1 /* String length optimization
2 Copyright (C) 2011-2020 Free Software Foundation, Inc.
3 Contributed by Jakub Jelinek <jakub@redhat.com>
5 This file is part of GCC.
7 GCC is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
12 GCC is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
23 #include "coretypes.h"
28 #include "alloc-pool.h"
29 #include "tree-pass.h"
32 #include "gimple-pretty-print.h"
33 #include "gimple-ssa-warn-restrict.h"
34 #include "fold-const.h"
35 #include "stor-layout.h"
36 #include "gimple-fold.h"
39 #include "gimple-iterator.h"
40 #include "gimplify-me.h"
45 #include "tree-ssa-alias.h"
46 #include "tree-ssa-propagate.h"
47 #include "tree-ssa-strlen.h"
48 #include "tree-hash-traits.h"
49 #include "tree-object-size.h"
52 #include "diagnostic-core.h"
53 #include "diagnostic.h"
58 #include "tree-ssa-loop.h"
59 #include "tree-scalar-evolution.h"
60 #include "vr-values.h"
61 #include "gimple-ssa-evrp-analyze.h"
64 /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
65 is an index into strinfo vector, negative value stands for
66 string length of a string literal (~strlen). */
67 static vec
<int> ssa_ver_to_stridx
;
69 /* Number of currently active string indexes plus one. */
70 static int max_stridx
;
72 /* Set to true to optimize, false when just checking. */
73 static bool strlen_optimize
;
75 /* String information record. */
78 /* Number of leading characters that are known to be nonzero. This is
79 also the length of the string if FULL_STRING_P.
81 The values in a list of related string pointers must be consistent;
82 that is, if strinfo B comes X bytes after strinfo A, it must be
83 the case that A->nonzero_chars == X + B->nonzero_chars. */
85 /* Any of the corresponding pointers for querying alias oracle. */
87 /* STMT is used for two things:
89 - To record the statement that should be used for delayed length
90 computations. We maintain the invariant that all related strinfos
91 have delayed lengths or none do.
93 - To record the malloc or calloc call that produced this result
94 to optimize away malloc/memset sequences. STMT is reset after
95 a calloc-allocated object has been stored a non-zero value into. */
97 /* Set to the dynamic allocation statement for the object (alloca,
98 calloc, malloc, or VLA). Unlike STMT, once set for a strinfo
99 object, ALLOC doesn't change. */
101 /* Pointer to '\0' if known, if NULL, it can be computed as
104 /* Reference count. Any changes to strinfo entry possibly shared
105 with dominating basic blocks need unshare_strinfo first, except
106 for dont_invalidate which affects only the immediately next
109 /* Copy of index. get_strinfo (si->idx) should return si; */
111 /* These 3 fields are for chaining related string pointers together.
113 bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
114 strcpy (c, d); e = c + dl;
115 strinfo(a) -> strinfo(c) -> strinfo(e)
116 All have ->first field equal to strinfo(a)->idx and are doubly
117 chained through prev/next fields. The later strinfos are required
118 to point into the same string with zero or more bytes after
119 the previous pointer and all bytes in between the two pointers
120 must be non-zero. Functions like strcpy or memcpy are supposed
121 to adjust all previous strinfo lengths, but not following strinfo
122 lengths (those are uncertain, usually invalidated during
123 maybe_invalidate, except when the alias oracle knows better).
124 Functions like strcat on the other side adjust the whole
125 related strinfo chain.
126 They are updated lazily, so to use the chain the same first fields
127 and si->prev->next == si->idx needs to be verified. */
131 /* A flag whether the string is known to be written in the current
134 /* A flag for the next maybe_invalidate that this strinfo shouldn't
135 be invalidated. Always cleared by maybe_invalidate. */
136 bool dont_invalidate
;
137 /* True if the string is known to be nul-terminated after NONZERO_CHARS
138 characters. False is useful when detecting strings that are built
139 up via successive memcpys. */
143 /* Pool for allocating strinfo_struct entries. */
144 static object_allocator
<strinfo
> strinfo_pool ("strinfo pool");
146 /* Vector mapping positive string indexes to strinfo, for the
147 current basic block. The first pointer in the vector is special,
148 it is either NULL, meaning the vector isn't shared, or it is
149 a basic block pointer to the owner basic_block if shared.
150 If some other bb wants to modify the vector, the vector needs
151 to be unshared first, and only the owner bb is supposed to free it. */
152 static vec
<strinfo
*, va_heap
, vl_embed
> *stridx_to_strinfo
;
154 /* One OFFSET->IDX mapping. */
157 struct stridxlist
*next
;
158 HOST_WIDE_INT offset
;
162 /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
163 struct decl_stridxlist_map
165 struct tree_map_base base
;
166 struct stridxlist list
;
169 /* Hash table for mapping decls to a chained list of offset -> idx
171 typedef hash_map
<tree_decl_hash
, stridxlist
> decl_to_stridxlist_htab_t
;
172 static decl_to_stridxlist_htab_t
*decl_to_stridxlist_htab
;
174 /* Hash table mapping strlen (or strnlen with constant bound and return
175 smaller than bound) calls to stridx instances describing
176 the calls' arguments. Non-null only when warn_stringop_truncation
178 typedef std::pair
<int, location_t
> stridx_strlenloc
;
179 static hash_map
<tree
, stridx_strlenloc
> *strlen_to_stridx
;
181 /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
182 static struct obstack stridx_obstack
;
184 /* Last memcpy statement if it could be adjusted if the trailing
185 '\0' written is immediately overwritten, or
186 *x = '\0' store that could be removed if it is immediately overwritten. */
187 struct laststmt_struct
194 static int get_stridx_plus_constant (strinfo
*, unsigned HOST_WIDE_INT
, tree
);
195 static void handle_builtin_stxncpy_strncat (bool, gimple_stmt_iterator
*);
197 /* Sets MINMAX to either the constant value or the range VAL is in
198 and returns either the constant value or VAL on success or null
199 when the range couldn't be determined. Uses RVALS when nonnull
200 to determine the range, otherwise get_range_info. */
203 get_range (tree val
, gimple
*stmt
, wide_int minmax
[2],
204 range_query
*rvals
/* = NULL */)
206 if (TREE_CODE (val
) == INTEGER_CST
)
208 minmax
[0] = minmax
[1] = wi::to_wide (val
);
212 if (TREE_CODE (val
) != SSA_NAME
)
218 if (!rvals
->range_of_expr (vr
, val
, stmt
))
220 value_range_kind rng
= vr
.kind ();
224 minmax
[0] = wi::to_wide (vr
.min ());
225 minmax
[1] = wi::to_wide (vr
.max ());
229 value_range_kind rng
= get_range_info (val
, minmax
, minmax
+ 1);
231 /* This may be an inverted range whose MINMAX[1] < MINMAX[0]. */
234 if (rng
== VR_ANTI_RANGE
)
236 /* An anti-range is the same as an ordinary range with inverted
237 bounds (where MINMAX[1] < MINMAX[0] is true) that may result
238 from the conversion of a signed anti-range to unsigned. */
239 wide_int tmp
= minmax
[0];
240 minmax
[0] = minmax
[1] + 1;
241 minmax
[1] = wi::sub (tmp
, 1);
245 /* Do not handle anti-ranges and instead make use of the on-demand
246 VRP if/when it becomes available (hopefully in GCC 11). */
252 * +1 if SI is known to start with more than OFF nonzero characters.
254 * 0 if SI is known to start with exactly OFF nonzero characters.
256 * -1 if SI either does not start with OFF nonzero characters
257 or the relationship between the number of leading nonzero
258 characters in SI and OFF is unknown. */
261 compare_nonzero_chars (strinfo
*si
, unsigned HOST_WIDE_INT off
)
263 if (si
->nonzero_chars
264 && TREE_CODE (si
->nonzero_chars
) == INTEGER_CST
)
265 return compare_tree_int (si
->nonzero_chars
, off
);
270 /* Same as above but suitable also for strings with non-constant lengths.
271 Uses RVALS to determine length range. */
274 compare_nonzero_chars (strinfo
*si
, unsigned HOST_WIDE_INT off
,
277 if (!si
->nonzero_chars
)
280 if (TREE_CODE (si
->nonzero_chars
) == INTEGER_CST
)
281 return compare_tree_int (si
->nonzero_chars
, off
);
283 if (!rvals
|| TREE_CODE (si
->nonzero_chars
) != SSA_NAME
)
287 if (!rvals
->range_of_expr (vr
, si
->nonzero_chars
, si
->stmt
))
289 value_range_kind rng
= vr
.kind ();
293 /* If the offset is less than the minimum length or if the bounds
294 of the length range are equal return the result of the comparison
295 same as in the constant case. Otherwise return a conservative
297 int cmpmin
= compare_tree_int (vr
.min (), off
);
298 if (cmpmin
> 0 || tree_int_cst_equal (vr
.min (), vr
.max ()))
304 /* Return true if SI is known to be a zero-length string. */
307 zero_length_string_p (strinfo
*si
)
309 return si
->full_string_p
&& integer_zerop (si
->nonzero_chars
);
312 /* Return strinfo vector entry IDX. */
314 static inline strinfo
*
315 get_strinfo (int idx
)
317 if (vec_safe_length (stridx_to_strinfo
) <= (unsigned int) idx
)
319 return (*stridx_to_strinfo
)[idx
];
322 /* Get the next strinfo in the chain after SI, or null if none. */
324 static inline strinfo
*
325 get_next_strinfo (strinfo
*si
)
329 strinfo
*nextsi
= get_strinfo (si
->next
);
330 if (nextsi
== NULL
|| nextsi
->first
!= si
->first
|| nextsi
->prev
!= si
->idx
)
335 /* Helper function for get_stridx. Return the strinfo index of the address
336 of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
337 OK to return the index for some X <= &EXP and store &EXP - X in
338 *OFFSET_OUT. When RVALS is nonnull uses it to determine range
342 get_addr_stridx (tree exp
, tree ptr
, unsigned HOST_WIDE_INT
*offset_out
,
343 range_query
*rvals
= NULL
)
346 struct stridxlist
*list
, *last
= NULL
;
349 if (!decl_to_stridxlist_htab
)
353 base
= get_addr_base_and_unit_offset (exp
, &poff
);
354 if (base
== NULL
|| !DECL_P (base
) || !poff
.is_constant (&off
))
357 list
= decl_to_stridxlist_htab
->get (base
);
363 if (list
->offset
== off
)
369 if (list
->offset
> off
)
376 if ((offset_out
|| ptr
) && last
&& last
->idx
> 0)
378 unsigned HOST_WIDE_INT rel_off
379 = (unsigned HOST_WIDE_INT
) off
- last
->offset
;
380 strinfo
*si
= get_strinfo (last
->idx
);
381 if (si
&& compare_nonzero_chars (si
, rel_off
, rvals
) >= 0)
385 *offset_out
= rel_off
;
389 return get_stridx_plus_constant (si
, rel_off
, ptr
);
395 /* Returns string index for EXP. When EXP is an SSA_NAME that refers
396 to a known strinfo with an offset and OFFRNG is non-null, sets
397 both elements of the OFFRNG array to the range of the offset and
398 returns the index of the known strinfo. In this case the result
399 must not be used in for functions that modify the string.
400 When nonnull, uses RVALS to determine range information. */
403 get_stridx (tree exp
, wide_int offrng
[2] = NULL
, range_query
*rvals
= NULL
)
406 offrng
[0] = offrng
[1] = wi::zero (TYPE_PRECISION (ptrdiff_type_node
));
408 if (TREE_CODE (exp
) == SSA_NAME
)
410 if (ssa_ver_to_stridx
[SSA_NAME_VERSION (exp
)])
411 return ssa_ver_to_stridx
[SSA_NAME_VERSION (exp
)];
415 HOST_WIDE_INT offset
= 0;
416 /* Follow a chain of at most 5 assignments. */
417 for (int i
= 0; i
< 5; i
++)
419 gimple
*def_stmt
= SSA_NAME_DEF_STMT (e
);
420 if (!is_gimple_assign (def_stmt
))
423 tree_code rhs_code
= gimple_assign_rhs_code (def_stmt
);
426 if (rhs_code
== ADDR_EXPR
)
428 /* Handle indices/offsets into VLAs which are implemented
429 as pointers to arrays. */
430 ptr
= gimple_assign_rhs1 (def_stmt
);
431 ptr
= TREE_OPERAND (ptr
, 0);
433 /* Handle also VLAs of types larger than char. */
434 if (tree eltsize
= TYPE_SIZE_UNIT (TREE_TYPE (ptr
)))
436 if (TREE_CODE (ptr
) == ARRAY_REF
)
438 off
= TREE_OPERAND (ptr
, 1);
439 ptr
= TREE_OPERAND (ptr
, 0);
440 if (!integer_onep (eltsize
))
442 /* Scale the array index by the size of the element
443 type in the rare case that it's greater than
444 the typical 1 for char, making sure both operands
445 have the same type. */
446 eltsize
= fold_convert (ssizetype
, eltsize
);
447 off
= fold_convert (ssizetype
, off
);
448 off
= fold_build2 (MULT_EXPR
, ssizetype
, off
, eltsize
);
452 off
= integer_zero_node
;
457 if (TREE_CODE (ptr
) != MEM_REF
)
460 /* Add the MEM_REF byte offset. */
461 tree mem_off
= TREE_OPERAND (ptr
, 1);
462 off
= fold_build2 (PLUS_EXPR
, TREE_TYPE (off
), off
, mem_off
);
463 ptr
= TREE_OPERAND (ptr
, 0);
465 else if (rhs_code
== POINTER_PLUS_EXPR
)
467 ptr
= gimple_assign_rhs1 (def_stmt
);
468 off
= gimple_assign_rhs2 (def_stmt
);
473 if (TREE_CODE (ptr
) != SSA_NAME
)
476 if (!tree_fits_shwi_p (off
))
478 if (int idx
= ssa_ver_to_stridx
[SSA_NAME_VERSION (ptr
)])
481 /* Only when requested by setting OFFRNG to non-null,
482 return the index corresponding to the SSA_NAME.
483 Do this irrespective of the whether the offset
485 if (get_range (off
, def_stmt
, offrng
, rvals
))
487 /* When the offset range is known, increment it
488 it by the constant offset computed in prior
489 iterations and store it in the OFFRNG array. */
495 /* When the offset range cannot be determined
496 store [0, SIZE_MAX] and let the caller decide
497 if the offset matters. */
498 offrng
[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype
));
499 offrng
[0] = wi::zero (offrng
[1].get_precision ());
506 HOST_WIDE_INT this_off
= tree_to_shwi (off
);
509 offrng
[0] += wi::shwi (this_off
, offrng
->get_precision ());
510 offrng
[1] += offrng
[0];
516 offset
= (unsigned HOST_WIDE_INT
) offset
+ this_off
;
520 if (int idx
= ssa_ver_to_stridx
[SSA_NAME_VERSION (ptr
)])
522 strinfo
*si
= get_strinfo (idx
);
525 if (compare_nonzero_chars (si
, offset
) >= 0)
526 return get_stridx_plus_constant (si
, offset
, exp
);
538 if (TREE_CODE (exp
) == ADDR_EXPR
)
540 int idx
= get_addr_stridx (TREE_OPERAND (exp
, 0), exp
, NULL
);
545 const char *p
= c_getstr (exp
);
547 return ~(int) strlen (p
);
552 /* Return true if strinfo vector is shared with the immediate dominator. */
555 strinfo_shared (void)
557 return vec_safe_length (stridx_to_strinfo
)
558 && (*stridx_to_strinfo
)[0] != NULL
;
561 /* Unshare strinfo vector that is shared with the immediate dominator. */
564 unshare_strinfo_vec (void)
569 gcc_assert (strinfo_shared ());
570 stridx_to_strinfo
= vec_safe_copy (stridx_to_strinfo
);
571 for (i
= 1; vec_safe_iterate (stridx_to_strinfo
, i
, &si
); ++i
)
574 (*stridx_to_strinfo
)[0] = NULL
;
577 /* Attempt to create a string index for exp, ADDR_EXPR's operand.
578 Return a pointer to the location where the string index can
579 be stored (if 0) or is stored, or NULL if this can't be tracked. */
582 addr_stridxptr (tree exp
)
587 tree base
= get_addr_base_and_unit_offset (exp
, &poff
);
588 if (base
== NULL_TREE
|| !DECL_P (base
) || !poff
.is_constant (&off
))
591 if (!decl_to_stridxlist_htab
)
593 decl_to_stridxlist_htab
594 = new hash_map
<tree_decl_hash
, stridxlist
> (64);
595 gcc_obstack_init (&stridx_obstack
);
599 stridxlist
*list
= &decl_to_stridxlist_htab
->get_or_insert (base
, &existed
);
603 stridxlist
*before
= NULL
;
604 for (i
= 0; i
< 32; i
++)
606 if (list
->offset
== off
)
608 if (list
->offset
> off
&& before
== NULL
)
610 if (list
->next
== NULL
)
619 before
= XOBNEW (&stridx_obstack
, struct stridxlist
);
626 list
->next
= XOBNEW (&stridx_obstack
, struct stridxlist
);
636 /* Create a new string index, or return 0 if reached limit. */
639 new_stridx (tree exp
)
642 if (max_stridx
>= param_max_tracked_strlens
)
644 if (TREE_CODE (exp
) == SSA_NAME
)
646 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp
))
649 ssa_ver_to_stridx
[SSA_NAME_VERSION (exp
)] = idx
;
652 if (TREE_CODE (exp
) == ADDR_EXPR
)
654 int *pidx
= addr_stridxptr (TREE_OPERAND (exp
, 0));
657 gcc_assert (*pidx
== 0);
658 *pidx
= max_stridx
++;
665 /* Like new_stridx, but for ADDR_EXPR's operand instead. */
668 new_addr_stridx (tree exp
)
671 if (max_stridx
>= param_max_tracked_strlens
)
673 pidx
= addr_stridxptr (exp
);
676 gcc_assert (*pidx
== 0);
677 *pidx
= max_stridx
++;
683 /* Create a new strinfo. */
686 new_strinfo (tree ptr
, int idx
, tree nonzero_chars
, bool full_string_p
)
688 strinfo
*si
= strinfo_pool
.allocate ();
689 si
->nonzero_chars
= nonzero_chars
;
690 STRIP_USELESS_TYPE_CONVERSION (ptr
);
694 si
->endptr
= NULL_TREE
;
700 si
->writable
= false;
701 si
->dont_invalidate
= false;
702 si
->full_string_p
= full_string_p
;
706 /* Decrease strinfo refcount and free it if not referenced anymore. */
709 free_strinfo (strinfo
*si
)
711 if (si
&& --si
->refcount
== 0)
712 strinfo_pool
.remove (si
);
715 /* Set strinfo in the vector entry IDX to SI. */
718 set_strinfo (int idx
, strinfo
*si
)
720 if (vec_safe_length (stridx_to_strinfo
) && (*stridx_to_strinfo
)[0])
721 unshare_strinfo_vec ();
722 if (vec_safe_length (stridx_to_strinfo
) <= (unsigned int) idx
)
723 vec_safe_grow_cleared (stridx_to_strinfo
, idx
+ 1, true);
724 (*stridx_to_strinfo
)[idx
] = si
;
727 /* Return the first strinfo in the related strinfo chain
728 if all strinfos in between belong to the chain, otherwise NULL. */
731 verify_related_strinfos (strinfo
*origsi
)
733 strinfo
*si
= origsi
, *psi
;
735 if (origsi
->first
== 0)
737 for (; si
->prev
; si
= psi
)
739 if (si
->first
!= origsi
->first
)
741 psi
= get_strinfo (si
->prev
);
744 if (psi
->next
!= si
->idx
)
747 if (si
->idx
!= si
->first
)
752 /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
753 Use LOC for folding. */
756 set_endptr_and_length (location_t loc
, strinfo
*si
, tree endptr
)
760 tree start_as_size
= fold_convert_loc (loc
, size_type_node
, si
->ptr
);
761 tree end_as_size
= fold_convert_loc (loc
, size_type_node
, endptr
);
762 si
->nonzero_chars
= fold_build2_loc (loc
, MINUS_EXPR
, size_type_node
,
763 end_as_size
, start_as_size
);
764 si
->full_string_p
= true;
767 /* Return the string length, or NULL if it can't be computed.
768 The length may but need not be constant. Instead, it might be
769 the result of a strlen() call. */
772 get_string_length (strinfo
*si
)
774 /* If the length has already been computed return it if it's exact
775 (i.e., the string is nul-terminated at NONZERO_CHARS), or return
777 if (si
->nonzero_chars
)
778 return si
->full_string_p
? si
->nonzero_chars
: NULL
;
780 /* If the string is the result of one of the built-in calls below
781 attempt to compute the length from the call statement. */
784 gimple
*stmt
= si
->stmt
, *lenstmt
;
785 tree callee
, lhs
, fn
, tem
;
787 gimple_stmt_iterator gsi
;
789 gcc_assert (is_gimple_call (stmt
));
790 callee
= gimple_call_fndecl (stmt
);
791 gcc_assert (callee
&& fndecl_built_in_p (callee
, BUILT_IN_NORMAL
));
792 lhs
= gimple_call_lhs (stmt
);
793 /* unshare_strinfo is intentionally not called here. The (delayed)
794 transformation of strcpy or strcat into stpcpy is done at the place
795 of the former strcpy/strcat call and so can affect all the strinfos
796 with the same stmt. If they were unshared before and transformation
797 has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
798 just compute the right length. */
799 switch (DECL_FUNCTION_CODE (callee
))
801 case BUILT_IN_STRCAT
:
802 case BUILT_IN_STRCAT_CHK
:
803 gsi
= gsi_for_stmt (stmt
);
804 fn
= builtin_decl_implicit (BUILT_IN_STRLEN
);
805 gcc_assert (lhs
== NULL_TREE
);
806 tem
= unshare_expr (gimple_call_arg (stmt
, 0));
807 lenstmt
= gimple_build_call (fn
, 1, tem
);
808 lhs
= make_ssa_name (TREE_TYPE (TREE_TYPE (fn
)), lenstmt
);
809 gimple_call_set_lhs (lenstmt
, lhs
);
810 gimple_set_vuse (lenstmt
, gimple_vuse (stmt
));
811 gsi_insert_before (&gsi
, lenstmt
, GSI_SAME_STMT
);
812 tem
= gimple_call_arg (stmt
, 0);
813 if (!ptrofftype_p (TREE_TYPE (lhs
)))
815 lhs
= convert_to_ptrofftype (lhs
);
816 lhs
= force_gimple_operand_gsi (&gsi
, lhs
, true, NULL_TREE
,
817 true, GSI_SAME_STMT
);
819 lenstmt
= gimple_build_assign
820 (make_ssa_name (TREE_TYPE (gimple_call_arg (stmt
, 0))),
821 POINTER_PLUS_EXPR
,tem
, lhs
);
822 gsi_insert_before (&gsi
, lenstmt
, GSI_SAME_STMT
);
823 gimple_call_set_arg (stmt
, 0, gimple_assign_lhs (lenstmt
));
826 case BUILT_IN_STRCPY
:
827 case BUILT_IN_STRCPY_CHK
:
828 gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY
));
829 if (gimple_call_num_args (stmt
) == 2)
830 fn
= builtin_decl_implicit (BUILT_IN_STPCPY
);
832 fn
= builtin_decl_explicit (BUILT_IN_STPCPY_CHK
);
833 gcc_assert (lhs
== NULL_TREE
);
834 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
836 fprintf (dump_file
, "Optimizing: ");
837 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
839 gimple_call_set_fndecl (stmt
, fn
);
840 lhs
= make_ssa_name (TREE_TYPE (TREE_TYPE (fn
)), stmt
);
841 gimple_call_set_lhs (stmt
, lhs
);
843 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
845 fprintf (dump_file
, "into: ");
846 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
849 case BUILT_IN_STPCPY
:
850 case BUILT_IN_STPCPY_CHK
:
851 gcc_assert (lhs
!= NULL_TREE
);
852 loc
= gimple_location (stmt
);
853 set_endptr_and_length (loc
, si
, lhs
);
854 for (strinfo
*chainsi
= verify_related_strinfos (si
);
856 chainsi
= get_next_strinfo (chainsi
))
857 if (chainsi
->nonzero_chars
== NULL
)
858 set_endptr_and_length (loc
, chainsi
, lhs
);
860 case BUILT_IN_ALLOCA
:
861 case BUILT_IN_ALLOCA_WITH_ALIGN
:
862 case BUILT_IN_MALLOC
:
864 /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
871 return si
->nonzero_chars
;
874 /* Dump strlen data to FP for statement STMT. When non-null, RVALS
875 points to the valuation engine used to calculate ranges, and is
876 used to dump strlen range for non-constant results. */
879 dump_strlen_info (FILE *fp
, gimple
*stmt
, range_query
*rvals
)
883 fprintf (fp
, "\nDumping strlen pass data after ");
884 print_gimple_expr (fp
, stmt
, TDF_LINENO
);
888 fprintf (fp
, "\nDumping strlen pass data\n");
890 fprintf (fp
, "max_stridx = %i\n", max_stridx
);
891 fprintf (fp
, "ssa_ver_to_stridx has %u elements\n",
892 ssa_ver_to_stridx
.length ());
893 fprintf (fp
, "stridx_to_strinfo");
894 if (stridx_to_strinfo
)
896 fprintf (fp
, " has %u elements\n", stridx_to_strinfo
->length ());
897 for (unsigned i
= 0; i
!= stridx_to_strinfo
->length (); ++i
)
899 if (strinfo
*si
= (*stridx_to_strinfo
)[i
])
903 fprintf (fp
, " idx = %i", si
->idx
);
906 fprintf (fp
, ", ptr = ");
907 print_generic_expr (fp
, si
->ptr
);
910 if (si
->nonzero_chars
)
912 fprintf (fp
, ", nonzero_chars = ");
913 print_generic_expr (fp
, si
->nonzero_chars
);
914 if (TREE_CODE (si
->nonzero_chars
) == SSA_NAME
)
916 value_range_kind rng
= VR_UNDEFINED
;
921 rvals
->range_of_expr (vr
, si
->nonzero_chars
,
924 if (range_int_cst_p (&vr
))
926 min
= wi::to_wide (vr
.min ());
927 max
= wi::to_wide (vr
.max ());
933 rng
= get_range_info (si
->nonzero_chars
, &min
, &max
);
935 if (rng
== VR_RANGE
|| rng
== VR_ANTI_RANGE
)
937 fprintf (fp
, " %s[%llu, %llu]",
938 rng
== VR_RANGE
? "" : "~",
939 (long long) min
.to_uhwi (),
940 (long long) max
.to_uhwi ());
945 fprintf (fp
, ", refcount = %i", si
->refcount
);
948 fprintf (fp
, ", stmt = ");
949 print_gimple_expr (fp
, si
->stmt
, 0);
953 fprintf (fp
, ", alloc = ");
954 print_gimple_expr (fp
, si
->alloc
, 0);
957 fprintf (fp
, ", writable");
958 if (si
->dont_invalidate
)
959 fprintf (fp
, ", dont_invalidate");
960 if (si
->full_string_p
)
961 fprintf (fp
, ", full_string_p");
962 if (strinfo
*next
= get_next_strinfo (si
))
966 fprintf (fp
, "%i%s", next
->idx
, next
->first
? ", " : "");
967 while ((next
= get_next_strinfo (next
)));
975 fprintf (fp
, " = null\n");
977 fprintf (fp
, "decl_to_stridxlist_htab");
978 if (decl_to_stridxlist_htab
)
981 typedef decl_to_stridxlist_htab_t::iterator iter_t
;
982 for (iter_t it
= decl_to_stridxlist_htab
->begin ();
983 it
!= decl_to_stridxlist_htab
->end (); ++it
)
985 tree decl
= (*it
).first
;
986 stridxlist
*list
= &(*it
).second
;
987 fprintf (fp
, " decl = ");
988 print_generic_expr (fp
, decl
);
991 fprintf (fp
, ", offsets = {");
992 for (; list
; list
= list
->next
)
993 fprintf (fp
, "%lli%s", (long long) list
->offset
,
994 list
->next
? ", " : "");
1001 fprintf (fp
, " = null\n");
1005 fprintf (fp
, "laststmt = ");
1006 print_gimple_expr (fp
, laststmt
.stmt
, 0);
1007 fprintf (fp
, ", len = ");
1008 print_generic_expr (fp
, laststmt
.len
);
1009 fprintf (fp
, ", stridx = %i\n", laststmt
.stridx
);
1013 /* Attempt to determine the length of the string SRC. On success, store
1014 the length in *PDATA and return true. Otherwise, return false.
