlaps 4 bytes at offset 1" "memcpy" } */
168 T (a
+ 2, a
, 5); /* { dg-warning "accessing 5 bytes at offsets 2 and 0 overlaps 3 bytes at offset 2" "memcpy" } */
169 T (a
+ 3, a
, 5); /* { dg-warning "accessing 5 bytes at offsets 3 and 0 overlaps 2 bytes at offset 3" "memcpy" } */
173 /* Exercise memcpy with destination or source offset or size in
174 a determinate range. */
176 void test_memcpy_range (char *d
, size_t sz
)
179 #define T(dst, src, n) do { \
180 if (!LINE || LINE == __LINE__) { \
181 char a[9] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 }; \
183 const void *ps = (src); \
184 memcpy (pd, ps, (n)); \
189 ptrdiff_t ir
= SR (2, 3);
194 /* The following fails because the size is a small power of 2. */
195 T (a
+ ir
, a
, 4); /* { dg-warning "accessing 4 bytes at offsets \\\[2, 3] and 0 overlaps between 1 and 2 bytes at offset \\\[3, 2]" "memcpy" { xfail *-*-*} } */
196 T (a
+ ir
, a
, 5); /* { dg-warning "accessing 5 bytes at offsets \\\[2, 3] and 0 overlaps between 2 and 3 bytes at offset \\\[2, 3]" "memcpy" } */
202 T (d
+ ir
, d
, 4); /* { dg-warning "accessing 4 bytes at offsets \\\[2, 3] and 0 overlaps 1 byte at offset 3" "bug 79220" { xfail *-*-* } } */
203 T (d
+ ir
, d
, 5); /* { dg-warning "accessing 5 bytes at offsets \\\[2, 3] and 0 overlaps between 2 and 3 bytes at offset \\\[2, 3]" "memcpy" } */
205 /* Because the size is constant and a power of 2 the following is
206 folded too early to detect the overlap. */
207 T (d
+ ir
, d
, 4); /* { dg-warning "accessing 4 bytes at offsets \\\[2, 3] and 0 overlaps 2 byte at offset 2" "memcpy" { xfail *-*-* } } */
208 T (d
+ ir
, d
, 5); /* { dg-warning "accessing 5 bytes at offsets \\\[2, 3] and 0 overlaps between 2 and 3 bytes at offset \\\[2, 3]" "memcpy" } */
210 /* Exercise the full range of size_t. */
215 T (a
, a
+ 1, SR (0, 1));
216 T (a
, a
+ 1, SR (0, 2));
217 T (a
, a
+ 1, SR (1, 2));
218 T (a
, a
+ 1, SR (2, 3)); /* { dg-warning "accessing between 2 and 3 bytes at offsets 0 and 1 overlaps between 1 and 2 bytes at offset 1" "memcpy" } */
219 T (a
, a
+ 1, UR (2, DIFF_MAX
+ (size_t)1)); /* { dg-warning "accessing 2 or more bytes at offsets 0 and 1 overlaps 1 or more bytes at offset 1" "memcpy" } */
220 T (a
, a
+ 1, UR (2, SIZE_MAX
- 1)); /* { dg-warning "accessing 2 or more bytes at offsets 0 and 1 overlaps 1 or more bytes at offset 1" "memcpy" } */
221 T (a
, a
+ 2, SR (2, 3));
222 T (a
, a
+ 2, SR (3, 4)); /* { dg-warning "accessing between 3 and 4 bytes at offsets 0 and 2 overlaps between 1 and 2 bytes at offset 2" "memcpy" } */
223 T (a
, a
+ 3, SR (3, 4));
224 T (a
, a
+ 3, SR (4, 5)); /* { dg-warning "accessing between 4 and 5 bytes at offsets 0 and 3 overlaps between 1 and 2 bytes at offset 3" "memcpy" } */
225 T (a
, a
+ 3, SR (5, 6)); /* { dg-warning "accessing between 5 and 6 bytes at offsets 0 and 3 overlaps between 2 and 3 bytes at offset 3" "memcpy" } */
227 T (a
+ 1, a
, SR (0, 1));
228 T (a
+ 1, a
, SR (0, 2));
229 T (a
+ 1, a
, SR (1, 2));
230 T (a
+ 1, a
, SR (2, 3)); /* { dg-warning "accessing between 2 and 3 bytes at offsets 1 and 0 overlaps between 1 and 2 bytes at offset 1" "memcpy" } */
231 T (a
+ 1, a
, UR (2, DIFF_MAX
+ (size_t)1)); /* { dg-warning "accessing 2 or more bytes at offsets 1 and 0 overlaps 1 or more bytes at offset 1" "memcpy" } */
232 T (a
+ 1, a
, UR (2, SIZE_MAX
- 1)); /* { dg-warning "accessing 2 or more bytes at offsets 1 and 0 overlaps 1 or more bytes at offset 1" "memcpy" } */
233 T (a
+ 2, a
, SR (2, 3));
234 T (a
+ 2, a
, SR (3, 4)); /* { dg-warning "accessing between 3 and 4 bytes at offsets 2 and 0 overlaps between 1 and 2 bytes at offset 2" "memcpy" } */
235 T (a
+ 3, a
, SR (3, 4));
236 T (a
+ 3, a
, SR (4, 5)); /* { dg-warning "accessing between 4 and 5 bytes at offsets 3 and 0 overlaps between 1 and 2 bytes at offset 3" "memcpy" } */
237 T (a
+ 3, a
