search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix PR ada/97504 on hppa*-*-hpux*.
[official-gcc.git] / gcc / tree-ssa-strlen.c
blobf365c2d0c4543a17570229da47ad4639016cdb4c
1 /* String length optimization
2 Copyright (C) 2011-2020 Free Software Foundation, Inc.
3 Contributed by Jakub Jelinek <jakub@redhat.com>
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
11
12 GCC is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "backend.h"
25 #include "rtl.h"
26 #include "tree.h"
27 #include "gimple.h"
28 #include "alloc-pool.h"
29 #include "tree-pass.h"
30 #include "ssa.h"
31 #include "cgraph.h"
32 #include "gimple-pretty-print.h"
33 #include "gimple-ssa-warn-restrict.h"
34 #include "fold-const.h"
35 #include "stor-layout.h"
36 #include "gimple-fold.h"
37 #include "tree-eh.h"
38 #include "gimplify.h"
39 #include "gimple-iterator.h"
40 #include "gimplify-me.h"
41 #include "expr.h"
42 #include "tree-cfg.h"
43 #include "tree-dfa.h"
44 #include "domwalk.h"
45 #include "tree-ssa-alias.h"
46 #include "tree-ssa-propagate.h"
47 #include "tree-ssa-strlen.h"
48 #include "tree-hash-traits.h"
49 #include "tree-object-size.h"
50 #include "builtins.h"
51 #include "target.h"
52 #include "diagnostic-core.h"
53 #include "diagnostic.h"
54 #include "intl.h"
55 #include "attribs.h"
56 #include "calls.h"
57 #include "cfgloop.h"
58 #include "tree-ssa-loop.h"
59 #include "tree-scalar-evolution.h"
60 #include "vr-values.h"
61 #include "gimple-ssa-evrp-analyze.h"
62 #include "tree-ssa.h"
63
64 /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
65 is an index into strinfo vector, negative value stands for
66 string length of a string literal (~strlen). */
67 static vec<int> ssa_ver_to_stridx;
68
69 /* Number of currently active string indexes plus one. */
70 static int max_stridx;
71
72 /* Set to true to optimize, false when just checking. */
73 static bool strlen_optimize;
74
75 /* String information record. */
76 struct strinfo
77 {
78 /* Number of leading characters that are known to be nonzero. This is
79 also the length of the string if FULL_STRING_P.
80
81 The values in a list of related string pointers must be consistent;
82 that is, if strinfo B comes X bytes after strinfo A, it must be
83 the case that A->nonzero_chars == X + B->nonzero_chars. */
84 tree nonzero_chars;
85 /* Any of the corresponding pointers for querying alias oracle. */
86 tree ptr;
87 /* STMT is used for two things:
88
89 - To record the statement that should be used for delayed length
90 computations. We maintain the invariant that all related strinfos
91 have delayed lengths or none do.
92
93 - To record the malloc or calloc call that produced this result
94 to optimize away malloc/memset sequences. STMT is reset after
95 a calloc-allocated object has been stored a non-zero value into. */
96 gimple *stmt;
97 /* Set to the dynamic allocation statement for the object (alloca,
98 calloc, malloc, or VLA). Unlike STMT, once set for a strinfo
99 object, ALLOC doesn't change. */
100 gimple *alloc;
101 /* Pointer to '\0' if known, if NULL, it can be computed as
102 ptr + length. */
103 tree endptr;
104 /* Reference count. Any changes to strinfo entry possibly shared
105 with dominating basic blocks need unshare_strinfo first, except
106 for dont_invalidate which affects only the immediately next
107 maybe_invalidate. */
108 int refcount;
109 /* Copy of index. get_strinfo (si->idx) should return si; */
110 int idx;
111 /* These 3 fields are for chaining related string pointers together.
112 E.g. for
113 bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
114 strcpy (c, d); e = c + dl;
115 strinfo(a) -> strinfo(c) -> strinfo(e)
116 All have ->first field equal to strinfo(a)->idx and are doubly
117 chained through prev/next fields. The later strinfos are required
118 to point into the same string with zero or more bytes after
119 the previous pointer and all bytes in between the two pointers
120 must be non-zero. Functions like strcpy or memcpy are supposed
121 to adjust all previous strinfo lengths, but not following strinfo
122 lengths (those are uncertain, usually invalidated during
123 maybe_invalidate, except when the alias oracle knows better).
124 Functions like strcat on the other side adjust the whole
125 related strinfo chain.
126 They are updated lazily, so to use the chain the same first fields
127 and si->prev->next == si->idx needs to be verified. */
128 int first;
129 int next;
130 int prev;
131 /* A flag whether the string is known to be written in the current
132 function. */
133 bool writable;
134 /* A flag for the next maybe_invalidate that this strinfo shouldn't
135 be invalidated. Always cleared by maybe_invalidate. */
136 bool dont_invalidate;
137 /* True if the string is known to be nul-terminated after NONZERO_CHARS
138 characters. False is useful when detecting strings that are built
139 up via successive memcpys. */
140 bool full_string_p;
141 };
142
143 /* Pool for allocating strinfo_struct entries. */
144 static object_allocator<strinfo> strinfo_pool ("strinfo pool");
145
146 /* Vector mapping positive string indexes to strinfo, for the
147 current basic block. The first pointer in the vector is special,
148 it is either NULL, meaning the vector isn't shared, or it is
149 a basic block pointer to the owner basic_block if shared.
150 If some other bb wants to modify the vector, the vector needs
151 to be unshared first, and only the owner bb is supposed to free it. */
152 static vec<strinfo *, va_heap, vl_embed> *stridx_to_strinfo;
153
154 /* One OFFSET->IDX mapping. */
155 struct stridxlist
156 {
157 struct stridxlist *next;
158 HOST_WIDE_INT offset;
159 int idx;
160 };
161
162 /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
163 struct decl_stridxlist_map
164 {
165 struct tree_map_base base;
166 struct stridxlist list;
167 };
168
169 /* Hash table for mapping decls to a chained list of offset -> idx
170 mappings. */
171 typedef hash_map<tree_decl_hash, stridxlist> decl_to_stridxlist_htab_t;
172 static decl_to_stridxlist_htab_t *decl_to_stridxlist_htab;
173
174 /* Hash table mapping strlen (or strnlen with constant bound and return
175 smaller than bound) calls to stridx instances describing
176 the calls' arguments. Non-null only when warn_stringop_truncation
177 is non-zero. */
178 typedef std::pair<int, location_t> stridx_strlenloc;
179 static hash_map<tree, stridx_strlenloc> *strlen_to_stridx;
180
181 /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
182 static struct obstack stridx_obstack;
183
184 /* Last memcpy statement if it could be adjusted if the trailing
185 '\0' written is immediately overwritten, or
186 *x = '\0' store that could be removed if it is immediately overwritten. */
187 struct laststmt_struct
188 {
189 gimple *stmt;
190 tree len;
191 int stridx;
192 } laststmt;
193
194 static int get_stridx_plus_constant (strinfo *, unsigned HOST_WIDE_INT, tree);
195 static void handle_builtin_stxncpy_strncat (bool, gimple_stmt_iterator *);
196
197 /* Sets MINMAX to either the constant value or the range VAL is in
198 and returns either the constant value or VAL on success or null
199 when the range couldn't be determined. Uses RVALS when nonnull
200 to determine the range, otherwise get_range_info. */
201
202 tree
203 get_range (tree val, gimple *stmt, wide_int minmax[2],
204 range_query *rvals /* = NULL */)
205 {
206 if (TREE_CODE (val) == INTEGER_CST)
207 {
208 minmax[0] = minmax[1] = wi::to_wide (val);
209 return val;
210 }
211
212 if (TREE_CODE (val) != SSA_NAME)
213 return NULL_TREE;
214
215 if (rvals && stmt)
216 {
217 value_range vr;
218 if (!rvals->range_of_expr (vr, val, stmt))
219 return NULL_TREE;
220 value_range_kind rng = vr.kind ();
221 if (rng != VR_RANGE)
222 return NULL_TREE;
223
224 minmax[0] = wi::to_wide (vr.min ());
225 minmax[1] = wi::to_wide (vr.max ());
226 return val;
227 }
228
229 value_range_kind rng = get_range_info (val, minmax, minmax + 1);
230 if (rng == VR_RANGE)
231 /* This may be an inverted range whose MINMAX[1] < MINMAX[0]. */
232 return val;
233
234 if (rng == VR_ANTI_RANGE)
235 {
236 /* An anti-range is the same as an ordinary range with inverted
237 bounds (where MINMAX[1] < MINMAX[0] is true) that may result
238 from the conversion of a signed anti-range to unsigned. */
239 wide_int tmp = minmax[0];
240 minmax[0] = minmax[1] + 1;
241 minmax[1] = wi::sub (tmp, 1);
242 return val;
243 }
244
245 /* Do not handle anti-ranges and instead make use of the on-demand
246 VRP if/when it becomes available (hopefully in GCC 11). */
247 return NULL_TREE;
248 }
249
250 /* Return:
251
252 * +1 if SI is known to start with more than OFF nonzero characters.
253
254 * 0 if SI is known to start with exactly OFF nonzero characters.
255
256 * -1 if SI either does not start with OFF nonzero characters
257 or the relationship between the number of leading nonzero
258 characters in SI and OFF is unknown. */
259
260 static inline int
261 compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off)
262 {
263 if (si->nonzero_chars
264 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
265 return compare_tree_int (si->nonzero_chars, off);
266 else
267 return -1;
268 }
269
270 /* Same as above but suitable also for strings with non-constant lengths.
271 Uses RVALS to determine length range. */
272
273 static int
274 compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off,
275 range_query *rvals)
276 {
277 if (!si->nonzero_chars)
278 return -1;
279
280 if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
281 return compare_tree_int (si->nonzero_chars, off);
282
283 if (!rvals || TREE_CODE (si->nonzero_chars) != SSA_NAME)
284 return -1;
285
286 value_range vr;
287 if (!rvals->range_of_expr (vr, si->nonzero_chars, si->stmt))
288 return -1;
289 value_range_kind rng = vr.kind ();
290 if (rng != VR_RANGE)
291 return -1;
292
293 /* If the offset is less than the minimum length or if the bounds
294 of the length range are equal return the result of the comparison
295 same as in the constant case. Otherwise return a conservative
296 result. */
297 int cmpmin = compare_tree_int (vr.min (), off);
298 if (cmpmin > 0 || tree_int_cst_equal (vr.min (), vr.max ()))
299 return cmpmin;
300
301 return -1;
302 }
303
304 /* Return true if SI is known to be a zero-length string. */
305
306 static inline bool
307 zero_length_string_p (strinfo *si)
308 {
309 return si->full_string_p && integer_zerop (si->nonzero_chars);
310 }
311
312 /* Return strinfo vector entry IDX. */
313
314 static inline strinfo *
315 get_strinfo (int idx)
316 {
317 if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
318 return NULL;
319 return (*stridx_to_strinfo)[idx];
320 }
321
322 /* Get the next strinfo in the chain after SI, or null if none. */
323
324 static inline strinfo *
325 get_next_strinfo (strinfo *si)
326 {
327 if (si->next == 0)
328 return NULL;
329 strinfo *nextsi = get_strinfo (si->next);
330 if (nextsi == NULL || nextsi->first != si->first || nextsi->prev != si->idx)
331 return NULL;
332 return nextsi;
333 }
334
335 /* Helper function for get_stridx. Return the strinfo index of the address
336 of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
337 OK to return the index for some X <= &EXP and store &EXP - X in
338 *OFFSET_OUT. When RVALS is nonnull uses it to determine range
339 information. */
340
341 static int
342 get_addr_stridx (tree exp, tree ptr, unsigned HOST_WIDE_INT *offset_out,
343 range_query *rvals = NULL)
344 {
345 HOST_WIDE_INT off;
346 struct stridxlist *list, *last = NULL;
347 tree base;
348
349 if (!decl_to_stridxlist_htab)
350 return 0;
351
352 poly_int64 poff;
353 base = get_addr_base_and_unit_offset (exp, &poff);
354 if (base == NULL || !DECL_P (base) || !poff.is_constant (&off))
355 return 0;
356
357 list = decl_to_stridxlist_htab->get (base);
358 if (list == NULL)
359 return 0;
360
361 do
362 {
363 if (list->offset == off)
364 {
365 if (offset_out)
366 *offset_out = 0;
367 return list->idx;
368 }
369 if (list->offset > off)
370 return 0;
371 last = list;
372 list = list->next;
373 }
374 while (list);
375
376 if ((offset_out || ptr) && last && last->idx > 0)
377 {
378 unsigned HOST_WIDE_INT rel_off
379 = (unsigned HOST_WIDE_INT) off - last->offset;
380 strinfo *si = get_strinfo (last->idx);
381 if (si && compare_nonzero_chars (si, rel_off, rvals) >= 0)
382 {
383 if (offset_out)
384 {
385 *offset_out = rel_off;
386 return last->idx;
387 }
388 else
389 return get_stridx_plus_constant (si, rel_off, ptr);
390 }
391 }
392 return 0;
393 }
394
395 /* Returns string index for EXP. When EXP is an SSA_NAME that refers
396 to a known strinfo with an offset and OFFRNG is non-null, sets
397 both elements of the OFFRNG array to the range of the offset and
398 returns the index of the known strinfo. In this case the result
399 must not be used in for functions that modify the string.
400 When nonnull, uses RVALS to determine range information. */
401
402 static int
403 get_stridx (tree exp, wide_int offrng[2] = NULL, range_query *rvals = NULL)
404 {
405 if (offrng)
406 offrng[0] = offrng[1] = wi::zero (TYPE_PRECISION (ptrdiff_type_node));
407
408 if (TREE_CODE (exp) == SSA_NAME)
409 {
410 if (ssa_ver_to_stridx[SSA_NAME_VERSION (exp)])
411 return ssa_ver_to_stridx[SSA_NAME_VERSION (exp)];
412
413 tree e = exp;
414 int last_idx = 0;
415 HOST_WIDE_INT offset = 0;
416 /* Follow a chain of at most 5 assignments. */
417 for (int i = 0; i < 5; i++)
418 {
419 gimple *def_stmt = SSA_NAME_DEF_STMT (e);
420 if (!is_gimple_assign (def_stmt))
421 return last_idx;
422
423 tree_code rhs_code = gimple_assign_rhs_code (def_stmt);
424 tree ptr, off;
425
426 if (rhs_code == ADDR_EXPR)
427 {
428 /* Handle indices/offsets into VLAs which are implemented
429 as pointers to arrays. */
430 ptr = gimple_assign_rhs1 (def_stmt);
431 ptr = TREE_OPERAND (ptr, 0);
432
433 /* Handle also VLAs of types larger than char. */
434 if (tree eltsize = TYPE_SIZE_UNIT (TREE_TYPE (ptr)))
435 {
436 if (TREE_CODE (ptr) == ARRAY_REF)
437 {
438 off = TREE_OPERAND (ptr, 1);
439 ptr = TREE_OPERAND (ptr, 0);
440 if (!integer_onep (eltsize))
441 {
442 /* Scale the array index by the size of the element
443 type in the rare case that it's greater than
444 the typical 1 for char, making sure both operands
445 have the same type. */
446 eltsize = fold_convert (ssizetype, eltsize);
447 off = fold_convert (ssizetype, off);
448 off = fold_build2 (MULT_EXPR, ssizetype, off, eltsize);
449 }
450 }
451 else
452 off = integer_zero_node;
453 }
454 else
455 return 0;
456
457 if (TREE_CODE (ptr) != MEM_REF)
458 return 0;
459
460 /* Add the MEM_REF byte offset. */
461 tree mem_off = TREE_OPERAND (ptr, 1);
462 off = fold_build2 (PLUS_EXPR, TREE_TYPE (off), off, mem_off);
463 ptr = TREE_OPERAND (ptr, 0);
464 }
465 else if (rhs_code == POINTER_PLUS_EXPR)
466 {
467 ptr = gimple_assign_rhs1 (def_stmt);
468 off = gimple_assign_rhs2 (def_stmt);
469 }
470 else
471 return 0;
472
473 if (TREE_CODE (ptr) != SSA_NAME)
474 return 0;
475
476 if (!tree_fits_shwi_p (off))
477 {
478 if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
479 if (offrng)
480 {
481 /* Only when requested by setting OFFRNG to non-null,
482 return the index corresponding to the SSA_NAME.
483 Do this irrespective of the whether the offset
484 is known. */
485 if (get_range (off, def_stmt, offrng, rvals))
486 {
487 /* When the offset range is known, increment it
488 it by the constant offset computed in prior
489 iterations and store it in the OFFRNG array. */
490 offrng[0] += offset;
491 offrng[1] += offset;
492 }
493 else
494 {
495 /* When the offset range cannot be determined
496 store [0, SIZE_MAX] and let the caller decide
497 if the offset matters. */
498 offrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
499 offrng[0] = wi::zero (offrng[1].get_precision ());
500 }
501 return idx;
502 }
503 return 0;
504 }
505
506 HOST_WIDE_INT this_off = tree_to_shwi (off);
507 if (offrng)
508 {
509 offrng[0] += wi::shwi (this_off, offrng->get_precision ());
510 offrng[1] += offrng[0];
511 }
512
513 if (this_off < 0)
514 return last_idx;
515
516 offset = (unsigned HOST_WIDE_INT) offset + this_off;
517 if (offset < 0)
518 return last_idx;
519
520 if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
521 {
522 strinfo *si = get_strinfo (idx);
523 if (si)
524 {
525 if (compare_nonzero_chars (si, offset) >= 0)
526 return get_stridx_plus_constant (si, offset, exp);
527
528 if (offrng)
529 last_idx = idx;
530 }
531 }
532 e = ptr;
533 }
534
535 return last_idx;
536 }
537
538 if (TREE_CODE (exp) == ADDR_EXPR)
539 {
540 int idx = get_addr_stridx (TREE_OPERAND (exp, 0), exp, NULL);
541 if (idx != 0)
542 return idx;
543 }
544
545 const char *p = c_getstr (exp);
546 if (p)
547 return ~(int) strlen (p);
548
549 return 0;
550 }
551
552 /* Return true if strinfo vector is shared with the immediate dominator. */
553
554 static inline bool
555 strinfo_shared (void)
556 {
557 return vec_safe_length (stridx_to_strinfo)
558 && (*stridx_to_strinfo)[0] != NULL;
559 }
560
561 /* Unshare strinfo vector that is shared with the immediate dominator. */
562
563 static void
564 unshare_strinfo_vec (void)
565 {
566 strinfo *si;
567 unsigned int i = 0;
568
569 gcc_assert (strinfo_shared ());
570 stridx_to_strinfo = vec_safe_copy (stridx_to_strinfo);
571 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
572 if (si != NULL)
573 si->refcount++;
574 (*stridx_to_strinfo)[0] = NULL;
575 }
576
577 /* Attempt to create a string index for exp, ADDR_EXPR's operand.
578 Return a pointer to the location where the string index can
579 be stored (if 0) or is stored, or NULL if this can't be tracked. */
580
581 static int *
582 addr_stridxptr (tree exp)
583 {
584 HOST_WIDE_INT off;
585
586 poly_int64 poff;
587 tree base = get_addr_base_and_unit_offset (exp, &poff);
588 if (base == NULL_TREE || !DECL_P (base) || !poff.is_constant (&off))
589 return NULL;
590
591 if (!decl_to_stridxlist_htab)
592 {
593 decl_to_stridxlist_htab
594 = new hash_map<tree_decl_hash, stridxlist> (64);
595 gcc_obstack_init (&stridx_obstack);
596 }
597
598 bool existed;
599 stridxlist *list = &decl_to_stridxlist_htab->get_or_insert (base, &existed);
600 if (existed)
601 {
602 int i;
603 stridxlist *before = NULL;
604 for (i = 0; i < 32; i++)
605 {
606 if (list->offset == off)
607 return &list->idx;
608 if (list->offset > off && before == NULL)
609 before = list;
610 if (list->next == NULL)
611 break;
612 list = list->next;
613 }
614 if (i == 32)
615 return NULL;
616 if (before)
617 {
618 list = before;
619 before = XOBNEW (&stridx_obstack, struct stridxlist);
620 *before = *list;
621 list->next = before;
622 list->offset = off;
623 list->idx = 0;
624 return &list->idx;
625 }
626 list->next = XOBNEW (&stridx_obstack, struct stridxlist);
627 list = list->next;
628 }
629
630 list->next = NULL;
631 list->offset = off;
632 list->idx = 0;
633 return &list->idx;
634 }
635
636 /* Create a new string index, or return 0 if reached limit. */
637
638 static int
639 new_stridx (tree exp)
640 {
641 int idx;
642 if (max_stridx >= param_max_tracked_strlens)
643 return 0;
644 if (TREE_CODE (exp) == SSA_NAME)
645 {
646 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp))
647 return 0;
648 idx = max_stridx++;
649 ssa_ver_to_stridx[SSA_NAME_VERSION (exp)] = idx;
650 return idx;
651 }
652 if (TREE_CODE (exp) == ADDR_EXPR)
653 {
654 int *pidx = addr_stridxptr (TREE_OPERAND (exp, 0));
655 if (pidx != NULL)
656 {
657 gcc_assert (*pidx == 0);
658 *pidx = max_stridx++;
659 return *pidx;
660 }
661 }
662 return 0;
663 }
664
665 /* Like new_stridx, but for ADDR_EXPR's operand instead. */
666
667 static int
668 new_addr_stridx (tree exp)
669 {
670 int *pidx;
671 if (max_stridx >= param_max_tracked_strlens)
672 return 0;
673 pidx = addr_stridxptr (exp);
674 if (pidx != NULL)
675 {
676 gcc_assert (*pidx == 0);
677 *pidx = max_stridx++;
678 return *pidx;
679 }
680 return 0;
681 }
682
683 /* Create a new strinfo. */
684
685 static strinfo *
686 new_strinfo (tree ptr, int idx, tree nonzero_chars, bool full_string_p)
687 {
688 strinfo *si = strinfo_pool.allocate ();
689 si->nonzero_chars = nonzero_chars;
690 STRIP_USELESS_TYPE_CONVERSION (ptr);
691 si->ptr = ptr;
692 si->stmt = NULL;
693 si->alloc = NULL;
694 si->endptr = NULL_TREE;
695 si->refcount = 1;
696 si->idx = idx;
697 si->first = 0;
698 si->prev = 0;
699 si->next = 0;
700 si->writable = false;
701 si->dont_invalidate = false;
702 si->full_string_p = full_string_p;
703 return si;
704 }
705
706 /* Decrease strinfo refcount and free it if not referenced anymore. */
707
708 static inline void
709 free_strinfo (strinfo *si)
710 {
711 if (si && --si->refcount == 0)
712 strinfo_pool.remove (si);
713 }
714
715 /* Set strinfo in the vector entry IDX to SI. */
716
717 static inline void
718 set_strinfo (int idx, strinfo *si)
719 {
720 if (vec_safe_length (stridx_to_strinfo) && (*stridx_to_strinfo)[0])
721 unshare_strinfo_vec ();
722 if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
723 vec_safe_grow_cleared (stridx_to_strinfo, idx + 1, true);
724 (*stridx_to_strinfo)[idx] = si;
725 }
726
727 /* Return the first strinfo in the related strinfo chain
728 if all strinfos in between belong to the chain, otherwise NULL. */
729
730 static strinfo *
731 verify_related_strinfos (strinfo *origsi)
732 {
733 strinfo *si = origsi, *psi;
734
735 if (origsi->first == 0)
736 return NULL;
737 for (; si->prev; si = psi)
738 {
739 if (si->first != origsi->first)
740 return NULL;
741 psi = get_strinfo (si->prev);
742 if (psi == NULL)
743 return NULL;
744 if (psi->next != si->idx)
745 return NULL;
746 }
747 if (si->idx != si->first)
748 return NULL;
749 return si;
750 }
751
752 /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
753 Use LOC for folding. */
754
755 static void
756 set_endptr_and_length (location_t loc, strinfo *si, tree endptr)
757 {
758 si->endptr = endptr;
759 si->stmt = NULL;
760 tree start_as_size = fold_convert_loc (loc, size_type_node, si->ptr);
761 tree end_as_size = fold_convert_loc (loc, size_type_node, endptr);
762 si->nonzero_chars = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
763 end_as_size, start_as_size);
764 si->full_string_p = true;
765 }
766
767 /* Return the string length, or NULL if it can't be computed.