1015 VISITED is a bitmap of visited PHI nodes. RVALS points to the valuation
1016 engine used to calculate ranges. PSSA_DEF_MAX to an SSA_NAME
1017 assignment limit used to prevent runaway recursion. */
1020 get_range_strlen_dynamic (tree src
, gimple
*stmt
,
1021 c_strlen_data
*pdata
, bitmap
*visited
,
1022 range_query
*rvals
, unsigned *pssa_def_max
)
1024 int idx
= get_stridx (src
);
1027 if (TREE_CODE (src
) == SSA_NAME
)
1029 gimple
*def_stmt
= SSA_NAME_DEF_STMT (src
);
1030 if (gimple_code (def_stmt
) == GIMPLE_PHI
)
1033 *visited
= BITMAP_ALLOC (NULL
);
1035 if (!bitmap_set_bit (*visited
, SSA_NAME_VERSION (src
)))
1038 if (*pssa_def_max
== 0)
1043 /* Iterate over the PHI arguments and determine the minimum
1044 and maximum length/size of each and incorporate them into
1045 the overall result. */
1046 gphi
*phi
= as_a
<gphi
*> (def_stmt
);
1047 for (unsigned i
= 0; i
!= gimple_phi_num_args (phi
); ++i
)
1049 tree arg
= gimple_phi_arg_def (phi
, i
);
1050 if (arg
== gimple_phi_result (def_stmt
))
1053 c_strlen_data argdata
= { };
1054 if (get_range_strlen_dynamic (arg
, phi
, &argdata
, visited
,
1055 rvals
, pssa_def_max
))
1057 /* Set the DECL of an unterminated array this argument
1058 refers to if one hasn't been found yet. */
1059 if (!pdata
->decl
&& argdata
.decl
)
1060 pdata
->decl
= argdata
.decl
;
1063 || (integer_zerop (argdata
.minlen
)
1064 && (!argdata
.maxbound
1065 || integer_all_onesp (argdata
.maxbound
))
1066 && integer_all_onesp (argdata
.maxlen
)))
1068 /* Set the upper bound of the length to unbounded. */
1069 pdata
->maxlen
= build_all_ones_cst (size_type_node
);
1073 /* Adjust the minimum and maximum length determined
1074 so far and the upper bound on the array size. */
1076 || tree_int_cst_lt (argdata
.minlen
, pdata
->minlen
))
1077 pdata
->minlen
= argdata
.minlen
;
1080 && tree_int_cst_lt (pdata
->maxlen
, argdata
.maxlen
)))
1081 pdata
->maxlen
= argdata
.maxlen
;
1082 if (!pdata
->maxbound
1083 || TREE_CODE (pdata
->maxbound
) != INTEGER_CST
1084 || (argdata
.maxbound
1085 && tree_int_cst_lt (pdata
->maxbound
,
1087 && !integer_all_onesp (argdata
.maxbound
)))
1088 pdata
->maxbound
= argdata
.maxbound
;
1091 pdata
->maxlen
= build_all_ones_cst (size_type_node
);
1098 /* Return success regardless of the result and handle *PDATA
1100 get_range_strlen (src
, pdata
, 1);
1106 /* SRC is a string of constant length. */
1107 pdata
->minlen
= build_int_cst (size_type_node
, ~idx
);
1108 pdata
->maxlen
= pdata
->minlen
;
1109 pdata
->maxbound
= pdata
->maxlen
;
1113 if (strinfo
*si
= get_strinfo (idx
))
1115 pdata
->minlen
= get_string_length (si
);
1116 if (!pdata
->minlen
&& si
->nonzero_chars
)
1118 if (TREE_CODE (si
->nonzero_chars
) == INTEGER_CST
)
1119 pdata
->minlen
= si
->nonzero_chars
;
1120 else if (TREE_CODE (si
->nonzero_chars
) == SSA_NAME
)
1123 rvals
->range_of_expr (vr
, si
->nonzero_chars
, si
->stmt
);
1124 if (range_int_cst_p (&vr
))
1126 pdata
->minlen
= vr
.min ();
1127 pdata
->maxlen
= vr
.max ();
1130 pdata
->minlen
= build_zero_cst (size_type_node
);
1133 pdata
->minlen
= build_zero_cst (size_type_node
);
1135 tree base
= si
->ptr
;
1136 if (TREE_CODE (base
) == ADDR_EXPR
)
1137 base
= TREE_OPERAND (base
, 0);
1141 base
= get_addr_base_and_unit_offset (base
, &poff
);
1144 && TREE_CODE (TREE_TYPE (base
)) == ARRAY_TYPE
1145 && TYPE_SIZE_UNIT (TREE_TYPE (base
))
1146 && poff
.is_constant (&off
))
1148 tree basetype
= TREE_TYPE (base
);
1149 tree size
= TYPE_SIZE_UNIT (basetype
);
1150 if (TREE_CODE (size
) == INTEGER_CST
)
1152 ++off
; /* Increment for the terminating nul. */
1153 tree toffset
= build_int_cst (size_type_node
, off
);
1154 pdata
->maxlen
= fold_build2 (MINUS_EXPR
, size_type_node
, size
,
1156 pdata
->maxbound
= pdata
->maxlen
;
1159 pdata
->maxlen
= build_all_ones_cst (size_type_node
);
1162 pdata
->maxlen
= build_all_ones_cst (size_type_node
);
1164 else if (pdata
->minlen
&& TREE_CODE (pdata
->minlen
) == SSA_NAME
)
1167 rvals
->range_of_expr (vr
, si
->nonzero_chars
, stmt
);
1168 if (range_int_cst_p (&vr
))
1170 pdata
->minlen
= vr
.min ();
1171 pdata
->maxlen
= vr
.max ();
1172 pdata
->maxbound
= pdata
->maxlen
;
1176 pdata
->minlen
= build_zero_cst (size_type_node
);
1177 pdata
->maxlen
= build_all_ones_cst (size_type_node
);
1180 else if (pdata
->minlen
&& TREE_CODE (pdata
->minlen
) == INTEGER_CST
)
1182 pdata
->maxlen
= pdata
->minlen
;
1183 pdata
->maxbound
= pdata
->minlen
;
1187 /* For PDATA->MINLEN that's a non-constant expression such
1188 as PLUS_EXPR whose value range is unknown, set the bounds
1189 to zero and SIZE_MAX. */
1190 pdata
->minlen
= build_zero_cst (size_type_node
);
1191 pdata
->maxlen
= build_all_ones_cst (size_type_node
);
1200 /* Analogous to get_range_strlen but for dynamically created strings,
1201 i.e., those created by calls to strcpy as opposed to just string
1203 Try to obtain the range of the lengths of the string(s) referenced
1204 by SRC, or the size of the largest array SRC refers to if the range
1205 of lengths cannot be determined, and store all in *PDATA. RVALS
1206 points to the valuation engine used to calculate ranges. */
1209 get_range_strlen_dynamic (tree src
, gimple
*stmt
, c_strlen_data
*pdata
,
1212 bitmap visited
= NULL
;
1213 tree maxbound
= pdata
->maxbound
;
1215 unsigned limit
= param_ssa_name_def_chain_limit
;
1216 if (!get_range_strlen_dynamic (src
, stmt
, pdata
, &visited
, rvals
, &limit
))
1218 /* On failure extend the length range to an impossible maximum
1219 (a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other
1220 members can stay unchanged regardless. */
1221 pdata
->minlen
= ssize_int (0);
1222 pdata
->maxlen
= build_all_ones_cst (size_type_node
);
1224 else if (!pdata
->minlen
)
1225 pdata
->minlen
= ssize_int (0);
1227 /* If it's unchanged from it initial non-null value, set the conservative
1228 MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */
1229 if (maxbound
&& pdata
->maxbound
== maxbound
)
1230 pdata
->maxbound
= build_all_ones_cst (size_type_node
);
1233 BITMAP_FREE (visited
);
1236 /* Invalidate string length information for strings whose length might
1237 change due to stores in STMT, except those marked DONT_INVALIDATE.
1238 For string-modifying statements, ZERO_WRITE is set when the statement
1240 Returns true if any STRIDX_TO_STRINFO entries were considered
1241 for invalidation. */
1244 maybe_invalidate (gimple
*stmt
, bool zero_write
= false)
1246 if (dump_file
&& (dump_flags
& TDF_DETAILS
))
1248 fprintf (dump_file
, "%s called for ", __func__
);
1249 print_gimple_stmt (dump_file
, stmt
, TDF_LINENO
);
1253 bool nonempty
= false;
1255 for (unsigned i
= 1; vec_safe_iterate (stridx_to_strinfo
, i
, &si
); ++i
)
1257 if (si
== NULL
|| !POINTER_TYPE_P (TREE_TYPE (si
->ptr
)))
1262 /* Unconditionally reset DONT_INVALIDATE. */
1263 bool dont_invalidate
= si
->dont_invalidate
;
1264 si
->dont_invalidate
= false;
1266 if (dont_invalidate
)
1270 tree size
= NULL_TREE
;
1271 if (si
->nonzero_chars
)
1273 /* Include the terminating nul in the size of the string
1274 to consider when determining possible clobber. */
1275 tree type
= TREE_TYPE (si
->nonzero_chars
);
1276 size
= fold_build2 (PLUS_EXPR
, type
, si
->nonzero_chars
,
1277 build_int_cst (type
, 1));
1279 ao_ref_init_from_ptr_and_size (&r
, si
->ptr
, size
);
1280 if (stmt_may_clobber_ref_p_1 (stmt
, &r
))
1282 if (dump_file
&& (dump_flags
& TDF_DETAILS
))
1284 fputs (" statement may clobber object ", dump_file
);
1285 print_generic_expr (dump_file
, si
->ptr
);
1286 if (size
&& tree_fits_uhwi_p (size
))
1287 fprintf (dump_file
, " " HOST_WIDE_INT_PRINT_UNSIGNED
1288 " bytes in size", tree_to_uhwi (size
));
1289 fputc ('\n', dump_file
);
1292 set_strinfo (i
, NULL
);
1300 && is_gimple_call (si
->stmt
)
1301 && (DECL_FUNCTION_CODE (gimple_call_fndecl (si
->stmt
))
1302 == BUILT_IN_CALLOC
))
1304 /* If the clobber test above considered the length of
1305 the string (including the nul), then for (potentially)
1306 non-zero writes that might modify storage allocated by
1307 calloc consider the whole object and if it might be
1308 clobbered by the statement reset the statement. */
1309 ao_ref_init_from_ptr_and_size (&r
, si
->ptr
, NULL_TREE
);
1310 if (stmt_may_clobber_ref_p_1 (stmt
, &r
))
1315 if (dump_file
&& (dump_flags
& TDF_DETAILS
))
1316 fprintf (dump_file
, "%s returns %i\n", __func__
, nonempty
);
1321 /* Unshare strinfo record SI, if it has refcount > 1 or
1322 if stridx_to_strinfo vector is shared with some other
1326 unshare_strinfo (strinfo
*si
)
1330 if (si
->refcount
== 1 && !strinfo_shared ())
1333 nsi
= new_strinfo (si
->ptr
, si
->idx
, si
->nonzero_chars
, si
->full_string_p
);
1334 nsi
->stmt
= si
->stmt
;
1335 nsi
->alloc
= si
->alloc
;
1336 nsi
->endptr
= si
->endptr
;
1337 nsi
->first
= si
->first
;
1338 nsi
->prev
= si
->prev
;
1339 nsi
->next
= si
->next
;
1340 nsi
->writable
= si
->writable
;
1341 set_strinfo (si
->idx
, nsi
);
1346 /* Attempt to create a new strinfo for BASESI + OFF, or find existing
1347 strinfo if there is any. Return it's idx, or 0 if no strinfo has
1351 get_stridx_plus_constant (strinfo
*basesi
, unsigned HOST_WIDE_INT off
,
1354 if (TREE_CODE (ptr
) == SSA_NAME
&& SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr
))
1357 if (compare_nonzero_chars (basesi
, off
) < 0
1358 || !tree_fits_uhwi_p (basesi
->nonzero_chars
))
1361 unsigned HOST_WIDE_INT nonzero_chars
1362 = tree_to_uhwi (basesi
->nonzero_chars
) - off
;
1363 strinfo
*si
= basesi
, *chainsi
;
1364 if (si
->first
|| si
->prev
|| si
->next
)
1365 si
= verify_related_strinfos (basesi
);
1367 || si
->nonzero_chars
== NULL_TREE
1368 || TREE_CODE (si
->nonzero_chars
) != INTEGER_CST
)
1371 if (TREE_CODE (ptr
) == SSA_NAME
1372 && ssa_ver_to_stridx
.length () <= SSA_NAME_VERSION (ptr
))
1373 ssa_ver_to_stridx
.safe_grow_cleared (num_ssa_names
, true);
1375 gcc_checking_assert (compare_tree_int (si
->nonzero_chars
, off
) != -1);
1376 for (chainsi
= si
; chainsi
->next
; chainsi
= si
)
1378 si
= get_next_strinfo (chainsi
);
1380 || si
->nonzero_chars
== NULL_TREE
1381 || TREE_CODE (si
->nonzero_chars
) != INTEGER_CST
)
1383 int r
= compare_tree_int (si
->nonzero_chars
, nonzero_chars
);
1388 if (TREE_CODE (ptr
) == SSA_NAME
)
1389 ssa_ver_to_stridx
[SSA_NAME_VERSION (ptr
)] = si
->idx
;
1392 int *pidx
= addr_stridxptr (TREE_OPERAND (ptr
, 0));
1393 if (pidx
!= NULL
&& *pidx
== 0)
1402 int idx
= new_stridx (ptr
);
1405 si
= new_strinfo (ptr
, idx
, build_int_cst (size_type_node
, nonzero_chars
),
1406 basesi
->full_string_p
);
1407 set_strinfo (idx
, si
);
1408 if (strinfo
*nextsi
= get_strinfo (chainsi
->next
))
1410 nextsi
= unshare_strinfo (nextsi
);
1411 si
->next
= nextsi
->idx
;
1414 chainsi
= unshare_strinfo (chainsi
);
1415 if (chainsi
->first
== 0)
1416 chainsi
->first
= chainsi
->idx
;
1417 chainsi
->next
= idx
;
1418 if (chainsi
->endptr
== NULL_TREE
&& zero_length_string_p (si
))
1419 chainsi
->endptr
= ptr
;
1420 si
->endptr
= chainsi
->endptr
;
1421 si
->prev
= chainsi
->idx
;
1422 si
->first
= chainsi
->first
;
1423 si
->writable
= chainsi
->writable
;
1427 /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
1428 to a zero-length string and if possible chain it to a related strinfo
1429 chain whose part is or might be CHAINSI. */
1432 zero_length_string (tree ptr
, strinfo
*chainsi
)
1436 if (ssa_ver_to_stridx
.length () <= SSA_NAME_VERSION (ptr
))
1437 ssa_ver_to_stridx
.safe_grow_cleared (num_ssa_names
, true);
1438 gcc_checking_assert (TREE_CODE (ptr
) == SSA_NAME
1439 && ssa_ver_to_stridx
[SSA_NAME_VERSION (ptr
)] == 0);
1441 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr
))
1443 if (chainsi
!= NULL
)
1445 si
= verify_related_strinfos (chainsi
);
1450 /* We shouldn't mix delayed and non-delayed lengths. */
1451 gcc_assert (si
->full_string_p
);
1452 if (si
->endptr
== NULL_TREE
)
1454 si
= unshare_strinfo (si
);
1458 si
= get_next_strinfo (si
);
1461 if (zero_length_string_p (chainsi
))
1465 chainsi
= unshare_strinfo (chainsi
);
1468 ssa_ver_to_stridx
[SSA_NAME_VERSION (ptr
)] = chainsi
->idx
;
1474 /* We shouldn't mix delayed and non-delayed lengths. */
1475 gcc_assert (chainsi
->full_string_p
);
1476 if (chainsi
->first
|| chainsi
->prev
|| chainsi
->next
)
1478 chainsi
= unshare_strinfo (chainsi
);
1485 idx
= new_stridx (ptr
);
1488 si
= new_strinfo (ptr
, idx
, build_int_cst (size_type_node
, 0), true);
1489 set_strinfo (idx
, si
);
1491 if (chainsi
!= NULL
)
1493 chainsi
= unshare_strinfo (chainsi
);
1494 if (chainsi
->first
== 0)
1495 chainsi
->first
= chainsi
->idx
;
1496 chainsi
->next
= idx
;
1497 if (chainsi
->endptr
== NULL_TREE
)
1498 chainsi
->endptr
= ptr
;
1499 si
->prev
= chainsi
->idx
;
1500 si
->first
= chainsi
->first
;
1501 si
->writable
= chainsi
->writable
;
1506 /* For strinfo ORIGSI whose length has been just updated, adjust other
1507 related strinfos so that they match the new ORIGSI. This involves:
1509 - adding ADJ to the nonzero_chars fields
1510 - copying full_string_p from the new ORIGSI. */
1513 adjust_related_strinfos (location_t loc
, strinfo
*origsi
, tree adj
)
1515 strinfo
*si
= verify_related_strinfos (origsi
);
1528 si
= unshare_strinfo (si
);
1529 /* We shouldn't see delayed lengths here; the caller must
1530 have calculated the old length in order to calculate
1532 gcc_assert (si
->nonzero_chars
);
1533 tem
= fold_convert_loc (loc
, TREE_TYPE (si
->nonzero_chars
), adj
);
1534 si
->nonzero_chars
= fold_build2_loc (loc
, PLUS_EXPR
,
1535 TREE_TYPE (si
->nonzero_chars
),
1536 si
->nonzero_chars
, tem
);
1537 si
->full_string_p
= origsi
->full_string_p
;
1539 si
->endptr
= NULL_TREE
;
1540 si
->dont_invalidate
= true;
1542 nsi
= get_next_strinfo (si
);
1549 /* Find if there are other SSA_NAME pointers equal to PTR
1550 for which we don't track their string lengths yet. If so, use
1554 find_equal_ptrs (tree ptr
, int idx
)
1556 if (TREE_CODE (ptr
) != SSA_NAME
)
1560 gimple
*stmt
= SSA_NAME_DEF_STMT (ptr
);
1561 if (!is_gimple_assign (stmt
))
1563 ptr
= gimple_assign_rhs1 (stmt
);
1564 switch (gimple_assign_rhs_code (stmt
))
1569 if (!POINTER_TYPE_P (TREE_TYPE (ptr
)))
1571 if (TREE_CODE (ptr
) == SSA_NAME
)
1573 if (TREE_CODE (ptr
) != ADDR_EXPR
)
1578 int *pidx
= addr_stridxptr (TREE_OPERAND (ptr
, 0));
1579 if (pidx
!= NULL
&& *pidx
== 0)
1587 /* We might find an endptr created in this pass. Grow the
1588 vector in that case. */
1589 if (ssa_ver_to_stridx
.length () <= SSA_NAME_VERSION (ptr
))
1590 ssa_ver_to_stridx
.safe_grow_cleared (num_ssa_names
, true);
1592 if (ssa_ver_to_stridx
[SSA_NAME_VERSION (ptr
)] != 0)
1594 ssa_ver_to_stridx
[SSA_NAME_VERSION (ptr
)] = idx
;
1598 /* Return true if STMT is a call to a builtin function with the right
1599 arguments and attributes that should be considered for optimization
1603 valid_builtin_call (gimple
*stmt
)
1605 if (!gimple_call_builtin_p (stmt
, BUILT_IN_NORMAL
))
1608 tree callee
= gimple_call_fndecl (stmt
);
1609 tree decl
= builtin_decl_explicit (DECL_FUNCTION_CODE (callee
));
1612 && !gimple_builtin_call_types_compatible_p (stmt
, decl
))
1615 switch (DECL_FUNCTION_CODE (callee
))
1617 case BUILT_IN_MEMCMP
:
1618 case BUILT_IN_MEMCMP_EQ
:
1619 case BUILT_IN_STRCMP
:
1620 case BUILT_IN_STRNCMP
:
1621 case BUILT_IN_STRCHR
:
1622 case BUILT_IN_STRLEN
:
1623 case BUILT_IN_STRNLEN
:
1624 /* The above functions should be pure. Punt if they aren't. */
1625 if (gimple_vdef (stmt
) || gimple_vuse (stmt
) == NULL_TREE
)
1629 case BUILT_IN_ALLOCA
:
1630 case BUILT_IN_ALLOCA_WITH_ALIGN
:
1631 case BUILT_IN_CALLOC
:
1632 case BUILT_IN_MALLOC
:
1633 case BUILT_IN_MEMCPY
:
1634 case BUILT_IN_MEMCPY_CHK
:
1635 case BUILT_IN_MEMPCPY
:
1636 case BUILT_IN_MEMPCPY_CHK
:
1637 case BUILT_IN_MEMSET
:
1638 case BUILT_IN_STPCPY
:
1639 case BUILT_IN_STPCPY_CHK
:
1640 case BUILT_IN_STPNCPY
:
1641 case BUILT_IN_STPNCPY_CHK
:
1642 case BUILT_IN_STRCAT
:
1643 case BUILT_IN_STRCAT_CHK
:
1644 case BUILT_IN_STRCPY
:
1645 case BUILT_IN_STRCPY_CHK
:
1646 case BUILT_IN_STRNCAT
:
1647 case BUILT_IN_STRNCAT_CHK
:
1648 case BUILT_IN_STRNCPY
:
1649 case BUILT_IN_STRNCPY_CHK
:
1650 /* The above functions should be neither const nor pure. Punt if they
1652 if (gimple_vdef (stmt
) == NULL_TREE
|| gimple_vuse (stmt
) == NULL_TREE
)
1663 /* If the last .MEM setter statement before STMT is
1664 memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1665 and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1666 just memcpy (x, y, strlen (y)). SI must be the zero length
1670 adjust_last_stmt (strinfo
*si
, gimple
*stmt
, bool is_strcat
)
1672 tree vuse
, callee
, len
;
1673 struct laststmt_struct last
= laststmt
;
1674 strinfo
*lastsi
, *firstsi
;
1675 unsigned len_arg_no
= 2;
1677 laststmt
.stmt
= NULL
;
1678 laststmt
.len
= NULL_TREE
;
1679 laststmt
.stridx
= 0;
1681 if (last
.stmt
== NULL
)
1684 vuse
= gimple_vuse (stmt
);
1685 if (vuse
== NULL_TREE
1686 || SSA_NAME_DEF_STMT (vuse
) != last
.stmt
1687 || !has_single_use (vuse
))
1690 gcc_assert (last
.stridx
> 0);
1691 lastsi
= get_strinfo (last
.stridx
);
1697 if (lastsi
->first
== 0 || lastsi
->first
!= si
->first
)
1700 firstsi
= verify_related_strinfos (si
);
1701 if (firstsi
== NULL
)
1703 while (firstsi
!= lastsi
)
1705 firstsi
= get_next_strinfo (firstsi
);
1706 if (firstsi
== NULL
)
1711 if (!is_strcat
&& !zero_length_string_p (si
))
1714 if (is_gimple_assign (last
.stmt
))
1716 gimple_stmt_iterator gsi
;
1718 if (!integer_zerop (gimple_assign_rhs1 (last
.stmt
)))
1720 if (stmt_could_throw_p (cfun
, last
.stmt
))
1722 gsi
= gsi_for_stmt (last
.stmt
);
1723 unlink_stmt_vdef (last
.stmt
);
1724 release_defs (last
.stmt
);
1725 gsi_remove (&gsi
, true);
1729 if (!valid_builtin_call (last
.stmt
))
1732 callee
= gimple_call_fndecl (last
.stmt
);
1733 switch (DECL_FUNCTION_CODE (callee
))
1735 case BUILT_IN_MEMCPY
:
1736 case BUILT_IN_MEMCPY_CHK
:
1742 len
= gimple_call_arg (last
.stmt
, len_arg_no
);
1743 if (tree_fits_uhwi_p (len
))
1745 if (!tree_fits_uhwi_p (last
.len
)
1746 || integer_zerop (len
)
1747 || tree_to_uhwi (len
) != tree_to_uhwi (last
.len
) + 1)
1749 /* Don't adjust the length if it is divisible by 4, it is more efficient
1750 to store the extra '\0' in that case. */
1751 if ((tree_to_uhwi (len
) & 3) == 0)
1754 /* Don't fold away an out of bounds access, as this defeats proper
1756 tree dst
= gimple_call_arg (last
.stmt
, 0);
1757 tree size
= compute_objsize (dst
, 0);
1758 if (size
&& tree_int_cst_lt (size
, len
))
1761 else if (TREE_CODE (len
) == SSA_NAME
)
1763 gimple
*def_stmt
= SSA_NAME_DEF_STMT (len
);
1764 if (!is_gimple_assign (def_stmt
)
1765 || gimple_assign_rhs_code (def_stmt
) != PLUS_EXPR
1766 || gimple_assign_rhs1 (def_stmt
) != last
.len
1767 || !integer_onep (gimple_assign_rhs2 (def_stmt
)))
1773 gimple_call_set_arg (last
.stmt
, len_arg_no
, last
.len
);
1774 update_stmt (last
.stmt
);
1777 /* For an LHS that is an SSA_NAME that is the result of a strlen()
1778 call, or when BOUND is non-null, of a strnlen() call, set LHS
1779 range info to [0, min (MAX, BOUND)] when the range includes more
1780 than one value and return LHS. Otherwise, when the range
1781 [MIN, MAX] is such that MIN == MAX, return the tree representation
1782 of (MIN). The latter allows callers to fold suitable strnlen() calls
1786 set_strlen_range (tree lhs
, wide_int min
, wide_int max
,
1787 tree bound
/* = NULL_TREE */)
1789 if (TREE_CODE (lhs
) != SSA_NAME
1790 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs
)))
1795 /* For strnlen, adjust MIN and MAX as necessary. If the bound
1796 is less than the size of the array set MAX to it. It it's
1797 greater than MAX and MAX is non-zero bump MAX down to account
1798 for the necessary terminating nul. Otherwise leave it alone. */
1799 if (TREE_CODE (bound
) == INTEGER_CST
)
1801 wide_int wibnd
= wi::to_wide (bound
);
1802 int cmp
= wi::cmpu (wibnd
, max
);
1805 else if (cmp
&& wi::ne_p (max
, min
))
1808 else if (TREE_CODE (bound
) == SSA_NAME
)
1810 wide_int minbound
, maxbound
;
1811 // FIXME: Use range_query instead of global ranges.