, SR (5, 6)); /* { dg-warning "accessing between 5 and 6 bytes at offsets 3 and 0 overlaps between 2 and 3 bytes at offset 3" "memcpy" } */
241 T (a
, a
+ ir
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[2, 5] overlaps between 1 and 3 bytes at offset \\\[2, 4]" "memcpy" } */
242 T (a
, a
+ ir
, 6); /* { dg-warning "accessing 6 bytes at offsets 0 and \\\[2, 5] overlaps between 3 and 4 bytes at offset \\\[2, 3]" "memcpy" } */
244 /* Below, there are two possible regions for the source of the copy:
245 1) one just before the high end of the address space that's 3
246 bytes large close to the lower end of the offset range, and
247 2) another in the [DIFF_MIN, -8] range from D and so at least
249 A copy from (1) overlaps but one from (2) does not. Verify that
250 the copy is not diagnosed. (This test case was reduced from
251 the Linux kernel.) */
252 T (d
, d
+ UR (DIFF_MAX
- 3, SIZE_MAX
- 7), 5);
253 T (d
, d
+ UR (DIFF_MAX
- 3, SIZE_MAX
- 7), 6);
254 T (d
, d
+ UR (DIFF_MAX
- 3, SIZE_MAX
- 7), 7);
255 T (d
, d
+ UR (DIFF_MAX
- 3, SIZE_MAX
- 7), 9);
257 T (d
+ UR (DIFF_MAX
- 3, SIZE_MAX
- 7), d
, 5);
258 T (d
+ UR (DIFF_MAX
- 3, SIZE_MAX
- 7), d
, 6);
259 T (d
+ UR (DIFF_MAX
- 3, SIZE_MAX
- 7), d
, 7);
260 T (d
+ UR (DIFF_MAX
- 3, SIZE_MAX
- 7), d
, 9);
263 /* Create an offset in the range [0, -1]. */
269 /* Exercise memcpy with both destination and source pointer offsets
270 in some known range. */
271 size_t n
= UR (3, 4);
272 T (a
+ SR (1, 3), a
+ SR (1, 3), n
); /* { dg-warning "accessing between 3 and 4 bytes at offsets \\\[1, 3] and \\\[1, 3] overlaps between 1 and 4 bytes at offset \\\[1, 3]" "memcpy" } */
274 /* This is an interesting case:
275 memcpy (a + i, a + j, n) with i in [1, 3], j in [2, 3], and n in [3, 4]
276 we have the following possibilities ('^' denotesthe destination offset,
277 '*' marks the overlap, and '?' is the possible overlap for large n):
278 i j | a = 012345678 SIZ OFF (size and offset of the overlap)
284 There are two ways to present the results:
285 1) overlaps between 1 and 4 bytes at offset [2, 3]
286 2) overlaps between 1 and 4 bytes at offset 2. */
287 T (a
+ SR (1, 3), a
+ SR (2, 3), n
); /* { dg-warning "accessing between 3 and 4 bytes at offsets \\\[1, 3] and \\\[2, 3] overlaps between 1 and 4 bytes at offset \\\[2, 3]" "memcpy" } */
288 T (a
+ SR (1, 3), a
+ SR (3, 4), n
);
290 T (a
+ SR (2, 3), a
+ SR (3, 4), n
); /* { dg-warning "accessing between 3 and 4 bytes at offsets \\\[2, 3] and \\\[3, 4] overlaps between 1 and 4 bytes at offset \\\[3, 4]" "memcpy" } */
292 T (a
+ SR (1, 3), a
+ SR (4, 5), n
);
293 T (a
+ SR (2, 3), a
+ SR (4, 5), n
);
294 T (a
+ SR (3, 4), a
+ SR (4, 5), n
); /* { dg-warning "accessing between 3 and 4 bytes at offsets \\\[3, 4] and \\\[4, 5] overlaps between 1 and 4 bytes at offset \\\[4, 5]" "memcpy" } */
296 /* Exercise the full range of size_t. */
302 /* Exercise memcpy with offset and/or size in a determinate anti-range. */
304 void test_memcpy_anti_range (char *d
, const char *s
)
306 T (d
, d
+ SAR (0, 3), 1);
307 T (d
, d
+ SAR (0, 3), 2);
308 T (d
, d
+ SAR (0, 3), 3);
309 T (d
, d
+ SAR (0, 3), DIFF_MAX
- 2); /* { dg-warning "overlaps \[0-9\]+ bytes at offset 2" "memcpy" } */
310 T (d
, d
+ SAR (0, 3), DIFF_MAX
- 1); /* { dg-warning "overlaps \[0-9\]+ bytes at offset 1" "memcpy" } */
311 T (d
, d
+ SAR (0, 3), DIFF_MAX
); /* { dg-warning "overlaps \[0-9\]+ bytes at offset 0" "memcpy" } */
313 T (d
, d
+ SAR (0, 3), UR (DIFF_MAX
- 2, DIFF_MAX
)); /* { dg-warning "accessing \[0-9\]+ or more bytes at offsets 0 and \\\[-?\[0-9\]+, -?\[0-9\]+] overlaps \[0-9\]+ bytes at offset 2" "memcpy" } */
315 /* Verify that a size in an anti-range ~[0, N] where N >= PTRDIFF_MAX
316 doesn't trigger a warning. */
317 T (d
, s
, UAR (1, DIFF_MAX
- 1));
318 T (d
, s
, UAR (1, DIFF_MAX
));
319 T (d
, s
, UAR (1, SIZE_MAX
- 1));
321 /* This causes the last dg-warning test to fail for some reason.