768 The length may but need not be constant. Instead, it might be
769 the result of a strlen() call. */
770
771 static tree
772 get_string_length (strinfo *si)
773 {
774 /* If the length has already been computed return it if it's exact
775 (i.e., the string is nul-terminated at NONZERO_CHARS), or return
776 null if it isn't. */
777 if (si->nonzero_chars)
778 return si->full_string_p ? si->nonzero_chars : NULL;
779
780 /* If the string is the result of one of the built-in calls below
781 attempt to compute the length from the call statement. */
782 if (si->stmt)
783 {
784 gimple *stmt = si->stmt, *lenstmt;
785 tree callee, lhs, fn, tem;
786 location_t loc;
787 gimple_stmt_iterator gsi;
788
789 gcc_assert (is_gimple_call (stmt));
790 callee = gimple_call_fndecl (stmt);
791 gcc_assert (callee && fndecl_built_in_p (callee, BUILT_IN_NORMAL));
792 lhs = gimple_call_lhs (stmt);
793 /* unshare_strinfo is intentionally not called here. The (delayed)
794 transformation of strcpy or strcat into stpcpy is done at the place
795 of the former strcpy/strcat call and so can affect all the strinfos
796 with the same stmt. If they were unshared before and transformation
797 has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
798 just compute the right length. */
799 switch (DECL_FUNCTION_CODE (callee))
800 {
801 case BUILT_IN_STRCAT:
802 case BUILT_IN_STRCAT_CHK:
803 gsi = gsi_for_stmt (stmt);
804 fn = builtin_decl_implicit (BUILT_IN_STRLEN);
805 gcc_assert (lhs == NULL_TREE);
806 tem = unshare_expr (gimple_call_arg (stmt, 0));
807 lenstmt = gimple_build_call (fn, 1, tem);
808 lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), lenstmt);
809 gimple_call_set_lhs (lenstmt, lhs);
810 gimple_set_vuse (lenstmt, gimple_vuse (stmt));
811 gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
812 tem = gimple_call_arg (stmt, 0);
813 if (!ptrofftype_p (TREE_TYPE (lhs)))
814 {
815 lhs = convert_to_ptrofftype (lhs);
816 lhs = force_gimple_operand_gsi (&gsi, lhs, true, NULL_TREE,
817 true, GSI_SAME_STMT);
818 }
819 lenstmt = gimple_build_assign
820 (make_ssa_name (TREE_TYPE (gimple_call_arg (stmt, 0))),
821 POINTER_PLUS_EXPR,tem, lhs);
822 gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
823 gimple_call_set_arg (stmt, 0, gimple_assign_lhs (lenstmt));
824 lhs = NULL_TREE;
825 /* FALLTHRU */
826 case BUILT_IN_STRCPY:
827 case BUILT_IN_STRCPY_CHK:
828 gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY));
829 if (gimple_call_num_args (stmt) == 2)
830 fn = builtin_decl_implicit (BUILT_IN_STPCPY);
831 else
832 fn = builtin_decl_explicit (BUILT_IN_STPCPY_CHK);
833 gcc_assert (lhs == NULL_TREE);
834 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
835 {
836 fprintf (dump_file, "Optimizing: ");
837 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
838 }
839 gimple_call_set_fndecl (stmt, fn);
840 lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt);
841 gimple_call_set_lhs (stmt, lhs);
842 update_stmt (stmt);
843 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
844 {
845 fprintf (dump_file, "into: ");
846 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
847 }
848 /* FALLTHRU */
849 case BUILT_IN_STPCPY:
850 case BUILT_IN_STPCPY_CHK:
851 gcc_assert (lhs != NULL_TREE);
852 loc = gimple_location (stmt);
853 set_endptr_and_length (loc, si, lhs);
854 for (strinfo *chainsi = verify_related_strinfos (si);
855 chainsi != NULL;
856 chainsi = get_next_strinfo (chainsi))
857 if (chainsi->nonzero_chars == NULL)
858 set_endptr_and_length (loc, chainsi, lhs);
859 break;
860 case BUILT_IN_ALLOCA:
861 case BUILT_IN_ALLOCA_WITH_ALIGN:
862 case BUILT_IN_MALLOC:
863 break;
864 /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
865 default:
866 gcc_unreachable ();
867 break;
868 }
869 }
870
871 return si->nonzero_chars;
872 }
873
874 /* Dump strlen data to FP for statement STMT. When non-null, RVALS
875 points to the valuation engine used to calculate ranges, and is
876 used to dump strlen range for non-constant results. */
877
878 DEBUG_FUNCTION void
879 dump_strlen_info (FILE *fp, gimple *stmt, range_query *rvals)
880 {
881 if (stmt)
882 {
883 fprintf (fp, "\nDumping strlen pass data after ");
884 print_gimple_expr (fp, stmt, TDF_LINENO);
885 fputc ('\n', fp);
886 }
887 else
888 fprintf (fp, "\nDumping strlen pass data\n");
889
890 fprintf (fp, "max_stridx = %i\n", max_stridx);
891 fprintf (fp, "ssa_ver_to_stridx has %u elements\n",
892 ssa_ver_to_stridx.length ());
893 fprintf (fp, "stridx_to_strinfo");
894 if (stridx_to_strinfo)
895 {
896 fprintf (fp, " has %u elements\n", stridx_to_strinfo->length ());
897 for (unsigned i = 0; i != stridx_to_strinfo->length (); ++i)
898 {
899 if (strinfo *si = (*stridx_to_strinfo)[i])
900 {
901 if (!si->idx)
902 continue;
903 fprintf (fp, " idx = %i", si->idx);
904 if (si->ptr)
905 {
906 fprintf (fp, ", ptr = ");
907 print_generic_expr (fp, si->ptr);
908 }
909
910 if (si->nonzero_chars)
911 {
912 fprintf (fp, ", nonzero_chars = ");
913 print_generic_expr (fp, si->nonzero_chars);
914 if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
915 {
916 value_range_kind rng = VR_UNDEFINED;
917 wide_int min, max;
918 if (rvals)
919 {
920 value_range vr;
921 rvals->range_of_expr (vr, si->nonzero_chars,
922 si->stmt);
923 rng = vr.kind ();
924 if (range_int_cst_p (&vr))
925 {
926 min = wi::to_wide (vr.min ());
927 max = wi::to_wide (vr.max ());
928 }
929 else
930 rng = VR_UNDEFINED;
931 }
932 else
933 rng = get_range_info (si->nonzero_chars, &min, &max);
934
935 if (rng == VR_RANGE || rng == VR_ANTI_RANGE)
936 {
937 fprintf (fp, " %s[%llu, %llu]",
938 rng == VR_RANGE ? "" : "~",
939 (long long) min.to_uhwi (),
940 (long long) max.to_uhwi ());
941 }
942 }
943 }
944
945 fprintf (fp, ", refcount = %i", si->refcount);
946 if (si->stmt)
947 {
948 fprintf (fp, ", stmt = ");
949 print_gimple_expr (fp, si->stmt, 0);
950 }
951 if (si->alloc)
952 {
953 fprintf (fp, ", alloc = ");
954 print_gimple_expr (fp, si->alloc, 0);
955 }
956 if (si->writable)
957 fprintf (fp, ", writable");
958 if (si->dont_invalidate)
959 fprintf (fp, ", dont_invalidate");
960 if (si->full_string_p)
961 fprintf (fp, ", full_string_p");
962 if (strinfo *next = get_next_strinfo (si))
963 {
964 fprintf (fp, ", {");
965 do
966 fprintf (fp, "%i%s", next->idx, next->first ? ", " : "");
967 while ((next = get_next_strinfo (next)));
968 fprintf (fp, "}");
969 }
970 fputs ("\n", fp);
971 }
972 }
973 }
974 else
975 fprintf (fp, " = null\n");
976
977 fprintf (fp, "decl_to_stridxlist_htab");
978 if (decl_to_stridxlist_htab)
979 {
980 fputs ("\n", fp);
981 typedef decl_to_stridxlist_htab_t::iterator iter_t;
982 for (iter_t it = decl_to_stridxlist_htab->begin ();
983 it != decl_to_stridxlist_htab->end (); ++it)
984 {
985 tree decl = (*it).first;
986 stridxlist *list = &(*it).second;
987 fprintf (fp, " decl = ");
988 print_generic_expr (fp, decl);
989 if (list)
990 {
991 fprintf (fp, ", offsets = {");
992 for (; list; list = list->next)
993 fprintf (fp, "%lli%s", (long long) list->offset,
994 list->next ? ", " : "");
995 fputs ("}", fp);
996 }
997 fputs ("\n", fp);
998 }
999 }
1000 else
1001 fprintf (fp, " = null\n");
1002
1003 if (laststmt.stmt)
1004 {
1005 fprintf (fp, "laststmt = ");
1006 print_gimple_expr (fp, laststmt.stmt, 0);
1007 fprintf (fp, ", len = ");
1008 print_generic_expr (fp, laststmt.len);
1009 fprintf (fp, ", stridx = %i\n", laststmt.stridx);
1010 }
1011 }
1012
1013 /* Attempt to determine the length of the string SRC. On success, store
1014 the length in *PDATA and return true. Otherwise, return false.
1015 VISITED is a bitmap of visited PHI nodes. RVALS points to the valuation
1016 engine used to calculate ranges. PSSA_DEF_MAX to an SSA_NAME
1017 assignment limit used to prevent runaway recursion. */
1018
1019 static bool
1020 get_range_strlen_dynamic (tree src, gimple *stmt,
1021 c_strlen_data *pdata, bitmap *visited,
1022 range_query *rvals, unsigned *pssa_def_max)
1023 {
1024 int idx = get_stridx (src);
1025 if (!idx)
1026 {
1027 if (TREE_CODE (src) == SSA_NAME)
1028 {
1029 gimple *def_stmt = SSA_NAME_DEF_STMT (src);
1030 if (gimple_code (def_stmt) == GIMPLE_PHI)
1031 {
1032 if (!*visited)
1033 *visited = BITMAP_ALLOC (NULL);
1034
1035 if (!bitmap_set_bit (*visited, SSA_NAME_VERSION (src)))
1036 return true;
1037
1038 if (*pssa_def_max == 0)
1039 return false;
1040
1041 --*pssa_def_max;
1042
1043 /* Iterate over the PHI arguments and determine the minimum
1044 and maximum length/size of each and incorporate them into
1045 the overall result. */
1046 gphi *phi = as_a <gphi *> (def_stmt);
1047 for (unsigned i = 0; i != gimple_phi_num_args (phi); ++i)
1048 {
1049 tree arg = gimple_phi_arg_def (phi, i);
1050 if (arg == gimple_phi_result (def_stmt))
1051 continue;
1052
1053 c_strlen_data argdata = { };
1054 if (get_range_strlen_dynamic (arg, phi, &argdata, visited,
1055 rvals, pssa_def_max))
1056 {
1057 /* Set the DECL of an unterminated array this argument
1058 refers to if one hasn't been found yet. */
1059 if (!pdata->decl && argdata.decl)
1060 pdata->decl = argdata.decl;
1061
1062 if (!argdata.minlen
1063 || (integer_zerop (argdata.minlen)
1064 && (!argdata.maxbound
1065 || integer_all_onesp (argdata.maxbound))
1066 && integer_all_onesp (argdata.maxlen)))
1067 {
1068 /* Set the upper bound of the length to unbounded. */
1069 pdata->maxlen = build_all_ones_cst (size_type_node);
1070 continue;
1071 }
1072
1073 /* Adjust the minimum and maximum length determined
1074 so far and the upper bound on the array size. */
1075 if (!pdata->minlen
1076 || tree_int_cst_lt (argdata.minlen, pdata->minlen))
1077 pdata->minlen = argdata.minlen;
1078 if (!pdata->maxlen
1079 || (argdata.maxlen
1080 && tree_int_cst_lt (pdata->maxlen, argdata.maxlen)))
1081 pdata->maxlen = argdata.maxlen;
1082 if (!pdata->maxbound
1083 || TREE_CODE (pdata->maxbound) != INTEGER_CST
1084 || (argdata.maxbound
1085 && tree_int_cst_lt (pdata->maxbound,
1086 argdata.maxbound)
1087 && !integer_all_onesp (argdata.maxbound)))
1088 pdata->maxbound = argdata.maxbound;
1089 }
1090 else
1091 pdata->maxlen = build_all_ones_cst (size_type_node);
1092 }
1093
1094 return true;
1095 }
1096 }
1097
1098 /* Return success regardless of the result and handle *PDATA
1099 in the caller. */
1100 get_range_strlen (src, pdata, 1);
1101 return true;
1102 }
1103
1104 if (idx < 0)
1105 {
1106 /* SRC is a string of constant length. */
1107 pdata->minlen = build_int_cst (size_type_node, ~idx);
1108 pdata->maxlen = pdata->minlen;
1109 pdata->maxbound = pdata->maxlen;
1110 return true;
1111 }
1112
1113 if (strinfo *si = get_strinfo (idx))
1114 {
1115 pdata->minlen = get_string_length (si);
1116 if (!pdata->minlen && si->nonzero_chars)
1117 {
1118 if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
1119 pdata->minlen = si->nonzero_chars;
1120 else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
1121 {
1122 value_range vr;
1123 rvals->range_of_expr (vr, si->nonzero_chars, si->stmt);
1124 if (range_int_cst_p (&vr))
1125 {
1126 pdata->minlen = vr.min ();
1127 pdata->maxlen = vr.max ();
1128 }
1129 else
1130 pdata->minlen = build_zero_cst (size_type_node);
1131 }
1132 else
1133 pdata->minlen = build_zero_cst (size_type_node);
1134
1135 tree base = si->ptr;
1136 if (TREE_CODE (base) == ADDR_EXPR)
1137 base = TREE_OPERAND (base, 0);
1138
1139 HOST_WIDE_INT off;
1140 poly_int64 poff;
1141 base = get_addr_base_and_unit_offset (base, &poff);
1142 if (base
1143 && DECL_P (base)
1144 && TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE
1145 && TYPE_SIZE_UNIT (TREE_TYPE (base))
1146 && poff.is_constant (&off))
1147 {
1148 tree basetype = TREE_TYPE (base);
1149 tree size = TYPE_SIZE_UNIT (basetype);
1150 if (TREE_CODE (size) == INTEGER_CST)
1151 {
1152 ++off; /* Increment for the terminating nul. */
1153 tree toffset = build_int_cst (size_type_node, off);
1154 pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node, size,
1155 toffset);
1156 pdata->maxbound = pdata->maxlen;
1157 }
1158 else
1159 pdata->maxlen = build_all_ones_cst (size_type_node);
1160 }
1161 else
1162 pdata->maxlen = build_all_ones_cst (size_type_node);
1163 }
1164 else if (pdata->minlen && TREE_CODE (pdata->minlen) == SSA_NAME)
1165 {
1166 value_range vr;
1167 rvals->range_of_expr (vr, si->nonzero_chars, stmt);
1168 if (range_int_cst_p (&vr))
1169 {
1170 pdata->minlen = vr.min ();
1171 pdata->maxlen = vr.max ();
1172 pdata->maxbound = pdata->maxlen;
1173 }
1174 else
1175 {
1176 pdata->minlen = build_zero_cst (size_type_node);
1177 pdata->maxlen = build_all_ones_cst (size_type_node);
1178 }
1179 }
1180 else if (pdata->minlen && TREE_CODE (pdata->minlen) == INTEGER_CST)
1181 {
1182 pdata->maxlen = pdata->minlen;
1183 pdata->maxbound = pdata->minlen;
1184 }
1185 else
1186 {
1187 /* For PDATA->MINLEN that's a non-constant expression such
1188 as PLUS_EXPR whose value range is unknown, set the bounds
1189 to zero and SIZE_MAX. */
1190 pdata->minlen = build_zero_cst (size_type_node);
1191 pdata->maxlen = build_all_ones_cst (size_type_node);
1192 }
1193
1194 return true;
1195 }
1196
1197 return false;
1198 }
1199
1200 /* Analogous to get_range_strlen but for dynamically created strings,
1201 i.e., those created by calls to strcpy as opposed to just string
1202 constants.
1203 Try to obtain the range of the lengths of the string(s) referenced
1204 by SRC, or the size of the largest array SRC refers to if the range
1205 of lengths cannot be determined, and store all in *PDATA. RVALS
1206 points to the valuation engine used to calculate ranges. */
1207
1208 void
1209 get_range_strlen_dynamic (tree src, gimple *stmt, c_strlen_data *pdata,
1210 range_query *rvals)
1211 {
1212 bitmap visited = NULL;
1213 tree maxbound = pdata->maxbound;
1214
1215 unsigned limit = param_ssa_name_def_chain_limit;
1216 if (!get_range_strlen_dynamic (src, stmt, pdata, &visited, rvals, &limit))
1217 {
1218 /* On failure extend the length range to an impossible maximum
1219 (a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other
1220 members can stay unchanged regardless. */
1221 pdata->minlen = ssize_int (0);
1222 pdata->maxlen = build_all_ones_cst (size_type_node);
1223 }
1224 else if (!pdata->minlen)
1225 pdata->minlen = ssize_int (0);
1226
1227 /* If it's unchanged from it initial non-null value, set the conservative
1228 MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */
1229 if (maxbound && pdata->maxbound == maxbound)
1230 pdata->maxbound = build_all_ones_cst (size_type_node);
1231
1232 if (visited)
1233 BITMAP_FREE (visited);
1234 }
1235
1236 /* Invalidate string length information for strings whose length might
1237 change due to stores in STMT, except those marked DONT_INVALIDATE.
1238 For string-modifying statements, ZERO_WRITE is set when the statement
1239 wrote only zeros.