1812 value_range_kind rng
= get_range_info (bound
, &minbound
, &maxbound
);
1813 if (rng
== VR_RANGE
)
1815 /* For a bound in a known range, adjust the range determined
1816 above as necessary. For a bound in some anti-range or
1817 in an unknown range, use the range determined by callers. */
1818 if (wi::ltu_p (minbound
, min
))
1820 if (wi::ltu_p (maxbound
, max
))
1827 return wide_int_to_tree (size_type_node
, min
);
1829 set_range_info (lhs
, VR_RANGE
, min
, max
);
1833 /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1834 SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1835 a character array A[N] with unknown length bounded by N, and for
1836 strnlen(), by min (N, BOUND). */
1839 maybe_set_strlen_range (tree lhs
, tree src
, tree bound
)
1841 if (TREE_CODE (lhs
) != SSA_NAME
1842 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs
)))
1845 if (TREE_CODE (src
) == SSA_NAME
)
1847 gimple
*def
= SSA_NAME_DEF_STMT (src
);
1848 if (is_gimple_assign (def
)
1849 && gimple_assign_rhs_code (def
) == ADDR_EXPR
)
1850 src
= gimple_assign_rhs1 (def
);
1853 /* The longest string is PTRDIFF_MAX - 1 bytes including the final
1854 NUL so that the difference between a pointer to just past it and
1855 one to its beginning is positive. */
1856 wide_int max
= wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node
)) - 2;
1858 if (TREE_CODE (src
) == ADDR_EXPR
)
1860 /* The last array member of a struct can be bigger than its size
1861 suggests if it's treated as a poor-man's flexible array member. */
1862 src
= TREE_OPERAND (src
, 0);
1863 if (TREE_CODE (src
) != MEM_REF
1864 && !array_at_struct_end_p (src
))
1866 tree type
= TREE_TYPE (src
);
1867 tree size
= TYPE_SIZE_UNIT (type
);
1869 && TREE_CODE (size
) == INTEGER_CST
1870 && !integer_zerop (size
))
1872 /* Even though such uses of strlen would be undefined,
1873 avoid relying on arrays of arrays in case some genius
1874 decides to call strlen on an unterminated array element
1875 that's followed by a terminated one. Likewise, avoid
1876 assuming that a struct array member is necessarily
1877 nul-terminated (the nul may be in the member that
1878 follows). In those cases, assume that the length
1879 of the string stored in such an array is bounded
1880 by the size of the enclosing object if one can be
1882 tree base
= get_base_address (src
);
1885 if (tree size
= DECL_SIZE_UNIT (base
))
1887 && TREE_CODE (size
) == INTEGER_CST
1888 && TREE_CODE (TREE_TYPE (base
)) != POINTER_TYPE
)
1889 max
= wi::to_wide (size
);
1893 /* For strlen() the upper bound above is equal to
1894 the longest string that can be stored in the array
1895 (i.e., it accounts for the terminating nul. For
1896 strnlen() bump up the maximum by one since the array
1897 need not be nul-terminated. */
1898 if (!bound
&& max
!= 0)
1903 wide_int min
= wi::zero (max
.get_precision ());
1904 return set_strlen_range (lhs
, min
, max
, bound
);
1907 /* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes,
1908 either into a region allocated for the object SI when non-null,
1909 or into an object designated by the LHS of STMT otherwise.
1910 When nonnull uses RVALS to determine range information.
1911 RAWMEM may be set by memcpy and other raw memory functions
1912 to allow accesses across subobject boundaries. */
1915 maybe_warn_overflow (gimple
*stmt
, tree len
,
1916 range_query
*rvals
= NULL
,
1917 strinfo
*si
= NULL
, bool plus_one
= false,
1918 bool rawmem
= false)
1920 if (!len
|| gimple_no_warning_p (stmt
))
1923 /* The DECL of the function performing the write if it is done
1925 tree writefn
= NULL_TREE
;
1926 /* The destination expression involved in the store STMT. */
1927 tree dest
= NULL_TREE
;
1929 if (is_gimple_assign (stmt
))
1930 dest
= gimple_assign_lhs (stmt
);
1931 else if (is_gimple_call (stmt
))
1933 dest
= gimple_call_arg (stmt
, 0);
1934 writefn
= gimple_call_fndecl (stmt
);
1937 if (TREE_NO_WARNING (dest
))
1940 /* Use maximum precision to avoid overflow in the addition below.
1941 Make sure all operands have the same precision to keep wide_int
1944 /* Convenience constants. */
1945 const widest_int diff_min
1946 = wi::to_widest (TYPE_MIN_VALUE (ptrdiff_type_node
));
1947 const widest_int diff_max
1948 = wi::to_widest (TYPE_MAX_VALUE (ptrdiff_type_node
));
1949 const widest_int size_max
1950 = wi::to_widest (TYPE_MAX_VALUE (size_type_node
));
1952 /* The offset into the destination object computed below and not
1953 reflected in DESTSIZE. */
1954 widest_int offrng
[2] = { 0, 0 };
1958 /* If no destination STRINFO was provided try to get it from
1959 the DEST argument. */
1961 if (TREE_CODE (ref
) == ARRAY_REF
)
1963 /* Handle stores to VLAs (represented as
1964 ARRAY_REF (MEM_REF (vlaptr, 0), N]. */
1965 tree off
= TREE_OPERAND (ref
, 1);
1966 ref
= TREE_OPERAND (ref
, 0);
1968 if (get_range (off
, stmt
, rng
, rvals
))
1970 /* Convert offsets to the maximum precision. */
1971 offrng
[0] = widest_int::from (rng
[0], SIGNED
);
1972 offrng
[1] = widest_int::from (rng
[1], SIGNED
);
1976 offrng
[0] = diff_min
;
1977 offrng
[1] = diff_max
;
1981 if (TREE_CODE (ref
) == MEM_REF
)
1983 tree mem_off
= TREE_OPERAND (ref
, 1);
1984 ref
= TREE_OPERAND (ref
, 0);
1986 if (get_range (mem_off
, stmt
, rng
, rvals
))
1988 offrng
[0] += widest_int::from (rng
[0], SIGNED
);
1989 offrng
[1] += widest_int::from (rng
[1], SIGNED
);
1993 offrng
[0] = diff_min
;
1994 offrng
[1] = diff_max
;
1999 if (int idx
= get_stridx (ref
, rng
, rvals
))
2001 si
= get_strinfo (idx
);
2002 offrng
[0] += widest_int::from (rng
[0], SIGNED
);
2003 offrng
[1] += widest_int::from (rng
[1], SIGNED
);
2007 /* The allocation call if the destination object was allocated
2009 gimple
*alloc_call
= NULL
;
2010 /* The DECL of the destination object if known and not dynamically
2012 tree destdecl
= NULL_TREE
;
2013 /* The offset into the destination object set by compute_objsize
2014 but already reflected in DESTSIZE. */
2015 tree destoff
= NULL_TREE
;
2016 /* The size of the destination region (which is smaller than
2017 the destination object for stores at a non-zero offset). */
2018 tree destsize
= NULL_TREE
;
2020 /* Compute the range of sizes of the destination object. The range
2021 is constant for declared objects but may be a range for allocated
2023 widest_int sizrng
[2] = { 0, 0 };
2027 destsize
= gimple_call_alloc_size (si
->alloc
, rng
, rvals
);
2030 sizrng
[0] = widest_int::from (rng
[0], UNSIGNED
);
2031 sizrng
[1] = widest_int::from (rng
[1], UNSIGNED
);
2033 alloc_call
= si
->alloc
;
2036 offrng
[0] = offrng
[1] = 0;
2040 /* If there is no STRINFO for DEST, fall back on compute_objsize. */
2041 tree off
= NULL_TREE
;
2042 destsize
= compute_objsize (dest
, rawmem
? 0 : 1, &destdecl
, &off
, rvals
);
2045 /* Remember OFF but clear OFFRNG that may have been set above. */
2047 offrng
[0] = offrng
[1] = 0;
2049 if (destdecl
&& TREE_CODE (destdecl
) == SSA_NAME
)
2051 gimple
*stmt
= SSA_NAME_DEF_STMT (destdecl
);
2052 if (is_gimple_call (stmt
))
2054 destdecl
= NULL_TREE
;
2058 if (get_range (destsize
, stmt
, rng
, rvals
))
2060 sizrng
[0] = widest_int::from (rng
[0], UNSIGNED
);
2061 sizrng
[1] = widest_int::from (rng
[1], UNSIGNED
);
2065 /* On failure, rather than failing, set the maximum range
2066 so that overflow in allocated objects whose size depends
2067 on the strlen of the source can still be diagnosed
2070 sizrng
[1] = size_max
;
2078 sizrng
[1] = size_max
;
2081 /* Return early if the DESTSIZE size expression is the same as LEN
2082 and the offset into the destination is zero. This might happen
2083 in the case of a pair of malloc and memset calls to allocate
2084 an object and clear it as if by calloc. */
2085 if (destsize
== len
&& !plus_one
&& offrng
[0] == 0 && offrng
[0] == offrng
[1])
2089 if (!get_range (len
, stmt
, rng
, rvals
))
2092 widest_int lenrng
[2] =
2093 { widest_int::from (rng
[0], SIGNED
), widest_int::from (rng
[1], SIGNED
) };
2101 /* The size of the remaining space in the destination computed
2102 as the size of the latter minus the offset into it. */
2103 widest_int spcrng
[2] = { sizrng
[0], sizrng
[1] };
2104 if (wi::neg_p (offrng
[0]) && wi::neg_p (offrng
[1]))
2106 /* When the offset is negative and the size of the destination
2107 object unknown there is little to do.
2108 FIXME: Detect offsets that are necessarily invalid regardless
2109 of the size of the object. */
2113 /* The remaining space is necessarily zero. */
2114 spcrng
[0] = spcrng
[1] = 0;
2116 else if (wi::neg_p (offrng
[0]))
2118 /* When the lower bound of the offset is negative but the upper
2119 bound is not, reduce the upper bound of the remaining space
2120 by the upper bound of the offset but leave the lower bound
2121 unchanged. If that makes the upper bound of the space less
2122 than the lower bound swap the two. */
2123 spcrng
[1] -= wi::ltu_p (offrng
[1], spcrng
[1]) ? offrng
[1] : spcrng
[1];
2124 if (wi::ltu_p (spcrng
[1], spcrng
[0]))
2125 std::swap (spcrng
[1], spcrng
[0]);
2129 /* When the offset is positive reduce the remaining space by
2130 the lower bound of the offset or clear it if the offset is
2132 spcrng
[0] -= wi::ltu_p (offrng
[0], spcrng
[0]) ? offrng
[0] : spcrng
[0];
2133 spcrng
[1] -= wi::ltu_p (offrng
[0], spcrng
[1]) ? offrng
[0] : spcrng
[1];
2136 if (wi::leu_p (lenrng
[0], spcrng
[0])
2137 && wi::leu_p (lenrng
[1], spcrng
[1]))
2140 if (lenrng
[0] == spcrng
[1]
2142 || !si
|| !is_strlen_related_p (si
->ptr
, len
)))
2145 location_t loc
= gimple_or_expr_nonartificial_location (stmt
, dest
);
2146 bool warned
= false;
2147 if (wi::leu_p (lenrng
[0], spcrng
[1]))
2150 && (!si
|| !is_strlen_related_p (si
->ptr
, len
)))
2154 ? warning_at (loc
, OPT_Wstringop_overflow_
,
2155 "%G%qD writing one too many bytes into a region "
2156 "of a size that depends on %<strlen%>",
2158 : warning_at (loc
, OPT_Wstringop_overflow_
,
2159 "%Gwriting one too many bytes into a region "
2160 "of a size that depends on %<strlen%>",
2163 else if (lenrng
[0] == lenrng
[1])
2165 if (spcrng
[0] == spcrng
[1])
2167 ? warning_n (loc
, OPT_Wstringop_overflow_
,
2168 lenrng
[0].to_uhwi (),
2169 "%G%qD writing %wu byte into a region "
2171 "%G%qD writing %wu bytes into a region "
2173 stmt
, writefn
, lenrng
[0].to_uhwi (),
2174 spcrng
[0].to_uhwi ())
2175 : warning_n (loc
, OPT_Wstringop_overflow_
,
2176 lenrng
[0].to_uhwi (),
2177 "%Gwriting %wu byte into a region "
2179 "%Gwriting %wu bytes into a region "
2181 stmt
, lenrng
[0].to_uhwi (),
2182 spcrng
[0].to_uhwi ()));
2185 ? warning_n (loc
, OPT_Wstringop_overflow_
,
2186 lenrng
[0].to_uhwi (),
2187 "%G%qD writing %wu byte into a region "
2188 "of size between %wu and %wu",
2189 "%G%qD writing %wu bytes into a region "
2190 "of size between %wu and %wu",
2191 stmt
, writefn
, lenrng
[0].to_uhwi (),
2192 spcrng
[0].to_uhwi (), spcrng
[1].to_uhwi ())
2193 : warning_n (loc
, OPT_Wstringop_overflow_
,
2194 lenrng
[0].to_uhwi (),
2195 "%Gwriting %wu byte into a region "
2196 "of size between %wu and %wu",
2197 "%Gwriting %wu bytes into a region "
2198 "of size between %wu and %wu",
2199 stmt
, lenrng
[0].to_uhwi (),
2200 spcrng
[0].to_uhwi (), spcrng
[1].to_uhwi ()));
2202 else if (spcrng
[0] == spcrng
[1])
2204 ? warning_at (loc
, OPT_Wstringop_overflow_
,
2205 "%G%qD writing between %wu and %wu bytes "
2206 "into a region of size %wu",
2207 stmt
, writefn
, lenrng
[0].to_uhwi (),
2208 lenrng
[1].to_uhwi (),
2209 spcrng
[0].to_uhwi ())
2210 : warning_at (loc
, OPT_Wstringop_overflow_
,
2211 "%Gwriting between %wu and %wu bytes "
2212 "into a region of size %wu",
2213 stmt
, lenrng
[0].to_uhwi (),
2214 lenrng
[1].to_uhwi (),
2215 spcrng
[0].to_uhwi ()));
2218 ? warning_at (loc
, OPT_Wstringop_overflow_
,
2219 "%G%qD writing between %wu and %wu bytes "
2220 "into a region of size between %wu and %wu",
2221 stmt
, writefn
, lenrng
[0].to_uhwi (),
2222 lenrng
[1].to_uhwi (),
2223 spcrng
[0].to_uhwi (), spcrng
[1].to_uhwi ())
2224 : warning_at (loc
, OPT_Wstringop_overflow_
,
2225 "%Gwriting between %wu and %wu bytes "
2226 "into a region of size between %wu and %wu",
2227 stmt
, lenrng
[0].to_uhwi (),
2228 lenrng
[1].to_uhwi (),
2229 spcrng
[0].to_uhwi (), spcrng
[1].to_uhwi ()));
2234 gimple_set_no_warning (stmt
, true);
2236 /* If DESTOFF is not null, use it to format the offset value/range. */
2240 if (get_range (destoff
, stmt
, rng
))
2242 offrng
[0] = widest_int::from (rng
[0], SIGNED
);
2243 offrng
[1] = widest_int::from (rng
[1], SIGNED
);
2246 offrng
[0] = offrng
[1] = 0;
2249 /* Format the offset to keep the number of inform calls from growing
2252 if (offrng
[0] == offrng
[1])
2253 sprintf (offstr
, "%lli", (long long) offrng
[0].to_shwi ());
2255 sprintf (offstr
, "[%lli, %lli]",
2256 (long long) offrng
[0].to_shwi (), (long long) offrng
[1].to_shwi ());
2258 if (destdecl
&& DECL_P (destdecl
))
2260 if (tree size
= DECL_SIZE_UNIT (destdecl
))
2261 inform (DECL_SOURCE_LOCATION (destdecl
),
2262 "at offset %s to object %qD with size %E declared here",
2263 offstr
, destdecl
, size
);
2265 inform (DECL_SOURCE_LOCATION (destdecl
),
2266 "at offset %s to object %qD declared here",
2274 tree allocfn
= gimple_call_fndecl (alloc_call
);
2277 /* For an ALLOC_CALL via a function pointer make a small effort
2278 to determine the destination of the pointer. */
2279 allocfn
= gimple_call_fn (alloc_call
);
2280 if (TREE_CODE (allocfn
) == SSA_NAME
)
2282 gimple
*def
= SSA_NAME_DEF_STMT (allocfn
);
2283 if (gimple_assign_single_p (def
))
2285 tree rhs
= gimple_assign_rhs1 (def
);
2288 else if (TREE_CODE (rhs
) == COMPONENT_REF
)
2289 allocfn
= TREE_OPERAND (rhs
, 1);
2294 if (gimple_call_builtin_p (alloc_call
, BUILT_IN_ALLOCA_WITH_ALIGN
))
2296 if (sizrng
[0] == sizrng
[1])
2297 inform (gimple_location (alloc_call
),
2298 "at offset %s to an object with size %wu declared here",
2299 offstr
, sizrng
[0].to_uhwi ());
2300 else if (sizrng
[0] == 0)
2302 /* Avoid printing impossible sizes. */
2303 if (wi::ltu_p (sizrng
[1], diff_max
- 2))
2304 inform (gimple_location (alloc_call
),
2305 "at offset %s to an object with size at most %wu "
2307 offstr
, sizrng
[1].to_uhwi ());
2309 inform (gimple_location (alloc_call
),
2310 "at offset %s to an object declared here", offstr
);
2313 inform (gimple_location (alloc_call
),
2314 "at offset %s to an object with size between %wu and %wu "
2316 offstr
, sizrng
[0].to_uhwi (), sizrng
[1].to_uhwi ());
2320 if (sizrng
[0] == sizrng
[1])
2321 inform (gimple_location (alloc_call
),
2322 "at offset %s to an object with size %wu allocated by %qE here",
2323 offstr
, sizrng
[0].to_uhwi (), allocfn
);
2324 else if (sizrng
[0] == 0)
2326 /* Avoid printing impossible sizes. */
2327 if (wi::ltu_p (sizrng
[1], diff_max
- 2))
2328 inform (gimple_location (alloc_call
),
2329 "at offset %s to an object with size at most %wu allocated "
2331 offstr
, sizrng
[1].to_uhwi (), allocfn
);
2333 inform (gimple_location (alloc_call
),
2334 "at offset %s to an object allocated by %qE here",
2338 inform (gimple_location (alloc_call
),
2339 "at offset %s to an object with size between %wu and %wu "
2340 "allocated by %qE here",
2341 offstr
, sizrng
[0].to_uhwi (), sizrng
[1].to_uhwi (), allocfn
);
2344 /* Convenience wrapper for the above. */
2347 maybe_warn_overflow (gimple
*stmt
, unsigned HOST_WIDE_INT len
,
2348 range_query
*rvals
= NULL
, strinfo
*si
= NULL
,
2349 bool plus_one
= false, bool rawmem
= false)
2351 maybe_warn_overflow (stmt
, build_int_cst (size_type_node
, len
), rvals
,
2352 si
, plus_one
, rawmem
);
2355 /* Handle a strlen call. If strlen of the argument is known, replace
2356 the strlen call with the known value, otherwise remember that strlen
2357 of the argument is stored in the lhs SSA_NAME. */
2360 handle_builtin_strlen (gimple_stmt_iterator
*gsi
)
2362 gimple
*stmt
= gsi_stmt (*gsi
);
2363 tree lhs
= gimple_call_lhs (stmt
);
2365 if (lhs
== NULL_TREE
)
2368 location_t loc
= gimple_location (stmt
);
2369 tree callee
= gimple_call_fndecl (stmt
);
2370 tree src
= gimple_call_arg (stmt
, 0);
2371 tree bound
= (DECL_FUNCTION_CODE (callee
) == BUILT_IN_STRNLEN
2372 ? gimple_call_arg (stmt
, 1) : NULL_TREE
);
2373 int idx
= get_stridx (src
);
2374 if (idx
|| (bound
&& integer_zerop (bound
)))
2380 rhs
= build_int_cst (TREE_TYPE (lhs
), ~idx
);
2386 si
= get_strinfo (idx
);
2389 rhs
= get_string_length (si
);
2390 /* For strnlen, if bound is constant, even if si is not known
2391 to be zero terminated, if we know at least bound bytes are
2392 not zero, the return value will be bound. */
2393 if (rhs
== NULL_TREE
2394 && bound
!= NULL_TREE
2395 && TREE_CODE (bound
) == INTEGER_CST
2396 && si
->nonzero_chars
!= NULL_TREE
2397 && TREE_CODE (si
->nonzero_chars
) == INTEGER_CST
2398 && tree_int_cst_le (bound
, si
->nonzero_chars
))
2402 if (rhs
!= NULL_TREE
)
2404 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2406 fprintf (dump_file
, "Optimizing: ");
2407 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
2409 rhs
= unshare_expr (rhs
);
2410 if (!useless_type_conversion_p (TREE_TYPE (lhs
), TREE_TYPE (rhs
)))
2411 rhs
= fold_convert_loc (loc
, TREE_TYPE (lhs
), rhs
);
2414 rhs
= fold_build2_loc (loc
, MIN_EXPR
, TREE_TYPE (rhs
), rhs
, bound
);
2416 if (!update_call_from_tree (gsi
, rhs
))
2417 gimplify_and_update_call_from_tree (gsi
, rhs
);
2418 stmt
= gsi_stmt (*gsi
);
2420 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2422 fprintf (dump_file
, "into: ");
2423 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
2427 /* Don't update anything for strnlen. */
2428 && bound
== NULL_TREE
2429 && TREE_CODE (si
->nonzero_chars
) != SSA_NAME
2430 && TREE_CODE (si
->nonzero_chars
) != INTEGER_CST
2431 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs
))
2433 si
= unshare_strinfo (si
);
2434 si
->nonzero_chars
= lhs
;
2435 gcc_assert (si
->full_string_p
);
2438 if (strlen_to_stridx
2439 && (bound
== NULL_TREE
2440 /* For strnlen record this only if the call is proven
2441 to return the same value as strlen would. */
2442 || (TREE_CODE (bound
) == INTEGER_CST
2443 && TREE_CODE (rhs
) == INTEGER_CST
2444 && tree_int_cst_lt (rhs
, bound
))))
2445 strlen_to_stridx
->put (lhs
, stridx_strlenloc (idx
, loc
));
2450 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs
))
2454 idx
= new_stridx (src
);
2457 strinfo
*si
= get_strinfo (idx
);
2460 if (!si
->full_string_p
&& !si
->stmt
)
2462 /* Until now we only had a lower bound on the string length.