322 T (d, s, UAR (1, SIZE_MAX)); */
325 /* Verify calls to memcpy() where the combination of offsets in some
326 range and size is such that either overlap is unavoidable or one
327 or both offsets would exceed the maximum size of an object
330 void test_memcpy_range_exceed (char *d
, const char *s
)
332 /* Verify offset and size both in some range. The memcpy checking
333 is less strict than that of string functions like strncpy and
334 doesn't trigger unless the overlap is certain. The following
335 overlaps for (r == 3 && n > 3) but not, for example, for
336 (r == 4 && n == 4), and so it's not diagnosed. */
337 ptrdiff_t i
= SR (3, 5);
338 size_t n
= UR (4, 6);
342 /* Ditto for objects of unknown sizes. */
346 /* Verify that a warning is issued for a copy between two regions
347 whose aggregate size would exceed DIFF_MAX if it were to not
349 T (d
, s
, DIFF_MAX
/ 2);
350 T (d
, s
, DIFF_MAX
/ 2 + 1); /* { dg-warning "overlaps 1 byte" "memcpy" } */
351 T (d
, s
, DIFF_MAX
/ 2 + 2); /* { dg-warning "overlaps 3 bytes" "memcpy" } */
352 T (d
, s
, DIFF_MAX
/ 2 + 3); /* { dg-warning "overlaps 5 bytes" "memcpy" } */
354 i
= SR (DIFF_MAX
- 2, DIFF_MAX
);
356 /* Verify a warning for an out-of-bounds offset range and constant
358 T (d
, d
+ i
, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and \\\[\[0-9\]+, \[0-9\]+] overlaps 1 byte" "memcpy" } */
359 T (d
+ i
, d
, 3); /* { dg-warning "accessing 3 bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and 0 overlaps 1 byte" "memcpy" } */
361 T (d
+ 1, d
+ i
, 3); /* { dg-warning "accessing 3 bytes at offsets 1 and \\\[\[0-9\]+, \[0-9\]+] overlaps 1 byte" "memcpy" } */
362 T (d
+ i
, d
+ 1, 3); /* { dg-warning "accessing 3 bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and 1 overlaps 1 byte" "memcpy" } */
364 /* Verify that the warnings above are independent of whether the source
365 and destination are known to be based on the same object. */
366 T (d
, s
+ i
, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and \\\[\[0-9\]+, \[0-9\]+] overlaps 1 byte" "memcpy" } */
367 T (d
+ i
, s
, 3); /* { dg-warning "accessing 3 bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and 0 overlaps 1 byte" "memcpy" } */
369 T (d
+ 1, s
+ i
, 3); /* { dg-warning "accessing 3 bytes at offsets 1 and \\\[\[0-9\]+, \[0-9\]+] overlaps 1 byte" "memcpy" } */
370 T (d
+ i
, s
+ 1, 3); /* { dg-warning "accessing 3 bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and 1 overlaps 1 byte" "memcpy" } */
372 #if __SIZEOF_SIZE_T__ == 8
373 /* Verfiy the offset and size computation is correct. The overlap
374 offset mentioned in the warning plus sthe size of the access must
375 not exceed DIFF_MAX. */
376 T (d
, d
+ i
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[9223372036854775805, 9223372036854775807] overlaps 3 bytes at offset 9223372036854775802" "LP64" { target lp64 } } */
377 T (d
+ i
, d
, 5); /* { dg-warning "accessing 5 bytes at offsets \\\[9223372036854775805, 9223372036854775807] and 0 overlaps 3 bytes at offset 9223372036854775802" "LP64" { target lp64 } } */
379 T (d
, s
+ i
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[9223372036854775805, 9223372036854775807] overlaps 3 bytes at offset 9223372036854775802" "LP64" { target lp64 } } */
380 T (d
+ i
, s
, 5); /* { dg-warning "accessing 5 bytes at offsets \\\[9223372036854775805, 9223372036854775807] and 0 overlaps 3 bytes at offset 9223372036854775802" "LP64" { target lp64 } } */
381 #elif __SIZEOF_SIZE_T__ == 4
382 T (d
, d
+ i
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[2147483645, 2147483647] overlaps 3 bytes at offset 2147483642" "ILP32" { target ilp32 } } */
383 T (d
+ i
, d
, 5); /* { dg-warning "accessing 5 bytes at offsets \\\[2147483645, 2147483647] and 0 overlaps 3 bytes at offset 2147483642" "ILP32" { target ilp32 } } */
385 T (d
, s
+ i