1240 Returns true if any STRIDX_TO_STRINFO entries were considered
1241 for invalidation. */
1242
1243 static bool
1244 maybe_invalidate (gimple *stmt, bool zero_write = false)
1245 {
1246 if (dump_file && (dump_flags & TDF_DETAILS))
1247 {
1248 fprintf (dump_file, "%s called for ", __func__);
1249 print_gimple_stmt (dump_file, stmt, TDF_LINENO);
1250 }
1251
1252 strinfo *si;
1253 bool nonempty = false;
1254
1255 for (unsigned i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
1256 {
1257 if (si == NULL || !POINTER_TYPE_P (TREE_TYPE (si->ptr)))
1258 continue;
1259
1260 nonempty = true;
1261
1262 /* Unconditionally reset DONT_INVALIDATE. */
1263 bool dont_invalidate = si->dont_invalidate;
1264 si->dont_invalidate = false;
1265
1266 if (dont_invalidate)
1267 continue;
1268
1269 ao_ref r;
1270 tree size = NULL_TREE;
1271 if (si->nonzero_chars)
1272 {
1273 /* Include the terminating nul in the size of the string
1274 to consider when determining possible clobber. */
1275 tree type = TREE_TYPE (si->nonzero_chars);
1276 size = fold_build2 (PLUS_EXPR, type, si->nonzero_chars,
1277 build_int_cst (type, 1));
1278 }
1279 ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
1280 if (stmt_may_clobber_ref_p_1 (stmt, &r))
1281 {
1282 if (dump_file && (dump_flags & TDF_DETAILS))
1283 {
1284 fputs (" statement may clobber object ", dump_file);
1285 print_generic_expr (dump_file, si->ptr);
1286 if (size && tree_fits_uhwi_p (size))
1287 fprintf (dump_file, " " HOST_WIDE_INT_PRINT_UNSIGNED
1288 " bytes in size", tree_to_uhwi (size));
1289 fputc ('\n', dump_file);
1290 }
1291
1292 set_strinfo (i, NULL);
1293 free_strinfo (si);
1294 continue;
1295 }
1296
1297 if (size
1298 && !zero_write
1299 && si->stmt
1300 && is_gimple_call (si->stmt)
1301 && (DECL_FUNCTION_CODE (gimple_call_fndecl (si->stmt))
1302 == BUILT_IN_CALLOC))
1303 {
1304 /* If the clobber test above considered the length of
1305 the string (including the nul), then for (potentially)
1306 non-zero writes that might modify storage allocated by
1307 calloc consider the whole object and if it might be
1308 clobbered by the statement reset the statement. */
1309 ao_ref_init_from_ptr_and_size (&r, si->ptr, NULL_TREE);
1310 if (stmt_may_clobber_ref_p_1 (stmt, &r))
1311 si->stmt = NULL;
1312 }
1313 }
1314
1315 if (dump_file && (dump_flags & TDF_DETAILS))
1316 fprintf (dump_file, "%s returns %i\n", __func__, nonempty);
1317
1318 return nonempty;
1319 }
1320
1321 /* Unshare strinfo record SI, if it has refcount > 1 or
1322 if stridx_to_strinfo vector is shared with some other
1323 bbs. */
1324
1325 static strinfo *
1326 unshare_strinfo (strinfo *si)
1327 {
1328 strinfo *nsi;
1329
1330 if (si->refcount == 1 && !strinfo_shared ())
1331 return si;
1332
1333 nsi = new_strinfo (si->ptr, si->idx, si->nonzero_chars, si->full_string_p);
1334 nsi->stmt = si->stmt;
1335 nsi->alloc = si->alloc;
1336 nsi->endptr = si->endptr;
1337 nsi->first = si->first;
1338 nsi->prev = si->prev;
1339 nsi->next = si->next;
1340 nsi->writable = si->writable;
1341 set_strinfo (si->idx, nsi);
1342 free_strinfo (si);
1343 return nsi;
1344 }
1345
1346 /* Attempt to create a new strinfo for BASESI + OFF, or find existing
1347 strinfo if there is any. Return it's idx, or 0 if no strinfo has
1348 been created. */
1349
1350 static int
1351 get_stridx_plus_constant (strinfo *basesi, unsigned HOST_WIDE_INT off,
1352 tree ptr)
1353 {
1354 if (TREE_CODE (ptr) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1355 return 0;
1356
1357 if (compare_nonzero_chars (basesi, off) < 0
1358 || !tree_fits_uhwi_p (basesi->nonzero_chars))
1359 return 0;
1360
1361 unsigned HOST_WIDE_INT nonzero_chars
1362 = tree_to_uhwi (basesi->nonzero_chars) - off;
1363 strinfo *si = basesi, *chainsi;
1364 if (si->first || si->prev || si->next)
1365 si = verify_related_strinfos (basesi);
1366 if (si == NULL
1367 || si->nonzero_chars == NULL_TREE
1368 || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1369 return 0;
1370
1371 if (TREE_CODE (ptr) == SSA_NAME
1372 && ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1373 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1374
1375 gcc_checking_assert (compare_tree_int (si->nonzero_chars, off) != -1);
1376 for (chainsi = si; chainsi->next; chainsi = si)
1377 {
1378 si = get_next_strinfo (chainsi);
1379 if (si == NULL
1380 || si->nonzero_chars == NULL_TREE
1381 || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1382 break;
1383 int r = compare_tree_int (si->nonzero_chars, nonzero_chars);
1384 if (r != 1)
1385 {
1386 if (r == 0)
1387 {
1388 if (TREE_CODE (ptr) == SSA_NAME)
1389 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = si->idx;
1390 else
1391 {
1392 int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1393 if (pidx != NULL && *pidx == 0)
1394 *pidx = si->idx;
1395 }
1396 return si->idx;
1397 }
1398 break;
1399 }
1400 }
1401
1402 int idx = new_stridx (ptr);
1403 if (idx == 0)
1404 return 0;
1405 si = new_strinfo (ptr, idx, build_int_cst (size_type_node, nonzero_chars),
1406 basesi->full_string_p);
1407 set_strinfo (idx, si);
1408 if (strinfo *nextsi = get_strinfo (chainsi->next))
1409 {
1410 nextsi = unshare_strinfo (nextsi);
1411 si->next = nextsi->idx;
1412 nextsi->prev = idx;
1413 }
1414 chainsi = unshare_strinfo (chainsi);
1415 if (chainsi->first == 0)
1416 chainsi->first = chainsi->idx;
1417 chainsi->next = idx;
1418 if (chainsi->endptr == NULL_TREE && zero_length_string_p (si))
1419 chainsi->endptr = ptr;
1420 si->endptr = chainsi->endptr;
1421 si->prev = chainsi->idx;
1422 si->first = chainsi->first;
1423 si->writable = chainsi->writable;
1424 return si->idx;
1425 }
1426
1427 /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
1428 to a zero-length string and if possible chain it to a related strinfo
1429 chain whose part is or might be CHAINSI. */
1430
1431 static strinfo *
1432 zero_length_string (tree ptr, strinfo *chainsi)
1433 {
1434 strinfo *si;
1435 int idx;
1436 if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1437 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1438 gcc_checking_assert (TREE_CODE (ptr) == SSA_NAME
1439 && ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] == 0);
1440
1441 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1442 return NULL;
1443 if (chainsi != NULL)
1444 {
1445 si = verify_related_strinfos (chainsi);
1446 if (si)
1447 {
1448 do
1449 {
1450 /* We shouldn't mix delayed and non-delayed lengths. */
1451 gcc_assert (si->full_string_p);
1452 if (si->endptr == NULL_TREE)
1453 {
1454 si = unshare_strinfo (si);
1455 si->endptr = ptr;
1456 }
1457 chainsi = si;
1458 si = get_next_strinfo (si);
1459 }
1460 while (si != NULL);
1461 if (zero_length_string_p (chainsi))
1462 {
1463 if (chainsi->next)
1464 {
1465 chainsi = unshare_strinfo (chainsi);
1466 chainsi->next = 0;
1467 }
1468 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = chainsi->idx;
1469 return chainsi;
1470 }
1471 }
1472 else
1473 {
1474 /* We shouldn't mix delayed and non-delayed lengths. */
1475 gcc_assert (chainsi->full_string_p);
1476 if (chainsi->first || chainsi->prev || chainsi->next)
1477 {
1478 chainsi = unshare_strinfo (chainsi);
1479 chainsi->first = 0;
1480 chainsi->prev = 0;
1481 chainsi->next = 0;
1482 }
1483 }
1484 }
1485 idx = new_stridx (ptr);
1486 if (idx == 0)
1487 return NULL;
1488 si = new_strinfo (ptr, idx, build_int_cst (size_type_node, 0), true);
1489 set_strinfo (idx, si);
1490 si->endptr = ptr;
1491 if (chainsi != NULL)
1492 {
1493 chainsi = unshare_strinfo (chainsi);
1494 if (chainsi->first == 0)
1495 chainsi->first = chainsi->idx;
1496 chainsi->next = idx;
1497 if (chainsi->endptr == NULL_TREE)
1498 chainsi->endptr = ptr;
1499 si->prev = chainsi->idx;
1500 si->first = chainsi->first;
1501 si->writable = chainsi->writable;
1502 }
1503 return si;
1504 }
1505
1506 /* For strinfo ORIGSI whose length has been just updated, adjust other
1507 related strinfos so that they match the new ORIGSI. This involves:
1508
1509 - adding ADJ to the nonzero_chars fields
1510 - copying full_string_p from the new ORIGSI. */
1511
1512 static void
1513 adjust_related_strinfos (location_t loc, strinfo *origsi, tree adj)
1514 {
1515 strinfo *si = verify_related_strinfos (origsi);
1516
1517 if (si == NULL)
1518 return;
1519
1520 while (1)
1521 {
1522 strinfo *nsi;
1523
1524 if (si != origsi)
1525 {
1526 tree tem;
1527
1528 si = unshare_strinfo (si);
1529 /* We shouldn't see delayed lengths here; the caller must
1530 have calculated the old length in order to calculate
1531 the adjustment. */
1532 gcc_assert (si->nonzero_chars);
1533 tem = fold_convert_loc (loc, TREE_TYPE (si->nonzero_chars), adj);
1534 si->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
1535 TREE_TYPE (si->nonzero_chars),
1536 si->nonzero_chars, tem);
1537 si->full_string_p = origsi->full_string_p;
1538
1539 si->endptr = NULL_TREE;
1540 si->dont_invalidate = true;
1541 }
1542 nsi = get_next_strinfo (si);
1543 if (nsi == NULL)
1544 return;
1545 si = nsi;
1546 }
1547 }
1548
1549 /* Find if there are other SSA_NAME pointers equal to PTR
1550 for which we don't track their string lengths yet. If so, use
1551 IDX for them. */
1552
1553 static void
1554 find_equal_ptrs (tree ptr, int idx)
1555 {
1556 if (TREE_CODE (ptr) != SSA_NAME)
1557 return;
1558 while (1)
1559 {
1560 gimple *stmt = SSA_NAME_DEF_STMT (ptr);
1561 if (!is_gimple_assign (stmt))
1562 return;
1563 ptr = gimple_assign_rhs1 (stmt);
1564 switch (gimple_assign_rhs_code (stmt))
1565 {
1566 case SSA_NAME:
1567 break;
1568 CASE_CONVERT:
1569 if (!POINTER_TYPE_P (TREE_TYPE (ptr)))
1570 return;
1571 if (TREE_CODE (ptr) == SSA_NAME)
1572 break;
1573 if (TREE_CODE (ptr) != ADDR_EXPR)
1574 return;
1575 /* FALLTHRU */
1576 case ADDR_EXPR:
1577 {
1578 int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1579 if (pidx != NULL && *pidx == 0)
1580 *pidx = idx;
1581 return;
1582 }
1583 default:
1584 return;
1585 }
1586
1587 /* We might find an endptr created in this pass. Grow the
1588 vector in that case. */
1589 if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1590 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1591
1592 if (ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] != 0)
1593 return;
1594 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = idx;
1595 }
1596 }
1597
1598 /* Return true if STMT is a call to a builtin function with the right
1599 arguments and attributes that should be considered for optimization
1600 by this pass. */
1601
1602 static bool
1603 valid_builtin_call (gimple *stmt)
1604 {
1605 if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
1606 return false;
1607
1608 tree callee = gimple_call_fndecl (stmt);
1609 tree decl = builtin_decl_explicit (DECL_FUNCTION_CODE (callee));
1610 if (decl
1611 && decl != callee
1612 && !gimple_builtin_call_types_compatible_p (stmt, decl))
1613 return false;
1614
1615 switch (DECL_FUNCTION_CODE (callee))
1616 {
1617 case BUILT_IN_MEMCMP:
1618 case BUILT_IN_MEMCMP_EQ:
1619 case BUILT_IN_STRCMP:
1620 case BUILT_IN_STRNCMP:
1621 case BUILT_IN_STRCHR:
1622 case BUILT_IN_STRLEN:
1623 case BUILT_IN_STRNLEN:
1624 /* The above functions should be pure. Punt if they aren't. */
1625 if (gimple_vdef (stmt) || gimple_vuse (stmt) == NULL_TREE)
1626 return false;
1627 break;
1628
1629 case BUILT_IN_ALLOCA:
1630 case BUILT_IN_ALLOCA_WITH_ALIGN:
1631 case BUILT_IN_CALLOC:
1632 case BUILT_IN_MALLOC:
1633 case BUILT_IN_MEMCPY:
1634 case BUILT_IN_MEMCPY_CHK:
1635 case BUILT_IN_MEMPCPY:
1636 case BUILT_IN_MEMPCPY_CHK:
1637 case BUILT_IN_MEMSET:
1638 case BUILT_IN_STPCPY:
1639 case BUILT_IN_STPCPY_CHK:
1640 case BUILT_IN_STPNCPY:
1641 case BUILT_IN_STPNCPY_CHK:
1642 case BUILT_IN_STRCAT:
1643 case BUILT_IN_STRCAT_CHK:
1644 case BUILT_IN_STRCPY:
1645 case BUILT_IN_STRCPY_CHK:
1646 case BUILT_IN_STRNCAT:
1647 case BUILT_IN_STRNCAT_CHK:
1648 case BUILT_IN_STRNCPY:
1649 case BUILT_IN_STRNCPY_CHK:
1650 /* The above functions should be neither const nor pure. Punt if they
1651 aren't. */
1652 if (gimple_vdef (stmt) == NULL_TREE || gimple_vuse (stmt) == NULL_TREE)
1653 return false;
1654 break;
1655
1656 default:
1657 break;
1658 }
1659
1660 return true;
1661 }
1662
1663 /* If the last .MEM setter statement before STMT is
1664 memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1665 and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1666 just memcpy (x, y, strlen (y)). SI must be the zero length
1667 strinfo. */
1668
1669 static void
1670 adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat)
1671 {
1672 tree vuse, callee, len;
1673 struct laststmt_struct last = laststmt;
1674 strinfo *lastsi, *firstsi;
1675 unsigned len_arg_no = 2;
1676
1677 laststmt.stmt = NULL;
1678 laststmt.len = NULL_TREE;
1679 laststmt.stridx = 0;
1680
1681 if (last.stmt == NULL)
1682 return;
1683
1684 vuse = gimple_vuse (stmt);
1685 if (vuse == NULL_TREE
1686 || SSA_NAME_DEF_STMT (vuse) != last.stmt
1687 || !has_single_use (vuse))
1688 return;
1689
1690 gcc_assert (last.stridx > 0);
1691 lastsi = get_strinfo (last.stridx);
1692 if (lastsi == NULL)
1693 return;
1694
1695 if (lastsi != si)
1696 {
1697 if (lastsi->first == 0 || lastsi->first != si->first)
1698 return;
1699
1700 firstsi = verify_related_strinfos (si);
1701 if (firstsi == NULL)
1702 return;
1703 while (firstsi != lastsi)
1704 {
1705 firstsi = get_next_strinfo (firstsi);
1706 if (firstsi == NULL)
1707 return;
1708 }
1709 }
1710
1711 if (!is_strcat && !zero_length_string_p (si))
1712 return;
1713
1714 if (is_gimple_assign (last.stmt))
1715 {
1716 gimple_stmt_iterator gsi;
1717
1718 if (!integer_zerop (gimple_assign_rhs1 (last.stmt)))
1719 return;
1720 if (stmt_could_throw_p (cfun, last.stmt))
1721 return;
1722 gsi = gsi_for_stmt (last.stmt);
1723 unlink_stmt_vdef (last.stmt);
1724 release_defs (last.stmt);
1725 gsi_remove (&gsi, true);
1726 return;
1727 }
1728
1729 if (!valid_builtin_call (last.stmt))
1730 return;
1731
1732 callee = gimple_call_fndecl (last.stmt);
1733 switch (DECL_FUNCTION_CODE (callee))
1734 {
1735 case BUILT_IN_MEMCPY:
1736 case BUILT_IN_MEMCPY_CHK:
1737 break;
1738 default:
1739 return;
1740 }
1741
1742 len = gimple_call_arg (last.stmt, len_arg_no);
1743 if (tree_fits_uhwi_p (len))
1744 {
1745 if (!tree_fits_uhwi_p (last.len)
1746 || integer_zerop (len)
1747 || tree_to_uhwi (len) != tree_to_uhwi (last.len) + 1)
1748 return;
1749 /* Don't adjust the length if it is divisible by 4, it is more efficient
1750 to store the extra '\0' in that case. */
1751 if ((tree_to_uhwi (len) & 3) == 0)
1752 return;
1753
1754 /* Don't fold away an out of bounds access, as this defeats proper
1755 warnings. */
1756 tree dst = gimple_call_arg (last.stmt, 0);
1757 tree size = compute_objsize (dst, 0);
1758 if (size && tree_int_cst_lt (size, len))
1759 return;
1760 }
1761 else if (TREE_CODE (len) == SSA_NAME)
1762 {
1763 gimple *def_stmt = SSA_NAME_DEF_STMT (len);
1764 if (!is_gimple_assign (def_stmt)
1765 || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
1766 || gimple_assign_rhs1 (def_stmt) != last.len
1767 || !integer_onep (gimple_assign_rhs2 (def_stmt)))
1768 return;
1769 }
1770 else
1771 return;
1772
1773 gimple_call_set_arg (last.stmt, len_arg_no, last.len);
1774 update_stmt (last.stmt);
1775 }
1776
1777 /* For an LHS that is an SSA_NAME that is the result of a strlen()
1778 call, or when BOUND is non-null, of a strnlen() call, set LHS
1779 range info to [0, min (MAX, BOUND)] when the range includes more
1780 than one value and return LHS. Otherwise, when the range
1781 [MIN, MAX] is such that MIN == MAX, return the tree representation
1782 of (MIN). The latter allows callers to fold suitable strnlen() calls
1783 to constants. */
1784
1785 tree
1786 set_strlen_range (tree lhs, wide_int min, wide_int max,
1787 tree bound /* = NULL_TREE */)
1788 {
1789 if (TREE_CODE (lhs) != SSA_NAME
1790 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1791 return NULL_TREE;
1792
1793 if (bound)
1794 {
1795 /* For strnlen, adjust MIN and MAX as necessary. If the bound
1796 is less than the size of the array set MAX to it. It it's
1797 greater than MAX and MAX is non-zero bump MAX down to account
1798 for the necessary terminating nul. Otherwise leave it alone. */
1799 if (TREE_CODE (bound) == INTEGER_CST)
1800 {
1801 wide_int wibnd = wi::to_wide (bound);
1802 int cmp = wi::cmpu (wibnd, max);
1803 if (cmp < 0)
1804 max = wibnd;
1805 else if (cmp && wi::ne_p (max, min))
1806 --max;
1807 }
1808 else if (TREE_CODE (bound) == SSA_NAME)
1809 {
1810 wide_int minbound, maxbound;
1811 // FIXME: Use range_query instead of global ranges.
1812 value_range_kind rng = get_range_info (bound, &minbound, &maxbound);
1813 if (rng == VR_RANGE)
1814 {
1815 /* For a bound in a known range, adjust the range determined
1816 above as necessary. For a bound in some anti-range or
1817 in an unknown range, use the range determined by callers. */
1818 if (wi::ltu_p (minbound, min))
1819 min = minbound;
1820 if (wi::ltu_p (maxbound, max))
1821 max = maxbound;
1822 }
1823 }
1824 }
1825
1826 if (min == max)
1827 return wide_int_to_tree (size_type_node, min);
1828
1829 set_range_info (lhs, VR_RANGE, min, max);
1830 return lhs;
1831 }
1832
1833 /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1834 SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1835 a character array A[N] with unknown length bounded by N, and for
1836 strnlen(), by min (N, BOUND). */
1837
1838 static tree
1839 maybe_set_strlen_range (tree lhs, tree src, tree bound)
1840 {
1841 if (TREE_CODE (lhs) != SSA_NAME
1842 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1843 return NULL_TREE;
1844
1845 if (TREE_CODE (src) == SSA_NAME)
1846 {
1847 gimple *def = SSA_NAME_DEF_STMT (src);
1848 if (is_gimple_assign (def)
1849 && gimple_assign_rhs_code (def) == ADDR_EXPR)
1850 src = gimple_assign_rhs1 (def);
1851 }
1852
1853 /* The longest string is PTRDIFF_MAX - 1 bytes including the final
1854 NUL so that the difference between a pointer to just past it and
1855 one to its beginning is positive. */
1856 wide_int max = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
1857
1858 if (TREE_CODE (src) == ADDR_EXPR)
1859 {
1860 /* The last array member of a struct can be bigger than its size
1861 suggests if it's treated as a poor-man's flexible array member. */
1862 src = TREE_OPERAND (src, 0);
1863 if (TREE_CODE (src) != MEM_REF
1864 && !array_at_struct_end_p (src))
1865 {
1866 tree type = TREE_TYPE (src);
1867 tree size = TYPE_SIZE_UNIT (type);
1868 if (size
1869 && TREE_CODE (size) == INTEGER_CST
1870 && !integer_zerop (size))
1871 {
1872 /* Even though such uses of strlen would be undefined,
1873 avoid relying on arrays of arrays in case some genius
1874 decides to call strlen on an unterminated array element
1875 that's followed by a terminated one. Likewise, avoid
1876 assuming that a struct array member is necessarily
1877 nul-terminated (the nul may be in the member that
1878 follows). In those cases, assume that the length
1879 of the string stored in such an array is bounded
1880 by the size of the enclosing object if one can be
1881 determined. */
1882 tree base = get_base_address (src);
1883 if (VAR_P (base))
1884 {
1885 if (tree size = DECL_SIZE_UNIT (base))
1886 if (size
1887 && TREE_CODE (size) == INTEGER_CST
1888 && TREE_CODE (TREE_TYPE (base)) != POINTER_TYPE)
1889 max = wi::to_wide (size);
1890 }
1891 }
1892
1893 /* For strlen() the upper bound above is equal to
1894 the longest string that can be stored in the array
1895 (i.e., it accounts for the terminating nul. For
1896 strnlen() bump up the maximum by one since the array
1897 need not be nul-terminated. */
1898 if (!bound && max != 0)
1899 --max;
1900 }
1901 }
1902
1903 wide_int min = wi::zero (max.get_precision ());
1904 return set_strlen_range (lhs, min, max, bound);
1905 }
1906
1907 /* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes,
1908 either into a region allocated for the object SI when non-null,
1909 or into an object designated by the LHS of STMT otherwise.