2463 Install LHS as the actual length. */
2464 si
= unshare_strinfo (si
);
2465 tree old
= si
->nonzero_chars
;
2466 si
->nonzero_chars
= lhs
;
2467 si
->full_string_p
= true;
2468 if (old
&& TREE_CODE (old
) == INTEGER_CST
)
2470 old
= fold_convert_loc (loc
, TREE_TYPE (lhs
), old
);
2471 tree adj
= fold_build2_loc (loc
, MINUS_EXPR
,
2472 TREE_TYPE (lhs
), lhs
, old
);
2473 adjust_related_strinfos (loc
, si
, adj
);
2474 /* Use the constant minimum length as the lower bound
2475 of the non-constant length. */
2476 wide_int min
= wi::to_wide (old
);
2478 = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node
)) - 2;
2479 set_strlen_range (lhs
, min
, max
);
2495 /* Only store the new length information for calls to strlen(),
2496 not for those to strnlen(). */
2497 strinfo
*si
= new_strinfo (src
, idx
, lhs
, true);
2498 set_strinfo (idx
, si
);
2499 find_equal_ptrs (src
, idx
);
2502 /* For SRC that is an array of N elements, set LHS's range
2503 to [0, min (N, BOUND)]. A constant return value means
2504 the range would have consisted of a single value. In
2505 that case, fold the result into the returned constant. */
2506 if (tree ret
= maybe_set_strlen_range (lhs
, src
, bound
))
2507 if (TREE_CODE (ret
) == INTEGER_CST
)
2509 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2511 fprintf (dump_file
, "Optimizing: ");
2512 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
2514 if (!useless_type_conversion_p (TREE_TYPE (lhs
), TREE_TYPE (ret
)))
2515 ret
= fold_convert_loc (loc
, TREE_TYPE (lhs
), ret
);
2516 if (!update_call_from_tree (gsi
, ret
))
2517 gimplify_and_update_call_from_tree (gsi
, ret
);
2518 stmt
= gsi_stmt (*gsi
);
2520 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2522 fprintf (dump_file
, "into: ");
2523 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
2527 if (strlen_to_stridx
&& !bound
)
2528 strlen_to_stridx
->put (lhs
, stridx_strlenloc (idx
, loc
));
2532 /* Handle a strchr call. If strlen of the first argument is known, replace
2533 the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
2534 that lhs of the call is endptr and strlen of the argument is endptr - x. */
2537 handle_builtin_strchr (gimple_stmt_iterator
*gsi
)
2539 gimple
*stmt
= gsi_stmt (*gsi
);
2540 tree lhs
= gimple_call_lhs (stmt
);
2542 if (lhs
== NULL_TREE
)
2545 if (!integer_zerop (gimple_call_arg (stmt
, 1)))
2548 tree src
= gimple_call_arg (stmt
, 0);
2550 /* Avoid folding if the first argument is not a nul-terminated array.
2551 Defer warning until later. */
2552 if (!check_nul_terminated_array (NULL_TREE
, src
))
2555 int idx
= get_stridx (src
);
2562 rhs
= build_int_cst (size_type_node
, ~idx
);
2566 si
= get_strinfo (idx
);
2568 rhs
= get_string_length (si
);
2570 if (rhs
!= NULL_TREE
)
2572 location_t loc
= gimple_location (stmt
);
2574 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2576 fprintf (dump_file
, "Optimizing: ");
2577 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
2579 if (si
!= NULL
&& si
->endptr
!= NULL_TREE
)
2581 rhs
= unshare_expr (si
->endptr
);
2582 if (!useless_type_conversion_p (TREE_TYPE (lhs
),
2584 rhs
= fold_convert_loc (loc
, TREE_TYPE (lhs
), rhs
);
2588 rhs
= fold_convert_loc (loc
, sizetype
, unshare_expr (rhs
));
2589 rhs
= fold_build2_loc (loc
, POINTER_PLUS_EXPR
,
2590 TREE_TYPE (src
), src
, rhs
);
2591 if (!useless_type_conversion_p (TREE_TYPE (lhs
),
2593 rhs
= fold_convert_loc (loc
, TREE_TYPE (lhs
), rhs
);
2595 if (!update_call_from_tree (gsi
, rhs
))
2596 gimplify_and_update_call_from_tree (gsi
, rhs
);
2597 stmt
= gsi_stmt (*gsi
);
2599 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2601 fprintf (dump_file
, "into: ");
2602 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
2605 && si
->endptr
== NULL_TREE
2606 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs
))
2608 si
= unshare_strinfo (si
);
2611 zero_length_string (lhs
, si
);
2615 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs
))
2617 if (TREE_CODE (src
) != SSA_NAME
|| !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src
))
2620 idx
= new_stridx (src
);
2621 else if (get_strinfo (idx
) != NULL
)
2623 zero_length_string (lhs
, NULL
);
2628 location_t loc
= gimple_location (stmt
);
2629 tree lhsu
= fold_convert_loc (loc
, size_type_node
, lhs
);
2630 tree srcu
= fold_convert_loc (loc
, size_type_node
, src
);
2631 tree length
= fold_build2_loc (loc
, MINUS_EXPR
,
2632 size_type_node
, lhsu
, srcu
);
2633 strinfo
*si
= new_strinfo (src
, idx
, length
, true);
2635 set_strinfo (idx
, si
);
2636 find_equal_ptrs (src
, idx
);
2637 zero_length_string (lhs
, si
);
2641 zero_length_string (lhs
, NULL
);
2644 /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
2645 If strlen of the second argument is known, strlen of the first argument
2646 is the same after this call. Furthermore, attempt to convert it to
2647 memcpy. Uses RVALS to determine range information. */
2650 handle_builtin_strcpy (enum built_in_function bcode
, gimple_stmt_iterator
*gsi
,
2654 tree src
, dst
, srclen
, len
, lhs
, type
, fn
, oldlen
;
2656 gimple
*stmt
= gsi_stmt (*gsi
);
2657 strinfo
*si
, *dsi
, *olddsi
, *zsi
;
2660 src
= gimple_call_arg (stmt
, 1);
2661 dst
= gimple_call_arg (stmt
, 0);
2662 lhs
= gimple_call_lhs (stmt
);
2663 idx
= get_stridx (src
);
2666 si
= get_strinfo (idx
);
2668 didx
= get_stridx (dst
);
2672 olddsi
= get_strinfo (didx
);
2677 adjust_last_stmt (olddsi
, stmt
, false);
2681 srclen
= get_string_length (si
);
2683 srclen
= build_int_cst (size_type_node
, ~idx
);
2685 maybe_warn_overflow (stmt
, srclen
, rvals
, olddsi
, true);
2688 adjust_last_stmt (olddsi
, stmt
, false);
2690 loc
= gimple_location (stmt
);
2691 if (srclen
== NULL_TREE
)
2694 case BUILT_IN_STRCPY
:
2695 case BUILT_IN_STRCPY_CHK
:
2696 if (lhs
!= NULL_TREE
|| !builtin_decl_implicit_p (BUILT_IN_STPCPY
))
2699 case BUILT_IN_STPCPY
:
2700 case BUILT_IN_STPCPY_CHK
:
2701 if (lhs
== NULL_TREE
)
2705 tree lhsuint
= fold_convert_loc (loc
, size_type_node
, lhs
);
2706 srclen
= fold_convert_loc (loc
, size_type_node
, dst
);
2707 srclen
= fold_build2_loc (loc
, MINUS_EXPR
, size_type_node
,
2717 didx
= new_stridx (dst
);
2723 oldlen
= olddsi
->nonzero_chars
;
2724 dsi
= unshare_strinfo (olddsi
);
2725 dsi
->nonzero_chars
= srclen
;
2726 dsi
->full_string_p
= (srclen
!= NULL_TREE
);
2727 /* Break the chain, so adjust_related_strinfo on later pointers in
2728 the chain won't adjust this one anymore. */
2731 dsi
->endptr
= NULL_TREE
;
2735 dsi
= new_strinfo (dst
, didx
, srclen
, srclen
!= NULL_TREE
);
2736 set_strinfo (didx
, dsi
);
2737 find_equal_ptrs (dst
, didx
);
2739 dsi
->writable
= true;
2740 dsi
->dont_invalidate
= true;
2742 if (dsi
->nonzero_chars
== NULL_TREE
)
2746 /* If string length of src is unknown, use delayed length
2747 computation. If string length of dst will be needed, it
2748 can be computed by transforming this strcpy call into
2749 stpcpy and subtracting dst from the return value. */
2751 /* Look for earlier strings whose length could be determined if
2752 this strcpy is turned into an stpcpy. */
2754 if (dsi
->prev
!= 0 && (chainsi
= verify_related_strinfos (dsi
)) != NULL
)
2756 for (; chainsi
&& chainsi
!= dsi
; chainsi
= get_strinfo (chainsi
->next
))
2758 /* When setting a stmt for delayed length computation
2759 prevent all strinfos through dsi from being
2761 chainsi
= unshare_strinfo (chainsi
);
2762 chainsi
->stmt
= stmt
;
2763 chainsi
->nonzero_chars
= NULL_TREE
;
2764 chainsi
->full_string_p
= false;
2765 chainsi
->endptr
= NULL_TREE
;
2766 chainsi
->dont_invalidate
= true;
2771 /* Try to detect overlap before returning. This catches cases
2772 like strcpy (d, d + n) where n is non-constant whose range
2773 is such that (n <= strlen (d) holds).
2775 OLDDSI->NONZERO_chars may have been reset by this point with
2776 oldlen holding it original value. */
2777 if (olddsi
&& oldlen
)
2779 /* Add 1 for the terminating NUL. */
2780 tree type
= TREE_TYPE (oldlen
);
2781 oldlen
= fold_build2 (PLUS_EXPR
, type
, oldlen
,
2782 build_int_cst (type
, 1));
2783 check_bounds_or_overlap (stmt
, olddsi
->ptr
, src
, oldlen
, NULL_TREE
);
2791 tree adj
= NULL_TREE
;
2792 if (oldlen
== NULL_TREE
)
2794 else if (integer_zerop (oldlen
))
2796 else if (TREE_CODE (oldlen
) == INTEGER_CST
2797 || TREE_CODE (srclen
) == INTEGER_CST
)
2798 adj
= fold_build2_loc (loc
, MINUS_EXPR
,
2799 TREE_TYPE (srclen
), srclen
,
2800 fold_convert_loc (loc
, TREE_TYPE (srclen
),
2802 if (adj
!= NULL_TREE
)
2803 adjust_related_strinfos (loc
, dsi
, adj
);
2807 /* strcpy src may not overlap dst, so src doesn't need to be
2808 invalidated either. */
2810 si
->dont_invalidate
= true;
2816 case BUILT_IN_STRCPY
:
2817 fn
= builtin_decl_implicit (BUILT_IN_MEMCPY
);
2819 ssa_ver_to_stridx
[SSA_NAME_VERSION (lhs
)] = didx
;
2821 case BUILT_IN_STRCPY_CHK
:
2822 fn
= builtin_decl_explicit (BUILT_IN_MEMCPY_CHK
);
2824 ssa_ver_to_stridx
[SSA_NAME_VERSION (lhs
)] = didx
;
2826 case BUILT_IN_STPCPY
:
2827 /* This would need adjustment of the lhs (subtract one),
2828 or detection that the trailing '\0' doesn't need to be
2829 written, if it will be immediately overwritten.
2830 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
2834 zsi
= zero_length_string (lhs
, dsi
);
2837 case BUILT_IN_STPCPY_CHK
:
2838 /* This would need adjustment of the lhs (subtract one),
2839 or detection that the trailing '\0' doesn't need to be
2840 written, if it will be immediately overwritten.
2841 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
2845 zsi
= zero_length_string (lhs
, dsi
);
2852 zsi
->dont_invalidate
= true;
2856 tree args
= TYPE_ARG_TYPES (TREE_TYPE (fn
));
2857 type
= TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args
)));
2860 type
= size_type_node
;
2862 len
= fold_convert_loc (loc
, type
, unshare_expr (srclen
));
2863 len
= fold_build2_loc (loc
, PLUS_EXPR
, type
, len
, build_int_cst (type
, 1));
2865 /* Set the no-warning bit on the transformed statement? */
2866 bool set_no_warning
= false;
2868 if (const strinfo
*chksi
= olddsi
? olddsi
: dsi
)
2870 && check_bounds_or_overlap (stmt
, chksi
->ptr
, si
->ptr
, NULL_TREE
, len
))
2872 gimple_set_no_warning (stmt
, true);
2873 set_no_warning
= true;
2876 if (fn
== NULL_TREE
)
2879 len
= force_gimple_operand_gsi (gsi
, len
, true, NULL_TREE
, true,
2881 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2883 fprintf (dump_file
, "Optimizing: ");
2884 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
2886 if (gimple_call_num_args (stmt
) == 2)
2887 success
= update_gimple_call (gsi
, fn
, 3, dst
, src
, len
);
2889 success
= update_gimple_call (gsi
, fn
, 4, dst
, src
, len
,
2890 gimple_call_arg (stmt
, 2));
2893 stmt
= gsi_stmt (*gsi
);
2895 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2897 fprintf (dump_file
, "into: ");
2898 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
2900 /* Allow adjust_last_stmt to decrease this memcpy's size. */
2901 laststmt
.stmt
= stmt
;
2902 laststmt
.len
= srclen
;
2903 laststmt
.stridx
= dsi
->idx
;
2905 else if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
2906 fprintf (dump_file
, "not possible.\n");
2909 gimple_set_no_warning (stmt
, true);
2912 /* Check the size argument to the built-in forms of stpncpy and strncpy
2913 for out-of-bounds offsets or overlapping access, and to see if the
2914 size argument is derived from a call to strlen() on the source argument,
2915 and if so, issue an appropriate warning. */
2918 handle_builtin_strncat (built_in_function
, gimple_stmt_iterator
*gsi
)
2920 /* Same as stxncpy(). */
2921 handle_builtin_stxncpy_strncat (true, gsi
);
2924 /* Return true if LEN depends on a call to strlen(SRC) in an interesting
2925 way. LEN can either be an integer expression, or a pointer (to char).
2926 When it is the latter (such as in recursive calls to self) it is
2927 assumed to be the argument in some call to strlen() whose relationship
2928 to SRC is being ascertained. */
2931 is_strlen_related_p (tree src
, tree len
)
2933 if (TREE_CODE (TREE_TYPE (len
)) == POINTER_TYPE
2934 && operand_equal_p (src
, len
, 0))
2937 if (TREE_CODE (len
) != SSA_NAME
)
2940 if (TREE_CODE (src
) == SSA_NAME
)
2942 gimple
*srcdef
= SSA_NAME_DEF_STMT (src
);
2943 if (is_gimple_assign (srcdef
))
2945 /* Handle bitwise AND used in conversions from wider size_t
2946 to narrower unsigned types. */
2947 tree_code code
= gimple_assign_rhs_code (srcdef
);
2948 if (code
== BIT_AND_EXPR
2949 || code
== NOP_EXPR
)
2950 return is_strlen_related_p (gimple_assign_rhs1 (srcdef
), len
);
2955 if (gimple_call_builtin_p (srcdef
, BUILT_IN_NORMAL
))
2957 /* If SRC is the result of a call to an allocation function
2958 or strlen, use the function's argument instead. */
2959 tree func
= gimple_call_fndecl (srcdef
);
2960 built_in_function code
= DECL_FUNCTION_CODE (func
);
2961 if (code
== BUILT_IN_ALLOCA
2962 || code
== BUILT_IN_ALLOCA_WITH_ALIGN
2963 || code
== BUILT_IN_MALLOC
2964 || code
== BUILT_IN_STRLEN
)
2965 return is_strlen_related_p (gimple_call_arg (srcdef
, 0), len
);
2967 /* FIXME: Handle other functions with attribute alloc_size. */
2972 gimple
*lendef
= SSA_NAME_DEF_STMT (len
);
2976 if (is_gimple_call (lendef
))
2978 tree func
= gimple_call_fndecl (lendef
);
2979 if (!valid_builtin_call (lendef
)
2980 || DECL_FUNCTION_CODE (func
) != BUILT_IN_STRLEN
)
2983 tree arg
= gimple_call_arg (lendef
, 0);
2984 return is_strlen_related_p (src
, arg
);
2987 if (!is_gimple_assign (lendef
))
2990 tree_code code
= gimple_assign_rhs_code (lendef
);
2991 tree rhs1
= gimple_assign_rhs1 (lendef
);
2992 tree rhstype
= TREE_TYPE (rhs1
);
2994 if ((TREE_CODE (rhstype
) == POINTER_TYPE
&& code
== POINTER_PLUS_EXPR
)
2995 || (INTEGRAL_TYPE_P (rhstype
)
2996 && (code
== BIT_AND_EXPR
2997 || code
== NOP_EXPR
)))
2999 /* Pointer plus (an integer), and truncation are considered among
3000 the (potentially) related expressions to strlen. */
3001 return is_strlen_related_p (src
, rhs1
);
3004 if (tree rhs2
= gimple_assign_rhs2 (lendef
))
3006 /* Integer subtraction is considered strlen-related when both
3007 arguments are integers and second one is strlen-related. */
3008 rhstype
= TREE_TYPE (rhs2
);
3009 if (INTEGRAL_TYPE_P (rhstype
) && code
== MINUS_EXPR
)
3010 return is_strlen_related_p (src
, rhs2
);
3016 /* Called by handle_builtin_stxncpy_strncat and by
3017 gimple_fold_builtin_strncpy in gimple-fold.c.
3018 Check to see if the specified bound is a) equal to the size of
3019 the destination DST and if so, b) if it's immediately followed by
3020 DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
3021 do nothing. Return true if diagnostic has been issued.
3023 The purpose is to diagnose calls to strncpy and stpncpy that do
3024 not nul-terminate the copy while allowing for the idiom where
3025 such a call is immediately followed by setting the last element
3028 strncpy (a, s, sizeof a);
3029 a[sizeof a - 1] = '\0';
3033 maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi
, tree src
, tree cnt
)
3035 gimple
*stmt
= gsi_stmt (gsi
);
3036 if (gimple_no_warning_p (stmt
))
3039 wide_int cntrange
[2];
3041 // FIXME: Use range_query instead of global ranges.