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[2147483645, 2147483647] overlaps 3 bytes at offset 2147483642" "ILP32" { target ilp32 } } */
386 T (d
+ i
, s
, 5); /* { dg-warning "accessing 5 bytes at offsets \\\[2147483645, 2147483647] and 0 overlaps 3 bytes at offset 2147483642" "ILP32" { target ilp32} } */
389 ptrdiff_t j
= SR (DIFF_MAX
- 9, DIFF_MAX
- 1);
390 i
= SR (DIFF_MAX
- 5, DIFF_MAX
- 1);
394 n
= UR (4, DIFF_MAX
- 1);
397 n
= UR (4, SIZE_MAX
- 1);
400 j
= SR (DIFF_MAX
- 8, DIFF_MAX
- 1);
403 j
= SR (DIFF_MAX
- 7, DIFF_MAX
- 1);
404 T (d
+ i
, d
+ j
, n
); /* { dg-warning "accessing 4( or more)? bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and \\\[\[0-9\]+, \[0-9\]+] overlaps" "memcpy" } */
406 j
= SR (DIFF_MAX
- 6, DIFF_MAX
- 1);
407 T (d
+ i
, d
+ j
, n
); /* { dg-warning "accessing 4( or more)? bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and \\\[\[0-9\]+, \[0-9\]+] overlaps" "memcpy" } */
409 n
= UR (3, DIFF_MAX
);
412 j
= SR (DIFF_MAX
- 6, DIFF_MAX
- 1);
415 j
= SR (DIFF_MAX
- 5, DIFF_MAX
- 1);
416 T (d
+ i
, d
+ j
, n
); /* { dg-warning "accessing 3 or more bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and \\\[\[0-9\]+, \[0-9\]+] overlaps 1 or more bytes" "memcpy" } */
418 j
= SR (DIFF_MAX
- 4, DIFF_MAX
- 1);
419 T (d
+ i
, d
+ j
, n
); /* { dg-warning "accessing 3 or more bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and \\\[\[0-9\]+, \[0-9\]+] overlaps 1 or more bytes" "memcpy" } */
421 j
= SR (DIFF_MAX
- 2, DIFF_MAX
- 1);
422 T (d
+ i
, d
+ j
, n
); /* { dg-warning "accessing 3 or more bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and \\\[\[0-9\]+, \[0-9\]+] overlaps 1 or more bytes" "memcpy" } */
425 /* Exercise memcpy with destination and source of unknown size. */
427 void test_memcpy_var (char *d
, const char *s
)
429 size_t n
= unsigned_value ();
431 /* Since no copying takes place no warning should be issued. */
435 /* The following overlaps if n is greater than 1. */
444 s
= d
+ signed_value ();
445 memcpy (d
, s
, unsigned_value ());
465 memcpy (d
, s
, n
); /* { dg-warning "\\\[-Wrestrict" "memcpy" } */
470 memcpy (d
, s
, n
); /* { dg-warning "\\\[-Wrestrict" "memcpy" } */
474 void test_memcpy_memarrray (struct MemArrays
*p
)
477 #define T(dst, src, n) do { \
478 if (!LINE || LINE == __LINE__) { \
480 const void *ps = (src); \
481 memcpy (pd, ps, (n)); \
487 T (p
->a8
, p
->a8
+ 1, 1);
488 T (p
->a8
, p
->a8
+ 2, 2);
489 T (p
->a8
, p
->a8
+ 8, 1);
491 T (p
->a8
, p
->a8
+ 2, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and 2 overlaps 1 byte at offset 2" "memcpy" } */
494 /* Exercise the absence of warnings with memmove. */
496 void test_memmove (void)
511 memmove (d
+ 1, s
, 5);
516 /* Exercise strcat with constant or known arguments. */
518 void test_strcat_cst (const char *s
)
521 #define T(init, dst, src) do { \
522 if (!LINE || LINE == __LINE__) { \
525 const char *ps = (src); \
531 T ("0", a
, a
); /* { dg-warning "source argument is the same as destination" "strcat" } */
532 T ("01", a
, a
); /* { dg-warning "source argument is the same as destination" "strcat" } */
533 T ("012", a
, a
); /* { dg-warning "source argument is the same as destination" "strcat" } */
534 /* The 3 bytes "12\0" being appended to "012" overwrite the final NUL. */
535 T ("012", a
, a
+ 1); /* { dg-warning "accessing 3 bytes at offsets 0 and 1 overlaps 1 byte at offset 3" "strcat" } */
536 T ("012", a
, a
+ 2); /* { dg-warning "accessing 2 bytes at offsets 0 and 2 overlaps 1 byte at offset 3" "strcat" } */
537 /* The nul copied from a[3] to a[3] overwrites itself so this is
539 T ("012", a
, a
+ 3); /* { dg-warning "accessing 1 byte at offsets 0 and 3 overlaps 1 byte at offset 3" "strcat" } */
547 T ("0", a
+ 1, a
); /* { dg-warning "accessing 2 bytes at offsets 1 and 0 overlaps 1 byte at offset 1" "strcat" } */
550 /* The first of the two offsets in the diagnostic for strcat is that
551 of the first write into the destination, not that of the initial