1910 When nonnull uses RVALS to determine range information.
1911 RAWMEM may be set by memcpy and other raw memory functions
1912 to allow accesses across subobject boundaries. */
1913
1914 static void
1915 maybe_warn_overflow (gimple *stmt, tree len,
1916 range_query *rvals = NULL,
1917 strinfo *si = NULL, bool plus_one = false,
1918 bool rawmem = false)
1919 {
1920 if (!len || gimple_no_warning_p (stmt))
1921 return;
1922
1923 /* The DECL of the function performing the write if it is done
1924 by one. */
1925 tree writefn = NULL_TREE;
1926 /* The destination expression involved in the store STMT. */
1927 tree dest = NULL_TREE;
1928
1929 if (is_gimple_assign (stmt))
1930 dest = gimple_assign_lhs (stmt);
1931 else if (is_gimple_call (stmt))
1932 {
1933 dest = gimple_call_arg (stmt, 0);
1934 writefn = gimple_call_fndecl (stmt);
1935 }
1936
1937 if (TREE_NO_WARNING (dest))
1938 return;
1939
1940 /* Use maximum precision to avoid overflow in the addition below.
1941 Make sure all operands have the same precision to keep wide_int
1942 from ICE'ing. */
1943
1944 /* Convenience constants. */
1945 const widest_int diff_min
1946 = wi::to_widest (TYPE_MIN_VALUE (ptrdiff_type_node));
1947 const widest_int diff_max
1948 = wi::to_widest (TYPE_MAX_VALUE (ptrdiff_type_node));
1949 const widest_int size_max
1950 = wi::to_widest (TYPE_MAX_VALUE (size_type_node));
1951
1952 /* The offset into the destination object computed below and not
1953 reflected in DESTSIZE. */
1954 widest_int offrng[2] = { 0, 0 };
1955
1956 if (!si)
1957 {
1958 /* If no destination STRINFO was provided try to get it from
1959 the DEST argument. */
1960 tree ref = dest;
1961 if (TREE_CODE (ref) == ARRAY_REF)
1962 {
1963 /* Handle stores to VLAs (represented as
1964 ARRAY_REF (MEM_REF (vlaptr, 0), N]. */
1965 tree off = TREE_OPERAND (ref, 1);
1966 ref = TREE_OPERAND (ref, 0);
1967 wide_int rng[2];
1968 if (get_range (off, stmt, rng, rvals))
1969 {
1970 /* Convert offsets to the maximum precision. */
1971 offrng[0] = widest_int::from (rng[0], SIGNED);
1972 offrng[1] = widest_int::from (rng[1], SIGNED);
1973 }
1974 else
1975 {
1976 offrng[0] = diff_min;
1977 offrng[1] = diff_max;
1978 }
1979 }
1980
1981 if (TREE_CODE (ref) == MEM_REF)
1982 {
1983 tree mem_off = TREE_OPERAND (ref, 1);
1984 ref = TREE_OPERAND (ref, 0);
1985 wide_int rng[2];
1986 if (get_range (mem_off, stmt, rng, rvals))
1987 {
1988 offrng[0] += widest_int::from (rng[0], SIGNED);
1989 offrng[1] += widest_int::from (rng[1], SIGNED);
1990 }
1991 else
1992 {
1993 offrng[0] = diff_min;
1994 offrng[1] = diff_max;
1995 }
1996 }
1997
1998 wide_int rng[2];
1999 if (int idx = get_stridx (ref, rng, rvals))
2000 {
2001 si = get_strinfo (idx);
2002 offrng[0] += widest_int::from (rng[0], SIGNED);
2003 offrng[1] += widest_int::from (rng[1], SIGNED);
2004 }
2005 }
2006
2007 /* The allocation call if the destination object was allocated
2008 by one. */
2009 gimple *alloc_call = NULL;
2010 /* The DECL of the destination object if known and not dynamically
2011 allocated. */
2012 tree destdecl = NULL_TREE;
2013 /* The offset into the destination object set by compute_objsize
2014 but already reflected in DESTSIZE. */
2015 tree destoff = NULL_TREE;
2016 /* The size of the destination region (which is smaller than
2017 the destination object for stores at a non-zero offset). */
2018 tree destsize = NULL_TREE;
2019
2020 /* Compute the range of sizes of the destination object. The range
2021 is constant for declared objects but may be a range for allocated
2022 objects. */
2023 widest_int sizrng[2] = { 0, 0 };
2024 if (si)
2025 {
2026 wide_int rng[2];
2027 destsize = gimple_call_alloc_size (si->alloc, rng, rvals);
2028 if (destsize)
2029 {
2030 sizrng[0] = widest_int::from (rng[0], UNSIGNED);
2031 sizrng[1] = widest_int::from (rng[1], UNSIGNED);
2032 }
2033 alloc_call = si->alloc;
2034 }
2035 else
2036 offrng[0] = offrng[1] = 0;
2037
2038 if (!destsize)
2039 {
2040 /* If there is no STRINFO for DEST, fall back on compute_objsize. */
2041 tree off = NULL_TREE;
2042 destsize = compute_objsize (dest, rawmem ? 0 : 1, &destdecl, &off, rvals);
2043 if (destsize)
2044 {
2045 /* Remember OFF but clear OFFRNG that may have been set above. */
2046 destoff = off;
2047 offrng[0] = offrng[1] = 0;
2048
2049 if (destdecl && TREE_CODE (destdecl) == SSA_NAME)
2050 {
2051 gimple *stmt = SSA_NAME_DEF_STMT (destdecl);
2052 if (is_gimple_call (stmt))
2053 alloc_call = stmt;
2054 destdecl = NULL_TREE;
2055 }
2056
2057 wide_int rng[2];
2058 if (get_range (destsize, stmt, rng, rvals))
2059 {
2060 sizrng[0] = widest_int::from (rng[0], UNSIGNED);
2061 sizrng[1] = widest_int::from (rng[1], UNSIGNED);
2062 }
2063 else
2064 {
2065 /* On failure, rather than failing, set the maximum range
2066 so that overflow in allocated objects whose size depends
2067 on the strlen of the source can still be diagnosed
2068 below. */
2069 sizrng[0] = 0;
2070 sizrng[1] = size_max;
2071 }
2072 }
2073 }
2074
2075 if (!destsize)
2076 {
2077 sizrng[0] = 0;
2078 sizrng[1] = size_max;
2079 };
2080
2081 /* Return early if the DESTSIZE size expression is the same as LEN
2082 and the offset into the destination is zero. This might happen
2083 in the case of a pair of malloc and memset calls to allocate
2084 an object and clear it as if by calloc. */
2085 if (destsize == len && !plus_one && offrng[0] == 0 && offrng[0] == offrng[1])
2086 return;
2087
2088 wide_int rng[2];
2089 if (!get_range (len, stmt, rng, rvals))
2090 return;
2091
2092 widest_int lenrng[2] =
2093 { widest_int::from (rng[0], SIGNED), widest_int::from (rng[1], SIGNED) };
2094
2095 if (plus_one)
2096 {
2097 lenrng[0] += 1;
2098 lenrng[1] += 1;
2099 }
2100
2101 /* The size of the remaining space in the destination computed
2102 as the size of the latter minus the offset into it. */
2103 widest_int spcrng[2] = { sizrng[0], sizrng[1] };
2104 if (wi::neg_p (offrng[0]) && wi::neg_p (offrng[1]))
2105 {
2106 /* When the offset is negative and the size of the destination
2107 object unknown there is little to do.
2108 FIXME: Detect offsets that are necessarily invalid regardless
2109 of the size of the object. */
2110 if (!destsize)
2111 return;
2112
2113 /* The remaining space is necessarily zero. */
2114 spcrng[0] = spcrng[1] = 0;
2115 }
2116 else if (wi::neg_p (offrng[0]))
2117 {
2118 /* When the lower bound of the offset is negative but the upper
2119 bound is not, reduce the upper bound of the remaining space
2120 by the upper bound of the offset but leave the lower bound
2121 unchanged. If that makes the upper bound of the space less
2122 than the lower bound swap the two. */
2123 spcrng[1] -= wi::ltu_p (offrng[1], spcrng[1]) ? offrng[1] : spcrng[1];
2124 if (wi::ltu_p (spcrng[1], spcrng[0]))
2125 std::swap (spcrng[1], spcrng[0]);
2126 }
2127 else
2128 {
2129 /* When the offset is positive reduce the remaining space by
2130 the lower bound of the offset or clear it if the offset is
2131 greater. */
2132 spcrng[0] -= wi::ltu_p (offrng[0], spcrng[0]) ? offrng[0] : spcrng[0];
2133 spcrng[1] -= wi::ltu_p (offrng[0], spcrng[1]) ? offrng[0] : spcrng[1];
2134 }
2135
2136 if (wi::leu_p (lenrng[0], spcrng[0])
2137 && wi::leu_p (lenrng[1], spcrng[1]))
2138 return;
2139
2140 if (lenrng[0] == spcrng[1]
2141 && (len != destsize
2142 || !si || !is_strlen_related_p (si->ptr, len)))
2143 return;
2144
2145 location_t loc = gimple_or_expr_nonartificial_location (stmt, dest);
2146 bool warned = false;
2147 if (wi::leu_p (lenrng[0], spcrng[1]))
2148 {
2149 if (len != destsize
2150 && (!si || !is_strlen_related_p (si->ptr, len)))
2151 return;
2152
2153 warned = (writefn
2154 ? warning_at (loc, OPT_Wstringop_overflow_,
2155 "%G%qD writing one too many bytes into a region "
2156 "of a size that depends on %<strlen%>",
2157 stmt, writefn)
2158 : warning_at (loc, OPT_Wstringop_overflow_,
2159 "%Gwriting one too many bytes into a region "
2160 "of a size that depends on %<strlen%>",
2161 stmt));
2162 }
2163 else if (lenrng[0] == lenrng[1])
2164 {
2165 if (spcrng[0] == spcrng[1])
2166 warned = (writefn
2167 ? warning_n (loc, OPT_Wstringop_overflow_,
2168 lenrng[0].to_uhwi (),
2169 "%G%qD writing %wu byte into a region "
2170 "of size %wu",
2171 "%G%qD writing %wu bytes into a region "
2172 "of size %wu",
2173 stmt, writefn, lenrng[0].to_uhwi (),
2174 spcrng[0].to_uhwi ())
2175 : warning_n (loc, OPT_Wstringop_overflow_,
2176 lenrng[0].to_uhwi (),
2177 "%Gwriting %wu byte into a region "
2178 "of size %wu",
2179 "%Gwriting %wu bytes into a region "
2180 "of size %wu",
2181 stmt, lenrng[0].to_uhwi (),
2182 spcrng[0].to_uhwi ()));
2183 else
2184 warned = (writefn
2185 ? warning_n (loc, OPT_Wstringop_overflow_,
2186 lenrng[0].to_uhwi (),
2187 "%G%qD writing %wu byte into a region "
2188 "of size between %wu and %wu",
2189 "%G%qD writing %wu bytes into a region "
2190 "of size between %wu and %wu",
2191 stmt, writefn, lenrng[0].to_uhwi (),
2192 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2193 : warning_n (loc, OPT_Wstringop_overflow_,
2194 lenrng[0].to_uhwi (),
2195 "%Gwriting %wu byte into a region "
2196 "of size between %wu and %wu",
2197 "%Gwriting %wu bytes into a region "
2198 "of size between %wu and %wu",
2199 stmt, lenrng[0].to_uhwi (),
2200 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2201 }
2202 else if (spcrng[0] == spcrng[1])
2203 warned = (writefn
2204 ? warning_at (loc, OPT_Wstringop_overflow_,
2205 "%G%qD writing between %wu and %wu bytes "
2206 "into a region of size %wu",
2207 stmt, writefn, lenrng[0].to_uhwi (),
2208 lenrng[1].to_uhwi (),
2209 spcrng[0].to_uhwi ())
2210 : warning_at (loc, OPT_Wstringop_overflow_,
2211 "%Gwriting between %wu and %wu bytes "
2212 "into a region of size %wu",
2213 stmt, lenrng[0].to_uhwi (),
2214 lenrng[1].to_uhwi (),
2215 spcrng[0].to_uhwi ()));
2216 else
2217 warned = (writefn
2218 ? warning_at (loc, OPT_Wstringop_overflow_,
2219 "%G%qD writing between %wu and %wu bytes "
2220 "into a region of size between %wu and %wu",
2221 stmt, writefn, lenrng[0].to_uhwi (),
2222 lenrng[1].to_uhwi (),
2223 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2224 : warning_at (loc, OPT_Wstringop_overflow_,
2225 "%Gwriting between %wu and %wu bytes "
2226 "into a region of size between %wu and %wu",
2227 stmt, lenrng[0].to_uhwi (),
2228 lenrng[1].to_uhwi (),
2229 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2230
2231 if (!warned)
2232 return;
2233
2234 gimple_set_no_warning (stmt, true);
2235
2236 /* If DESTOFF is not null, use it to format the offset value/range. */
2237 if (destoff)
2238 {
2239 wide_int rng[2];
2240 if (get_range (destoff, stmt, rng))
2241 {
2242 offrng[0] = widest_int::from (rng[0], SIGNED);
2243 offrng[1] = widest_int::from (rng[1], SIGNED);
2244 }
2245 else
2246 offrng[0] = offrng[1] = 0;
2247 }
2248
2249 /* Format the offset to keep the number of inform calls from growing
2250 out of control. */
2251 char offstr[64];
2252 if (offrng[0] == offrng[1])
2253 sprintf (offstr, "%lli", (long long) offrng[0].to_shwi ());
2254 else
2255 sprintf (offstr, "[%lli, %lli]",
2256 (long long) offrng[0].to_shwi (), (long long) offrng[1].to_shwi ());
2257
2258 if (destdecl && DECL_P (destdecl))
2259 {
2260 if (tree size = DECL_SIZE_UNIT (destdecl))
2261 inform (DECL_SOURCE_LOCATION (destdecl),
2262 "at offset %s to object %qD with size %E declared here",
2263 offstr, destdecl, size);
2264 else
2265 inform (DECL_SOURCE_LOCATION (destdecl),
2266 "at offset %s to object %qD declared here",
2267 offstr, destdecl);
2268 return;
2269 }
2270
2271 if (!alloc_call)
2272 return;
2273
2274 tree allocfn = gimple_call_fndecl (alloc_call);
2275 if (!allocfn)
2276 {
2277 /* For an ALLOC_CALL via a function pointer make a small effort
2278 to determine the destination of the pointer. */
2279 allocfn = gimple_call_fn (alloc_call);
2280 if (TREE_CODE (allocfn) == SSA_NAME)
2281 {
2282 gimple *def = SSA_NAME_DEF_STMT (allocfn);
2283 if (gimple_assign_single_p (def))
2284 {
2285 tree rhs = gimple_assign_rhs1 (def);
2286 if (DECL_P (rhs))
2287 allocfn = rhs;
2288 else if (TREE_CODE (rhs) == COMPONENT_REF)
2289 allocfn = TREE_OPERAND (rhs, 1);
2290 }
2291 }
2292 }
2293
2294 if (gimple_call_builtin_p (alloc_call, BUILT_IN_ALLOCA_WITH_ALIGN))
2295 {
2296 if (sizrng[0] == sizrng[1])
2297 inform (gimple_location (alloc_call),
2298 "at offset %s to an object with size %wu declared here",
2299 offstr, sizrng[0].to_uhwi ());
2300 else if (sizrng[0] == 0)
2301 {
2302 /* Avoid printing impossible sizes. */
2303 if (wi::ltu_p (sizrng[1], diff_max - 2))
2304 inform (gimple_location (alloc_call),
2305 "at offset %s to an object with size at most %wu "
2306 "declared here",
2307 offstr, sizrng[1].to_uhwi ());
2308 else
2309 inform (gimple_location (alloc_call),
2310 "at offset %s to an object declared here", offstr);
2311 }
2312 else
2313 inform (gimple_location (alloc_call),
2314 "at offset %s to an object with size between %wu and %wu "
2315 "declared here",
2316 offstr, sizrng[0].to_uhwi (), sizrng[1].to_uhwi ());
2317 return;
2318 }
2319
2320 if (sizrng[0] == sizrng[1])
2321 inform (gimple_location (alloc_call),
2322 "at offset %s to an object with size %wu allocated by %qE here",
2323 offstr, sizrng[0].to_uhwi (), allocfn);
2324 else if (sizrng[0] == 0)
2325 {
2326 /* Avoid printing impossible sizes. */
2327 if (wi::ltu_p (sizrng[1], diff_max - 2))
2328 inform (gimple_location (alloc_call),
2329 "at offset %s to an object with size at most %wu allocated "
2330 "by %qD here",
2331 offstr, sizrng[1].to_uhwi (), allocfn);
2332 else
2333 inform (gimple_location (alloc_call),
2334 "at offset %s to an object allocated by %qE here",
2335 offstr, allocfn);
2336 }
2337 else
2338 inform (gimple_location (alloc_call),
2339 "at offset %s to an object with size between %wu and %wu "
2340 "allocated by %qE here",
2341 offstr, sizrng[0].to_uhwi (), sizrng[1].to_uhwi (), allocfn);
2342 }
2343
2344 /* Convenience wrapper for the above. */
2345
2346 static inline void
2347 maybe_warn_overflow (gimple *stmt, unsigned HOST_WIDE_INT len,
2348 range_query *rvals = NULL, strinfo *si = NULL,
2349 bool plus_one = false, bool rawmem = false)
2350 {
2351 maybe_warn_overflow (stmt, build_int_cst (size_type_node, len), rvals,
2352 si, plus_one, rawmem);
2353 }
2354
2355 /* Handle a strlen call. If strlen of the argument is known, replace
2356 the strlen call with the known value, otherwise remember that strlen
2357 of the argument is stored in the lhs SSA_NAME. */
2358
2359 static void
2360 handle_builtin_strlen (gimple_stmt_iterator *gsi)
2361 {
2362 gimple *stmt = gsi_stmt (*gsi);
2363 tree lhs = gimple_call_lhs (stmt);
2364
2365 if (lhs == NULL_TREE)
2366 return;
2367
2368 location_t loc = gimple_location (stmt);
2369 tree callee = gimple_call_fndecl (stmt);
2370 tree src = gimple_call_arg (stmt, 0);
2371 tree bound = (DECL_FUNCTION_CODE (callee) == BUILT_IN_STRNLEN
2372 ? gimple_call_arg (stmt, 1) : NULL_TREE);
2373 int idx = get_stridx (src);
2374 if (idx || (bound && integer_zerop (bound)))
2375 {
2376 strinfo *si = NULL;
2377 tree rhs;
2378
2379 if (idx < 0)
2380 rhs = build_int_cst (TREE_TYPE (lhs), ~idx);
2381 else if (idx == 0)
2382 rhs = bound;
2383 else
2384 {
2385 rhs = NULL_TREE;
2386 si = get_strinfo (idx);
2387 if (si != NULL)
2388 {
2389 rhs = get_string_length (si);
2390 /* For strnlen, if bound is constant, even if si is not known
2391 to be zero terminated, if we know at least bound bytes are
2392 not zero, the return value will be bound. */
2393 if (rhs == NULL_TREE
2394 && bound != NULL_TREE
2395 && TREE_CODE (bound) == INTEGER_CST
2396 && si->nonzero_chars != NULL_TREE
2397 && TREE_CODE (si->nonzero_chars) == INTEGER_CST
2398 && tree_int_cst_le (bound, si->nonzero_chars))
2399 rhs = bound;
2400 }
2401 }
2402 if (rhs != NULL_TREE)
2403 {
2404 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2405 {
2406 fprintf (dump_file, "Optimizing: ");
2407 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2408 }
2409 rhs = unshare_expr (rhs);
2410 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
2411 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2412
2413 if (bound)
2414 rhs = fold_build2_loc (loc, MIN_EXPR, TREE_TYPE (rhs), rhs, bound);
2415
2416 if (!update_call_from_tree (gsi, rhs))
2417 gimplify_and_update_call_from_tree (gsi, rhs);
2418 stmt = gsi_stmt (*gsi);
2419 update_stmt (stmt);
2420 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2421 {
2422 fprintf (dump_file, "into: ");
2423 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2424 }
2425
2426 if (si != NULL
2427 /* Don't update anything for strnlen. */
2428 && bound == NULL_TREE
2429 && TREE_CODE (si->nonzero_chars) != SSA_NAME
2430 && TREE_CODE (si->nonzero_chars) != INTEGER_CST
2431 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2432 {
2433 si = unshare_strinfo (si);
2434 si->nonzero_chars = lhs;
2435 gcc_assert (si->full_string_p);
2436 }
2437
2438 if (strlen_to_stridx
2439 && (bound == NULL_TREE
2440 /* For strnlen record this only if the call is proven
2441 to return the same value as strlen would. */
2442 || (TREE_CODE (bound) == INTEGER_CST
2443 && TREE_CODE (rhs) == INTEGER_CST
2444 && tree_int_cst_lt (rhs, bound))))
2445 strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2446
2447 return;
2448 }
2449 }
2450 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2451 return;
2452
2453 if (idx == 0)
2454 idx = new_stridx (src);
2455 else
2456 {
2457 strinfo *si = get_strinfo (idx);
2458 if (si != NULL)
2459 {
2460 if (!si->full_string_p && !si->stmt)
2461 {
2462 /* Until now we only had a lower bound on the string length.