3042 enum value_range_kind rng
= get_range_info (cnt
, cntrange
, cntrange
+ 1);
3043 if (rng
== VR_RANGE
)
3045 else if (rng
== VR_ANTI_RANGE
)
3047 wide_int maxobjsize
= wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node
));
3049 if (wi::ltu_p (cntrange
[1], maxobjsize
))
3051 cntrange
[0] = cntrange
[1] + 1;
3052 cntrange
[1] = maxobjsize
;
3056 cntrange
[1] = cntrange
[0] - 1;
3057 cntrange
[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt
)));
3063 /* Negative value is the constant string length. If it's less than
3064 the lower bound there is no truncation. Avoid calling get_stridx()
3065 when ssa_ver_to_stridx is empty. That implies the caller isn't
3066 running under the control of this pass and ssa_ver_to_stridx hasn't
3067 been created yet. */
3068 int sidx
= ssa_ver_to_stridx
.length () ? get_stridx (src
) : 0;
3069 if (sidx
< 0 && wi::gtu_p (cntrange
[0], ~sidx
))
3072 tree dst
= gimple_call_arg (stmt
, 0);
3074 if (TREE_CODE (dstdecl
) == ADDR_EXPR
)
3075 dstdecl
= TREE_OPERAND (dstdecl
, 0);
3077 tree ref
= NULL_TREE
;
3081 /* If the source is a non-string return early to avoid warning
3082 for possible truncation (if the truncation is certain SIDX
3084 tree srcdecl
= gimple_call_arg (stmt
, 1);
3085 if (TREE_CODE (srcdecl
) == ADDR_EXPR
)
3086 srcdecl
= TREE_OPERAND (srcdecl
, 0);
3087 if (get_attr_nonstring_decl (srcdecl
, &ref
))
3091 /* Likewise, if the destination refers to an array/pointer declared
3092 nonstring return early. */
3093 if (get_attr_nonstring_decl (dstdecl
, &ref
))
3096 /* Look for dst[i] = '\0'; after the stxncpy() call and if found
3097 avoid the truncation warning. */
3098 gsi_next_nondebug (&gsi
);
3099 gimple
*next_stmt
= gsi_stmt (gsi
);
3102 /* When there is no statement in the same basic block check
3103 the immediate successor block. */
3104 if (basic_block bb
= gimple_bb (stmt
))
3106 if (single_succ_p (bb
))
3108 /* For simplicity, ignore blocks with multiple outgoing
3109 edges for now and only consider successor blocks along
3111 edge e
= EDGE_SUCC (bb
, 0);
3112 if (!(e
->flags
& EDGE_ABNORMAL
))
3114 gsi
= gsi_start_bb (e
->dest
);
3115 next_stmt
= gsi_stmt (gsi
);
3116 if (next_stmt
&& is_gimple_debug (next_stmt
))
3118 gsi_next_nondebug (&gsi
);
3119 next_stmt
= gsi_stmt (gsi
);
3126 if (next_stmt
&& is_gimple_assign (next_stmt
))
3128 tree lhs
= gimple_assign_lhs (next_stmt
);
3129 tree_code code
= TREE_CODE (lhs
);
3130 if (code
== ARRAY_REF
|| code
== MEM_REF
)
3131 lhs
= TREE_OPERAND (lhs
, 0);
3133 tree func
= gimple_call_fndecl (stmt
);
3134 if (DECL_FUNCTION_CODE (func
) == BUILT_IN_STPNCPY
)
3136 tree ret
= gimple_call_lhs (stmt
);
3137 if (ret
&& operand_equal_p (ret
, lhs
, 0))
3141 /* Determine the base address and offset of the reference,
3142 ignoring the innermost array index. */
3143 if (TREE_CODE (ref
) == ARRAY_REF
)
3144 ref
= TREE_OPERAND (ref
, 0);
3147 tree dstbase
= get_addr_base_and_unit_offset (ref
, &dstoff
);
3150 tree lhsbase
= get_addr_base_and_unit_offset (lhs
, &lhsoff
);
3153 && known_eq (dstoff
, lhsoff
)
3154 && operand_equal_p (dstbase
, lhsbase
, 0))
3158 int prec
= TYPE_PRECISION (TREE_TYPE (cnt
));
3159 wide_int lenrange
[2];
3160 if (strinfo
*sisrc
= sidx
> 0 ? get_strinfo (sidx
) : NULL
)
3162 lenrange
[0] = (sisrc
->nonzero_chars
3163 && TREE_CODE (sisrc
->nonzero_chars
) == INTEGER_CST
3164 ? wi::to_wide (sisrc
->nonzero_chars
)
3166 lenrange
[1] = lenrange
[0];
3169 lenrange
[0] = lenrange
[1] = wi::shwi (~sidx
, prec
);
3172 c_strlen_data lendata
= { };
3173 /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
3174 to have it set to the length of the longest string in a PHI. */
3175 lendata
.maxbound
= src
;
3176 get_range_strlen (src
, &lendata
, /* eltsize = */1);
3177 if (TREE_CODE (lendata
.minlen
) == INTEGER_CST
3178 && TREE_CODE (lendata
.maxbound
) == INTEGER_CST
)
3180 /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
3181 which stores the length of the shortest known string. */
3182 if (integer_all_onesp (lendata
.maxlen
))
3183 lenrange
[0] = wi::shwi (0, prec
);
3185 lenrange
[0] = wi::to_wide (lendata
.minlen
, prec
);
3186 lenrange
[1] = wi::to_wide (lendata
.maxbound
, prec
);
3190 lenrange
[0] = wi::shwi (0, prec
);
3191 lenrange
[1] = wi::shwi (-1, prec
);
3195 location_t callloc
= gimple_or_expr_nonartificial_location (stmt
, dst
);
3196 tree func
= gimple_call_fndecl (stmt
);
3198 if (lenrange
[0] != 0 || !wi::neg_p (lenrange
[1]))
3200 /* If the longest source string is shorter than the lower bound
3201 of the specified count the copy is definitely nul-terminated. */
3202 if (wi::ltu_p (lenrange
[1], cntrange
[0]))
3205 if (wi::neg_p (lenrange
[1]))
3207 /* The length of one of the strings is unknown but at least
3208 one has non-zero length and that length is stored in
3209 LENRANGE[1]. Swap the bounds to force a "may be truncated"
3211 lenrange
[1] = lenrange
[0];
3212 lenrange
[0] = wi::shwi (0, prec
);
3215 /* Set to true for strncat whose bound is derived from the length
3216 of the destination (the expected usage pattern). */
3217 bool cat_dstlen_bounded
= false;
3218 if (DECL_FUNCTION_CODE (func
) == BUILT_IN_STRNCAT
)
3219 cat_dstlen_bounded
= is_strlen_related_p (dst
, cnt
);
3221 if (lenrange
[0] == cntrange
[1] && cntrange
[0] == cntrange
[1])
3222 return warning_n (callloc
, OPT_Wstringop_truncation
,
3223 cntrange
[0].to_uhwi (),
3224 "%G%qD output truncated before terminating "
3225 "nul copying %E byte from a string of the "
3227 "%G%qD output truncated before terminating nul "
3228 "copying %E bytes from a string of the same "
3231 else if (!cat_dstlen_bounded
)
3233 if (wi::geu_p (lenrange
[0], cntrange
[1]))
3235 /* The shortest string is longer than the upper bound of
3236 the count so the truncation is certain. */
3237 if (cntrange
[0] == cntrange
[1])
3238 return warning_n (callloc
, OPT_Wstringop_truncation
,
3239 cntrange
[0].to_uhwi (),
3240 "%G%qD output truncated copying %E byte "
3241 "from a string of length %wu",
3242 "%G%qD output truncated copying %E bytes "
3243 "from a string of length %wu",
3244 stmt
, func
, cnt
, lenrange
[0].to_uhwi ());
3246 return warning_at (callloc
, OPT_Wstringop_truncation
,
3247 "%G%qD output truncated copying between %wu "
3248 "and %wu bytes from a string of length %wu",
3249 stmt
, func
, cntrange
[0].to_uhwi (),
3250 cntrange
[1].to_uhwi (), lenrange
[0].to_uhwi ());
3252 else if (wi::geu_p (lenrange
[1], cntrange
[1]))
3254 /* The longest string is longer than the upper bound of
3255 the count so the truncation is possible. */
3256 if (cntrange
[0] == cntrange
[1])
3257 return warning_n (callloc
, OPT_Wstringop_truncation
,
3258 cntrange
[0].to_uhwi (),
3259 "%G%qD output may be truncated copying %E "
3260 "byte from a string of length %wu",
3261 "%G%qD output may be truncated copying %E "
3262 "bytes from a string of length %wu",
3263 stmt
, func
, cnt
, lenrange
[1].to_uhwi ());
3265 return warning_at (callloc
, OPT_Wstringop_truncation
,
3266 "%G%qD output may be truncated copying between "
3267 "%wu and %wu bytes from a string of length %wu",
3268 stmt
, func
, cntrange
[0].to_uhwi (),
3269 cntrange
[1].to_uhwi (), lenrange
[1].to_uhwi ());
3273 if (!cat_dstlen_bounded
3274 && cntrange
[0] != cntrange
[1]
3275 && wi::leu_p (cntrange
[0], lenrange
[0])
3276 && wi::leu_p (cntrange
[1], lenrange
[0] + 1))
3278 /* If the source (including the terminating nul) is longer than
3279 the lower bound of the specified count but shorter than the
3280 upper bound the copy may (but need not) be truncated. */
3281 return warning_at (callloc
, OPT_Wstringop_truncation
,
3282 "%G%qD output may be truncated copying between "
3283 "%wu and %wu bytes from a string of length %wu",
3284 stmt
, func
, cntrange
[0].to_uhwi (),
3285 cntrange
[1].to_uhwi (), lenrange
[0].to_uhwi ());
3289 if (tree dstsize
= compute_objsize (dst
, 1))
3291 /* The source length is unknown. Try to determine the destination
3292 size and see if it matches the specified bound. If not, bail.
3293 Otherwise go on to see if it should be diagnosed for possible
3298 if (wi::to_wide (dstsize
) != cntrange
[1])
3301 /* Avoid warning for strncpy(a, b, N) calls where the following
3303 N == sizeof a && N == sizeof b */
3304 if (tree srcsize
= compute_objsize (src
, 1))
3305 if (wi::to_wide (srcsize
) == cntrange
[1])
3308 if (cntrange
[0] == cntrange
[1])
3309 return warning_at (callloc
, OPT_Wstringop_truncation
,
3310 "%G%qD specified bound %E equals destination size",
3317 /* Check the arguments to the built-in forms of stpncpy, strncpy, and
3318 strncat, for out-of-bounds offsets or overlapping access, and to see
3319 if the size is derived from calling strlen() on the source argument,
3320 and if so, issue the appropriate warning.
3321 APPEND_P is true for strncat. */
3324 handle_builtin_stxncpy_strncat (bool append_p
, gimple_stmt_iterator
*gsi
)
3326 if (!strlen_to_stridx
)
3329 gimple
*stmt
= gsi_stmt (*gsi
);
3331 tree dst
= gimple_call_arg (stmt
, 0);
3332 tree src
= gimple_call_arg (stmt
, 1);
3333 tree len
= gimple_call_arg (stmt
, 2);
3334 tree dstsize
= NULL_TREE
, srcsize
= NULL_TREE
;
3336 int didx
= get_stridx (dst
);
3337 if (strinfo
*sidst
= didx
> 0 ? get_strinfo (didx
) : NULL
)
3339 /* Compute the size of the destination string including the nul
3340 if it is known to be nul-terminated. */
3341 if (sidst
->nonzero_chars
)
3343 if (sidst
->full_string_p
)
3345 /* String is known to be nul-terminated. */
3346 tree type
= TREE_TYPE (sidst
->nonzero_chars
);
3347 dstsize
= fold_build2 (PLUS_EXPR
, type
, sidst
->nonzero_chars
,
3348 build_int_cst (type
, 1));
3351 dstsize
= sidst
->nonzero_chars
;
3357 int sidx
= get_stridx (src
);
3358 strinfo
*sisrc
= sidx
> 0 ? get_strinfo (sidx
) : NULL
;
3361 /* strncat() and strncpy() can modify the source string by writing
3362 over the terminating nul so SISRC->DONT_INVALIDATE must be left
3365 /* Compute the size of the source string including the terminating
3366 nul if its known to be nul-terminated. */
3367 if (sisrc
->nonzero_chars
)
3369 if (sisrc
->full_string_p
)
3371 tree type
= TREE_TYPE (sisrc
->nonzero_chars
);
3372 srcsize
= fold_build2 (PLUS_EXPR
, type
, sisrc
->nonzero_chars
,
3373 build_int_cst (type
, 1));
3376 srcsize
= sisrc
->nonzero_chars
;
3382 srcsize
= NULL_TREE
;
3384 if (check_bounds_or_overlap (stmt
, dst
, src
, dstsize
, srcsize
))
3386 gimple_set_no_warning (stmt
, true);
3390 /* If the length argument was computed from strlen(S) for some string
3391 S retrieve the strinfo index for the string (PSS->FIRST) along with
3392 the location of the strlen() call (PSS->SECOND). */
3393 stridx_strlenloc
*pss
= strlen_to_stridx
->get (len
);
3394 if (!pss
|| pss
->first
<= 0)
3396 if (maybe_diag_stxncpy_trunc (*gsi
, src
, len
))
3397 gimple_set_no_warning (stmt
, true);
3402 /* Retrieve the strinfo data for the string S that LEN was computed
3403 from as some function F of strlen (S) (i.e., LEN need not be equal
3405 strinfo
*silen
= get_strinfo (pss
->first
);
3407 location_t callloc
= gimple_or_expr_nonartificial_location (stmt
, dst
);
3409 tree func
= gimple_call_fndecl (stmt
);
3411 bool warned
= false;
3413 /* When -Wstringop-truncation is set, try to determine truncation
3414 before diagnosing possible overflow. Truncation is implied by
3415 the LEN argument being equal to strlen(SRC), regardless of
3416 whether its value is known. Otherwise, issue the more generic
3417 -Wstringop-overflow which triggers for LEN arguments that in
3418 any meaningful way depend on strlen(SRC). */
3421 && is_strlen_related_p (src
, len
)
3422 && warning_at (callloc
, OPT_Wstringop_truncation
,
3423 "%G%qD output truncated before terminating nul "
3424 "copying as many bytes from a string as its length",
3427 else if (silen
&& is_strlen_related_p (src
, silen
->ptr
))
3428 warned
= warning_at (callloc
, OPT_Wstringop_overflow_
,
3429 "%G%qD specified bound depends on the length "
3430 "of the source argument",
3434 location_t strlenloc
= pss
->second
;
3435 if (strlenloc
!= UNKNOWN_LOCATION
&& strlenloc
!= callloc
)
3436 inform (strlenloc
, "length computed here");
3440 /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
3441 If strlen of the second argument is known and length of the third argument
3442 is that plus one, strlen of the first argument is the same after this
3443 call. Uses RVALS to determine range information. */
3446 handle_builtin_memcpy (enum built_in_function bcode
, gimple_stmt_iterator
*gsi
,
3449 tree lhs
, oldlen
, newlen
;
3450 gimple
*stmt
= gsi_stmt (*gsi
);
3453 tree len
= gimple_call_arg (stmt
, 2);
3454 tree src
= gimple_call_arg (stmt
, 1);
3455 tree dst
= gimple_call_arg (stmt
, 0);
3457 int didx
= get_stridx (dst
);
3458 strinfo
*olddsi
= NULL
;
3460 olddsi
= get_strinfo (didx
);
3465 && !integer_zerop (len
))
3467 maybe_warn_overflow (stmt
, len
, rvals
, olddsi
, false, true);
3468 adjust_last_stmt (olddsi
, stmt
, false);
3471 int idx
= get_stridx (src
);
3480 /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
3482 si
= get_strinfo (idx
);
3483 if (si
== NULL
|| si
->nonzero_chars
== NULL_TREE
)
3485 if (TREE_CODE (len
) == INTEGER_CST
3486 && TREE_CODE (si
->nonzero_chars
) == INTEGER_CST
)
3488 if (tree_int_cst_le (len
, si
->nonzero_chars
))
3490 /* Copying LEN nonzero characters, where LEN is constant. */
3492 full_string_p
= false;
3496 /* Copying the whole of the analyzed part of SI. */
3497 newlen
= si
->nonzero_chars
;
3498 full_string_p
= si
->full_string_p
;
3503 if (!si
->full_string_p
)
3505 if (TREE_CODE (len
) != SSA_NAME
)
3507 def_stmt
= SSA_NAME_DEF_STMT (len
);
3508 if (!is_gimple_assign (def_stmt
)
3509 || gimple_assign_rhs_code (def_stmt
) != PLUS_EXPR
3510 || gimple_assign_rhs1 (def_stmt
) != si
->nonzero_chars
3511 || !integer_onep (gimple_assign_rhs2 (def_stmt
)))
3513 /* Copying variable-length string SI (and no more). */
3514 newlen
= si
->nonzero_chars
;
3515 full_string_p
= true;
3521 /* Handle memcpy (x, "abcd", 5) or
3522 memcpy (x, "abc\0uvw", 7). */
3523 if (!tree_fits_uhwi_p (len
))
3526 unsigned HOST_WIDE_INT clen
= tree_to_uhwi (len
);
3527 unsigned HOST_WIDE_INT nonzero_chars
= ~idx
;
3528 newlen
= build_int_cst (size_type_node
, MIN (nonzero_chars
, clen
));
3529 full_string_p
= clen
> nonzero_chars
;
3534 && olddsi
->nonzero_chars
3535 && TREE_CODE (olddsi
->nonzero_chars
) == INTEGER_CST
3536 && tree_int_cst_le (newlen
, olddsi
->nonzero_chars
))
3538 /* The SRC substring being written strictly overlaps
3539 a subsequence of the existing string OLDDSI. */
3540 newlen
= olddsi
->nonzero_chars
;
3541 full_string_p
= olddsi
->full_string_p
;
3544 if (olddsi
!= NULL
&& TREE_CODE (len
) == SSA_NAME
)
3545 adjust_last_stmt (olddsi
, stmt
, false);
3549 didx
= new_stridx (dst
);
3556 dsi
= unshare_strinfo (olddsi
);
3557 oldlen
= olddsi
->nonzero_chars
;
3558 dsi
->nonzero_chars
= newlen
;
3559 dsi
->full_string_p
= full_string_p
;
3560 /* Break the chain, so adjust_related_strinfo on later pointers in
3561 the chain won't adjust this one anymore. */
3564 dsi
->endptr
= NULL_TREE
;
3568 dsi
= new_strinfo (dst
, didx
, newlen
, full_string_p
);
3569 set_strinfo (didx
, dsi
);
3570 find_equal_ptrs (dst
, didx
);
3572 dsi
->writable
= true;
3573 dsi
->dont_invalidate
= true;
3576 tree adj
= NULL_TREE
;
3577 location_t loc
= gimple_location (stmt
);
3578 if (oldlen
== NULL_TREE
)
3580 else if (integer_zerop (oldlen
))
3582 else if (TREE_CODE (oldlen
) == INTEGER_CST
3583 || TREE_CODE (newlen
) == INTEGER_CST
)
3584 adj
= fold_build2_loc (loc
, MINUS_EXPR
, TREE_TYPE (newlen
), newlen
,
3585 fold_convert_loc (loc
, TREE_TYPE (newlen
),
3587 if (adj
!= NULL_TREE
)
3588 adjust_related_strinfos (loc
, dsi
, adj
);
3592 /* memcpy src may not overlap dst, so src doesn't need to be
3593 invalidated either. */
3595 si
->dont_invalidate
= true;
3599 lhs
= gimple_call_lhs (stmt
);
3602 case BUILT_IN_MEMCPY
:
3603 case BUILT_IN_MEMCPY_CHK
:
3604 /* Allow adjust_last_stmt to decrease this memcpy's size. */
3605 laststmt
.stmt
= stmt
;
3606 laststmt
.len
= dsi
->nonzero_chars
;
3607 laststmt
.stridx
= dsi
->idx
;
3609 ssa_ver_to_stridx
[SSA_NAME_VERSION (lhs
)] = didx
;
3611 case BUILT_IN_MEMPCPY
:
3612 case BUILT_IN_MEMPCPY_CHK
:
3620 /* Handle a strcat-like ({strcat,__strcat_chk}) call.
3621 If strlen of the second argument is known, strlen of the first argument
3622 is increased by the length of the second argument. Furthermore, attempt
3623 to convert it to memcpy/strcpy if the length of the first argument
3627 handle_builtin_strcat (enum built_in_function bcode
, gimple_stmt_iterator
*gsi
)
3630 tree srclen
, args
, type
, fn
, objsz
, endptr
;
3632 gimple
*stmt
= gsi_stmt (*gsi
);
3634 location_t loc
= gimple_location (stmt
);
3636 tree src
= gimple_call_arg (stmt
, 1);
3637 tree dst
= gimple_call_arg (stmt
, 0);
3639 /* Bail if the source is the same as destination. It will be diagnosed
3641 if (operand_equal_p (src
, dst
, 0))
3644 tree lhs
= gimple_call_lhs (stmt
);
3646 didx
= get_stridx (dst
);
3652 dsi
= get_strinfo (didx
);
3656 idx
= get_stridx (src
);
3658 srclen
= build_int_cst (size_type_node
, ~idx
);
3661 si
= get_strinfo (idx
);
3663 srclen
= get_string_length (si
);
3666 /* Set the no-warning bit on the transformed statement? */
3667 bool set_no_warning
= false;
3669 if (dsi
== NULL
|| get_string_length (dsi
) == NULL_TREE
)
3672 /* The concatenation always involves copying at least one byte
3673 (the terminating nul), even if the source string is empty.
3674 If the source is unknown assume it's one character long and
3675 used that as both sizes. */
3679 tree type
= TREE_TYPE (slen
);
3680 slen
= fold_build2 (PLUS_EXPR
, type
, slen
, build_int_cst (type
, 1));
3683 tree sptr
= si
&& si
->ptr
? si
->ptr
: src
;
3685 if (check_bounds_or_overlap (stmt
, dst
, sptr
, NULL_TREE
, slen
))
3687 gimple_set_no_warning (stmt
, true);
3688 set_no_warning
= true;
3692 /* strcat (p, q) can be transformed into
3693 tmp = p + strlen (p); endptr = stpcpy (tmp, q);
3694 with length endptr - p if we need to compute the length
3695 later on. Don't do this transformation if we don't need
3697 if (builtin_decl_implicit_p (BUILT_IN_STPCPY
) && lhs
== NULL_TREE
)
3701 didx
= new_stridx (dst
);
3707 dsi
= new_strinfo (dst
, didx
, NULL_TREE
, false);
3708 set_strinfo (didx
, dsi
);
3709 find_equal_ptrs (dst
, didx
);
3713 dsi
= unshare_strinfo (dsi
);
3714 dsi
->nonzero_chars
= NULL_TREE
;
3715 dsi
->full_string_p
= false;
3717 dsi
->endptr
= NULL_TREE
;
3719 dsi
->writable
= true;
3721 dsi
->dont_invalidate
= true;
3726 tree dstlen
= dsi
->nonzero_chars
;
3727 endptr
= dsi
->endptr
;
3729 dsi
= unshare_strinfo (dsi
);
3730 dsi
->endptr
= NULL_TREE
;
3732 dsi
->writable
= true;
3734 if (srclen
!= NULL_TREE
)
3736 dsi
->nonzero_chars
= fold_build2_loc (loc
, PLUS_EXPR
,
3737 TREE_TYPE (dsi
->nonzero_chars
),
3738 dsi
->nonzero_chars
, srclen
);
3739 gcc_assert (dsi
->full_string_p
);
3740 adjust_related_strinfos (loc
, dsi
, srclen
);
3741 dsi
->dont_invalidate
= true;
3745 dsi
->nonzero_chars
= NULL
;
3746 dsi
->full_string_p
= false;
3747 if (lhs
== NULL_TREE
&& builtin_decl_implicit_p (BUILT_IN_STPCPY
))
3748 dsi
->dont_invalidate
= true;
3752 /* strcat src may not overlap dst, so src doesn't need to be
3753 invalidated either. */
3754 si
->dont_invalidate
= true;
3756 /* For now. Could remove the lhs from the call and add
3757 lhs = dst; afterwards. */
3765 case BUILT_IN_STRCAT
:
3766 if (srclen
!= NULL_TREE
)
3767 fn
= builtin_decl_implicit (BUILT_IN_MEMCPY
);
3769 fn
= builtin_decl_implicit (BUILT_IN_STRCPY
);
3771 case BUILT_IN_STRCAT_CHK
:
3772 if (srclen
!= NULL_TREE
)
3773 fn
= builtin_decl_explicit (BUILT_IN_MEMCPY_CHK
);
3775 fn
= builtin_decl_explicit (BUILT_IN_STRCPY_CHK
);
3776 objsz
= gimple_call_arg (stmt
, 2);
3782 if (fn
== NULL_TREE
)
3787 tree type
= TREE_TYPE (dstlen
);
3789 /* Compute the size of the source sequence, including the nul. */
3790 tree srcsize
= srclen
? srclen
: size_zero_node
;
3791 tree one
= build_int_cst (type
, 1);
3792 srcsize
= fold_build2 (PLUS_EXPR
, type
, srcsize
, one
);
3793 tree dstsize
= fold_build2 (PLUS_EXPR
, type
, dstlen
, one
);
3794 tree sptr
= si
&& si
->ptr
? si
->ptr
: src
;
3796 if (check_bounds_or_overlap (stmt
, dst
, sptr
, dstsize
, srcsize
))
3798 gimple_set_no_warning (stmt
, true);
3799 set_no_warning
= true;
3803 tree len
= NULL_TREE
;
3804 if (srclen
!= NULL_TREE
)
3806 args
= TYPE_ARG_TYPES (TREE_TYPE (fn
));
3807 type
= TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args
)));
3809 len
= fold_convert_loc (loc
, type
, unshare_expr (srclen
));
3810 len
= fold_build2_loc (loc
, PLUS_EXPR
, type
, len
,
3811 build_int_cst (type
, 1));
3812 len
= force_gimple_operand_gsi (gsi
, len
, true, NULL_TREE
, true,
3816 dst
= fold_convert_loc (loc
, TREE_TYPE (dst
), unshare_expr (endptr
));
3818 dst
= fold_build2_loc (loc
, POINTER_PLUS_EXPR
, TREE_TYPE (dst
), dst
,
3819 fold_convert_loc (loc
, sizetype
,
3820 unshare_expr (dstlen
)));
3821 dst
= force_gimple_operand_gsi (gsi
, dst
, true, NULL_TREE
, true,
3825 objsz
= fold_build2_loc (loc
, MINUS_EXPR
, TREE_TYPE (objsz
), objsz
,
3826 fold_convert_loc (loc
, TREE_TYPE (objsz
),
3827 unshare_expr (dstlen
)));
3828 objsz
= force_gimple_operand_gsi (gsi
, objsz
, true, NULL_TREE
, true,
3831 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
3833 fprintf (dump_file
, "Optimizing: ");
3834 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
3836 if (srclen
!= NULL_TREE
)
3837 success
= update_gimple_call (gsi
, fn
, 3 + (objsz
!= NULL_TREE
),
3838 dst
, src
, len
, objsz
);
3840 success
= update_gimple_call (gsi
, fn
, 2 + (objsz
!= NULL_TREE
),
3844 stmt
= gsi_stmt (*gsi
);
3846 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
3848 fprintf (dump_file
, "into: ");
3849 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
3851 /* If srclen == NULL, note that current string length can be
3852 computed by transforming this strcpy into stpcpy. */
3853 if (srclen
== NULL_TREE
&& dsi
->dont_invalidate
)
3855 adjust_last_stmt (dsi
, stmt
, true);
3856 if (srclen
!= NULL_TREE
)
3858 laststmt
.stmt
= stmt
;
3859 laststmt
.len
= srclen
;
3860 laststmt
.stridx
= dsi
->idx
;
3863 else if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
3864 fprintf (dump_file
, "not possible.\n");
3867 gimple_set_no_warning (stmt
, true);
3870 /* Handle a call to an allocation function like alloca, malloc or calloc,
3871 or an ordinary allocation function declared with attribute alloc_size. */
3874 handle_alloc_call (enum built_in_function bcode
, gimple_stmt_iterator
*gsi
)
3876 gimple
*stmt
= gsi_stmt (*gsi
);
3877 tree lhs
= gimple_call_lhs (stmt
);
3878 if (lhs
== NULL_TREE
)
3881 gcc_assert (get_stridx (lhs
) == 0);
3882 int idx
= new_stridx (lhs
);
3883 tree length
= NULL_TREE
;
3884 if (bcode
== BUILT_IN_CALLOC
)
3885 length
= build_int_cst (size_type_node
, 0);
3886 strinfo
*si
= new_strinfo (lhs
, idx
, length
, length
!= NULL_TREE
);
3887 if (bcode
== BUILT_IN_CALLOC
)
3889 /* Only set STMT for calloc and malloc. */
3891 /* Only set ENDPTR for calloc. */
3894 else if (bcode
== BUILT_IN_MALLOC
)
3897 /* Set ALLOC is set for all allocation functions. */
3899 set_strinfo (idx
, si
);
3900 si
->writable
= true;
3901 si
->dont_invalidate
= true;
3904 /* Handle a call to memset.