552 read from it to compute its length. */
553 T ("01", a
+ 1, a
); /* { dg-warning "accessing 3 bytes at offsets 1 and 0 overlaps 1 byte at offset 2" "strcat" } */
554 T ("01", a
+ 2, a
); /* { dg-warning "accessing 3 bytes at offsets 2 and 0 overlaps 1 byte at offset 2" "strcat" } */
557 T ("012", a
+ 1, a
); /* { dg-warning "accessing 4 bytes at offsets 1 and 0 overlaps 1 byte at offset 3" "strcat" } */
558 T ("012", a
+ 2, a
); /* { dg-warning "accessing 4 bytes at offsets 2 and 0 overlaps 1 byte at offset 3" "strcat" } */
559 T ("012", a
+ 3, a
); /* { dg-warning "accessing 4 bytes at offsets 3 and 0 overlaps 1 byte at offset 3 " "strcat" } */
563 /* Verify that the obviously benign cases below aren't diagnosed. */
566 T ("01234567", a
, s
);
569 /* Exercise strcat with destination and source of unknown length. */
571 void test_strcat_var (char *d
, const char *s
)
574 #define T(dst, src) do { \
575 if (!LINE || LINE == __LINE__) { \
577 const char *ps = (src); \
583 T (d
, d
); /* { dg-warning "source argument is the same as destination" "strcat" } */
584 T (d
, d
+ 1); /* { dg-warning "accessing 2 or more bytes at offsets 0 and 1 may overlap 1 byte" "strcat" } */
585 T (d
, d
+ 2); /* { dg-warning "accessing 3 or more bytes at offsets 0 and 2 may overlap 1 byte at offset 2" "strcat" } */
586 T (d
, d
+ 999); /* { dg-warning "accessing 1000 or more bytes at offsets 0 and 999 may overlap 1 byte at offset 999" "strcat" } */
588 /* The source string must be at least 100 bytes in length for the copy
590 T (d
, d
+ -99); /* { dg-warning "accessing 100 or more bytes at offsets 0 and -99 may overlap 1 byte" "strcat" } */
592 size_t n
= unsigned_value ();
594 T (d
+ n
, d
+ n
); /* { dg-warning "\\\[-Wrestrict" "strcat" } */
596 /* Verify that the obviously benign cases below aren't diagnosed. */
604 /* Since the offset is unknown the overlap in the call below, while
605 possible, is certainly not inevitable. Conservatively, it should
606 not be diagnosed. For safety, an argument for diagnosing can be
607 made. It's a judgment call, partly determined by the effort and
608 complexity of treating this case differently from other similar
610 T (d
, d
+ n
); /* { dg-warning "may overlap" "strcat" } */
613 /* Exercise strcpy with constant or known arguments. */
615 void test_strcpy_cst (ptrdiff_t i
)
618 #define T(init, dst, src) do { \
619 if (!LINE || LINE == __LINE__) { \
622 const char *ps = (src); \
628 T ("012", a
, a
); /* { dg-warning "source argument is the same as destination" "strcpy" } */
629 T ("012", a
, a
+ 1); /* { dg-warning "accessing 3 bytes at offsets 0 and 1 overlaps 2 bytes at offset 1" "strcpy" } */
632 /* The following doesn't overlap but it should trigger -Wstringop-overflow
633 for reading past the end. */
634 T ("012", a
, a
+ sizeof a
);
636 /* The terminating nul written to d[2] overwrites s[0]. */
637 T ("0123", a
, a
+ 2); /* { dg-warning "accessing 3 bytes at offsets 0 and 2 overlaps 1 byte at offset 2" } */
639 /* The '5' copied from s[2] to d[2] overwrites s[0]. */
640 T ("01234", a
, a
+ 2); /* { dg-warning "accessing 4 bytes at offsets 0 and 2 overlaps 2 bytes at offset 2" } */
642 /* This happens to be safe in GCC but it's still wrong. */
643 T ("012", a
, a
); /* { dg-warning "source argument is the same as destination" "strcpy" } */
645 T ("012", a
+ 1, a
); /* { dg-warning "accessing 4 bytes at offsets 1 and 0 overlaps 3 bytes at offset 1" "strcpy" } */
646 T ("012", a
+ 2, a
); /* { dg-warning "accessing 4 bytes at offsets 2 and 0 overlaps 2 bytes at offset 2" "strcpy" } */
647 T ("012", a
+ 3, a
); /* { dg-warning "accessing 4 bytes at offsets 3 and 0 overlaps 1 byte at offset 3" "strcpy" } */
649 /* The following doesn't overlap but it should trigger -Wstrinop-ovewrflow
650 for writing past the end. */
651 T ("012", a
+ sizeof a
, a
);
654 /* Exercise strcpy with constant or known arguments offset by a range.