2463 Install LHS as the actual length. */
2464 si = unshare_strinfo (si);
2465 tree old = si->nonzero_chars;
2466 si->nonzero_chars = lhs;
2467 si->full_string_p = true;
2468 if (old && TREE_CODE (old) == INTEGER_CST)
2469 {
2470 old = fold_convert_loc (loc, TREE_TYPE (lhs), old);
2471 tree adj = fold_build2_loc (loc, MINUS_EXPR,
2472 TREE_TYPE (lhs), lhs, old);
2473 adjust_related_strinfos (loc, si, adj);
2474 /* Use the constant minimum length as the lower bound
2475 of the non-constant length. */
2476 wide_int min = wi::to_wide (old);
2477 wide_int max
2478 = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
2479 set_strlen_range (lhs, min, max);
2480 }
2481 else
2482 {
2483 si->first = 0;
2484 si->prev = 0;
2485 si->next = 0;
2486 }
2487 }
2488 return;
2489 }
2490 }
2491 if (idx)
2492 {
2493 if (!bound)
2494 {
2495 /* Only store the new length information for calls to strlen(),
2496 not for those to strnlen(). */
2497 strinfo *si = new_strinfo (src, idx, lhs, true);
2498 set_strinfo (idx, si);
2499 find_equal_ptrs (src, idx);
2500 }
2501
2502 /* For SRC that is an array of N elements, set LHS's range
2503 to [0, min (N, BOUND)]. A constant return value means
2504 the range would have consisted of a single value. In
2505 that case, fold the result into the returned constant. */
2506 if (tree ret = maybe_set_strlen_range (lhs, src, bound))
2507 if (TREE_CODE (ret) == INTEGER_CST)
2508 {
2509 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2510 {
2511 fprintf (dump_file, "Optimizing: ");
2512 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2513 }
2514 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (ret)))
2515 ret = fold_convert_loc (loc, TREE_TYPE (lhs), ret);
2516 if (!update_call_from_tree (gsi, ret))
2517 gimplify_and_update_call_from_tree (gsi, ret);
2518 stmt = gsi_stmt (*gsi);
2519 update_stmt (stmt);
2520 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2521 {
2522 fprintf (dump_file, "into: ");
2523 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2524 }
2525 }
2526
2527 if (strlen_to_stridx && !bound)
2528 strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2529 }
2530 }
2531
2532 /* Handle a strchr call. If strlen of the first argument is known, replace
2533 the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
2534 that lhs of the call is endptr and strlen of the argument is endptr - x. */
2535
2536 static void
2537 handle_builtin_strchr (gimple_stmt_iterator *gsi)
2538 {
2539 gimple *stmt = gsi_stmt (*gsi);
2540 tree lhs = gimple_call_lhs (stmt);
2541
2542 if (lhs == NULL_TREE)
2543 return;
2544
2545 if (!integer_zerop (gimple_call_arg (stmt, 1)))
2546 return;
2547
2548 tree src = gimple_call_arg (stmt, 0);
2549
2550 /* Avoid folding if the first argument is not a nul-terminated array.
2551 Defer warning until later. */
2552 if (!check_nul_terminated_array (NULL_TREE, src))
2553 return;
2554
2555 int idx = get_stridx (src);
2556 if (idx)
2557 {
2558 strinfo *si = NULL;
2559 tree rhs;
2560
2561 if (idx < 0)
2562 rhs = build_int_cst (size_type_node, ~idx);
2563 else
2564 {
2565 rhs = NULL_TREE;
2566 si = get_strinfo (idx);
2567 if (si != NULL)
2568 rhs = get_string_length (si);
2569 }
2570 if (rhs != NULL_TREE)
2571 {
2572 location_t loc = gimple_location (stmt);
2573
2574 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2575 {
2576 fprintf (dump_file, "Optimizing: ");
2577 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2578 }
2579 if (si != NULL && si->endptr != NULL_TREE)
2580 {
2581 rhs = unshare_expr (si->endptr);
2582 if (!useless_type_conversion_p (TREE_TYPE (lhs),
2583 TREE_TYPE (rhs)))
2584 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2585 }
2586 else
2587 {
2588 rhs = fold_convert_loc (loc, sizetype, unshare_expr (rhs));
2589 rhs = fold_build2_loc (loc, POINTER_PLUS_EXPR,
2590 TREE_TYPE (src), src, rhs);
2591 if (!useless_type_conversion_p (TREE_TYPE (lhs),
2592 TREE_TYPE (rhs)))
2593 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2594 }
2595 if (!update_call_from_tree (gsi, rhs))
2596 gimplify_and_update_call_from_tree (gsi, rhs);
2597 stmt = gsi_stmt (*gsi);
2598 update_stmt (stmt);
2599 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2600 {
2601 fprintf (dump_file, "into: ");
2602 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2603 }
2604 if (si != NULL
2605 && si->endptr == NULL_TREE
2606 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2607 {
2608 si = unshare_strinfo (si);
2609 si->endptr = lhs;
2610 }
2611 zero_length_string (lhs, si);
2612 return;
2613 }
2614 }
2615 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2616 return;
2617 if (TREE_CODE (src) != SSA_NAME || !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src))
2618 {
2619 if (idx == 0)
2620 idx = new_stridx (src);
2621 else if (get_strinfo (idx) != NULL)
2622 {
2623 zero_length_string (lhs, NULL);
2624 return;
2625 }
2626 if (idx)
2627 {
2628 location_t loc = gimple_location (stmt);
2629 tree lhsu = fold_convert_loc (loc, size_type_node, lhs);
2630 tree srcu = fold_convert_loc (loc, size_type_node, src);
2631 tree length = fold_build2_loc (loc, MINUS_EXPR,
2632 size_type_node, lhsu, srcu);
2633 strinfo *si = new_strinfo (src, idx, length, true);
2634 si->endptr = lhs;
2635 set_strinfo (idx, si);
2636 find_equal_ptrs (src, idx);
2637 zero_length_string (lhs, si);
2638 }
2639 }
2640 else
2641 zero_length_string (lhs, NULL);
2642 }
2643
2644 /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
2645 If strlen of the second argument is known, strlen of the first argument
2646 is the same after this call. Furthermore, attempt to convert it to
2647 memcpy. Uses RVALS to determine range information. */
2648
2649 static void
2650 handle_builtin_strcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi,
2651 range_query *rvals)
2652 {
2653 int idx, didx;
2654 tree src, dst, srclen, len, lhs, type, fn, oldlen;
2655 bool success;
2656 gimple *stmt = gsi_stmt (*gsi);
2657 strinfo *si, *dsi, *olddsi, *zsi;
2658 location_t loc;
2659
2660 src = gimple_call_arg (stmt, 1);
2661 dst = gimple_call_arg (stmt, 0);
2662 lhs = gimple_call_lhs (stmt);
2663 idx = get_stridx (src);
2664 si = NULL;
2665 if (idx > 0)
2666 si = get_strinfo (idx);
2667
2668 didx = get_stridx (dst);
2669 olddsi = NULL;
2670 oldlen = NULL_TREE;
2671 if (didx > 0)
2672 olddsi = get_strinfo (didx);
2673 else if (didx < 0)
2674 return;
2675
2676 if (olddsi != NULL)
2677 adjust_last_stmt (olddsi, stmt, false);
2678
2679 srclen = NULL_TREE;
2680 if (si != NULL)
2681 srclen = get_string_length (si);
2682 else if (idx < 0)
2683 srclen = build_int_cst (size_type_node, ~idx);
2684
2685 maybe_warn_overflow (stmt, srclen, rvals, olddsi, true);
2686
2687 if (olddsi != NULL)
2688 adjust_last_stmt (olddsi, stmt, false);
2689
2690 loc = gimple_location (stmt);
2691 if (srclen == NULL_TREE)
2692 switch (bcode)
2693 {
2694 case BUILT_IN_STRCPY:
2695 case BUILT_IN_STRCPY_CHK:
2696 if (lhs != NULL_TREE || !builtin_decl_implicit_p (BUILT_IN_STPCPY))
2697 return;
2698 break;
2699 case BUILT_IN_STPCPY:
2700 case BUILT_IN_STPCPY_CHK:
2701 if (lhs == NULL_TREE)
2702 return;
2703 else
2704 {
2705 tree lhsuint = fold_convert_loc (loc, size_type_node, lhs);
2706 srclen = fold_convert_loc (loc, size_type_node, dst);
2707 srclen = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
2708 lhsuint, srclen);
2709 }
2710 break;
2711 default:
2712 gcc_unreachable ();
2713 }
2714
2715 if (didx == 0)
2716 {
2717 didx = new_stridx (dst);
2718 if (didx == 0)
2719 return;
2720 }
2721 if (olddsi != NULL)
2722 {
2723 oldlen = olddsi->nonzero_chars;
2724 dsi = unshare_strinfo (olddsi);
2725 dsi->nonzero_chars = srclen;
2726 dsi->full_string_p = (srclen != NULL_TREE);
2727 /* Break the chain, so adjust_related_strinfo on later pointers in
2728 the chain won't adjust this one anymore. */
2729 dsi->next = 0;
2730 dsi->stmt = NULL;
2731 dsi->endptr = NULL_TREE;
2732 }
2733 else
2734 {
2735 dsi = new_strinfo (dst, didx, srclen, srclen != NULL_TREE);
2736 set_strinfo (didx, dsi);
2737 find_equal_ptrs (dst, didx);
2738 }
2739 dsi->writable = true;
2740 dsi->dont_invalidate = true;
2741
2742 if (dsi->nonzero_chars == NULL_TREE)
2743 {
2744 strinfo *chainsi;
2745
2746 /* If string length of src is unknown, use delayed length
2747 computation. If string length of dst will be needed, it
2748 can be computed by transforming this strcpy call into
2749 stpcpy and subtracting dst from the return value. */
2750
2751 /* Look for earlier strings whose length could be determined if
2752 this strcpy is turned into an stpcpy. */
2753
2754 if (dsi->prev != 0 && (chainsi = verify_related_strinfos (dsi)) != NULL)
2755 {
2756 for (; chainsi && chainsi != dsi; chainsi = get_strinfo (chainsi->next))
2757 {
2758 /* When setting a stmt for delayed length computation
2759 prevent all strinfos through dsi from being
2760 invalidated. */
2761 chainsi = unshare_strinfo (chainsi);
2762 chainsi->stmt = stmt;
2763 chainsi->nonzero_chars = NULL_TREE;
2764 chainsi->full_string_p = false;
2765 chainsi->endptr = NULL_TREE;
2766 chainsi->dont_invalidate = true;
2767 }
2768 }
2769 dsi->stmt = stmt;
2770
2771 /* Try to detect overlap before returning. This catches cases
2772 like strcpy (d, d + n) where n is non-constant whose range
2773 is such that (n <= strlen (d) holds).
2774
2775 OLDDSI->NONZERO_chars may have been reset by this point with
2776 oldlen holding it original value. */
2777 if (olddsi && oldlen)
2778 {
2779 /* Add 1 for the terminating NUL. */
2780 tree type = TREE_TYPE (oldlen);
2781 oldlen = fold_build2 (PLUS_EXPR, type, oldlen,
2782 build_int_cst (type, 1));
2783 check_bounds_or_overlap (stmt, olddsi->ptr, src, oldlen, NULL_TREE);
2784 }
2785
2786 return;
2787 }
2788
2789 if (olddsi != NULL)
2790 {
2791 tree adj = NULL_TREE;
2792 if (oldlen == NULL_TREE)
2793 ;
2794 else if (integer_zerop (oldlen))
2795 adj = srclen;
2796 else if (TREE_CODE (oldlen) == INTEGER_CST
2797 || TREE_CODE (srclen) == INTEGER_CST)
2798 adj = fold_build2_loc (loc, MINUS_EXPR,
2799 TREE_TYPE (srclen), srclen,
2800 fold_convert_loc (loc, TREE_TYPE (srclen),
2801 oldlen));
2802 if (adj != NULL_TREE)
2803 adjust_related_strinfos (loc, dsi, adj);
2804 else
2805 dsi->prev = 0;
2806 }
2807 /* strcpy src may not overlap dst, so src doesn't need to be
2808 invalidated either. */
2809 if (si != NULL)
2810 si->dont_invalidate = true;
2811
2812 fn = NULL_TREE;
2813 zsi = NULL;
2814 switch (bcode)
2815 {
2816 case BUILT_IN_STRCPY:
2817 fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
2818 if (lhs)
2819 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2820 break;
2821 case BUILT_IN_STRCPY_CHK:
2822 fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
2823 if (lhs)
2824 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2825 break;
2826 case BUILT_IN_STPCPY:
2827 /* This would need adjustment of the lhs (subtract one),
2828 or detection that the trailing '\0' doesn't need to be
2829 written, if it will be immediately overwritten.
2830 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
2831 if (lhs)
2832 {
2833 dsi->endptr = lhs;
2834 zsi = zero_length_string (lhs, dsi);
2835 }
2836 break;
2837 case BUILT_IN_STPCPY_CHK:
2838 /* This would need adjustment of the lhs (subtract one),
2839 or detection that the trailing '\0' doesn't need to be
2840 written, if it will be immediately overwritten.
2841 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
2842 if (lhs)
2843 {
2844 dsi->endptr = lhs;
2845 zsi = zero_length_string (lhs, dsi);
2846 }
2847 break;
2848 default:
2849 gcc_unreachable ();
2850 }
2851 if (zsi != NULL)
2852 zsi->dont_invalidate = true;
2853
2854 if (fn)
2855 {
2856 tree args = TYPE_ARG_TYPES (TREE_TYPE (fn));
2857 type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
2858 }
2859 else
2860 type = size_type_node;
2861
2862 len = fold_convert_loc (loc, type, unshare_expr (srclen));
2863 len = fold_build2_loc (loc, PLUS_EXPR, type, len, build_int_cst (type, 1));
2864
2865 /* Set the no-warning bit on the transformed statement? */
2866 bool set_no_warning = false;
2867
2868 if (const strinfo *chksi = olddsi ? olddsi : dsi)
2869 if (si
2870 && check_bounds_or_overlap (stmt, chksi->ptr, si->ptr, NULL_TREE, len))
2871 {
2872 gimple_set_no_warning (stmt, true);
2873 set_no_warning = true;
2874 }
2875
2876 if (fn == NULL_TREE)
2877 return;
2878
2879 len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
2880 GSI_SAME_STMT);
2881 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2882 {
2883 fprintf (dump_file, "Optimizing: ");
2884 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2885 }
2886 if (gimple_call_num_args (stmt) == 2)
2887 success = update_gimple_call (gsi, fn, 3, dst, src, len);
2888 else
2889 success = update_gimple_call (gsi, fn, 4, dst, src, len,
2890 gimple_call_arg (stmt, 2));
2891 if (success)
2892 {
2893 stmt = gsi_stmt (*gsi);
2894 update_stmt (stmt);
2895 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2896 {
2897 fprintf (dump_file, "into: ");
2898 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2899 }
2900 /* Allow adjust_last_stmt to decrease this memcpy's size. */
2901 laststmt.stmt = stmt;
2902 laststmt.len = srclen;
2903 laststmt.stridx = dsi->idx;
2904 }
2905 else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2906 fprintf (dump_file, "not possible.\n");
2907
2908 if (set_no_warning)
2909 gimple_set_no_warning (stmt, true);
2910 }
2911
2912 /* Check the size argument to the built-in forms of stpncpy and strncpy
2913 for out-of-bounds offsets or overlapping access, and to see if the
2914 size argument is derived from a call to strlen() on the source argument,
2915 and if so, issue an appropriate warning. */
2916
2917 static void
2918 handle_builtin_strncat (built_in_function, gimple_stmt_iterator *gsi)
2919 {
2920 /* Same as stxncpy(). */
2921 handle_builtin_stxncpy_strncat (true, gsi);
2922 }
2923
2924 /* Return true if LEN depends on a call to strlen(SRC) in an interesting
2925 way. LEN can either be an integer expression, or a pointer (to char).
2926 When it is the latter (such as in recursive calls to self) it is
2927 assumed to be the argument in some call to strlen() whose relationship
2928 to SRC is being ascertained. */
2929
2930 bool
2931 is_strlen_related_p (tree src, tree len)
2932 {
2933 if (TREE_CODE (TREE_TYPE (len)) == POINTER_TYPE
2934 && operand_equal_p (src, len, 0))
2935 return true;
2936
2937 if (TREE_CODE (len) != SSA_NAME)
2938 return false;
2939
2940 if (TREE_CODE (src) == SSA_NAME)
2941 {
2942 gimple *srcdef = SSA_NAME_DEF_STMT (src);
2943 if (is_gimple_assign (srcdef))
2944 {
2945 /* Handle bitwise AND used in conversions from wider size_t
2946 to narrower unsigned types. */
2947 tree_code code = gimple_assign_rhs_code (srcdef);
2948 if (code == BIT_AND_EXPR
2949 || code == NOP_EXPR)
2950 return is_strlen_related_p (gimple_assign_rhs1 (srcdef), len);
2951
2952 return false;
2953 }
2954
2955 if (gimple_call_builtin_p (srcdef, BUILT_IN_NORMAL))
2956 {
2957 /* If SRC is the result of a call to an allocation function
2958 or strlen, use the function's argument instead. */
2959 tree func = gimple_call_fndecl (srcdef);
2960 built_in_function code = DECL_FUNCTION_CODE (func);
2961 if (code == BUILT_IN_ALLOCA
2962 || code == BUILT_IN_ALLOCA_WITH_ALIGN
2963 || code == BUILT_IN_MALLOC
2964 || code == BUILT_IN_STRLEN)
2965 return is_strlen_related_p (gimple_call_arg (srcdef, 0), len);
2966
2967 /* FIXME: Handle other functions with attribute alloc_size. */
2968 return false;
2969 }
2970 }
2971
2972 gimple *lendef = SSA_NAME_DEF_STMT (len);
2973 if (!lendef)
2974 return false;
2975
2976 if (is_gimple_call (lendef))
2977 {
2978 tree func = gimple_call_fndecl (lendef);
2979 if (!valid_builtin_call (lendef)
2980 || DECL_FUNCTION_CODE (func) != BUILT_IN_STRLEN)
2981 return false;
2982
2983 tree arg = gimple_call_arg (lendef, 0);
2984 return is_strlen_related_p (src, arg);
2985 }
2986
2987 if (!is_gimple_assign (lendef))
2988 return false;
2989
2990 tree_code code = gimple_assign_rhs_code (lendef);
2991 tree rhs1 = gimple_assign_rhs1 (lendef);
2992 tree rhstype = TREE_TYPE (rhs1);
2993
2994 if ((TREE_CODE (rhstype) == POINTER_TYPE && code == POINTER_PLUS_EXPR)
2995 || (INTEGRAL_TYPE_P (rhstype)
2996 && (code == BIT_AND_EXPR
2997 || code == NOP_EXPR)))
2998 {
2999 /* Pointer plus (an integer), and truncation are considered among
3000 the (potentially) related expressions to strlen. */
3001 return is_strlen_related_p (src, rhs1);
3002 }
3003
3004 if (tree rhs2 = gimple_assign_rhs2 (lendef))
3005 {
3006 /* Integer subtraction is considered strlen-related when both
3007 arguments are integers and second one is strlen-related. */
3008 rhstype = TREE_TYPE (rhs2);
3009 if (INTEGRAL_TYPE_P (rhstype) && code == MINUS_EXPR)
3010 return is_strlen_related_p (src, rhs2);
3011 }
3012
3013 return false;
3014 }
3015
3016 /* Called by handle_builtin_stxncpy_strncat and by
3017 gimple_fold_builtin_strncpy in gimple-fold.c.
3018 Check to see if the specified bound is a) equal to the size of
3019 the destination DST and if so, b) if it's immediately followed by
3020 DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
3021 do nothing. Return true if diagnostic has been issued.
3022
3023 The purpose is to diagnose calls to strncpy and stpncpy that do
3024 not nul-terminate the copy while allowing for the idiom where
3025 such a call is immediately followed by setting the last element
3026 to nul, as in:
3027 char a[32];
3028 strncpy (a, s, sizeof a);
3029 a[sizeof a - 1] = '\0';
3030 */
3031
3032 bool
3033 maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi, tree src, tree cnt)
3034 {
3035 gimple *stmt = gsi_stmt (gsi);
3036 if (gimple_no_warning_p (stmt))
3037 return false;
3038
3039 wide_int cntrange[2];
3040
3041 // FIXME: Use range_query instead of global ranges.