3905 After a call to calloc, memset(,0,) is unnecessary.
3906 memset(malloc(n),0,n) is calloc(n,1).
3907 return true when the call is transformed, false otherwise.
3908 When nonnull uses RVALS to determine range information. */
3911 handle_builtin_memset (gimple_stmt_iterator
*gsi
, bool *zero_write
,
3914 gimple
*memset_stmt
= gsi_stmt (*gsi
);
3915 tree ptr
= gimple_call_arg (memset_stmt
, 0);
3916 /* Set to the non-constant offset added to PTR. */
3918 int idx1
= get_stridx (ptr
, offrng
, rvals
);
3921 strinfo
*si1
= get_strinfo (idx1
);
3924 gimple
*alloc_stmt
= si1
->alloc
;
3925 if (!alloc_stmt
|| !is_gimple_call (alloc_stmt
))
3927 tree callee1
= gimple_call_fndecl (alloc_stmt
);
3928 if (!valid_builtin_call (alloc_stmt
))
3930 tree alloc_size
= gimple_call_arg (alloc_stmt
, 0);
3931 tree memset_size
= gimple_call_arg (memset_stmt
, 2);
3933 /* Check for overflow. */
3934 maybe_warn_overflow (memset_stmt
, memset_size
, rvals
, NULL
, false, true);
3936 /* Bail when there is no statement associated with the destination
3937 (the statement may be null even when SI1->ALLOC is not). */
3941 /* Avoid optimizing if store is at a variable offset from the beginning
3942 of the allocated object. */
3943 if (offrng
[0] != 0 || offrng
[0] != offrng
[1])
3946 /* Bail when the call writes a non-zero value. */
3947 if (!integer_zerop (gimple_call_arg (memset_stmt
, 1)))
3950 /* Let the caller know the memset call cleared the destination. */
3953 enum built_in_function code1
= DECL_FUNCTION_CODE (callee1
);
3954 if (code1
== BUILT_IN_CALLOC
)
3955 /* Not touching alloc_stmt */ ;
3956 else if (code1
== BUILT_IN_MALLOC
3957 && operand_equal_p (memset_size
, alloc_size
, 0))
3959 /* Replace the malloc + memset calls with calloc. */
3960 gimple_stmt_iterator gsi1
= gsi_for_stmt (si1
->stmt
);
3961 update_gimple_call (&gsi1
, builtin_decl_implicit (BUILT_IN_CALLOC
), 2,
3962 alloc_size
, build_one_cst (size_type_node
));
3963 si1
->nonzero_chars
= build_int_cst (size_type_node
, 0);
3964 si1
->full_string_p
= true;
3965 si1
->stmt
= gsi_stmt (gsi1
);
3969 tree lhs
= gimple_call_lhs (memset_stmt
);
3970 unlink_stmt_vdef (memset_stmt
);
3973 gimple
*assign
= gimple_build_assign (lhs
, ptr
);
3974 gsi_replace (gsi
, assign
, false);
3978 gsi_remove (gsi
, true);
3979 release_defs (memset_stmt
);
3985 /* Return first such statement if RES is used in statements testing its
3986 equality to zero, and null otherwise. If EXCLUSIVE is true, return
3987 nonnull if and only RES is used in such expressions exclusively and
3991 use_in_zero_equality (tree res
, bool exclusive
= true)
3993 gimple
*first_use
= NULL
;
3995 use_operand_p use_p
;
3996 imm_use_iterator iter
;
3998 FOR_EACH_IMM_USE_FAST (use_p
, iter
, res
)
4000 gimple
*use_stmt
= USE_STMT (use_p
);
4002 if (is_gimple_debug (use_stmt
))
4005 if (gimple_code (use_stmt
) == GIMPLE_ASSIGN
)
4007 tree_code code
= gimple_assign_rhs_code (use_stmt
);
4008 if (code
== COND_EXPR
)
4010 tree cond_expr
= gimple_assign_rhs1 (use_stmt
);
4011 if ((TREE_CODE (cond_expr
) != EQ_EXPR
4012 && (TREE_CODE (cond_expr
) != NE_EXPR
))
4013 || !integer_zerop (TREE_OPERAND (cond_expr
, 1)))
4020 else if (code
== EQ_EXPR
|| code
== NE_EXPR
)
4022 if (!integer_zerop (gimple_assign_rhs2 (use_stmt
)))
4034 else if (gimple_code (use_stmt
) == GIMPLE_COND
)
4036 tree_code code
= gimple_cond_code (use_stmt
);
4037 if ((code
!= EQ_EXPR
&& code
!= NE_EXPR
)
4038 || !integer_zerop (gimple_cond_rhs (use_stmt
)))
4051 first_use
= use_stmt
;
4057 /* Handle a call to memcmp. We try to handle small comparisons by
4058 converting them to load and compare, and replacing the call to memcmp
4059 with a __builtin_memcmp_eq call where possible.
4060 return true when call is transformed, return false otherwise. */
4063 handle_builtin_memcmp (gimple_stmt_iterator
*gsi
)
4065 gcall
*stmt
= as_a
<gcall
*> (gsi_stmt (*gsi
));
4066 tree res
= gimple_call_lhs (stmt
);
4068 if (!res
|| !use_in_zero_equality (res
))
4071 tree arg1
= gimple_call_arg (stmt
, 0);
4072 tree arg2
= gimple_call_arg (stmt
, 1);
4073 tree len
= gimple_call_arg (stmt
, 2);
4074 unsigned HOST_WIDE_INT leni
;
4076 if (tree_fits_uhwi_p (len
)
4077 && (leni
= tree_to_uhwi (len
)) <= GET_MODE_SIZE (word_mode
)
4078 && pow2p_hwi (leni
))
4080 leni
*= CHAR_TYPE_SIZE
;
4081 unsigned align1
= get_pointer_alignment (arg1
);
4082 unsigned align2
= get_pointer_alignment (arg2
);
4083 unsigned align
= MIN (align1
, align2
);
4084 scalar_int_mode mode
;
4085 if (int_mode_for_size (leni
, 1).exists (&mode
)
4086 && (align
>= leni
|| !targetm
.slow_unaligned_access (mode
, align
)))
4088 location_t loc
= gimple_location (stmt
);
4090 type
= build_nonstandard_integer_type (leni
, 1);
4091 gcc_assert (known_eq (GET_MODE_BITSIZE (TYPE_MODE (type
)), leni
));
4092 tree ptrtype
= build_pointer_type_for_mode (char_type_node
,
4094 off
= build_int_cst (ptrtype
, 0);
4095 arg1
= build2_loc (loc
, MEM_REF
, type
, arg1
, off
);
4096 arg2
= build2_loc (loc
, MEM_REF
, type
, arg2
, off
);
4097 tree tem1
= fold_const_aggregate_ref (arg1
);
4100 tree tem2
= fold_const_aggregate_ref (arg2
);
4103 res
= fold_convert_loc (loc
, TREE_TYPE (res
),
4104 fold_build2_loc (loc
, NE_EXPR
,
4107 gimplify_and_update_call_from_tree (gsi
, res
);
4112 gimple_call_set_fndecl (stmt
, builtin_decl_explicit (BUILT_IN_MEMCMP_EQ
));
4116 /* Given strinfo IDX for ARG, sets LENRNG[] to the range of lengths
4117 of the string(s) referenced by ARG if it can be determined.
4118 If the length cannot be determined, sets *SIZE to the size of
4119 the array the string is stored in, if any. If no such array is
4120 known, sets *SIZE to -1. When the strings are nul-terminated sets
4121 *NULTERM to true, otherwise to false. When nonnull uses RVALS to
4122 determine range information. Returns true on success. */
4125 get_len_or_size (gimple
*stmt
, tree arg
, int idx
,
4126 unsigned HOST_WIDE_INT lenrng
[2],
4127 unsigned HOST_WIDE_INT
*size
, bool *nulterm
,
4131 *size
= HOST_WIDE_INT_M1U
;
4135 /* IDX is the inverted constant string length. */
4137 lenrng
[1] = lenrng
[0];
4142 /* Set so that both LEN and ~LEN are invalid lengths, i.e., maximum
4143 possible length + 1. */
4144 lenrng
[0] = lenrng
[1] = HOST_WIDE_INT_MAX
;
4146 if (strinfo
*si
= idx
? get_strinfo (idx
) : NULL
)
4148 /* FIXME: Handle all this in_range_strlen_dynamic. */
4149 if (!si
->nonzero_chars
)
4151 else if (tree_fits_uhwi_p (si
->nonzero_chars
))
4153 lenrng
[0] = tree_to_uhwi (si
->nonzero_chars
);
4154 *nulterm
= si
->full_string_p
;
4155 /* Set the upper bound only if the string is known to be
4156 nul-terminated, otherwise leave it at maximum + 1. */
4158 lenrng
[1] = lenrng
[0];
4160 else if (TREE_CODE (si
->nonzero_chars
) == SSA_NAME
)
4163 // FIXME: Use range_query instead of global ranges.
4164 value_range_kind rng
= get_range_info (si
->nonzero_chars
, &min
, &max
);
4165 if (rng
== VR_RANGE
)
4167 lenrng
[0] = min
.to_uhwi ();
4168 lenrng
[1] = max
.to_uhwi ();
4169 *nulterm
= si
->full_string_p
;
4174 if (lenrng
[0] != HOST_WIDE_INT_MAX
)
4177 /* Compute the minimum and maximum real or possible lengths. */
4178 c_strlen_data lendata
= { };
4179 /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
4180 to have it set to the length of the longest string in a PHI. */
4181 lendata
.maxbound
= arg
;
4182 get_range_strlen_dynamic (arg
, stmt
, &lendata
, rvals
);
4184 unsigned HOST_WIDE_INT maxbound
= HOST_WIDE_INT_M1U
;
4185 if (tree_fits_uhwi_p (lendata
.maxbound
)
4186 && !integer_all_onesp (lendata
.maxbound
))
4187 maxbound
= tree_to_uhwi (lendata
.maxbound
);
4189 if (tree_fits_uhwi_p (lendata
.minlen
) && tree_fits_uhwi_p (lendata
.maxlen
))
4191 unsigned HOST_WIDE_INT minlen
= tree_to_uhwi (lendata
.minlen
);
4192 unsigned HOST_WIDE_INT maxlen
= tree_to_uhwi (lendata
.maxlen
);
4194 /* The longest string in this data model. */
4195 const unsigned HOST_WIDE_INT lenmax
4196 = tree_to_uhwi (max_object_size ()) - 2;
4198 if (maxbound
== HOST_WIDE_INT_M1U
)
4202 *nulterm
= minlen
== maxlen
;
4204 else if (maxlen
< lenmax
)
4206 *size
= maxbound
+ 1;
4215 if (maxbound
!= HOST_WIDE_INT_M1U
4217 && !integer_all_onesp (lendata
.maxlen
))
4219 /* Set *SIZE to LENDATA.MAXBOUND which is a conservative estimate
4220 of the longest string based on the sizes of the arrays referenced
4222 *size
= maxbound
+ 1;
4230 /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return
4231 the result of 0 == strncmp (A, B, BOUND) (which is the same as strcmp
4232 for a sufficiently large BOUND). If the result is based on the length
4233 of one string being greater than the longest string that would fit in
4234 the array pointer to by the argument, set *PLEN and *PSIZE to
4235 the corresponding length (or its complement when the string is known
4236 to be at least as long and need not be nul-terminated) and size.
4237 Otherwise return null. */
4240 strxcmp_eqz_result (gimple
*stmt
, tree arg1
, int idx1
, tree arg2
, int idx2
,
4241 unsigned HOST_WIDE_INT bound
, unsigned HOST_WIDE_INT len
[2],
4242 unsigned HOST_WIDE_INT
*psize
, range_query
*rvals
)
4244 /* Determine the range the length of each string is in and whether it's
4245 known to be nul-terminated, or the size of the array it's stored in. */
4247 unsigned HOST_WIDE_INT siz1
, siz2
;
4248 unsigned HOST_WIDE_INT len1rng
[2], len2rng
[2];
4249 if (!get_len_or_size (stmt
, arg1
, idx1
, len1rng
, &siz1
, &nul1
, rvals
)
4250 || !get_len_or_size (stmt
, arg2
, idx2
, len2rng
, &siz2
, &nul2
, rvals
))
4253 /* BOUND is set to HWI_M1U for strcmp and less to strncmp, and LENiRNG
4254 to HWI_MAX when invalid. Adjust the length of each string to consider
4255 to be no more than BOUND. */
4256 if (len1rng
[0] < HOST_WIDE_INT_MAX
&& len1rng
[0] > bound
)
4258 if (len1rng
[1] < HOST_WIDE_INT_MAX
&& len1rng
[1] > bound
)
4260 if (len2rng
[0] < HOST_WIDE_INT_MAX
&& len2rng
[0] > bound
)
4262 if (len2rng
[1] < HOST_WIDE_INT_MAX
&& len2rng
[1] > bound
)
4265 /* Two empty strings are equal. */
4266 if (len1rng
[1] == 0 && len2rng
[1] == 0)
4267 return integer_one_node
;
4269 /* The strings are definitely unequal when the lower bound of the length
4270 of one of them is greater than the length of the longest string that
4271 would fit into the other array. */
4272 if (len1rng
[0] == HOST_WIDE_INT_MAX
4273 && len2rng
[0] != HOST_WIDE_INT_MAX
4274 && ((len2rng
[0] < bound
&& len2rng
[0] >= siz1
)
4275 || len2rng
[0] > siz1
))
4278 len
[0] = len1rng
[0];
4279 /* Set LEN[0] to the lower bound of ARG1's length when it's
4280 nul-terminated or to the complement of its minimum length
4282 len
[1] = nul2
? len2rng
[0] : ~len2rng
[0];
4283 return integer_zero_node
;
4286 if (len2rng
[0] == HOST_WIDE_INT_MAX
4287 && len1rng
[0] != HOST_WIDE_INT_MAX
4288 && ((len1rng
[0] < bound
&& len1rng
[0] >= siz2
)
4289 || len1rng
[0] > siz2
))
4292 len
[0] = nul1
? len1rng
[0] : ~len1rng
[0];
4293 len
[1] = len2rng
[0];
4294 return integer_zero_node
;
4297 /* The strings are also definitely unequal when their lengths are unequal
4298 and at least one is nul-terminated. */
4299 if (len1rng
[0] != HOST_WIDE_INT_MAX
4300 && len2rng
[0] != HOST_WIDE_INT_MAX
4301 && ((len1rng
[1] < len2rng
[0] && nul1
)
4302 || (len2rng
[1] < len1rng
[0] && nul2
)))
4304 if (bound
<= len1rng
[0] || bound
<= len2rng
[0])
4307 *psize
= HOST_WIDE_INT_M1U
;
4309 len
[0] = len1rng
[0];
4310 len
[1] = len2rng
[0];
4311 return integer_zero_node
;
4314 /* The string lengths may be equal or unequal. Even when equal and
4315 both strings nul-terminated, without the string contents there's
4316 no way to determine whether they are equal. */
4320 /* Diagnose pointless calls to strcmp or strncmp STMT with string
4321 arguments of lengths LEN or size SIZ and (for strncmp) BOUND,
4322 whose result is used in equality expressions that evaluate to
4323 a constant due to one argument being longer than the size of
4327 maybe_warn_pointless_strcmp (gimple
*stmt
, HOST_WIDE_INT bound
,
4328 unsigned HOST_WIDE_INT len
[2],
4329 unsigned HOST_WIDE_INT siz
)
4331 tree lhs
= gimple_call_lhs (stmt
);
4332 gimple
*use
= use_in_zero_equality (lhs
, /* exclusive = */ false);
4336 bool at_least
= false;
4338 /* Excessive LEN[i] indicates a lower bound. */
4339 if (len
[0] > HOST_WIDE_INT_MAX
)
4345 if (len
[1] > HOST_WIDE_INT_MAX
)
4351 unsigned HOST_WIDE_INT minlen
= MIN (len
[0], len
[1]);
4353 /* FIXME: Include a note pointing to the declaration of the smaller
4355 location_t stmt_loc
= gimple_or_expr_nonartificial_location (stmt
, lhs
);
4357 tree callee
= gimple_call_fndecl (stmt
);
4358 bool warned
= false;
4359 if (siz
<= minlen
&& bound
== -1)
4360 warned
= warning_at (stmt_loc
, OPT_Wstring_compare
,
4362 ? G_("%G%qD of a string of length %wu or more and "
4363 "an array of size %wu evaluates to nonzero")
4364 : G_("%G%qD of a string of length %wu and an array "
4365 "of size %wu evaluates to nonzero")),
4366 stmt
, callee
, minlen
, siz
);
4367 else if (!at_least
&& siz
<= HOST_WIDE_INT_MAX
)
4369 if (len
[0] != HOST_WIDE_INT_MAX
&& len
[1] != HOST_WIDE_INT_MAX
)
4370 warned
= warning_at (stmt_loc
, OPT_Wstring_compare
,
4371 "%G%qD of strings of length %wu and %wu "
4372 "and bound of %wu evaluates to nonzero",
4373 stmt
, callee
, len
[0], len
[1], bound
);
4375 warned
= warning_at (stmt_loc
, OPT_Wstring_compare
,
4376 "%G%qD of a string of length %wu, an array "
4377 "of size %wu and bound of %wu evaluates to "
4379 stmt
, callee
, minlen
, siz
, bound
);
4385 location_t use_loc
= gimple_location (use
);
4386 if (LOCATION_LINE (stmt_loc
) != LOCATION_LINE (use_loc
))
4387 inform (use_loc
, "in this expression");
4391 /* Optimize a call to strcmp or strncmp either by folding it to a constant
4392 when possible or by transforming the latter to the former. Warn about
4393 calls where the length of one argument is greater than the size of
4394 the array to which the other argument points if the latter's length
4395 is not known. Return true when the call has been transformed into
4396 another and false otherwise. */
4399 handle_builtin_string_cmp (gimple_stmt_iterator
*gsi
, range_query
*rvals
)
4401 gcall
*stmt
= as_a
<gcall
*> (gsi_stmt (*gsi
));
4402 tree lhs
= gimple_call_lhs (stmt
);
4407 tree arg1
= gimple_call_arg (stmt
, 0);
4408 tree arg2
= gimple_call_arg (stmt
, 1);
4409 int idx1
= get_stridx (arg1
);
4410 int idx2
= get_stridx (arg2
);
4412 /* For strncmp set to the value of the third argument if known. */
4413 HOST_WIDE_INT bound
= -1;
4414 tree len
= NULL_TREE
;
4415 /* Extract the strncmp bound. */
4416 if (gimple_call_num_args (stmt
) == 3)
4418 len
= gimple_call_arg (stmt
, 2);
4419 if (tree_fits_shwi_p (len
))
4420 bound
= tree_to_shwi (len
);
4422 /* If the bound argument is NOT known, do nothing. */
4427 /* Avoid folding if either argument is not a nul-terminated array.
4428 Defer warning until later. */
4429 if (!check_nul_terminated_array (NULL_TREE
, arg1
, len
)
4430 || !check_nul_terminated_array (NULL_TREE
, arg2
, len
))
4434 /* Set to the length of one argument (or its complement if it's
4435 the lower bound of a range) and the size of the array storing
4436 the other if the result is based on the former being equal to
4437 or greater than the latter. */
4438 unsigned HOST_WIDE_INT len
[2] = { HOST_WIDE_INT_MAX
, HOST_WIDE_INT_MAX
};
4439 unsigned HOST_WIDE_INT siz
= HOST_WIDE_INT_M1U
;
4441 /* Try to determine if the two strings are either definitely equal
4442 or definitely unequal and if so, either fold the result to zero
4443 (when equal) or set the range of the result to ~[0, 0] otherwise. */
4444 if (tree eqz
= strxcmp_eqz_result (stmt
, arg1
, idx1
, arg2
, idx2
, bound
,
4447 if (integer_zerop (eqz
))
4449 maybe_warn_pointless_strcmp (stmt
, bound
, len
, siz
);
4451 /* When the lengths of the first two string arguments are
4452 known to be unequal set the range of the result to non-zero.
4453 This allows the call to be eliminated if its result is only
4454 used in tests for equality to zero. */
4455 wide_int zero
= wi::zero (TYPE_PRECISION (TREE_TYPE (lhs
)));
4456 set_range_info (lhs
, VR_ANTI_RANGE
, zero
, zero
);
4459 /* When the two strings are definitely equal (such as when they
4460 are both empty) fold the call to the constant result. */
4461 replace_call_with_value (gsi
, integer_zero_node
);
4466 /* Return if nothing is known about the strings pointed to by ARG1
4468 if (idx1
== 0 && idx2
== 0)
4471 /* Determine either the length or the size of each of the strings,
4472 whichever is available. */
4473 HOST_WIDE_INT cstlen1
= -1, cstlen2
= -1;
4474 HOST_WIDE_INT arysiz1
= -1, arysiz2
= -1;
4477 unsigned HOST_WIDE_INT len1rng
[2], len2rng
[2];
4478 unsigned HOST_WIDE_INT arsz1
, arsz2
;
4481 if (!get_len_or_size (stmt
, arg1
, idx1
, len1rng
, &arsz1
, nulterm
, rvals
)
4482 || !get_len_or_size (stmt
, arg2
, idx2
, len2rng
, &arsz2
, nulterm
+ 1,
4486 if (len1rng
[0] == len1rng
[1] && len1rng
[0] < HOST_WIDE_INT_MAX
)
4487 cstlen1
= len1rng
[0];
4488 else if (arsz1
< HOST_WIDE_INT_M1U
)
4491 if (len2rng
[0] == len2rng
[1] && len2rng
[0] < HOST_WIDE_INT_MAX
)
4492 cstlen2
= len2rng
[0];
4493 else if (arsz2
< HOST_WIDE_INT_M1U
)
4497 /* Bail if neither the string length nor the size of the array
4498 it is stored in can be determined. */
4499 if ((cstlen1
< 0 && arysiz1
< 0)
4500 || (cstlen2
< 0 && arysiz2
< 0)
4501 || (cstlen1
< 0 && cstlen2
< 0))
4509 /* The exact number of characters to compare. */
4510 HOST_WIDE_INT cmpsiz
;
4511 if (cstlen1
>= 0 && cstlen2
>= 0)
4512 cmpsiz
= MIN (cstlen1
, cstlen2
);
4513 else if (cstlen1
>= 0)
4518 cmpsiz
= MIN (cmpsiz
, bound
);
4519 /* The size of the array in which the unknown string is stored. */
4520 HOST_WIDE_INT varsiz
= arysiz1
< 0 ? arysiz2
: arysiz1
;
4522 if ((varsiz
< 0 || cmpsiz
< varsiz
) && use_in_zero_equality (lhs
))
4524 /* If the known length is less than the size of the other array
4525 and the strcmp result is only used to test equality to zero,
4526 transform the call to the equivalent _eq call. */
4527 if (tree fn
= builtin_decl_implicit (bound
< 0 ? BUILT_IN_STRCMP_EQ
4528 : BUILT_IN_STRNCMP_EQ
))
4530 tree n
= build_int_cst (size_type_node
, cmpsiz
);
4531 update_gimple_call (gsi
, fn
, 3, arg1
, arg2
, n
);
4539 /* Handle a POINTER_PLUS_EXPR statement.