655 The tests verify the use of the lower bound of the range which is
656 more restrictive than using the upper bound for positive values. */
658 void test_strcpy_range (void)
661 #define T(N, init, dst, src) \
663 if (!LINE || LINE == __LINE__) { \
666 const char *ps = (src); \
675 T (8, "0", a
+ r
, a
); /* { dg-warning "accessing between 1 and 2 bytes at offsets \\\[0, 1] and 0 overlaps up to 2 bytes at offset \\\[0, 1]" "strcpy" { xfail *-*-*} } */
678 T (8, "01", a
+ r
, a
); /* { dg-warning "accessing 3 bytes at offsets \\\[2, 5] and 0 may overlap 1 byte at offset 2" } */
679 T (8, "012", a
+ r
, a
); /* { dg-warning "accessing 4 bytes at offsets \\\[2, 5] and 0 may overlap up to 2 bytes at offset \\\[3, 2]" "strcpy" } */
681 /* The highest offset to which to copy without overflowing the 8-byte
682 destination is 3 and that overlaps 2 bytes. */
683 T (8, "0123", a
+ r
, a
); /* { dg-warning "accessing 5 bytes at offsets \\\[2, 5] and 0 overlaps between 2 and 3 bytes at offset \\\[2, 3]" "strcpy" } */
685 /* With a 9-byte destination the highest offset is 4 and that still
686 overlaps 1 byte (the final NUL). */
687 T (9, "0123", a
+ r
, a
); /* { dg-warning "accessing 5 bytes at offsets \\\[2, 5] and 0 overlaps between 1 and 3 bytes at offset \\\[2, 4]" "strcpy" } */
689 /* With a 10-byte buffer it's possible to copy all 5 bytes without
690 overlap at (a + 5). Copying at offsets 2 through 4 overflows
691 between 3 and 1 bytes, respectively. */
692 T (10, "0123", a
+ r
, a
); /* { dg-warning "accessing 5 bytes at offsets \\\[2, 5] and 0 may overlap up to 3 bytes at offset \\\[4, 2]" "strcpy" } */
696 T (8, "01", a
+ r
, a
);
697 T (8, "012", a
+ r
, a
); /* { dg-warning "accessing 4 bytes at offsets \\\[3, 4] and 0 may overlap 1 byte at offset 3" "strcpy" } */
699 /* The highest offset to which to copy without overflowing the 8-byte
700 destination is 3 and that overlaps 2 bytes. */
701 T (8, "0123", a
+ r
, a
); /* { dg-warning "accessing 5 bytes at offsets \\\[3, 4] and 0 overlaps 2 bytes at offset 3" "strcpy" } */
703 /* With a 9-byte destination the highest offset is 4 and that still
704 overlaps 1 byte (the final NUL). */
705 T (9, "0123", a
+ r
, a
); /* { dg-warning "accessing 5 bytes at offsets \\\[3, 4] and 0 overlaps between 1 and 2 bytes at offset \\\[3, 4]" "strcpy" } */
707 /* With a 10-byte buffer it's possible to copy all 5 bytes without
708 overlap at (a + 5). Copying at offsets 2 through 4 overflows
709 between 3 and 1 bytes, respectively. */
710 T (10, "0123", a
+ r
, a
); /* { dg-warning "accessing 5 bytes at offsets \\\[3, 4] and 0 overlaps between 1 and 2 bytes at offset \\\[3, 4]" "strcpy" } */
712 T (8, "01", a
, a
+ r
);
713 T (8, "012", a
, a
+ r
);
714 T (8, "0123", a
, a
+ r
);
715 T (8, "01234", a
, a
+ r
);
717 /* With the smaller offset of 3 the final NUL definitely overlaps
718 the '4' at a[3], but with the larger offset of 4 there is no
719 overlap, so the warning is a "may overlap" and the size of
720 the overlap is 1 byte. */
721 T (8, "012345", a
, a
+ r
); /* { dg-warning "accessing between 3 and 4 bytes at offsets 0 and \\\[3, 4] may overlap 1 byte at offset 3" "strcpy" } */
722 T (8, "0123456", a
, a
+ r
); /* { dg-warning "accessing between 4 and 5 bytes at offsets 0 and \\\[3, 4] may overlap up to 2 bytes at offset 3" "strcpy" } */
724 r
= SR (3, DIFF_MAX
- 3);
725 T (8, "01", a
+ r
, a
);
726 T (8, "012", a
+ r
, a
); /* { dg-warning "accessing 4 bytes at offsets \\\[3, \[0-9\]+] and 0 may overlap 1 byte at offset 3" "strcpy" } */
728 r
= SR (DIFF_MAX
- 2, DIFF_MAX
- 1);
729 T (8, "012", a
+ r
, a
); /* { dg-warning "accessing 4 bytes at offsets \\\[\[0-9\]+, \[0-9\]+] and 0 overlaps" "strcpy" } */
731 /* Exercise the full range of ptrdiff_t. */
734 /* The overlap in the cases below isn't inevitable but it is diagnosed
735 because it is possible and so the code is considered unsafe. */
736 T (8, "", a
, a
+ r
); /* { dg-warning "accessing 1 byte at offsets 0 and \\\[0, 8] may overlap 1 byte" "strcpy" } */
737 T (8, "0", a
+ r
, a
); /* { dg-warning "accessing 2 bytes at offsets \\\[0, 8] and 0 may overlap up to 2 bytes" "strcpy" } */
738 T (8, "012", a
+ r
, a
); /* { dg-warning "accessing 4 bytes at offsets \\\[0, 8] and 0 may overlap up to 4 bytes" "strcpy" } */
740 T (8, "", a
, a
+ r
); /* { dg-warning "accessing 1 byte at offsets 0 and \\\[0, 8] may overlap" "strcpy" } */
741 T (8, "0", a
, a
+ r