3042 enum value_range_kind rng = get_range_info (cnt, cntrange, cntrange + 1);
3043 if (rng == VR_RANGE)
3044 ;
3045 else if (rng == VR_ANTI_RANGE)
3046 {
3047 wide_int maxobjsize = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
3048
3049 if (wi::ltu_p (cntrange[1], maxobjsize))
3050 {
3051 cntrange[0] = cntrange[1] + 1;
3052 cntrange[1] = maxobjsize;
3053 }
3054 else
3055 {
3056 cntrange[1] = cntrange[0] - 1;
3057 cntrange[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt)));
3058 }
3059 }
3060 else
3061 return false;
3062
3063 /* Negative value is the constant string length. If it's less than
3064 the lower bound there is no truncation. Avoid calling get_stridx()
3065 when ssa_ver_to_stridx is empty. That implies the caller isn't
3066 running under the control of this pass and ssa_ver_to_stridx hasn't
3067 been created yet. */
3068 int sidx = ssa_ver_to_stridx.length () ? get_stridx (src) : 0;
3069 if (sidx < 0 && wi::gtu_p (cntrange[0], ~sidx))
3070 return false;
3071
3072 tree dst = gimple_call_arg (stmt, 0);
3073 tree dstdecl = dst;
3074 if (TREE_CODE (dstdecl) == ADDR_EXPR)
3075 dstdecl = TREE_OPERAND (dstdecl, 0);
3076
3077 tree ref = NULL_TREE;
3078
3079 if (!sidx)
3080 {
3081 /* If the source is a non-string return early to avoid warning
3082 for possible truncation (if the truncation is certain SIDX
3083 is non-zero). */
3084 tree srcdecl = gimple_call_arg (stmt, 1);
3085 if (TREE_CODE (srcdecl) == ADDR_EXPR)
3086 srcdecl = TREE_OPERAND (srcdecl, 0);
3087 if (get_attr_nonstring_decl (srcdecl, &ref))
3088 return false;
3089 }
3090
3091 /* Likewise, if the destination refers to an array/pointer declared
3092 nonstring return early. */
3093 if (get_attr_nonstring_decl (dstdecl, &ref))
3094 return false;
3095
3096 /* Look for dst[i] = '\0'; after the stxncpy() call and if found
3097 avoid the truncation warning. */
3098 gsi_next_nondebug (&gsi);
3099 gimple *next_stmt = gsi_stmt (gsi);
3100 if (!next_stmt)
3101 {
3102 /* When there is no statement in the same basic block check
3103 the immediate successor block. */
3104 if (basic_block bb = gimple_bb (stmt))
3105 {
3106 if (single_succ_p (bb))
3107 {
3108 /* For simplicity, ignore blocks with multiple outgoing
3109 edges for now and only consider successor blocks along
3110 normal edges. */
3111 edge e = EDGE_SUCC (bb, 0);
3112 if (!(e->flags & EDGE_ABNORMAL))
3113 {
3114 gsi = gsi_start_bb (e->dest);
3115 next_stmt = gsi_stmt (gsi);
3116 if (next_stmt && is_gimple_debug (next_stmt))
3117 {
3118 gsi_next_nondebug (&gsi);
3119 next_stmt = gsi_stmt (gsi);
3120 }
3121 }
3122 }
3123 }
3124 }
3125
3126 if (next_stmt && is_gimple_assign (next_stmt))
3127 {
3128 tree lhs = gimple_assign_lhs (next_stmt);
3129 tree_code code = TREE_CODE (lhs);
3130 if (code == ARRAY_REF || code == MEM_REF)
3131 lhs = TREE_OPERAND (lhs, 0);
3132
3133 tree func = gimple_call_fndecl (stmt);
3134 if (DECL_FUNCTION_CODE (func) == BUILT_IN_STPNCPY)
3135 {
3136 tree ret = gimple_call_lhs (stmt);
3137 if (ret && operand_equal_p (ret, lhs, 0))
3138 return false;
3139 }
3140
3141 /* Determine the base address and offset of the reference,
3142 ignoring the innermost array index. */
3143 if (TREE_CODE (ref) == ARRAY_REF)
3144 ref = TREE_OPERAND (ref, 0);
3145
3146 poly_int64 dstoff;
3147 tree dstbase = get_addr_base_and_unit_offset (ref, &dstoff);
3148
3149 poly_int64 lhsoff;
3150 tree lhsbase = get_addr_base_and_unit_offset (lhs, &lhsoff);
3151 if (lhsbase
3152 && dstbase
3153 && known_eq (dstoff, lhsoff)
3154 && operand_equal_p (dstbase, lhsbase, 0))
3155 return false;
3156 }
3157
3158 int prec = TYPE_PRECISION (TREE_TYPE (cnt));
3159 wide_int lenrange[2];
3160 if (strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL)
3161 {
3162 lenrange[0] = (sisrc->nonzero_chars
3163 && TREE_CODE (sisrc->nonzero_chars) == INTEGER_CST
3164 ? wi::to_wide (sisrc->nonzero_chars)
3165 : wi::zero (prec));
3166 lenrange[1] = lenrange[0];
3167 }
3168 else if (sidx < 0)
3169 lenrange[0] = lenrange[1] = wi::shwi (~sidx, prec);
3170 else
3171 {
3172 c_strlen_data lendata = { };
3173 /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
3174 to have it set to the length of the longest string in a PHI. */
3175 lendata.maxbound = src;
3176 get_range_strlen (src, &lendata, /* eltsize = */1);
3177 if (TREE_CODE (lendata.minlen) == INTEGER_CST
3178 && TREE_CODE (lendata.maxbound) == INTEGER_CST)
3179 {
3180 /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
3181 which stores the length of the shortest known string. */
3182 if (integer_all_onesp (lendata.maxlen))
3183 lenrange[0] = wi::shwi (0, prec);
3184 else
3185 lenrange[0] = wi::to_wide (lendata.minlen, prec);
3186 lenrange[1] = wi::to_wide (lendata.maxbound, prec);
3187 }
3188 else
3189 {
3190 lenrange[0] = wi::shwi (0, prec);
3191 lenrange[1] = wi::shwi (-1, prec);
3192 }
3193 }
3194
3195 location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
3196 tree func = gimple_call_fndecl (stmt);
3197
3198 if (lenrange[0] != 0 || !wi::neg_p (lenrange[1]))
3199 {
3200 /* If the longest source string is shorter than the lower bound
3201 of the specified count the copy is definitely nul-terminated. */
3202 if (wi::ltu_p (lenrange[1], cntrange[0]))
3203 return false;
3204
3205 if (wi::neg_p (lenrange[1]))
3206 {
3207 /* The length of one of the strings is unknown but at least
3208 one has non-zero length and that length is stored in
3209 LENRANGE[1]. Swap the bounds to force a "may be truncated"
3210 warning below. */
3211 lenrange[1] = lenrange[0];
3212 lenrange[0] = wi::shwi (0, prec);
3213 }
3214
3215 /* Set to true for strncat whose bound is derived from the length
3216 of the destination (the expected usage pattern). */
3217 bool cat_dstlen_bounded = false;
3218 if (DECL_FUNCTION_CODE (func) == BUILT_IN_STRNCAT)
3219 cat_dstlen_bounded = is_strlen_related_p (dst, cnt);
3220
3221 if (lenrange[0] == cntrange[1] && cntrange[0] == cntrange[1])
3222 return warning_n (callloc, OPT_Wstringop_truncation,
3223 cntrange[0].to_uhwi (),
3224 "%G%qD output truncated before terminating "
3225 "nul copying %E byte from a string of the "
3226 "same length",
3227 "%G%qD output truncated before terminating nul "
3228 "copying %E bytes from a string of the same "
3229 "length",
3230 stmt, func, cnt);
3231 else if (!cat_dstlen_bounded)
3232 {
3233 if (wi::geu_p (lenrange[0], cntrange[1]))
3234 {
3235 /* The shortest string is longer than the upper bound of
3236 the count so the truncation is certain. */
3237 if (cntrange[0] == cntrange[1])
3238 return warning_n (callloc, OPT_Wstringop_truncation,
3239 cntrange[0].to_uhwi (),
3240 "%G%qD output truncated copying %E byte "
3241 "from a string of length %wu",
3242 "%G%qD output truncated copying %E bytes "
3243 "from a string of length %wu",
3244 stmt, func, cnt, lenrange[0].to_uhwi ());
3245
3246 return warning_at (callloc, OPT_Wstringop_truncation,
3247 "%G%qD output truncated copying between %wu "
3248 "and %wu bytes from a string of length %wu",
3249 stmt, func, cntrange[0].to_uhwi (),
3250 cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3251 }
3252 else if (wi::geu_p (lenrange[1], cntrange[1]))
3253 {
3254 /* The longest string is longer than the upper bound of
3255 the count so the truncation is possible. */
3256 if (cntrange[0] == cntrange[1])
3257 return warning_n (callloc, OPT_Wstringop_truncation,
3258 cntrange[0].to_uhwi (),
3259 "%G%qD output may be truncated copying %E "
3260 "byte from a string of length %wu",
3261 "%G%qD output may be truncated copying %E "
3262 "bytes from a string of length %wu",
3263 stmt, func, cnt, lenrange[1].to_uhwi ());
3264
3265 return warning_at (callloc, OPT_Wstringop_truncation,
3266 "%G%qD output may be truncated copying between "
3267 "%wu and %wu bytes from a string of length %wu",
3268 stmt, func, cntrange[0].to_uhwi (),
3269 cntrange[1].to_uhwi (), lenrange[1].to_uhwi ());
3270 }
3271 }
3272
3273 if (!cat_dstlen_bounded
3274 && cntrange[0] != cntrange[1]
3275 && wi::leu_p (cntrange[0], lenrange[0])
3276 && wi::leu_p (cntrange[1], lenrange[0] + 1))
3277 {
3278 /* If the source (including the terminating nul) is longer than
3279 the lower bound of the specified count but shorter than the
3280 upper bound the copy may (but need not) be truncated. */
3281 return warning_at (callloc, OPT_Wstringop_truncation,
3282 "%G%qD output may be truncated copying between "
3283 "%wu and %wu bytes from a string of length %wu",
3284 stmt, func, cntrange[0].to_uhwi (),
3285 cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3286 }
3287 }
3288
3289 if (tree dstsize = compute_objsize (dst, 1))
3290 {
3291 /* The source length is unknown. Try to determine the destination
3292 size and see if it matches the specified bound. If not, bail.
3293 Otherwise go on to see if it should be diagnosed for possible
3294 truncation. */
3295 if (!dstsize)
3296 return false;
3297
3298 if (wi::to_wide (dstsize) != cntrange[1])
3299 return false;
3300
3301 /* Avoid warning for strncpy(a, b, N) calls where the following
3302 equalities hold:
3303 N == sizeof a && N == sizeof b */
3304 if (tree srcsize = compute_objsize (src, 1))
3305 if (wi::to_wide (srcsize) == cntrange[1])
3306 return false;
3307
3308 if (cntrange[0] == cntrange[1])
3309 return warning_at (callloc, OPT_Wstringop_truncation,
3310 "%G%qD specified bound %E equals destination size",
3311 stmt, func, cnt);
3312 }
3313
3314 return false;
3315 }
3316
3317 /* Check the arguments to the built-in forms of stpncpy, strncpy, and
3318 strncat, for out-of-bounds offsets or overlapping access, and to see
3319 if the size is derived from calling strlen() on the source argument,
3320 and if so, issue the appropriate warning.
3321 APPEND_P is true for strncat. */
3322
3323 static void
3324 handle_builtin_stxncpy_strncat (bool append_p, gimple_stmt_iterator *gsi)
3325 {
3326 if (!strlen_to_stridx)
3327 return;
3328
3329 gimple *stmt = gsi_stmt (*gsi);
3330
3331 tree dst = gimple_call_arg (stmt, 0);
3332 tree src = gimple_call_arg (stmt, 1);
3333 tree len = gimple_call_arg (stmt, 2);
3334 tree dstsize = NULL_TREE, srcsize = NULL_TREE;
3335
3336 int didx = get_stridx (dst);
3337 if (strinfo *sidst = didx > 0 ? get_strinfo (didx) : NULL)
3338 {
3339 /* Compute the size of the destination string including the nul
3340 if it is known to be nul-terminated. */
3341 if (sidst->nonzero_chars)
3342 {
3343 if (sidst->full_string_p)
3344 {
3345 /* String is known to be nul-terminated. */
3346 tree type = TREE_TYPE (sidst->nonzero_chars);
3347 dstsize = fold_build2 (PLUS_EXPR, type, sidst->nonzero_chars,
3348 build_int_cst (type, 1));
3349 }
3350 else
3351 dstsize = sidst->nonzero_chars;
3352 }
3353
3354 dst = sidst->ptr;
3355 }
3356
3357 int sidx = get_stridx (src);
3358 strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL;
3359 if (sisrc)
3360 {
3361 /* strncat() and strncpy() can modify the source string by writing
3362 over the terminating nul so SISRC->DONT_INVALIDATE must be left
3363 clear. */
3364
3365 /* Compute the size of the source string including the terminating
3366 nul if its known to be nul-terminated. */
3367 if (sisrc->nonzero_chars)
3368 {
3369 if (sisrc->full_string_p)
3370 {
3371 tree type = TREE_TYPE (sisrc->nonzero_chars);
3372 srcsize = fold_build2 (PLUS_EXPR, type, sisrc->nonzero_chars,
3373 build_int_cst (type, 1));
3374 }
3375 else
3376 srcsize = sisrc->nonzero_chars;
3377 }
3378
3379 src = sisrc->ptr;
3380 }
3381 else
3382 srcsize = NULL_TREE;
3383
3384 if (check_bounds_or_overlap (stmt, dst, src, dstsize, srcsize))
3385 {
3386 gimple_set_no_warning (stmt, true);
3387 return;
3388 }
3389
3390 /* If the length argument was computed from strlen(S) for some string
3391 S retrieve the strinfo index for the string (PSS->FIRST) along with
3392 the location of the strlen() call (PSS->SECOND). */
3393 stridx_strlenloc *pss = strlen_to_stridx->get (len);
3394 if (!pss || pss->first <= 0)
3395 {
3396 if (maybe_diag_stxncpy_trunc (*gsi, src, len))
3397 gimple_set_no_warning (stmt, true);
3398
3399 return;
3400 }
3401
3402 /* Retrieve the strinfo data for the string S that LEN was computed
3403 from as some function F of strlen (S) (i.e., LEN need not be equal
3404 to strlen(S)). */
3405 strinfo *silen = get_strinfo (pss->first);
3406
3407 location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
3408
3409 tree func = gimple_call_fndecl (stmt);
3410
3411 bool warned = false;
3412
3413 /* When -Wstringop-truncation is set, try to determine truncation
3414 before diagnosing possible overflow. Truncation is implied by
3415 the LEN argument being equal to strlen(SRC), regardless of
3416 whether its value is known. Otherwise, issue the more generic
3417 -Wstringop-overflow which triggers for LEN arguments that in
3418 any meaningful way depend on strlen(SRC). */
3419 if (!append_p
3420 && sisrc == silen
3421 && is_strlen_related_p (src, len)
3422 && warning_at (callloc, OPT_Wstringop_truncation,
3423 "%G%qD output truncated before terminating nul "
3424 "copying as many bytes from a string as its length",
3425 stmt, func))
3426 warned = true;
3427 else if (silen && is_strlen_related_p (src, silen->ptr))
3428 warned = warning_at (callloc, OPT_Wstringop_overflow_,
3429 "%G%qD specified bound depends on the length "
3430 "of the source argument",
3431 stmt, func);
3432 if (warned)
3433 {
3434 location_t strlenloc = pss->second;
3435 if (strlenloc != UNKNOWN_LOCATION && strlenloc != callloc)
3436 inform (strlenloc, "length computed here");
3437 }
3438 }
3439
3440 /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
3441 If strlen of the second argument is known and length of the third argument
3442 is that plus one, strlen of the first argument is the same after this
3443 call. Uses RVALS to determine range information. */
3444
3445 static void
3446 handle_builtin_memcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi,
3447 range_query *rvals)
3448 {
3449 tree lhs, oldlen, newlen;
3450 gimple *stmt = gsi_stmt (*gsi);
3451 strinfo *si, *dsi;
3452
3453 tree len = gimple_call_arg (stmt, 2);
3454 tree src = gimple_call_arg (stmt, 1);
3455 tree dst = gimple_call_arg (stmt, 0);
3456
3457 int didx = get_stridx (dst);
3458 strinfo *olddsi = NULL;
3459 if (didx > 0)
3460 olddsi = get_strinfo (didx);
3461 else if (didx < 0)
3462 return;
3463
3464 if (olddsi != NULL
3465 && !integer_zerop (len))
3466 {
3467 maybe_warn_overflow (stmt, len, rvals, olddsi, false, true);
3468 adjust_last_stmt (olddsi, stmt, false);
3469 }
3470
3471 int idx = get_stridx (src);
3472 if (idx == 0)
3473 return;
3474
3475 bool full_string_p;
3476 if (idx > 0)
3477 {
3478 gimple *def_stmt;
3479
3480 /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
3481 is known. */
3482 si = get_strinfo (idx);
3483 if (si == NULL || si->nonzero_chars == NULL_TREE)
3484 return;
3485 if (TREE_CODE (len) == INTEGER_CST
3486 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
3487 {
3488 if (tree_int_cst_le (len, si->nonzero_chars))
3489 {
3490 /* Copying LEN nonzero characters, where LEN is constant. */
3491 newlen = len;
3492 full_string_p = false;
3493 }
3494 else
3495 {
3496 /* Copying the whole of the analyzed part of SI. */
3497 newlen = si->nonzero_chars;
3498 full_string_p = si->full_string_p;
3499 }
3500 }
3501 else
3502 {
3503 if (!si->full_string_p)
3504 return;
3505 if (TREE_CODE (len) != SSA_NAME)
3506 return;
3507 def_stmt = SSA_NAME_DEF_STMT (len);
3508 if (!is_gimple_assign (def_stmt)
3509 || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
3510 || gimple_assign_rhs1 (def_stmt) != si->nonzero_chars
3511 || !integer_onep (gimple_assign_rhs2 (def_stmt)))
3512 return;
3513 /* Copying variable-length string SI (and no more). */
3514 newlen = si->nonzero_chars;
3515 full_string_p = true;
3516 }
3517 }
3518 else
3519 {
3520 si = NULL;
3521 /* Handle memcpy (x, "abcd", 5) or
3522 memcpy (x, "abc\0uvw", 7). */
3523 if (!tree_fits_uhwi_p (len))
3524 return;
3525
3526 unsigned HOST_WIDE_INT clen = tree_to_uhwi (len);
3527 unsigned HOST_WIDE_INT nonzero_chars = ~idx;
3528 newlen = build_int_cst (size_type_node, MIN (nonzero_chars, clen));
3529 full_string_p = clen > nonzero_chars;
3530 }
3531
3532 if (!full_string_p
3533 && olddsi
3534 && olddsi->nonzero_chars
3535 && TREE_CODE (olddsi->nonzero_chars) == INTEGER_CST
3536 && tree_int_cst_le (newlen, olddsi->nonzero_chars))
3537 {
3538 /* The SRC substring being written strictly overlaps
3539 a subsequence of the existing string OLDDSI. */
3540 newlen = olddsi->nonzero_chars;
3541 full_string_p = olddsi->full_string_p;
3542 }
3543
3544 if (olddsi != NULL && TREE_CODE (len) == SSA_NAME)
3545 adjust_last_stmt (olddsi, stmt, false);
3546
3547 if (didx == 0)
3548 {
3549 didx = new_stridx (dst);
3550 if (didx == 0)
3551 return;
3552 }
3553 oldlen = NULL_TREE;
3554 if (olddsi != NULL)
3555 {
3556 dsi = unshare_strinfo (olddsi);
3557 oldlen = olddsi->nonzero_chars;
3558 dsi->nonzero_chars = newlen;
3559 dsi->full_string_p = full_string_p;
3560 /* Break the chain, so adjust_related_strinfo on later pointers in
3561 the chain won't adjust this one anymore. */
3562 dsi->next = 0;
3563 dsi->stmt = NULL;
3564 dsi->endptr = NULL_TREE;
3565 }
3566 else
3567 {
3568 dsi = new_strinfo (dst, didx, newlen, full_string_p);
3569 set_strinfo (didx, dsi);
3570 find_equal_ptrs (dst, didx);
3571 }
3572 dsi->writable = true;
3573 dsi->dont_invalidate = true;
3574 if (olddsi != NULL)
3575 {
3576 tree adj = NULL_TREE;
3577 location_t loc = gimple_location (stmt);
3578 if (oldlen == NULL_TREE)
3579 ;
3580 else if (integer_zerop (oldlen))
3581 adj = newlen;
3582 else if (TREE_CODE (oldlen) == INTEGER_CST
3583 || TREE_CODE (newlen) == INTEGER_CST)
3584 adj = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (newlen), newlen,
3585 fold_convert_loc (loc, TREE_TYPE (newlen),
3586 oldlen));
3587 if (adj != NULL_TREE)
3588 adjust_related_strinfos (loc, dsi, adj);
3589 else
3590 dsi->prev = 0;
3591 }
3592 /* memcpy src may not overlap dst, so src doesn't need to be
3593 invalidated either. */
3594 if (si != NULL)
3595 si->dont_invalidate = true;
3596
3597 if (full_string_p)
3598 {
3599 lhs = gimple_call_lhs (stmt);
3600 switch (bcode)
3601 {
3602 case BUILT_IN_MEMCPY:
3603 case BUILT_IN_MEMCPY_CHK:
3604 /* Allow adjust_last_stmt to decrease this memcpy's size. */
3605 laststmt.stmt = stmt;
3606 laststmt.len = dsi->nonzero_chars;
3607 laststmt.stridx = dsi->idx;
3608 if (lhs)
3609 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
3610 break;
3611 case BUILT_IN_MEMPCPY:
3612 case BUILT_IN_MEMPCPY_CHK:
3613 break;
3614 default:
3615 gcc_unreachable ();
3616 }
3617 }
3618 }
3619
3620 /* Handle a strcat-like ({strcat,__strcat_chk}) call.
3621 If strlen of the second argument is known, strlen of the first argument
3622 is increased by the length of the second argument. Furthermore, attempt
3623 to convert it to memcpy/strcpy if the length of the first argument
3624 is known. */
3625
3626 static void
3627 handle_builtin_strcat (enum built_in_function bcode, gimple_stmt_iterator *gsi)
3628 {
3629 int idx, didx;
3630 tree srclen, args, type, fn, objsz, endptr;
3631 bool success;
3632 gimple *stmt = gsi_stmt (*gsi);
3633 strinfo *si, *dsi;
3634 location_t loc = gimple_location (stmt);
3635
3636 tree src = gimple_call_arg (stmt, 1);
3637 tree dst = gimple_call_arg (stmt, 0);
3638
3639 /* Bail if the source is the same as destination. It will be diagnosed
3640 elsewhere. */
3641 if (operand_equal_p (src, dst, 0))
3642 return;
3643
3644 tree lhs = gimple_call_lhs (stmt);
3645
3646 didx = get_stridx (dst);
3647 if (didx < 0)
3648 return;
3649
3650 dsi = NULL;
3651 if (didx > 0)
3652 dsi = get_strinfo (didx);
3653
3654 srclen = NULL_TREE;
3655 si = NULL;
3656 idx = get_stridx (src);
3657 if (idx < 0)
3658 srclen = build_int_cst (size_type_node, ~idx);
3659 else if (idx > 0)
3660 {
3661 si = get_strinfo (idx);
3662 if (si != NULL)
3663 srclen = get_string_length (si);
3664 }
3665
3666 /* Set the no-warning bit on the transformed statement? */
3667 bool set_no_warning = false;
3668
3669 if (dsi == NULL || get_string_length (dsi) == NULL_TREE)
3670 {
3671 {
3672 /* The concatenation always involves copying at least one byte
3673 (the terminating nul), even if the source string is empty.