4540 For p = "abcd" + 2; compute associated length, or if
4541 p = q + off is pointing to a '\0' character of a string, call
4542 zero_length_string on it. */
4545 handle_pointer_plus (gimple_stmt_iterator
*gsi
)
4547 gimple
*stmt
= gsi_stmt (*gsi
);
4548 tree lhs
= gimple_assign_lhs (stmt
), off
;
4549 int idx
= get_stridx (gimple_assign_rhs1 (stmt
));
4557 tree off
= gimple_assign_rhs2 (stmt
);
4558 if (tree_fits_uhwi_p (off
)
4559 && tree_to_uhwi (off
) <= (unsigned HOST_WIDE_INT
) ~idx
)
4560 ssa_ver_to_stridx
[SSA_NAME_VERSION (lhs
)]
4561 = ~(~idx
- (int) tree_to_uhwi (off
));
4565 si
= get_strinfo (idx
);
4566 if (si
== NULL
|| si
->nonzero_chars
== NULL_TREE
)
4569 off
= gimple_assign_rhs2 (stmt
);
4571 if (si
->full_string_p
&& operand_equal_p (si
->nonzero_chars
, off
, 0))
4572 zsi
= zero_length_string (lhs
, si
);
4573 else if (TREE_CODE (off
) == SSA_NAME
)
4575 gimple
*def_stmt
= SSA_NAME_DEF_STMT (off
);
4576 if (gimple_assign_single_p (def_stmt
)
4577 && si
->full_string_p
4578 && operand_equal_p (si
->nonzero_chars
,
4579 gimple_assign_rhs1 (def_stmt
), 0))
4580 zsi
= zero_length_string (lhs
, si
);
4583 && si
->endptr
!= NULL_TREE
4584 && si
->endptr
!= lhs
4585 && TREE_CODE (si
->endptr
) == SSA_NAME
)
4587 enum tree_code rhs_code
4588 = useless_type_conversion_p (TREE_TYPE (lhs
), TREE_TYPE (si
->endptr
))
4589 ? SSA_NAME
: NOP_EXPR
;
4590 gimple_assign_set_rhs_with_ops (gsi
, rhs_code
, si
->endptr
);
4591 gcc_assert (gsi_stmt (*gsi
) == stmt
);
4596 /* Describes recursion limits used by count_nonzero_bytes. */
4598 class ssa_name_limit_t
4600 bitmap visited
; /* Bitmap of visited SSA_NAMEs. */
4601 unsigned ssa_def_max
; /* Longest chain of SSA_NAMEs to follow. */
4603 /* Not copyable or assignable. */
4604 ssa_name_limit_t (ssa_name_limit_t
&);
4605 void operator= (ssa_name_limit_t
&);
4611 ssa_def_max (param_ssa_name_def_chain_limit
) { }
4613 int next_ssa_name (tree
);
4615 ~ssa_name_limit_t ()
4618 BITMAP_FREE (visited
);
4622 /* If the SSA_NAME has already been "seen" return a positive value.
4623 Otherwise add it to VISITED. If the SSA_NAME limit has been
4624 reached, return a negative value. Otherwise return zero. */
4626 int ssa_name_limit_t::next_ssa_name (tree ssa_name
)
4629 visited
= BITMAP_ALLOC (NULL
);
4631 /* Return a positive value if SSA_NAME has already been visited. */
4632 if (!bitmap_set_bit (visited
, SSA_NAME_VERSION (ssa_name
)))
4635 /* Return a negative value to let caller avoid recursing beyond
4636 the specified limit. */
4637 if (ssa_def_max
== 0)
4646 count_nonzero_bytes_addr (tree
, unsigned HOST_WIDE_INT
, unsigned HOST_WIDE_INT
,
4647 unsigned [3], bool *, bool *, bool *,
4648 range_query
*, ssa_name_limit_t
&);
4650 /* Determines the minimum and maximum number of leading non-zero bytes
4651 in the representation of EXP and set LENRANGE[0] and LENRANGE[1]
4653 Sets LENRANGE[2] to the total size of the access (which may be less
4654 than LENRANGE[1] when what's being referenced by EXP is a pointer
4655 rather than an array).
4656 Sets *NULTERM if the representation contains a zero byte, and sets
4657 *ALLNUL if all the bytes are zero.
4658 OFFSET and NBYTES are the offset into the representation and
4659 the size of the access to it determined from an ADDR_EXPR (i.e.,
4660 a pointer) or MEM_REF or zero for other expressions.
4661 Uses RVALS to determine range information.
4662 Avoids recursing deeper than the limits in SNLIM allow.
4663 Returns true on success and false otherwise. */
4666 count_nonzero_bytes (tree exp
, unsigned HOST_WIDE_INT offset
,
4667 unsigned HOST_WIDE_INT nbytes
,
4668 unsigned lenrange
[3], bool *nulterm
,
4669 bool *allnul
, bool *allnonnul
, range_query
*rvals
,
4670 ssa_name_limit_t
&snlim
)
4672 if (TREE_CODE (exp
) == SSA_NAME
)
4674 /* Handle non-zero single-character stores specially. */
4675 tree type
= TREE_TYPE (exp
);
4676 if (TREE_CODE (type
) == INTEGER_TYPE
4677 && TYPE_MODE (type
) == TYPE_MODE (char_type_node
)
4678 && TYPE_PRECISION (type
) == TYPE_PRECISION (char_type_node
)
4679 && tree_expr_nonzero_p (exp
))
4681 /* If the character EXP is known to be non-zero (even if its
4682 exact value is not known) recurse once to set the range
4683 for an arbitrary constant. */
4684 exp
= build_int_cst (type
, 1);
4685 return count_nonzero_bytes (exp
, offset
, 1, lenrange
,
4686 nulterm
, allnul
, allnonnul
, rvals
, snlim
);
4689 gimple
*stmt
= SSA_NAME_DEF_STMT (exp
);
4690 if (gimple_assign_single_p (stmt
))
4692 exp
= gimple_assign_rhs1 (stmt
);
4693 if (TREE_CODE (exp
) != MEM_REF
)
4695 /* Handle MEM_REF below. */
4697 else if (gimple_code (stmt
) == GIMPLE_PHI
)
4699 /* Avoid processing an SSA_NAME that has already been visited
4700 or if an SSA_NAME limit has been reached. Indicate success
4701 if the former and failure if the latter. */
4702 if (int res
= snlim
.next_ssa_name (exp
))
4705 /* Determine the minimum and maximum from the PHI arguments. */
4706 unsigned int n
= gimple_phi_num_args (stmt
);
4707 for (unsigned i
= 0; i
!= n
; i
++)
4709 tree def
= gimple_phi_arg_def (stmt
, i
);
4710 if (!count_nonzero_bytes (def
, offset
, nbytes
, lenrange
, nulterm
,
4711 allnul
, allnonnul
, rvals
, snlim
))
4719 if (TREE_CODE (exp
) == MEM_REF
)
4724 tree arg
= TREE_OPERAND (exp
, 0);
4725 tree off
= TREE_OPERAND (exp
, 1);
4727 if (TREE_CODE (off
) != INTEGER_CST
|| !tree_fits_uhwi_p (off
))
4730 unsigned HOST_WIDE_INT wioff
= tree_to_uhwi (off
);
4731 if (INT_MAX
< wioff
)
4735 if (INT_MAX
< offset
)
4738 /* The size of the MEM_REF access determines the number of bytes. */
4739 tree type
= TREE_TYPE (exp
);
4740 tree typesize
= TYPE_SIZE_UNIT (type
);
4741 if (!typesize
|| !tree_fits_uhwi_p (typesize
))
4743 nbytes
= tree_to_uhwi (typesize
);
4747 /* Handle MEM_REF = SSA_NAME types of assignments. */
4748 return count_nonzero_bytes_addr (arg
, offset
, nbytes
, lenrange
, nulterm
,
4749 allnul
, allnonnul
, rvals
, snlim
);
4752 if (VAR_P (exp
) || TREE_CODE (exp
) == CONST_DECL
)
4754 exp
= ctor_for_folding (exp
);
4759 const char *prep
= NULL
;
4760 if (TREE_CODE (exp
) == STRING_CST
)
4762 unsigned nchars
= TREE_STRING_LENGTH (exp
);
4763 if (nchars
< offset
)
4767 /* If NBYTES hasn't been determined earlier, either from ADDR_EXPR
4768 (i.e., it's the size of a pointer), or from MEM_REF (as the size
4769 of the access), set it here to the size of the string, including
4770 all internal and trailing nuls if the string has any. */
4771 nbytes
= nchars
- offset
;
4772 else if (nchars
- offset
< nbytes
)
4775 prep
= TREE_STRING_POINTER (exp
) + offset
;
4778 unsigned char buf
[256];
4781 if (CHAR_BIT
!= 8 || BITS_PER_UNIT
!= 8)
4783 /* If the pointer to representation hasn't been set above
4784 for STRING_CST point it at the buffer. */
4785 prep
= reinterpret_cast <char *>(buf
);
4786 /* Try to extract the representation of the constant object
4787 or expression starting from the offset. */
4788 unsigned repsize
= native_encode_expr (exp
, buf
, sizeof buf
, offset
);
4789 if (repsize
< nbytes
)
4791 /* This should only happen when REPSIZE is zero because EXP
4792 doesn't denote an object with a known initializer, except
4793 perhaps when the reference reads past its end. */
4799 else if (nbytes
< repsize
)
4806 /* Compute the number of leading nonzero bytes in the representation
4807 and update the minimum and maximum. */
4808 unsigned n
= prep
? strnlen (prep
, nbytes
) : nbytes
;
4810 if (n
< lenrange
[0])
4812 if (lenrange
[1] < n
)
4815 /* Set the size of the representation. */
4816 if (lenrange
[2] < nbytes
)
4817 lenrange
[2] = nbytes
;
4819 /* Clear NULTERM if none of the bytes is zero. */
4825 /* When the initial number of non-zero bytes N is non-zero, reset
4826 *ALLNUL; if N is less than that the size of the representation
4827 also clear *ALLNONNUL. */
4832 else if (*allnul
|| *allnonnul
)
4838 /* When either ALLNUL is set and N is zero, also determine
4839 whether all subsequent bytes after the first one (which
4840 is nul) are zero or nonzero and clear ALLNUL if not. */
4841 for (const char *p
= prep
; p
!= prep
+ nbytes
; ++p
)
4853 /* Like count_nonzero_bytes, but instead of counting bytes in EXP, count
4854 bytes that are pointed to by EXP, which should be a pointer. */
4857 count_nonzero_bytes_addr (tree exp
, unsigned HOST_WIDE_INT offset
,
4858 unsigned HOST_WIDE_INT nbytes
,
4859 unsigned lenrange
[3], bool *nulterm
,
4860 bool *allnul
, bool *allnonnul
,
4861 range_query
*rvals
, ssa_name_limit_t
&snlim
)
4863 int idx
= get_stridx (exp
);
4866 strinfo
*si
= get_strinfo (idx
);
4870 /* Handle both constant lengths as well non-constant lengths
4872 unsigned HOST_WIDE_INT minlen
, maxlen
;
4873 if (tree_fits_shwi_p (si
->nonzero_chars
))
4874 minlen
= maxlen
= tree_to_shwi (si
->nonzero_chars
);
4875 else if (si
->nonzero_chars
4876 && TREE_CODE (si
->nonzero_chars
) == SSA_NAME
)
4879 rvals
->range_of_expr (vr
, si
->nonzero_chars
, si
->stmt
);
4880 if (vr
.kind () != VR_RANGE
)
4883 minlen
= tree_to_uhwi (vr
.min ());
4884 maxlen
= tree_to_uhwi (vr
.max ());
4889 if (maxlen
< offset
)
4892 minlen
= minlen
< offset
? 0 : minlen
- offset
;
4894 if (maxlen
+ 1 < nbytes
)
4897 if (nbytes
<= minlen
)
4900 if (nbytes
< minlen
)
4903 if (nbytes
< maxlen
)
4907 if (minlen
< lenrange
[0])
4908 lenrange
[0] = minlen
;
4909 if (lenrange
[1] < maxlen
)
4910 lenrange
[1] = maxlen
;
4912 if (lenrange
[2] < nbytes
)
4913 lenrange
[2] = nbytes
;
4915 /* Since only the length of the string are known and not its contents,
4916 clear ALLNUL and ALLNONNUL purely on the basis of the length. */
4918 if (minlen
< nbytes
)
4924 if (TREE_CODE (exp
) == ADDR_EXPR
)
4925 return count_nonzero_bytes (TREE_OPERAND (exp
, 0), offset
, nbytes
,
4926 lenrange
, nulterm
, allnul
, allnonnul
, rvals
,
4929 if (TREE_CODE (exp
) == SSA_NAME
)
4931 gimple
*stmt
= SSA_NAME_DEF_STMT (exp
);
4932 if (gimple_code (stmt
) == GIMPLE_PHI
)
4934 /* Avoid processing an SSA_NAME that has already been visited
4935 or if an SSA_NAME limit has been reached. Indicate success
4936 if the former and failure if the latter. */
4937 if (int res
= snlim
.next_ssa_name (exp
))
4940 /* Determine the minimum and maximum from the PHI arguments. */
4941 unsigned int n
= gimple_phi_num_args (stmt
);
4942 for (unsigned i
= 0; i
!= n
; i
++)
4944 tree def
= gimple_phi_arg_def (stmt
, i
);
4945 if (!count_nonzero_bytes_addr (def
, offset
, nbytes
, lenrange
,
4946 nulterm
, allnul
, allnonnul
, rvals
,
4955 /* Otherwise we don't know anything. */
4957 if (lenrange
[1] < nbytes
)
4958 lenrange
[1] = nbytes
;
4959 if (lenrange
[2] < nbytes
)
4960 lenrange
[2] = nbytes
;
4967 /* Same as above except with an implicit SSA_NAME limit. RVALS is used
4968 to determine ranges of dynamically computed string lengths (the results
4972 count_nonzero_bytes (tree exp
, unsigned lenrange
[3], bool *nulterm
,
4973 bool *allnul
, bool *allnonnul
, range_query
*rvals
)
4975 /* Set to optimistic values so the caller doesn't have to worry about
4976 initializing these and to what. On success, the function will clear
4977 these if it determines their values are different but being recursive
4978 it never sets either to true. On failure, their values are
4984 ssa_name_limit_t snlim
;
4985 return count_nonzero_bytes (exp
, 0, 0, lenrange
, nulterm
, allnul
, allnonnul
,
4989 /* Handle a single or multibyte store other than by a built-in function,
4990 either via a single character assignment or by multi-byte assignment
4991 either via MEM_REF or via a type other than char (such as in
4992 '*(int*)a = 12345'). Return true to let the caller advance *GSI to
4993 the next statement in the basic block and false otherwise. */
4996 handle_store (gimple_stmt_iterator
*gsi
, bool *zero_write
,
5001 gimple
*stmt
= gsi_stmt (*gsi
);
5002 tree ssaname
= NULL_TREE
, lhs
= gimple_assign_lhs (stmt
);
5003 tree rhs
= gimple_assign_rhs1 (stmt
);
5005 /* The offset of the first byte in LHS modified by the store. */
5006 unsigned HOST_WIDE_INT offset
= 0;
5008 if (TREE_CODE (lhs
) == MEM_REF
5009 && TREE_CODE (TREE_OPERAND (lhs
, 0)) == SSA_NAME
)
5011 tree mem_offset
= TREE_OPERAND (lhs
, 1);
5012 if (tree_fits_uhwi_p (mem_offset
))
5014 /* Get the strinfo for the base, and use it if it starts with at
5015 least OFFSET nonzero characters. This is trivially true if
5017 offset
= tree_to_uhwi (mem_offset
);
5018 idx
= get_stridx (TREE_OPERAND (lhs
, 0));
5020 si
= get_strinfo (idx
);
5022 ssaname
= TREE_OPERAND (lhs
, 0);
5023 else if (si
== NULL
|| compare_nonzero_chars (si
, offset
, rvals
) < 0)
5025 *zero_write
= initializer_zerop (rhs
);
5028 unsigned lenrange
[] = { UINT_MAX
, 0, 0 };
5029 if (count_nonzero_bytes (rhs
, lenrange
, &dummy
, &dummy
, &dummy
,
5031 maybe_warn_overflow (stmt
, lenrange
[2], rvals
);
5039 idx
= get_addr_stridx (lhs
, NULL_TREE
, &offset
, rvals
);
5041 si
= get_strinfo (idx
);
5044 /* Minimum and maximum leading non-zero bytes and the size of the store. */
5045 unsigned lenrange
[] = { UINT_MAX
, 0, 0 };
5047 /* Set to the minimum length of the string being assigned if known. */
5048 unsigned HOST_WIDE_INT rhs_minlen
;
5050 /* STORING_NONZERO_P is true iff not all stored characters are zero.
5051 STORING_ALL_NONZERO_P is true if all stored characters are zero.
5052 STORING_ALL_ZEROS_P is true iff all stored characters are zero.
5053 Both are false when it's impossible to determine which is true. */
5054 bool storing_nonzero_p
;
5055 bool storing_all_nonzero_p
;
5056 bool storing_all_zeros_p
;
5057 /* FULL_STRING_P is set when the stored sequence of characters form
5058 a nul-terminated string. */
5061 const bool ranges_valid
5062 = count_nonzero_bytes (rhs
, lenrange
, &full_string_p
,
5063 &storing_all_zeros_p
, &storing_all_nonzero_p
,
5067 rhs_minlen
= lenrange
[0];
5068 storing_nonzero_p
= lenrange
[1] > 0;
5069 *zero_write
= storing_all_zeros_p
;
5071 maybe_warn_overflow (stmt
, lenrange
[2], rvals
);
5075 rhs_minlen
= HOST_WIDE_INT_M1U
;
5076 full_string_p
= false;
5077 storing_nonzero_p
= false;
5078 storing_all_zeros_p
= false;
5079 storing_all_nonzero_p
= false;
5084 /* The corresponding element is set to 1 if the first and last
5085 element, respectively, of the sequence of characters being
5086 written over the string described by SI ends before
5087 the terminating nul (if it has one), to zero if the nul is
5088 being overwritten but not beyond, or negative otherwise. */
5089 int store_before_nul
[2];
5092 /* The offset of the last stored byte. */
5093 unsigned HOST_WIDE_INT endoff
= offset
+ lenrange
[2] - 1;
5094 store_before_nul
[0] = compare_nonzero_chars (si
, offset
, rvals
);
5095 if (endoff
== offset
)
5096 store_before_nul
[1] = store_before_nul
[0];
5098 store_before_nul
[1] = compare_nonzero_chars (si
, endoff
, rvals
);
5102 store_before_nul
[0] = compare_nonzero_chars (si
, offset
, rvals
);
5103 store_before_nul
[1] = store_before_nul
[0];
5104 gcc_assert (offset
== 0 || store_before_nul
[0] >= 0);
5107 if (storing_all_zeros_p
5108 && store_before_nul
[0] == 0
5109 && store_before_nul
[1] == 0
5110 && si
->full_string_p
)
5112 /* When overwriting a '\0' with a '\0', the store can be removed
5113 if we know it has been stored in the current function. */
5114 if (!stmt_could_throw_p (cfun
, stmt
) && si
->writable
)
5116 unlink_stmt_vdef (stmt
);
5117 release_defs (stmt
);
5118 gsi_remove (gsi
, true);
5123 si
->writable
= true;
5129 if (store_before_nul
[1] > 0
5130 && storing_nonzero_p
5131 && lenrange
[0] == lenrange
[1]
5132 && lenrange
[0] == lenrange
[2]
5133 && TREE_CODE (TREE_TYPE (rhs
)) == INTEGER_TYPE
)
5135 /* Handle a store of one or more non-nul characters that ends
5136 before the terminating nul of the destination and so does
5137 not affect its length
5138 If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
5139 and if we aren't storing '\0', we know that the length of
5140 the string and any other zero terminated string in memory
5141 remains the same. In that case we move to the next gimple
5142 statement and return to signal the caller that it shouldn't
5143 invalidate anything.
5145 This is beneficial for cases like:
5150 strcpy (p, "foobar");
5151 size_t len = strlen (p); // can be folded to 6
5152 size_t len2 = strlen (q); // has to be computed
5154 size_t len3 = strlen (p); // can be folded to 6
5155 size_t len4 = strlen (q); // can be folded to len2
5156 bar (len, len2, len3, len4);
5162 if (storing_all_zeros_p
5163 || storing_nonzero_p
5164 || (offset
!= 0 && store_before_nul
[1] > 0))
5166 /* When STORING_NONZERO_P, we know that the string will start
5167 with at least OFFSET + 1 nonzero characters. If storing
5168 a single character, set si->NONZERO_CHARS to the result.
5169 If storing multiple characters, try to determine the number
5170 of leading non-zero characters and set si->NONZERO_CHARS to
5173 When STORING_ALL_ZEROS_P, we know that the string is now
5174 OFFSET characters long.
5176 Otherwise, we're storing an unknown value at offset OFFSET,
5177 so need to clip the nonzero_chars to OFFSET.
5178 Use the minimum length of the string (or individual character)
5179 being stored if it's known. Otherwise, STORING_NONZERO_P
5180 guarantees it's at least 1. */
5182 = storing_nonzero_p
&& ranges_valid
? lenrange
[0] : 1;
5183 location_t loc
= gimple_location (stmt
);
5184 tree oldlen
= si
->nonzero_chars
;
5185 if (store_before_nul
[1] == 0 && si
->full_string_p
)
5186 /* We're overwriting the nul terminator with a nonzero or
5187 unknown character. If the previous stmt was a memcpy,
5188 its length may be decreased. */
5189 adjust_last_stmt (si
, stmt
, false);
5190 si
= unshare_strinfo (si
);
5191 if (storing_nonzero_p
)
5193 gcc_assert (len
>= 0);
5194 si
->nonzero_chars
= build_int_cst (size_type_node
, offset
+ len
);
5197 si
->nonzero_chars
= build_int_cst (size_type_node
, offset
);
5199 /* Set FULL_STRING_P only if the length of the strings being
5200 written is the same, and clear it if the strings have
5201 different lengths. In the latter case the length stored
5202 in si->NONZERO_CHARS becomes the lower bound.
5203 FIXME: Handle the upper bound of the length if possible. */
5204 si
->full_string_p
= full_string_p
&& lenrange
[0] == lenrange
[1];
5206 if (storing_all_zeros_p
5208 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname
))
5209 si
->endptr
= ssaname
;
5214 si
->writable
= true;
5215 si
->dont_invalidate
= true;
5218 tree adj
= fold_build2_loc (loc
, MINUS_EXPR
, size_type_node
,
5219 si
->nonzero_chars
, oldlen
);
5220 adjust_related_strinfos (loc
, si
, adj
);
5226 else if (idx
== 0 && (storing_all_zeros_p
|| storing_nonzero_p
))
5229 idx
= new_stridx (ssaname
);
5231 idx
= new_addr_stridx (lhs
);
5234 tree ptr
= (ssaname
? ssaname
: build_fold_addr_expr (lhs
));
5237 if (storing_all_zeros_p
)
5239 else if (storing_nonzero_p
&& ranges_valid
)
5241 /* FIXME: Handle the upper bound of the length when
5242 LENRANGE[0] != LENRANGE[1]. */
5244 if (lenrange
[0] != lenrange
[1])
5245 /* Set the minimum length but ignore the maximum
5247 full_string_p
= false;
5252 tree len
= (slen
<= 0
5254 : build_int_cst (size_type_node
, slen
));
5255 si
= new_strinfo (ptr
, idx
, len
, slen
>= 0 && full_string_p
);
5256 set_strinfo (idx
, si
);
5257 if (storing_all_zeros_p
5259 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname
))
5260 si
->endptr
= ssaname
;
5261 si
->dont_invalidate
= true;
5262 si
->writable
= true;
5266 && rhs_minlen
< HOST_WIDE_INT_M1U
5267 && ssaname
== NULL_TREE
5268 && TREE_CODE (TREE_TYPE (lhs
)) == ARRAY_TYPE
)
5270 HOST_WIDE_INT a
= int_size_in_bytes (TREE_TYPE (lhs
));
5271 if (a
> 0 && (unsigned HOST_WIDE_INT
) a
> rhs_minlen
)
5273 int idx
= new_addr_stridx (lhs
);
5276 si
= new_strinfo (build_fold_addr_expr (lhs
), idx
,
5277 build_int_cst (size_type_node
, rhs_minlen
),
5279 set_strinfo (idx
, si
);
5280 si
->dont_invalidate
= true;
5285 if (si
!= NULL
&& offset
== 0 && storing_all_zeros_p
&& lenrange
[2] == 1)
5287 /* For single-byte stores only, allow adjust_last_stmt to remove
5288 the statement if the stored '\0' is immediately overwritten. */
5289 laststmt
.stmt
= stmt
;
5290 laststmt
.len
= build_int_cst (size_type_node
, 1);
5291 laststmt
.stridx
= si
->idx
;
5296 /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
5299 fold_strstr_to_strncmp (tree rhs1
, tree rhs2
, gimple
*stmt
)
5301 if (TREE_CODE (rhs1
) != SSA_NAME
5302 || TREE_CODE (rhs2
) != SSA_NAME
)
5305 gimple
*call_stmt
= NULL
;
5306 for (int pass
= 0; pass
< 2; pass
++)
5308 gimple
*g
= SSA_NAME_DEF_STMT (rhs1
);
5309 if (gimple_call_builtin_p (g
, BUILT_IN_STRSTR
)
5310 && has_single_use (rhs1
)
5311 && gimple_call_arg (g
, 0) == rhs2
)
5316 std::swap (rhs1
, rhs2
);
5321 tree arg0
= gimple_call_arg (call_stmt
, 0);
5325 tree arg1
= gimple_call_arg (call_stmt
, 1);
5326 tree arg1_len
= NULL_TREE
;
5327 int idx
= get_stridx (arg1
);
5332 arg1_len
= build_int_cst (size_type_node
, ~idx
);
5335 strinfo
*si
= get_strinfo (idx
);
5337 arg1_len
= get_string_length (si
);
5341 if (arg1_len
!= NULL_TREE
)
5343 gimple_stmt_iterator gsi
= gsi_for_stmt (call_stmt
);
5344 tree strncmp_decl
= builtin_decl_explicit (BUILT_IN_STRNCMP
);
5346 if (!is_gimple_val (arg1_len
))
5348 tree arg1_len_tmp
= make_ssa_name (TREE_TYPE (arg1_len
));
5349 gassign
*arg1_stmt
= gimple_build_assign (arg1_len_tmp
,
5351 gsi_insert_before (&gsi
, arg1_stmt
, GSI_SAME_STMT
);
5352 arg1_len
= arg1_len_tmp
;
5355 gcall
*strncmp_call
= gimple_build_call (strncmp_decl
, 3,
5356 arg0
, arg1
, arg1_len
);
5357 tree strncmp_lhs
= make_ssa_name (integer_type_node
);
5358 gimple_set_vuse (strncmp_call
, gimple_vuse (call_stmt
));
5359 gimple_call_set_lhs (strncmp_call
, strncmp_lhs
);
5360 gsi_remove (&gsi
, true);
5361 gsi_insert_before (&gsi
, strncmp_call
, GSI_SAME_STMT
);
5362 tree zero
= build_zero_cst (TREE_TYPE (strncmp_lhs
));
5364 if (is_gimple_assign (stmt
))
5366 if (gimple_assign_rhs_code (stmt
) == COND_EXPR
)
5368 tree cond
= gimple_assign_rhs1 (stmt
);
5369 TREE_OPERAND (cond
, 0) = strncmp_lhs
;
5370 TREE_OPERAND (cond
, 1) = zero
;
5374 gimple_assign_set_rhs1 (stmt
, strncmp_lhs
);
5375 gimple_assign_set_rhs2 (stmt
, zero
);
5380 gcond
*cond
= as_a
<gcond
*> (stmt
);
5381 gimple_cond_set_lhs (cond
, strncmp_lhs
);
5382 gimple_cond_set_rhs (cond
, zero
);
5390 /* Return true if TYPE corresponds to a narrow character type. */
5393 is_char_type (tree type
)
5395 return (TREE_CODE (type
) == INTEGER_TYPE
5396 && TYPE_MODE (type
) == TYPE_MODE (char_type_node
)
5397 && TYPE_PRECISION (type
) == TYPE_PRECISION (char_type_node
));
5400 /* Check the built-in call at GSI for validity and optimize it.