); /* { dg-warning "accessing between 0 and 2 bytes at offsets 0 and \\\[0, 8] may overlap up to 2 bytes" "strcpy" } */
742 T (8, "012", a
, a
+ r
); /* { dg-warning "accessing between 0 and 4 bytes at offsets 0 and \\\[0, 8] may overlap up to 4 bytes" "strcpy" } */
745 /* Exercise strcpy with destination and/or source of unknown lengthu. */
747 void test_strcpy_var (char *d
, const char *s
)
750 #define T(dst, src) do { \
751 if (!LINE || LINE == __LINE__) { \
753 const char *ps = (src); \
761 T (d
, &d
[0]); /* { dg-warning "source argument is the same as destination" "strcpy" } */
762 T (&d
[0], d
); /* { dg-warning "source argument is the same as destination" "strcpy" } */
765 T (d
, s
); /* { dg-warning "source argument is the same as destination" "strcpy" } */
767 /* The following overlaps if *s is not nul. It arguably should be
771 /* The following overlaps if strlen (d) is greater than 1. Like
772 the above, it possibly should be diagnosed too. */
776 /* The following overlaps only if strlen (s + n) >= n so it's not
778 s
= d
+ signed_value ();
782 /* Exercise strncpy with constant or known arguments. */
784 void test_strncpy_cst (void)
787 #define T(init, dst, src, size) do { \
788 if (!LINE || LINE == __LINE__) { \
791 const char *ps = (src); \
792 strncpy (pd, ps, (size)); \
798 T ("012", a
, a
, 1); /* { dg-warning "source argument is the same as destination " "strncpy" } */
800 T ("012", a
, a
+ 1, 1);
801 T ("012", a
, a
+ 1, 2); /* { dg-warning "accessing 2 bytes at offsets 0 and 1 overlaps 1 byte at offset 1" "strncpy" } */
802 T ("012", a
, a
+ 1, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and 1 overlaps 2 bytes at offset 1" "strncpy" } */
803 T ("012", a
, a
+ 1, 4); /* { dg-warning "accessing 4 bytes at offsets 0 and 1 overlaps 3 bytes at offset 1" "strncpy" } */
804 T ("012", a
, a
+ 1, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and 1 overlaps 3 bytes at offset 1" "strncpy" } */
805 T ("012", a
, a
+ 1, 6); /* { dg-warning "accessing 6 bytes at offsets 0 and 1 overlaps 3 bytes at offset 1" "strncpy" } */
807 T ("012", a
, a
+ 2, 1);
808 T ("012", a
, a
+ 2, 2);
809 /* The third written byte (nul) overwrites a[2]. */
810 T ("012", a
, a
+ 2, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and 2 overlaps 1 byte at offset 2" "strncpy" } */
811 T ("012", a
, a
+ 2, 4); /* { dg-warning "accessing 4 bytes at offsets 0 and 2 overlaps 2 bytes at offset 2" "strncpy" } */
812 T ("012", a
, a
+ 2, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and 2 overlaps 2 bytes at offset 2" "strncpy" } */
814 T ("0123", a
, a
+ 2, 1);
815 T ("0123", a
, a
+ 2, 2);
816 /* The terminating nul written to a[2] overwrites s[0]. */
817 T ("0123", a
, a
+ 2, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and 2 overlaps 1 byte at offset 2" "strncpy" } */
818 T ("0123", a
, a
+ 2, 4); /* { dg-warning "accessing 4 bytes at offsets 0 and 2 overlaps 2 bytes at offset 2" "strncpy" } */
819 T ("0123", a
, a
+ 2, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and 2 overlaps 3 bytes at offset 2" "strncpy" } */
820 T ("0123", a
, a
+ 2, 6); /* { dg-warning "accessing 6 bytes at offsets 0 and 2 overlaps 3 bytes at offset 2" "strncpy" } */
822 T ("01234", a
, a
+ 2, 1);
823 T ("01234", a
, a
+ 2, 2);
824 T ("01234", a
, a
+ 2, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and 2 overlaps 1 byte at offset 2" "strncpy" } */
825 /* The '5' copied from s[2] to d[2] overwrites s[0]. */
826 T ("01234", a
, a
+ 2, 4); /* { dg-warning "accessing 4 bytes at offsets 0 and 2 overlaps 2 bytes at offset 2" "strncpy" } */
827 T ("01234", a
, a
+ 2, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and 2 overlaps 3 bytes at offset 2" "strncpy" } */
831 /* Exercise strncpy with one or more arguments in a determinate range. */
833 void test_strncpy_range (char *d
, size_t n
)
836 #define T(init, dst, src, size) do { \
837 if (!LINE || LINE == __LINE__) { \
839 strncpy ((dst), (src), (size)); \
840 sink (a, (dst), (src)); \
847 T ("0123", a
, a
+ i
, 0);
848 T ("0123", a
, a
+ i
, 1);
849 /* Offset in the range [0, i] is represented as a PHI (&a, &a + i)
850 that the implementation isn't equipped to handle yet. */
851 T ("0123", a
, a
+ i
, 2); /* { dg-warning "accessing 2 bytes at offsets 0 and \\\[0, 1] may overlap 1 byte at offset 1" "strncpy" { xfail *-*-* } } */
854 T ("0123", a
, a
+ i
, 0);
855 T ("0123", a
, a
+ i
, 1);
856 T ("0123", a
, a
+ i
, 2); /* { dg-warning "accessing 2 bytes at offsets 0 and \\\[1, 5] may overlap 1 byte at offset 1" "strncpy" } */