3674 If the source is unknown assume it's one character long and
3675 used that as both sizes. */
3676 tree slen = srclen;
3677 if (slen)
3678 {
3679 tree type = TREE_TYPE (slen);
3680 slen = fold_build2 (PLUS_EXPR, type, slen, build_int_cst (type, 1));
3681 }
3682
3683 tree sptr = si && si->ptr ? si->ptr : src;
3684
3685 if (check_bounds_or_overlap (stmt, dst, sptr, NULL_TREE, slen))
3686 {
3687 gimple_set_no_warning (stmt, true);
3688 set_no_warning = true;
3689 }
3690 }
3691
3692 /* strcat (p, q) can be transformed into
3693 tmp = p + strlen (p); endptr = stpcpy (tmp, q);
3694 with length endptr - p if we need to compute the length
3695 later on. Don't do this transformation if we don't need
3696 it. */
3697 if (builtin_decl_implicit_p (BUILT_IN_STPCPY) && lhs == NULL_TREE)
3698 {
3699 if (didx == 0)
3700 {
3701 didx = new_stridx (dst);
3702 if (didx == 0)
3703 return;
3704 }
3705 if (dsi == NULL)
3706 {
3707 dsi = new_strinfo (dst, didx, NULL_TREE, false);
3708 set_strinfo (didx, dsi);
3709 find_equal_ptrs (dst, didx);
3710 }
3711 else
3712 {
3713 dsi = unshare_strinfo (dsi);
3714 dsi->nonzero_chars = NULL_TREE;
3715 dsi->full_string_p = false;
3716 dsi->next = 0;
3717 dsi->endptr = NULL_TREE;
3718 }
3719 dsi->writable = true;
3720 dsi->stmt = stmt;
3721 dsi->dont_invalidate = true;
3722 }
3723 return;
3724 }
3725
3726 tree dstlen = dsi->nonzero_chars;
3727 endptr = dsi->endptr;
3728
3729 dsi = unshare_strinfo (dsi);
3730 dsi->endptr = NULL_TREE;
3731 dsi->stmt = NULL;
3732 dsi->writable = true;
3733
3734 if (srclen != NULL_TREE)
3735 {
3736 dsi->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
3737 TREE_TYPE (dsi->nonzero_chars),
3738 dsi->nonzero_chars, srclen);
3739 gcc_assert (dsi->full_string_p);
3740 adjust_related_strinfos (loc, dsi, srclen);
3741 dsi->dont_invalidate = true;
3742 }
3743 else
3744 {
3745 dsi->nonzero_chars = NULL;
3746 dsi->full_string_p = false;
3747 if (lhs == NULL_TREE && builtin_decl_implicit_p (BUILT_IN_STPCPY))
3748 dsi->dont_invalidate = true;
3749 }
3750
3751 if (si != NULL)
3752 /* strcat src may not overlap dst, so src doesn't need to be
3753 invalidated either. */
3754 si->dont_invalidate = true;
3755
3756 /* For now. Could remove the lhs from the call and add
3757 lhs = dst; afterwards. */
3758 if (lhs)
3759 return;
3760
3761 fn = NULL_TREE;
3762 objsz = NULL_TREE;
3763 switch (bcode)
3764 {
3765 case BUILT_IN_STRCAT:
3766 if (srclen != NULL_TREE)
3767 fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
3768 else
3769 fn = builtin_decl_implicit (BUILT_IN_STRCPY);
3770 break;
3771 case BUILT_IN_STRCAT_CHK:
3772 if (srclen != NULL_TREE)
3773 fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
3774 else
3775 fn = builtin_decl_explicit (BUILT_IN_STRCPY_CHK);
3776 objsz = gimple_call_arg (stmt, 2);
3777 break;
3778 default:
3779 gcc_unreachable ();
3780 }
3781
3782 if (fn == NULL_TREE)
3783 return;
3784
3785 if (dsi && dstlen)
3786 {
3787 tree type = TREE_TYPE (dstlen);
3788
3789 /* Compute the size of the source sequence, including the nul. */
3790 tree srcsize = srclen ? srclen : size_zero_node;
3791 tree one = build_int_cst (type, 1);
3792 srcsize = fold_build2 (PLUS_EXPR, type, srcsize, one);
3793 tree dstsize = fold_build2 (PLUS_EXPR, type, dstlen, one);
3794 tree sptr = si && si->ptr ? si->ptr : src;
3795
3796 if (check_bounds_or_overlap (stmt, dst, sptr, dstsize, srcsize))
3797 {
3798 gimple_set_no_warning (stmt, true);
3799 set_no_warning = true;
3800 }
3801 }
3802
3803 tree len = NULL_TREE;
3804 if (srclen != NULL_TREE)
3805 {
3806 args = TYPE_ARG_TYPES (TREE_TYPE (fn));
3807 type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
3808
3809 len = fold_convert_loc (loc, type, unshare_expr (srclen));
3810 len = fold_build2_loc (loc, PLUS_EXPR, type, len,
3811 build_int_cst (type, 1));
3812 len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
3813 GSI_SAME_STMT);
3814 }
3815 if (endptr)
3816 dst = fold_convert_loc (loc, TREE_TYPE (dst), unshare_expr (endptr));
3817 else
3818 dst = fold_build2_loc (loc, POINTER_PLUS_EXPR, TREE_TYPE (dst), dst,
3819 fold_convert_loc (loc, sizetype,
3820 unshare_expr (dstlen)));
3821 dst = force_gimple_operand_gsi (gsi, dst, true, NULL_TREE, true,
3822 GSI_SAME_STMT);
3823 if (objsz)
3824 {
3825 objsz = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (objsz), objsz,
3826 fold_convert_loc (loc, TREE_TYPE (objsz),
3827 unshare_expr (dstlen)));
3828 objsz = force_gimple_operand_gsi (gsi, objsz, true, NULL_TREE, true,
3829 GSI_SAME_STMT);
3830 }
3831 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3832 {
3833 fprintf (dump_file, "Optimizing: ");
3834 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3835 }
3836 if (srclen != NULL_TREE)
3837 success = update_gimple_call (gsi, fn, 3 + (objsz != NULL_TREE),
3838 dst, src, len, objsz);
3839 else
3840 success = update_gimple_call (gsi, fn, 2 + (objsz != NULL_TREE),
3841 dst, src, objsz);
3842 if (success)
3843 {
3844 stmt = gsi_stmt (*gsi);
3845 update_stmt (stmt);
3846 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3847 {
3848 fprintf (dump_file, "into: ");
3849 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3850 }
3851 /* If srclen == NULL, note that current string length can be
3852 computed by transforming this strcpy into stpcpy. */
3853 if (srclen == NULL_TREE && dsi->dont_invalidate)
3854 dsi->stmt = stmt;
3855 adjust_last_stmt (dsi, stmt, true);
3856 if (srclen != NULL_TREE)
3857 {
3858 laststmt.stmt = stmt;
3859 laststmt.len = srclen;
3860 laststmt.stridx = dsi->idx;
3861 }
3862 }
3863 else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3864 fprintf (dump_file, "not possible.\n");
3865
3866 if (set_no_warning)
3867 gimple_set_no_warning (stmt, true);
3868 }
3869
3870 /* Handle a call to an allocation function like alloca, malloc or calloc,
3871 or an ordinary allocation function declared with attribute alloc_size. */
3872
3873 static void
3874 handle_alloc_call (enum built_in_function bcode, gimple_stmt_iterator *gsi)
3875 {
3876 gimple *stmt = gsi_stmt (*gsi);
3877 tree lhs = gimple_call_lhs (stmt);
3878 if (lhs == NULL_TREE)
3879 return;
3880
3881 gcc_assert (get_stridx (lhs) == 0);
3882 int idx = new_stridx (lhs);
3883 tree length = NULL_TREE;
3884 if (bcode == BUILT_IN_CALLOC)
3885 length = build_int_cst (size_type_node, 0);
3886 strinfo *si = new_strinfo (lhs, idx, length, length != NULL_TREE);
3887 if (bcode == BUILT_IN_CALLOC)
3888 {
3889 /* Only set STMT for calloc and malloc. */
3890 si->stmt = stmt;
3891 /* Only set ENDPTR for calloc. */
3892 si->endptr = lhs;
3893 }
3894 else if (bcode == BUILT_IN_MALLOC)
3895 si->stmt = stmt;
3896
3897 /* Set ALLOC is set for all allocation functions. */
3898 si->alloc = stmt;
3899 set_strinfo (idx, si);
3900 si->writable = true;
3901 si->dont_invalidate = true;
3902 }
3903
3904 /* Handle a call to memset.
3905 After a call to calloc, memset(,0,) is unnecessary.
3906 memset(malloc(n),0,n) is calloc(n,1).
3907 return true when the call is transformed, false otherwise.
3908 When nonnull uses RVALS to determine range information. */
3909
3910 static bool
3911 handle_builtin_memset (gimple_stmt_iterator *gsi, bool *zero_write,
3912 range_query *rvals)
3913 {
3914 gimple *memset_stmt = gsi_stmt (*gsi);
3915 tree ptr = gimple_call_arg (memset_stmt, 0);
3916 /* Set to the non-constant offset added to PTR. */
3917 wide_int offrng[2];
3918 int idx1 = get_stridx (ptr, offrng, rvals);
3919 if (idx1 <= 0)
3920 return false;
3921 strinfo *si1 = get_strinfo (idx1);
3922 if (!si1)
3923 return false;
3924 gimple *alloc_stmt = si1->alloc;
3925 if (!alloc_stmt || !is_gimple_call (alloc_stmt))
3926 return false;
3927 tree callee1 = gimple_call_fndecl (alloc_stmt);
3928 if (!valid_builtin_call (alloc_stmt))
3929 return false;
3930 tree alloc_size = gimple_call_arg (alloc_stmt, 0);
3931 tree memset_size = gimple_call_arg (memset_stmt, 2);
3932
3933 /* Check for overflow. */
3934 maybe_warn_overflow (memset_stmt, memset_size, rvals, NULL, false, true);
3935
3936 /* Bail when there is no statement associated with the destination
3937 (the statement may be null even when SI1->ALLOC is not). */
3938 if (!si1->stmt)
3939 return false;
3940
3941 /* Avoid optimizing if store is at a variable offset from the beginning
3942 of the allocated object. */
3943 if (offrng[0] != 0 || offrng[0] != offrng[1])
3944 return false;
3945
3946 /* Bail when the call writes a non-zero value. */
3947 if (!integer_zerop (gimple_call_arg (memset_stmt, 1)))
3948 return false;
3949
3950 /* Let the caller know the memset call cleared the destination. */
3951 *zero_write = true;
3952
3953 enum built_in_function code1 = DECL_FUNCTION_CODE (callee1);
3954 if (code1 == BUILT_IN_CALLOC)
3955 /* Not touching alloc_stmt */ ;
3956 else if (code1 == BUILT_IN_MALLOC
3957 && operand_equal_p (memset_size, alloc_size, 0))
3958 {
3959 /* Replace the malloc + memset calls with calloc. */
3960 gimple_stmt_iterator gsi1 = gsi_for_stmt (si1->stmt);
3961 update_gimple_call (&gsi1, builtin_decl_implicit (BUILT_IN_CALLOC), 2,
3962 alloc_size, build_one_cst (size_type_node));
3963 si1->nonzero_chars = build_int_cst (size_type_node, 0);
3964 si1->full_string_p = true;
3965 si1->stmt = gsi_stmt (gsi1);
3966 }
3967 else
3968 return false;
3969 tree lhs = gimple_call_lhs (memset_stmt);
3970 unlink_stmt_vdef (memset_stmt);
3971 if (lhs)
3972 {
3973 gimple *assign = gimple_build_assign (lhs, ptr);
3974 gsi_replace (gsi, assign, false);
3975 }
3976 else
3977 {
3978 gsi_remove (gsi, true);
3979 release_defs (memset_stmt);
3980 }
3981
3982 return true;
3983 }
3984
3985 /* Return first such statement if RES is used in statements testing its
3986 equality to zero, and null otherwise. If EXCLUSIVE is true, return
3987 nonnull if and only RES is used in such expressions exclusively and
3988 in none other. */
3989
3990 static gimple *
3991 use_in_zero_equality (tree res, bool exclusive = true)
3992 {
3993 gimple *first_use = NULL;
3994
3995 use_operand_p use_p;
3996 imm_use_iterator iter;
3997
3998 FOR_EACH_IMM_USE_FAST (use_p, iter, res)
3999 {
4000 gimple *use_stmt = USE_STMT (use_p);
4001
4002 if (is_gimple_debug (use_stmt))
4003 continue;
4004
4005 if (gimple_code (use_stmt) == GIMPLE_ASSIGN)
4006 {
4007 tree_code code = gimple_assign_rhs_code (use_stmt);
4008 if (code == COND_EXPR)
4009 {
4010 tree cond_expr = gimple_assign_rhs1 (use_stmt);
4011 if ((TREE_CODE (cond_expr) != EQ_EXPR
4012 && (TREE_CODE (cond_expr) != NE_EXPR))
4013 || !integer_zerop (TREE_OPERAND (cond_expr, 1)))
4014 {
4015 if (exclusive)
4016 return NULL;
4017 continue;
4018 }
4019 }
4020 else if (code == EQ_EXPR || code == NE_EXPR)
4021 {
4022 if (!integer_zerop (gimple_assign_rhs2 (use_stmt)))
4023 {
4024 if (exclusive)
4025 return NULL;
4026 continue;
4027 }
4028 }
4029 else if (exclusive)
4030 return NULL;
4031 else
4032 continue;
4033 }
4034 else if (gimple_code (use_stmt) == GIMPLE_COND)
4035 {
4036 tree_code code = gimple_cond_code (use_stmt);
4037 if ((code != EQ_EXPR && code != NE_EXPR)
4038 || !integer_zerop (gimple_cond_rhs (use_stmt)))
4039 {
4040 if (exclusive)
4041 return NULL;
4042 continue;
4043 }
4044 }
4045 else if (exclusive)
4046 return NULL;
4047 else
4048 continue;
4049
4050 if (!first_use)
4051 first_use = use_stmt;
4052 }
4053
4054 return first_use;
4055 }
4056
4057 /* Handle a call to memcmp. We try to handle small comparisons by
4058 converting them to load and compare, and replacing the call to memcmp
4059 with a __builtin_memcmp_eq call where possible.
4060 return true when call is transformed, return false otherwise. */
4061
4062 static bool
4063 handle_builtin_memcmp (gimple_stmt_iterator *gsi)
4064 {
4065 gcall *stmt = as_a <gcall *> (gsi_stmt (*gsi));
4066 tree res = gimple_call_lhs (stmt);
4067
4068 if (!res || !use_in_zero_equality (res))
4069 return false;
4070
4071 tree arg1 = gimple_call_arg (stmt, 0);
4072 tree arg2 = gimple_call_arg (stmt, 1);
4073 tree len = gimple_call_arg (stmt, 2);
4074 unsigned HOST_WIDE_INT leni;
4075
4076 if (tree_fits_uhwi_p (len)
4077 && (leni = tree_to_uhwi (len)) <= GET_MODE_SIZE (word_mode)
4078 && pow2p_hwi (leni))
4079 {
4080 leni *= CHAR_TYPE_SIZE;
4081 unsigned align1 = get_pointer_alignment (arg1);
4082 unsigned align2 = get_pointer_alignment (arg2);
4083 unsigned align = MIN (align1, align2);
4084 scalar_int_mode mode;
4085 if (int_mode_for_size (leni, 1).exists (&mode)
4086 && (align >= leni || !targetm.slow_unaligned_access (mode, align)))
4087 {
4088 location_t loc = gimple_location (stmt);
4089 tree type, off;
4090 type = build_nonstandard_integer_type (leni, 1);
4091 gcc_assert (known_eq (GET_MODE_BITSIZE (TYPE_MODE (type)), leni));
4092 tree ptrtype = build_pointer_type_for_mode (char_type_node,
4093 ptr_mode, true);
4094 off = build_int_cst (ptrtype, 0);
4095 arg1 = build2_loc (loc, MEM_REF, type, arg1, off);
4096 arg2 = build2_loc (loc, MEM_REF, type, arg2, off);
4097 tree tem1 = fold_const_aggregate_ref (arg1);
4098 if (tem1)
4099 arg1 = tem1;
4100 tree tem2 = fold_const_aggregate_ref (arg2);
4101 if (tem2)
4102 arg2 = tem2;
4103 res = fold_convert_loc (loc, TREE_TYPE (res),
4104 fold_build2_loc (loc, NE_EXPR,
4105 boolean_type_node,
4106 arg1, arg2));
4107 gimplify_and_update_call_from_tree (gsi, res);
4108 return true;
4109 }
4110 }
4111
4112 gimple_call_set_fndecl (stmt, builtin_decl_explicit (BUILT_IN_MEMCMP_EQ));
4113 return true;
4114 }
4115
4116 /* Given strinfo IDX for ARG, sets LENRNG[] to the range of lengths
4117 of the string(s) referenced by ARG if it can be determined.
4118 If the length cannot be determined, sets *SIZE to the size of
4119 the array the string is stored in, if any. If no such array is
4120 known, sets *SIZE to -1. When the strings are nul-terminated sets
4121 *NULTERM to true, otherwise to false. When nonnull uses RVALS to
4122 determine range information. Returns true on success. */
4123
4124 static bool
4125 get_len_or_size (gimple *stmt, tree arg, int idx,
4126 unsigned HOST_WIDE_INT lenrng[2],
4127 unsigned HOST_WIDE_INT *size, bool *nulterm,
4128 range_query *rvals)
4129 {
4130 /* Invalidate. */
4131 *size = HOST_WIDE_INT_M1U;
4132
4133 if (idx < 0)
4134 {
4135 /* IDX is the inverted constant string length. */
4136 lenrng[0] = ~idx;
4137 lenrng[1] = lenrng[0];
4138 *nulterm = true;
4139 return true;
4140 }
4141
4142 /* Set so that both LEN and ~LEN are invalid lengths, i.e., maximum
4143 possible length + 1. */
4144 lenrng[0] = lenrng[1] = HOST_WIDE_INT_MAX;
4145
4146 if (strinfo *si = idx ? get_strinfo (idx) : NULL)
4147 {
4148 /* FIXME: Handle all this in_range_strlen_dynamic. */
4149 if (!si->nonzero_chars)
4150 ;
4151 else if (tree_fits_uhwi_p (si->nonzero_chars))
4152 {
4153 lenrng[0] = tree_to_uhwi (si->nonzero_chars);
4154 *nulterm = si->full_string_p;
4155 /* Set the upper bound only if the string is known to be
4156 nul-terminated, otherwise leave it at maximum + 1. */
4157 if (*nulterm)
4158 lenrng[1] = lenrng[0];
4159 }
4160 else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
4161 {
4162 wide_int min, max;
4163 // FIXME: Use range_query instead of global ranges.
4164 value_range_kind rng = get_range_info (si->nonzero_chars, &min, &max);
4165 if (rng == VR_RANGE)
4166 {
4167 lenrng[0] = min.to_uhwi ();
4168 lenrng[1] = max.to_uhwi ();
4169 *nulterm = si->full_string_p;
4170 }
4171 }
4172 }
4173
4174 if (lenrng[0] != HOST_WIDE_INT_MAX)
4175 return true;
4176
4177 /* Compute the minimum and maximum real or possible lengths. */
4178 c_strlen_data lendata = { };
4179 /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
4180 to have it set to the length of the longest string in a PHI. */
4181 lendata.maxbound = arg;
4182 get_range_strlen_dynamic (arg, stmt, &lendata, rvals);
4183
4184 unsigned HOST_WIDE_INT maxbound = HOST_WIDE_INT_M1U;
4185 if (tree_fits_uhwi_p (lendata.maxbound)
4186 && !integer_all_onesp (lendata.maxbound))
4187 maxbound = tree_to_uhwi (lendata.maxbound);
4188
4189 if (tree_fits_uhwi_p (lendata.minlen) && tree_fits_uhwi_p (lendata.maxlen))
4190 {
4191 unsigned HOST_WIDE_INT minlen = tree_to_uhwi (lendata.minlen);
4192 unsigned HOST_WIDE_INT maxlen = tree_to_uhwi (lendata.maxlen);
4193
4194 /* The longest string in this data model. */
4195 const unsigned HOST_WIDE_INT lenmax
4196 = tree_to_uhwi (max_object_size ()) - 2;
4197
4198 if (maxbound == HOST_WIDE_INT_M1U)
4199 {
4200 lenrng[0] = minlen;
4201 lenrng[1] = maxlen;
4202 *nulterm = minlen == maxlen;
4203 }
4204 else if (maxlen < lenmax)
4205 {
4206 *size = maxbound + 1;
4207 *nulterm = false;
4208 }
4209 else
4210 return false;
4211
4212 return true;
4213 }
4214
4215 if (maxbound != HOST_WIDE_INT_M1U
4216 && lendata.maxlen
4217 && !integer_all_onesp (lendata.maxlen))
4218 {
4219 /* Set *SIZE to LENDATA.MAXBOUND which is a conservative estimate
4220 of the longest string based on the sizes of the arrays referenced
4221 by ARG. */
4222 *size = maxbound + 1;
4223 *nulterm = false;
4224 return true;
4225 }
4226
4227 return false;
4228 }
4229
4230 /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return
4231 the result of 0 == strncmp (A, B, BOUND) (which is the same as strcmp
4232 for a sufficiently large BOUND). If the result is based on the length
4233 of one string being greater than the longest string that would fit in
4234 the array pointer to by the argument, set *PLEN and *PSIZE to
4235 the corresponding length (or its complement when the string is known
4236 to be at least as long and need not be nul-terminated) and size.