5401 Uses RVALS to determine range information.
5402 Return true to let the caller advance *GSI to the next statement
5403 in the basic block and false otherwise. */
5406 strlen_check_and_optimize_call (gimple_stmt_iterator
*gsi
, bool *zero_write
,
5409 gimple
*stmt
= gsi_stmt (*gsi
);
5411 if (!gimple_call_builtin_p (stmt
, BUILT_IN_NORMAL
))
5413 tree fntype
= gimple_call_fntype (stmt
);
5414 if (fntype
&& lookup_attribute ("alloc_size", TYPE_ATTRIBUTES (fntype
)))
5415 handle_alloc_call (BUILT_IN_NONE
, gsi
);
5418 /* When not optimizing we must be checking printf calls which
5419 we do even for user-defined functions when they are declared
5420 with attribute format. */
5421 if (!flag_optimize_strlen
5423 || !valid_builtin_call (stmt
))
5424 return !handle_printf_call (gsi
, rvals
);
5426 tree callee
= gimple_call_fndecl (stmt
);
5427 switch (DECL_FUNCTION_CODE (callee
))
5429 case BUILT_IN_STRLEN
:
5430 case BUILT_IN_STRNLEN
:
5431 handle_builtin_strlen (gsi
);
5433 case BUILT_IN_STRCHR
:
5434 handle_builtin_strchr (gsi
);
5436 case BUILT_IN_STRCPY
:
5437 case BUILT_IN_STRCPY_CHK
:
5438 case BUILT_IN_STPCPY
:
5439 case BUILT_IN_STPCPY_CHK
:
5440 handle_builtin_strcpy (DECL_FUNCTION_CODE (callee
), gsi
, rvals
);
5443 case BUILT_IN_STRNCAT
:
5444 case BUILT_IN_STRNCAT_CHK
:
5445 handle_builtin_strncat (DECL_FUNCTION_CODE (callee
), gsi
);
5448 case BUILT_IN_STPNCPY
:
5449 case BUILT_IN_STPNCPY_CHK
:
5450 case BUILT_IN_STRNCPY
:
5451 case BUILT_IN_STRNCPY_CHK
:
5452 handle_builtin_stxncpy_strncat (false, gsi
);
5455 case BUILT_IN_MEMCPY
:
5456 case BUILT_IN_MEMCPY_CHK
:
5457 case BUILT_IN_MEMPCPY
:
5458 case BUILT_IN_MEMPCPY_CHK
:
5459 handle_builtin_memcpy (DECL_FUNCTION_CODE (callee
), gsi
, rvals
);
5461 case BUILT_IN_STRCAT
:
5462 case BUILT_IN_STRCAT_CHK
:
5463 handle_builtin_strcat (DECL_FUNCTION_CODE (callee
), gsi
);
5465 case BUILT_IN_ALLOCA
:
5466 case BUILT_IN_ALLOCA_WITH_ALIGN
:
5467 case BUILT_IN_MALLOC
:
5468 case BUILT_IN_CALLOC
:
5469 handle_alloc_call (DECL_FUNCTION_CODE (callee
), gsi
);
5471 case BUILT_IN_MEMSET
:
5472 if (handle_builtin_memset (gsi
, zero_write
, rvals
))
5475 case BUILT_IN_MEMCMP
:
5476 if (handle_builtin_memcmp (gsi
))
5479 case BUILT_IN_STRCMP
:
5480 case BUILT_IN_STRNCMP
:
5481 if (handle_builtin_string_cmp (gsi
, rvals
))
5485 if (handle_printf_call (gsi
, rvals
))
5493 /* Handle an assignment statement at *GSI to a LHS of integral type.
5494 If GSI's basic block needs clean-up of EH, set *CLEANUP_EH to true. */
5497 handle_integral_assign (gimple_stmt_iterator
*gsi
, bool *cleanup_eh
,
5500 gimple
*stmt
= gsi_stmt (*gsi
);
5501 tree lhs
= gimple_assign_lhs (stmt
);
5502 tree lhs_type
= TREE_TYPE (lhs
);
5504 enum tree_code code
= gimple_assign_rhs_code (stmt
);
5505 if (code
== COND_EXPR
)
5507 tree cond
= gimple_assign_rhs1 (stmt
);
5508 enum tree_code cond_code
= TREE_CODE (cond
);
5510 if (cond_code
== EQ_EXPR
|| cond_code
== NE_EXPR
)
5511 fold_strstr_to_strncmp (TREE_OPERAND (cond
, 0),
5512 TREE_OPERAND (cond
, 1), stmt
);
5514 else if (code
== EQ_EXPR
|| code
== NE_EXPR
)
5515 fold_strstr_to_strncmp (gimple_assign_rhs1 (stmt
),
5516 gimple_assign_rhs2 (stmt
), stmt
);
5517 else if (gimple_assign_load_p (stmt
)
5518 && TREE_CODE (lhs_type
) == INTEGER_TYPE
5519 && TYPE_MODE (lhs_type
) == TYPE_MODE (char_type_node
)
5520 && (TYPE_PRECISION (lhs_type
)
5521 == TYPE_PRECISION (char_type_node
))
5522 && !gimple_has_volatile_ops (stmt
))
5524 tree off
= integer_zero_node
;
5525 unsigned HOST_WIDE_INT coff
= 0;
5527 tree rhs1
= gimple_assign_rhs1 (stmt
);
5528 if (code
== MEM_REF
)
5530 idx
= get_stridx (TREE_OPERAND (rhs1
, 0));
5533 strinfo
*si
= get_strinfo (idx
);
5535 && si
->nonzero_chars
5536 && TREE_CODE (si
->nonzero_chars
) == INTEGER_CST
5537 && (wi::to_widest (si
->nonzero_chars
)
5538 >= wi::to_widest (off
)))
5539 off
= TREE_OPERAND (rhs1
, 1);
5541 /* This case is not useful. See if get_addr_stridx
5542 returns something usable. */
5547 idx
= get_addr_stridx (rhs1
, NULL_TREE
, &coff
);
5550 strinfo
*si
= get_strinfo (idx
);
5552 && si
->nonzero_chars
5553 && TREE_CODE (si
->nonzero_chars
) == INTEGER_CST
)
5555 widest_int w1
= wi::to_widest (si
->nonzero_chars
);
5556 widest_int w2
= wi::to_widest (off
) + coff
;
5558 && si
->full_string_p
)
5560 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
5562 fprintf (dump_file
, "Optimizing: ");
5563 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
5566 /* Reading the final '\0' character. */
5567 tree zero
= build_int_cst (lhs_type
, 0);
5568 gimple_set_vuse (stmt
, NULL_TREE
);
5569 gimple_assign_set_rhs_from_tree (gsi
, zero
);
5571 |= maybe_clean_or_replace_eh_stmt (stmt
,
5573 stmt
= gsi_stmt (*gsi
);
5576 if (dump_file
&& (dump_flags
& TDF_DETAILS
) != 0)
5578 fprintf (dump_file
, "into: ");
5579 print_gimple_stmt (dump_file
, stmt
, 0, TDF_SLIM
);
5584 /* Reading a character before the final '\0'
5585 character. Just set the value range to ~[0, 0]
5586 if we don't have anything better. */
5588 signop sign
= TYPE_SIGN (lhs_type
);
5589 int prec
= TYPE_PRECISION (lhs_type
);
5590 // FIXME: Use range_query instead of global ranges.
5591 value_range_kind vr
= get_range_info (lhs
, &min
, &max
);
5592 if (vr
== VR_VARYING
5594 && min
== wi::min_value (prec
, sign
)
5595 && max
== wi::max_value (prec
, sign
)))
5596 set_range_info (lhs
, VR_ANTI_RANGE
,
5597 wi::zero (prec
), wi::zero (prec
));
5602 else if (code
== MEM_REF
&& TREE_CODE (lhs
) == SSA_NAME
)
5604 if (int idx
= new_stridx (lhs
))
5606 /* Record multi-byte assignments from MEM_REFs. */
5607 bool storing_all_nonzero_p
;
5608 bool storing_all_zeros_p
;
5610 unsigned lenrange
[] = { UINT_MAX
, 0, 0 };
5611 tree rhs
= gimple_assign_rhs1 (stmt
);
5612 const bool ranges_valid
5613 = count_nonzero_bytes (rhs
, lenrange
, &full_string_p
,
5614 &storing_all_zeros_p
, &storing_all_nonzero_p
,
5618 tree length
= build_int_cst (sizetype
, lenrange
[0]);
5619 strinfo
*si
= new_strinfo (lhs
, idx
, length
, full_string_p
);
5620 set_strinfo (idx
, si
);
5621 si
->writable
= true;
5622 si
->dont_invalidate
= true;
5627 if (strlen_to_stridx
)
5629 tree rhs1
= gimple_assign_rhs1 (stmt
);
5630 if (stridx_strlenloc
*ps
= strlen_to_stridx
->get (rhs1
))
5631 strlen_to_stridx
->put (lhs
, stridx_strlenloc (*ps
));
5635 /* Attempt to check for validity of the performed access a single statement
5636 at *GSI using string length knowledge, and to optimize it.
5637 If the given basic block needs clean-up of EH, CLEANUP_EH is set to
5638 true. Return true to let the caller advance *GSI to the next statement
5639 in the basic block and false otherwise. */
5642 check_and_optimize_stmt (gimple_stmt_iterator
*gsi
, bool *cleanup_eh
,
5645 gimple
*stmt
= gsi_stmt (*gsi
);
5647 /* For statements that modify a string, set to true if the write
5649 bool zero_write
= false;
5651 if (is_gimple_call (stmt
))
5653 if (!strlen_check_and_optimize_call (gsi
, &zero_write
, rvals
))
5656 else if (!flag_optimize_strlen
|| !strlen_optimize
)
5658 else if (is_gimple_assign (stmt
) && !gimple_clobber_p (stmt
))
5660 /* Handle non-clobbering assignment. */
5661 tree lhs
= gimple_assign_lhs (stmt
);
5662 tree lhs_type
= TREE_TYPE (lhs
);
5664 if (TREE_CODE (lhs
) == SSA_NAME
&& POINTER_TYPE_P (lhs_type
))
5666 if (gimple_assign_single_p (stmt
)
5667 || (gimple_assign_cast_p (stmt
)
5668 && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (stmt
)))))
5670 int idx
= get_stridx (gimple_assign_rhs1 (stmt
));
5671 ssa_ver_to_stridx
[SSA_NAME_VERSION (lhs
)] = idx
;
5673 else if (gimple_assign_rhs_code (stmt
) == POINTER_PLUS_EXPR
)
5674 handle_pointer_plus (gsi
);
5676 else if (TREE_CODE (lhs
) == SSA_NAME
&& INTEGRAL_TYPE_P (lhs_type
))
5677 /* Handle assignment to a character. */
5678 handle_integral_assign (gsi
, cleanup_eh
, rvals
);
5679 else if (TREE_CODE (lhs
) != SSA_NAME
&& !TREE_SIDE_EFFECTS (lhs
))
5681 tree type
= TREE_TYPE (lhs
);
5682 if (TREE_CODE (type
) == ARRAY_TYPE
)
5683 type
= TREE_TYPE (type
);
5685 bool is_char_store
= is_char_type (type
);
5686 if (!is_char_store
&& TREE_CODE (lhs
) == MEM_REF
)
5688 /* To consider stores into char objects via integer types
5689 other than char but not those to non-character objects,
5690 determine the type of the destination rather than just
5691 the type of the access. */
5692 for (int i
= 0; i
!= 2; ++i
)
5694 tree ref
= TREE_OPERAND (lhs
, i
);
5695 type
= TREE_TYPE (ref
);
5696 if (TREE_CODE (type
) == POINTER_TYPE
)
5697 type
= TREE_TYPE (type
);
5698 if (TREE_CODE (type
) == ARRAY_TYPE
)
5699 type
= TREE_TYPE (type
);
5700 if (is_char_type (type
))
5702 is_char_store
= true;
5708 /* Handle a single or multibyte assignment. */
5709 if (is_char_store
&& !handle_store (gsi
, &zero_write
, rvals
))
5713 else if (gcond
*cond
= dyn_cast
<gcond
*> (stmt
))
5715 enum tree_code code
= gimple_cond_code (cond
);
5716 if (code
== EQ_EXPR
|| code
== NE_EXPR
)
5717 fold_strstr_to_strncmp (gimple_cond_lhs (stmt
),
5718 gimple_cond_rhs (stmt
), stmt
);
5721 if (gimple_vdef (stmt
))
5722 maybe_invalidate (stmt
, zero_write
);
5726 /* Recursively call maybe_invalidate on stmts that might be executed
5727 in between dombb and current bb and that contain a vdef. Stop when
5728 *count stmts are inspected, or if the whole strinfo vector has
5729 been invalidated. */
5732 do_invalidate (basic_block dombb
, gimple
*phi
, bitmap visited
, int *count
)
5734 unsigned int i
, n
= gimple_phi_num_args (phi
);
5736 for (i
= 0; i
< n
; i
++)
5738 tree vuse
= gimple_phi_arg_def (phi
, i
);
5739 gimple
*stmt
= SSA_NAME_DEF_STMT (vuse
);
5740 basic_block bb
= gimple_bb (stmt
);
5743 || !bitmap_set_bit (visited
, bb
->index
)
5744 || !dominated_by_p (CDI_DOMINATORS
, bb
, dombb
))
5748 if (gimple_code (stmt
) == GIMPLE_PHI
)
5750 do_invalidate (dombb
, stmt
, visited
, count
);
5757 if (!maybe_invalidate (stmt
))
5762 vuse
= gimple_vuse (stmt
);
5763 stmt
= SSA_NAME_DEF_STMT (vuse
);
5764 if (gimple_bb (stmt
) != bb
)
5766 bb
= gimple_bb (stmt
);
5769 || !bitmap_set_bit (visited
, bb
->index
)
5770 || !dominated_by_p (CDI_DOMINATORS
, bb
, dombb
))
5777 class strlen_dom_walker
: public dom_walker
5780 strlen_dom_walker (cdi_direction direction
)
5781 : dom_walker (direction
),
5783 m_cleanup_cfg (false)
5786 virtual edge
before_dom_children (basic_block
);
5787 virtual void after_dom_children (basic_block
);
5789 /* EVRP analyzer used for printf argument range processing, and
5790 to track strlen results across integer variable assignments. */
5791 evrp_range_analyzer evrp
;
5793 /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
5794 execute function. */
5798 /* Callback for walk_dominator_tree. Attempt to optimize various
5799 string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
5802 strlen_dom_walker::before_dom_children (basic_block bb
)
5806 basic_block dombb
= get_immediate_dominator (CDI_DOMINATORS
, bb
);
5809 stridx_to_strinfo
= NULL
;
5812 stridx_to_strinfo
= ((vec
<strinfo
*, va_heap
, vl_embed
> *) dombb
->aux
);
5813 if (stridx_to_strinfo
)
5815 for (gphi_iterator gsi
= gsi_start_phis (bb
); !gsi_end_p (gsi
);
5818 gphi
*phi
= gsi
.phi ();
5819 if (virtual_operand_p (gimple_phi_result (phi
)))
5821 bitmap visited
= BITMAP_ALLOC (NULL
);
5822 int count_vdef
= 100;
5823 do_invalidate (dombb
, phi
, visited
, &count_vdef
);
5824 BITMAP_FREE (visited
);
5825 if (count_vdef
== 0)
5827 /* If there were too many vdefs in between immediate
5828 dominator and current bb, invalidate everything.
5829 If stridx_to_strinfo has been unshared, we need
5830 to free it, otherwise just set it to NULL. */
5831 if (!strinfo_shared ())
5837 vec_safe_iterate (stridx_to_strinfo
, i
, &si
);
5841 (*stridx_to_strinfo
)[i
] = NULL
;
5845 stridx_to_strinfo
= NULL
;
5853 /* If all PHI arguments have the same string index, the PHI result
5855 for (gphi_iterator gsi
= gsi_start_phis (bb
); !gsi_end_p (gsi
);
5858 gphi
*phi
= gsi
.phi ();
5859 tree result
= gimple_phi_result (phi
);
5860 if (!virtual_operand_p (result
) && POINTER_TYPE_P (TREE_TYPE (result
)))
5862 int idx
= get_stridx (gimple_phi_arg_def (phi
, 0));
5865 unsigned int i
, n
= gimple_phi_num_args (phi
);
5866 for (i
= 1; i
< n
; i
++)
5867 if (idx
!= get_stridx (gimple_phi_arg_def (phi
, i
)))
5870 ssa_ver_to_stridx
[SSA_NAME_VERSION (result
)] = idx
;
5875 bool cleanup_eh
= false;
5877 /* Attempt to optimize individual statements. */
5878 for (gimple_stmt_iterator gsi
= gsi_start_bb (bb
); !gsi_end_p (gsi
); )
5880 gimple
*stmt
= gsi_stmt (gsi
);
5882 /* First record ranges generated by this statement so they
5883 can be used by printf argument processing. */
5884 evrp
.record_ranges_from_stmt (stmt
, false);
5886 if (check_and_optimize_stmt (&gsi
, &cleanup_eh
, &evrp
))
5890 if (cleanup_eh
&& gimple_purge_dead_eh_edges (bb
))
5891 m_cleanup_cfg
= true;
5893 bb
->aux
= stridx_to_strinfo
;
5894 if (vec_safe_length (stridx_to_strinfo
) && !strinfo_shared ())
5895 (*stridx_to_strinfo
)[0] = (strinfo
*) bb
;
5899 /* Callback for walk_dominator_tree. Free strinfo vector if it is
5900 owned by the current bb, clear bb->aux. */
5903 strlen_dom_walker::after_dom_children (basic_block bb
)
5909 stridx_to_strinfo
= ((vec
<strinfo
*, va_heap
, vl_embed
> *) bb
->aux
);
5910 if (vec_safe_length (stridx_to_strinfo
)
5911 && (*stridx_to_strinfo
)[0] == (strinfo
*) bb
)
5916 for (i
= 1; vec_safe_iterate (stridx_to_strinfo
, i
, &si
); ++i
)
5918 vec_free (stridx_to_strinfo
);
5927 printf_strlen_execute (function
*fun
, bool warn_only
)
5929 strlen_optimize
= !warn_only
;
5931 calculate_dominance_info (CDI_DOMINATORS
);
5933 bool use_scev
= optimize
> 0 && flag_printf_return_value
;
5936 loop_optimizer_init (LOOPS_NORMAL
);
5940 gcc_assert (!strlen_to_stridx
);
5941 if (warn_stringop_overflow
|| warn_stringop_truncation
)
5942 strlen_to_stridx
= new hash_map
<tree
, stridx_strlenloc
> ();
5944 /* This has to happen after initializing the loop optimizer
5945 and initializing SCEV as they create new SSA_NAMEs. */
5946 ssa_ver_to_stridx
.safe_grow_cleared (num_ssa_names
, true);
5949 /* String length optimization is implemented as a walk of the dominator
5950 tree and a forward walk of statements within each block. */
5951 strlen_dom_walker
walker (CDI_DOMINATORS
);
5952 walker
.walk (ENTRY_BLOCK_PTR_FOR_FN (fun
));
5954 ssa_ver_to_stridx
.release ();
5955 strinfo_pool
.release ();
5956 if (decl_to_stridxlist_htab
)
5958 obstack_free (&stridx_obstack
, NULL
);
5959 delete decl_to_stridxlist_htab
;
5960 decl_to_stridxlist_htab
= NULL
;
5962 laststmt
.stmt
= NULL
;
5963 laststmt
.len
= NULL_TREE
;
5964 laststmt
.stridx
= 0;
5966 if (strlen_to_stridx
)
5968 strlen_to_stridx
->empty ();
5969 delete strlen_to_stridx
;
5970 strlen_to_stridx
= NULL
;
5976 loop_optimizer_finalize ();
5979 /* Clean up object size info. */
5980 fini_object_sizes ();
5982 return walker
.m_cleanup_cfg
? TODO_cleanup_cfg
: 0;
5985 /* This file defines two passes: one for warnings that runs only when
5986 optimization is disabled, and another that implements optimizations
5987 and also issues warnings. */
5989 const pass_data pass_data_warn_printf
=
5991 GIMPLE_PASS
, /* type */
5992 "warn-printf", /* name */
5993 OPTGROUP_NONE
, /* optinfo_flags */
5994 TV_NONE
, /* tv_id */
5995 /* Normally an optimization pass would require PROP_ssa but because
5996 this pass runs early, with no optimization, to do sprintf format
5997 checking, it only requires PROP_cfg. */
5998 PROP_cfg
, /* properties_required */
5999 0, /* properties_provided */
6000 0, /* properties_destroyed */
6001 0, /* todo_flags_start */
6002 0, /* todo_flags_finish */
6005 class pass_warn_printf
: public gimple_opt_pass
6008 pass_warn_printf (gcc::context
*ctxt
)
6009 : gimple_opt_pass (pass_data_warn_printf
, ctxt
)
6012 virtual bool gate (function
*);
6013 virtual unsigned int execute (function
*fun
)
6015 return printf_strlen_execute (fun
, true);
6020 /* Return true to run the warning pass only when not optimizing and
6021 iff either -Wformat-overflow or -Wformat-truncation is specified. */
6024 pass_warn_printf::gate (function
*)
6026 return !optimize
&& (warn_format_overflow
> 0 || warn_format_trunc
> 0);
6029 const pass_data pass_data_strlen
=
6031 GIMPLE_PASS
, /* type */
6032 "strlen", /* name */
6033 OPTGROUP_NONE
, /* optinfo_flags */
6034 TV_TREE_STRLEN
, /* tv_id */
6035 PROP_cfg
| PROP_ssa
, /* properties_required */
6036 0, /* properties_provided */
6037 0, /* properties_destroyed */
6038 0, /* todo_flags_start */
6039 0, /* todo_flags_finish */
6042 class pass_strlen
: public gimple_opt_pass
6045 pass_strlen (gcc::context
*ctxt
)
6046 : gimple_opt_pass (pass_data_strlen
, ctxt
)
6049 opt_pass
* clone () { return new pass_strlen (m_ctxt
); }
6051 virtual bool gate (function
*);
6052 virtual unsigned int execute (function
*fun
)
6054 return printf_strlen_execute (fun
, false);
6058 /* Return true to run the pass only when the sprintf and/or strlen
6059 optimizations are enabled and -Wformat-overflow or -Wformat-truncation
6063 pass_strlen::gate (function
*)
6065 return ((warn_format_overflow
> 0
6066 || warn_format_trunc
> 0
6067 || warn_restrict
> 0
6068 || flag_optimize_strlen
> 0
6069 || flag_printf_return_value
)
6076 make_pass_warn_printf (gcc::context
*ctxt
)
6078 return new pass_warn_printf (ctxt
);
6082 make_pass_strlen (gcc::context
*ctxt
)
6084 return new pass_strlen (ctxt
);