857 T ("0123", a
, a
+ i
, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and \\\[1, 5] may overlap up to 2 bytes at offset \\\[2, 1]" "strncpy" } */
858 T ("0123", a
, a
+ i
, 4); /* { dg-warning "accessing 4 bytes at offsets 0 and \\\[1, 5] may overlap up to 3 bytes at offset \\\[3, 1]" "strncpy" } */
859 T ("0123", a
, a
+ i
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[1, 5] may overlap up to 4 bytes at offset \\\[4, 1]" "strncpy" } */
862 T ("0123", a
, a
+ i
, 0);
863 T ("0123", a
, a
+ i
, 1);
864 T ("0123", a
, a
+ i
, 2);
865 T ("0123", a
, a
+ i
, 3); /* { dg-warning "accessing 3 bytes at offsets 0 and \\\[2, 5] may overlap 1 byte at offset 2" "strncpy" } */
866 T ("0123", a
, a
+ i
, 4); /* { dg-warning "accessing 4 bytes at offsets 0 and \\\[2, 5] may overlap up to 2 bytes at offset \\\[3, 2]" "strncpy" } */
867 T ("0123", a
, a
+ i
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[2, 5] may overlap up to 3 bytes at offset \\\[4, 2]" "strncpy" } */
868 T ("0123", a
, a
+ i
, 6); /* { dg-warning "accessing 6 bytes at offsets 0 and \\\[2, 5] may overlap up to 3 bytes at offset \\\[4, 2]" "strncpy" } */
871 T ("0123", a
, a
+ i
, 0);
872 T ("0123", a
, a
+ i
, 1);
873 T ("0123", a
, a
+ i
, 2);
874 T ("0123", a
, a
+ i
, 3);
875 T ("0123", a
, a
+ i
, 4); /* { dg-warning "accessing 4 bytes at offsets 0 and \\\[3, 5] may overlap 1 byte at offset 3" "strncpy" } */
876 T ("0123", a
, a
+ i
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[3, 5] may overlap up to 2 bytes at offset \\\[4, 3]" "strncpy" } */
877 T ("0123", a
, a
+ i
, 6); /* { dg-warning "accessing 6 bytes at offsets 0 and \\\[3, 5] may overlap up to 2 bytes at offset \\\[4, 3]" "strncpy" } */
880 T ("0123", a
, a
+ i
, 0);
881 T ("0123", a
, a
+ i
, 1);
882 T ("0123", a
, a
+ i
, 2);
883 T ("0123", a
, a
+ i
, 3);
884 T ("0123", a
, a
+ i
, 4);
885 T ("0123", a
, a
+ i
, 5); /* { dg-warning "accessing 5 bytes at offsets 0 and \\\[4, 5] may overlap 1 byte at offset 4" "strncpy" } */
886 T ("0123", a
, a
+ i
, 6); /* { dg-warning "accessing 6 bytes at offsets 0 and \\\[4, 5] may overlap 1 byte at offset 4" "strncpy" } */
888 /* Verify offset and size both in some range. The strncpy checking
889 is more strict than that of memcpy and triggers even when the
890 overlap is possible but not inevitable. The following overlaps
891 like so ('*' denotes the terminating NUL, '.' the appended NUL
892 that's not copied from the source):
893 a: 01234567* (also indicates offset)
895 4567* overlaps 1 at offset 4
896 4567*. overlaps 2 at offset 4
899 567*.. overlaps 1 at offset 5 */
900 T ("01234567", a
, a
+ i
, UR (4, 6)); /* { dg-warning "accessing between 4 and 6 bytes at offsets 0 and \\\[4, 5] may overlap up to 2 bytes at offset \\\[5, 4]" "strncpy" } */
902 /* Ditto for objects of unknown sizes. */
903 T ("01234567", d
, d
+ i
, UR (4, 6)); /* { dg-warning "accessing between 4 and 6 bytes at offsets 0 and \\\[4, 5] may overlap up to 2 bytes at offset \\\[5, 4]" "strncpy" } */
905 T ("01234567", a
, a
+ i
, UR (6, 7)); /* { dg-warning "accessing between 6 and 7 bytes at offsets 0 and \\\[4, 5] overlaps between 1 and 3 bytes at offset \\\[4, 5]" "strncpy" } */
907 /* The following overlaps except in the unlikely case that value ()
908 is zero, so it's diagnosed. */
909 T ("012", a
, a
, n
); /* { dg-warning "\\\[-Wrestrict]" "strncpy" } */
913 /* Exercise strncpy with destination and source of unknown length. */
915 void test_strncpy_var (char *d
, const char *s
, size_t n
)
918 #define T(dst, src, size) do { \
919 if (!LINE || LINE == __LINE__) { \
921 const char *ps = (src); \
922 strncpy (pd, ps, (size)); \
930 T (d
, d
, 1); /* { dg-warning "\\\[-Wrestrict" "strncpy" } */
931 T (d
, d
, n
); /* { dg-warning "\\\[-Wrestrict" "strncpy" } */
934 T (d
, d
+ 1, 2); /* { dg-warning "\\\[-Wrestrict" "strncpy" } */
936 T (d
+ 1, d
, 2); /* { dg-warning "\\\[-Wrestrict" "strncpy" } */
946 void test_strncpy_strcpy_var (struct MemberArrays
*ar
, const char *s
)
948 /* The following is safe and should not trigger a warning. */
949 strncpy (ar
->b
, s
, sizeof ar
->b
- 1);
950 ar
->b
[sizeof ar
->b
- 1] = '\0';
951 strcpy (ar
->a
, ar
->b
);
954 /* The following is not as safe (it might overflow ar->a) but there
955 is no overlap so it also shouldn't trigger -Wrestrict. */
956 strncpy (ar
->c
, s
, sizeof ar
->c
- 1);
957 ar
->c
[sizeof ar
->c
- 1] = '\0';
958 strcpy (ar
->a
, ar
->c
);