4237 Otherwise return null. */
4238
4239 static tree
4240 strxcmp_eqz_result (gimple *stmt, tree arg1, int idx1, tree arg2, int idx2,
4241 unsigned HOST_WIDE_INT bound, unsigned HOST_WIDE_INT len[2],
4242 unsigned HOST_WIDE_INT *psize, range_query *rvals)
4243 {
4244 /* Determine the range the length of each string is in and whether it's
4245 known to be nul-terminated, or the size of the array it's stored in. */
4246 bool nul1, nul2;
4247 unsigned HOST_WIDE_INT siz1, siz2;
4248 unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4249 if (!get_len_or_size (stmt, arg1, idx1, len1rng, &siz1, &nul1, rvals)
4250 || !get_len_or_size (stmt, arg2, idx2, len2rng, &siz2, &nul2, rvals))
4251 return NULL_TREE;
4252
4253 /* BOUND is set to HWI_M1U for strcmp and less to strncmp, and LENiRNG
4254 to HWI_MAX when invalid. Adjust the length of each string to consider
4255 to be no more than BOUND. */
4256 if (len1rng[0] < HOST_WIDE_INT_MAX && len1rng[0] > bound)
4257 len1rng[0] = bound;
4258 if (len1rng[1] < HOST_WIDE_INT_MAX && len1rng[1] > bound)
4259 len1rng[1] = bound;
4260 if (len2rng[0] < HOST_WIDE_INT_MAX && len2rng[0] > bound)
4261 len2rng[0] = bound;
4262 if (len2rng[1] < HOST_WIDE_INT_MAX && len2rng[1] > bound)
4263 len2rng[1] = bound;
4264
4265 /* Two empty strings are equal. */
4266 if (len1rng[1] == 0 && len2rng[1] == 0)
4267 return integer_one_node;
4268
4269 /* The strings are definitely unequal when the lower bound of the length
4270 of one of them is greater than the length of the longest string that
4271 would fit into the other array. */
4272 if (len1rng[0] == HOST_WIDE_INT_MAX
4273 && len2rng[0] != HOST_WIDE_INT_MAX
4274 && ((len2rng[0] < bound && len2rng[0] >= siz1)
4275 || len2rng[0] > siz1))
4276 {
4277 *psize = siz1;
4278 len[0] = len1rng[0];
4279 /* Set LEN[0] to the lower bound of ARG1's length when it's
4280 nul-terminated or to the complement of its minimum length
4281 otherwise, */
4282 len[1] = nul2 ? len2rng[0] : ~len2rng[0];
4283 return integer_zero_node;
4284 }
4285
4286 if (len2rng[0] == HOST_WIDE_INT_MAX
4287 && len1rng[0] != HOST_WIDE_INT_MAX
4288 && ((len1rng[0] < bound && len1rng[0] >= siz2)
4289 || len1rng[0] > siz2))
4290 {
4291 *psize = siz2;
4292 len[0] = nul1 ? len1rng[0] : ~len1rng[0];
4293 len[1] = len2rng[0];
4294 return integer_zero_node;
4295 }
4296
4297 /* The strings are also definitely unequal when their lengths are unequal
4298 and at least one is nul-terminated. */
4299 if (len1rng[0] != HOST_WIDE_INT_MAX
4300 && len2rng[0] != HOST_WIDE_INT_MAX
4301 && ((len1rng[1] < len2rng[0] && nul1)
4302 || (len2rng[1] < len1rng[0] && nul2)))
4303 {
4304 if (bound <= len1rng[0] || bound <= len2rng[0])
4305 *psize = bound;
4306 else
4307 *psize = HOST_WIDE_INT_M1U;
4308
4309 len[0] = len1rng[0];
4310 len[1] = len2rng[0];
4311 return integer_zero_node;
4312 }
4313
4314 /* The string lengths may be equal or unequal. Even when equal and
4315 both strings nul-terminated, without the string contents there's
4316 no way to determine whether they are equal. */
4317 return NULL_TREE;
4318 }
4319
4320 /* Diagnose pointless calls to strcmp or strncmp STMT with string
4321 arguments of lengths LEN or size SIZ and (for strncmp) BOUND,
4322 whose result is used in equality expressions that evaluate to
4323 a constant due to one argument being longer than the size of
4324 the other. */
4325
4326 static void
4327 maybe_warn_pointless_strcmp (gimple *stmt, HOST_WIDE_INT bound,
4328 unsigned HOST_WIDE_INT len[2],
4329 unsigned HOST_WIDE_INT siz)
4330 {
4331 tree lhs = gimple_call_lhs (stmt);
4332 gimple *use = use_in_zero_equality (lhs, /* exclusive = */ false);
4333 if (!use)
4334 return;
4335
4336 bool at_least = false;
4337
4338 /* Excessive LEN[i] indicates a lower bound. */
4339 if (len[0] > HOST_WIDE_INT_MAX)
4340 {
4341 at_least = true;
4342 len[0] = ~len[0];
4343 }
4344
4345 if (len[1] > HOST_WIDE_INT_MAX)
4346 {
4347 at_least = true;
4348 len[1] = ~len[1];
4349 }
4350
4351 unsigned HOST_WIDE_INT minlen = MIN (len[0], len[1]);
4352
4353 /* FIXME: Include a note pointing to the declaration of the smaller
4354 array. */
4355 location_t stmt_loc = gimple_or_expr_nonartificial_location (stmt, lhs);
4356
4357 tree callee = gimple_call_fndecl (stmt);
4358 bool warned = false;
4359 if (siz <= minlen && bound == -1)
4360 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4361 (at_least
4362 ? G_("%G%qD of a string of length %wu or more and "
4363 "an array of size %wu evaluates to nonzero")
4364 : G_("%G%qD of a string of length %wu and an array "
4365 "of size %wu evaluates to nonzero")),
4366 stmt, callee, minlen, siz);
4367 else if (!at_least && siz <= HOST_WIDE_INT_MAX)
4368 {
4369 if (len[0] != HOST_WIDE_INT_MAX && len[1] != HOST_WIDE_INT_MAX)
4370 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4371 "%G%qD of strings of length %wu and %wu "
4372 "and bound of %wu evaluates to nonzero",
4373 stmt, callee, len[0], len[1], bound);
4374 else
4375 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4376 "%G%qD of a string of length %wu, an array "
4377 "of size %wu and bound of %wu evaluates to "
4378 "nonzero",
4379 stmt, callee, minlen, siz, bound);
4380 }
4381
4382 if (!warned)
4383 return;
4384
4385 location_t use_loc = gimple_location (use);
4386 if (LOCATION_LINE (stmt_loc) != LOCATION_LINE (use_loc))
4387 inform (use_loc, "in this expression");
4388 }
4389
4390
4391 /* Optimize a call to strcmp or strncmp either by folding it to a constant
4392 when possible or by transforming the latter to the former. Warn about
4393 calls where the length of one argument is greater than the size of
4394 the array to which the other argument points if the latter's length
4395 is not known. Return true when the call has been transformed into
4396 another and false otherwise. */
4397
4398 static bool
4399 handle_builtin_string_cmp (gimple_stmt_iterator *gsi, range_query *rvals)
4400 {
4401 gcall *stmt = as_a <gcall *> (gsi_stmt (*gsi));
4402 tree lhs = gimple_call_lhs (stmt);
4403
4404 if (!lhs)
4405 return false;
4406
4407 tree arg1 = gimple_call_arg (stmt, 0);
4408 tree arg2 = gimple_call_arg (stmt, 1);
4409 int idx1 = get_stridx (arg1);
4410 int idx2 = get_stridx (arg2);
4411
4412 /* For strncmp set to the value of the third argument if known. */
4413 HOST_WIDE_INT bound = -1;
4414 tree len = NULL_TREE;
4415 /* Extract the strncmp bound. */
4416 if (gimple_call_num_args (stmt) == 3)
4417 {
4418 len = gimple_call_arg (stmt, 2);
4419 if (tree_fits_shwi_p (len))
4420 bound = tree_to_shwi (len);
4421
4422 /* If the bound argument is NOT known, do nothing. */
4423 if (bound < 0)
4424 return false;
4425 }
4426
4427 /* Avoid folding if either argument is not a nul-terminated array.
4428 Defer warning until later. */
4429 if (!check_nul_terminated_array (NULL_TREE, arg1, len)
4430 || !check_nul_terminated_array (NULL_TREE, arg2, len))
4431 return false;
4432
4433 {
4434 /* Set to the length of one argument (or its complement if it's
4435 the lower bound of a range) and the size of the array storing
4436 the other if the result is based on the former being equal to
4437 or greater than the latter. */
4438 unsigned HOST_WIDE_INT len[2] = { HOST_WIDE_INT_MAX, HOST_WIDE_INT_MAX };
4439 unsigned HOST_WIDE_INT siz = HOST_WIDE_INT_M1U;
4440
4441 /* Try to determine if the two strings are either definitely equal
4442 or definitely unequal and if so, either fold the result to zero
4443 (when equal) or set the range of the result to ~[0, 0] otherwise. */
4444 if (tree eqz = strxcmp_eqz_result (stmt, arg1, idx1, arg2, idx2, bound,
4445 len, &siz, rvals))
4446 {
4447 if (integer_zerop (eqz))
4448 {
4449 maybe_warn_pointless_strcmp (stmt, bound, len, siz);
4450
4451 /* When the lengths of the first two string arguments are
4452 known to be unequal set the range of the result to non-zero.
4453 This allows the call to be eliminated if its result is only
4454 used in tests for equality to zero. */
4455 wide_int zero = wi::zero (TYPE_PRECISION (TREE_TYPE (lhs)));
4456 set_range_info (lhs, VR_ANTI_RANGE, zero, zero);
4457 return false;
4458 }
4459 /* When the two strings are definitely equal (such as when they
4460 are both empty) fold the call to the constant result. */
4461 replace_call_with_value (gsi, integer_zero_node);
4462 return true;
4463 }
4464 }
4465
4466 /* Return if nothing is known about the strings pointed to by ARG1
4467 and ARG2. */
4468 if (idx1 == 0 && idx2 == 0)
4469 return false;
4470
4471 /* Determine either the length or the size of each of the strings,
4472 whichever is available. */
4473 HOST_WIDE_INT cstlen1 = -1, cstlen2 = -1;
4474 HOST_WIDE_INT arysiz1 = -1, arysiz2 = -1;
4475
4476 {
4477 unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4478 unsigned HOST_WIDE_INT arsz1, arsz2;
4479 bool nulterm[2];
4480
4481 if (!get_len_or_size (stmt, arg1, idx1, len1rng, &arsz1, nulterm, rvals)
4482 || !get_len_or_size (stmt, arg2, idx2, len2rng, &arsz2, nulterm + 1,
4483 rvals))
4484 return false;
4485
4486 if (len1rng[0] == len1rng[1] && len1rng[0] < HOST_WIDE_INT_MAX)
4487 cstlen1 = len1rng[0];
4488 else if (arsz1 < HOST_WIDE_INT_M1U)
4489 arysiz1 = arsz1;
4490
4491 if (len2rng[0] == len2rng[1] && len2rng[0] < HOST_WIDE_INT_MAX)
4492 cstlen2 = len2rng[0];
4493 else if (arsz2 < HOST_WIDE_INT_M1U)
4494 arysiz2 = arsz2;
4495 }
4496
4497 /* Bail if neither the string length nor the size of the array
4498 it is stored in can be determined. */
4499 if ((cstlen1 < 0 && arysiz1 < 0)
4500 || (cstlen2 < 0 && arysiz2 < 0)
4501 || (cstlen1 < 0 && cstlen2 < 0))
4502 return false;
4503
4504 if (cstlen1 >= 0)
4505 ++cstlen1;
4506 if (cstlen2 >= 0)
4507 ++cstlen2;
4508
4509 /* The exact number of characters to compare. */
4510 HOST_WIDE_INT cmpsiz;
4511 if (cstlen1 >= 0 && cstlen2 >= 0)
4512 cmpsiz = MIN (cstlen1, cstlen2);
4513 else if (cstlen1 >= 0)
4514 cmpsiz = cstlen1;
4515 else
4516 cmpsiz = cstlen2;
4517 if (bound >= 0)
4518 cmpsiz = MIN (cmpsiz, bound);
4519 /* The size of the array in which the unknown string is stored. */
4520 HOST_WIDE_INT varsiz = arysiz1 < 0 ? arysiz2 : arysiz1;
4521
4522 if ((varsiz < 0 || cmpsiz < varsiz) && use_in_zero_equality (lhs))
4523 {
4524 /* If the known length is less than the size of the other array
4525 and the strcmp result is only used to test equality to zero,
4526 transform the call to the equivalent _eq call. */
4527 if (tree fn = builtin_decl_implicit (bound < 0 ? BUILT_IN_STRCMP_EQ
4528 : BUILT_IN_STRNCMP_EQ))
4529 {
4530 tree n = build_int_cst (size_type_node, cmpsiz);
4531 update_gimple_call (gsi, fn, 3, arg1, arg2, n);
4532 return true;
4533 }
4534 }
4535
4536 return false;
4537 }
4538
4539 /* Handle a POINTER_PLUS_EXPR statement.
4540 For p = "abcd" + 2; compute associated length, or if
4541 p = q + off is pointing to a '\0' character of a string, call
4542 zero_length_string on it. */
4543
4544 static void
4545 handle_pointer_plus (gimple_stmt_iterator *gsi)
4546 {
4547 gimple *stmt = gsi_stmt (*gsi);
4548 tree lhs = gimple_assign_lhs (stmt), off;
4549 int idx = get_stridx (gimple_assign_rhs1 (stmt));
4550 strinfo *si, *zsi;
4551
4552 if (idx == 0)
4553 return;
4554
4555 if (idx < 0)
4556 {
4557 tree off = gimple_assign_rhs2 (stmt);
4558 if (tree_fits_uhwi_p (off)
4559 && tree_to_uhwi (off) <= (unsigned HOST_WIDE_INT) ~idx)
4560 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)]
4561 = ~(~idx - (int) tree_to_uhwi (off));
4562 return;
4563 }
4564
4565 si = get_strinfo (idx);
4566 if (si == NULL || si->nonzero_chars == NULL_TREE)
4567 return;
4568
4569 off = gimple_assign_rhs2 (stmt);
4570 zsi = NULL;
4571 if (si->full_string_p && operand_equal_p (si->nonzero_chars, off, 0))
4572 zsi = zero_length_string (lhs, si);
4573 else if (TREE_CODE (off) == SSA_NAME)
4574 {
4575 gimple *def_stmt = SSA_NAME_DEF_STMT (off);
4576 if (gimple_assign_single_p (def_stmt)
4577 && si->full_string_p
4578 && operand_equal_p (si->nonzero_chars,
4579 gimple_assign_rhs1 (def_stmt), 0))
4580 zsi = zero_length_string (lhs, si);
4581 }
4582 if (zsi != NULL
4583 && si->endptr != NULL_TREE
4584 && si->endptr != lhs
4585 && TREE_CODE (si->endptr) == SSA_NAME)
4586 {
4587 enum tree_code rhs_code
4588 = useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (si->endptr))
4589 ? SSA_NAME : NOP_EXPR;
4590 gimple_assign_set_rhs_with_ops (gsi, rhs_code, si->endptr);
4591 gcc_assert (gsi_stmt (*gsi) == stmt);
4592 update_stmt (stmt);
4593 }
4594 }
4595
4596 /* Describes recursion limits used by count_nonzero_bytes. */
4597
4598 class ssa_name_limit_t
4599 {
4600 bitmap visited; /* Bitmap of visited SSA_NAMEs. */
4601 unsigned ssa_def_max; /* Longest chain of SSA_NAMEs to follow. */
4602
4603 /* Not copyable or assignable. */
4604 ssa_name_limit_t (ssa_name_limit_t&);
4605 void operator= (ssa_name_limit_t&);
4606
4607 public:
4608
4609 ssa_name_limit_t ()
4610 : visited (NULL),
4611 ssa_def_max (param_ssa_name_def_chain_limit) { }
4612
4613 int next_ssa_name (tree);
4614
4615 ~ssa_name_limit_t ()
4616 {
4617 if (visited)
4618 BITMAP_FREE (visited);
4619 }
4620 };
4621
4622 /* If the SSA_NAME has already been "seen" return a positive value.
4623 Otherwise add it to VISITED. If the SSA_NAME limit has been
4624 reached, return a negative value. Otherwise return zero. */
4625
4626 int ssa_name_limit_t::next_ssa_name (tree ssa_name)
4627 {
4628 if (!visited)
4629 visited = BITMAP_ALLOC (NULL);
4630
4631 /* Return a positive value if SSA_NAME has already been visited. */
4632 if (!bitmap_set_bit (visited, SSA_NAME_VERSION (ssa_name)))
4633 return 1;
4634
4635 /* Return a negative value to let caller avoid recursing beyond
4636 the specified limit. */
4637 if (ssa_def_max == 0)
4638 return -1;
4639
4640 --ssa_def_max;
4641
4642 return 0;
4643 }
4644
4645 static bool
4646 count_nonzero_bytes_addr (tree, unsigned HOST_WIDE_INT, unsigned HOST_WIDE_INT,
4647 unsigned [3], bool *, bool *, bool *,
4648 range_query *, ssa_name_limit_t &);
4649
4650 /* Determines the minimum and maximum number of leading non-zero bytes
4651 in the representation of EXP and set LENRANGE[0] and LENRANGE[1]
4652 to each.
4653 Sets LENRANGE[2] to the total size of the access (which may be less
4654 than LENRANGE[1] when what's being referenced by EXP is a pointer
4655 rather than an array).
4656 Sets *NULTERM if the representation contains a zero byte, and sets
4657 *ALLNUL if all the bytes are zero.
4658 OFFSET and NBYTES are the offset into the representation and
4659 the size of the access to it determined from an ADDR_EXPR (i.e.,
4660 a pointer) or MEM_REF or zero for other expressions.
4661 Uses RVALS to determine range information.
4662 Avoids recursing deeper than the limits in SNLIM allow.
4663 Returns true on success and false otherwise. */
4664
4665 static bool
4666 count_nonzero_bytes (tree exp, unsigned HOST_WIDE_INT offset,
4667 unsigned HOST_WIDE_INT nbytes,
4668 unsigned lenrange[3], bool *nulterm,
4669 bool *allnul, bool *allnonnul, range_query *rvals,
4670 ssa_name_limit_t &snlim)
4671 {
4672 if (TREE_CODE (exp) == SSA_NAME)
4673 {
4674 /* Handle non-zero single-character stores specially. */
4675 tree type = TREE_TYPE (exp);
4676 if (TREE_CODE (type) == INTEGER_TYPE
4677 && TYPE_MODE (type) == TYPE_MODE (char_type_node)
4678 && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node)
4679 && tree_expr_nonzero_p (exp))
4680 {
4681 /* If the character EXP is known to be non-zero (even if its
4682 exact value is not known) recurse once to set the range
4683 for an arbitrary constant. */
4684 exp = build_int_cst (type, 1);
4685 return count_nonzero_bytes (exp, offset, 1, lenrange,
4686 nulterm, allnul, allnonnul, rvals, snlim);
4687 }
4688
4689 gimple *stmt = SSA_NAME_DEF_STMT (exp);
4690 if (gimple_assign_single_p (stmt))
4691 {
4692 exp = gimple_assign_rhs1 (stmt);
4693 if (TREE_CODE (exp) != MEM_REF)
4694 return false;
4695 /* Handle MEM_REF below. */
4696 }
4697 else if (gimple_code (stmt) == GIMPLE_PHI)
4698 {
4699 /* Avoid processing an SSA_NAME that has already been visited
4700 or if an SSA_NAME limit has been reached. Indicate success
4701 if the former and failure if the latter. */
4702 if (int res = snlim.next_ssa_name (exp))
4703 return res > 0;
4704
4705 /* Determine the minimum and maximum from the PHI arguments. */
4706 unsigned int n = gimple_phi_num_args (stmt);
4707 for (unsigned i = 0; i != n; i++)
4708 {
4709 tree def = gimple_phi_arg_def (stmt, i);
4710 if (!count_nonzero_bytes (def, offset, nbytes, lenrange, nulterm,
4711 allnul, allnonnul, rvals, snlim))
4712 return false;
4713 }
4714
4715 return true;
4716 }
4717 }
4718
4719 if (TREE_CODE (exp) == MEM_REF)
4720 {
4721 if (nbytes)
4722 return false;
4723
4724 tree arg = TREE_OPERAND (exp, 0);
4725 tree off = TREE_OPERAND (exp, 1);
4726
4727 if (TREE_CODE (off) != INTEGER_CST || !tree_fits_uhwi_p (off))
4728 return false;
4729
4730 unsigned HOST_WIDE_INT wioff = tree_to_uhwi (off);
4731 if (INT_MAX < wioff)
4732 return false;
4733
4734 offset += wioff;
4735 if (INT_MAX < offset)
4736 return false;
4737
4738 /* The size of the MEM_REF access determines the number of bytes. */
4739 tree type = TREE_TYPE (exp);
4740 tree typesize = TYPE_SIZE_UNIT (type);
4741 if (!typesize || !tree_fits_uhwi_p (typesize))
4742 return false;
4743 nbytes = tree_to_uhwi (typesize);
4744 if (!nbytes)
4745 return false;
4746
4747 /* Handle MEM_REF = SSA_NAME types of assignments. */
4748 return count_nonzero_bytes_addr (arg, offset, nbytes, lenrange, nulterm,
4749 allnul, allnonnul, rvals, snlim);
4750 }
4751
4752 if (VAR_P (exp) || TREE_CODE (exp) == CONST_DECL)
4753 {
4754 exp = ctor_for_folding (exp);
4755 if (!exp)
4756 return false;
4757 }
4758
4759 const char *prep = NULL;
4760 if (TREE_CODE (exp) == STRING_CST)
4761 {
4762 unsigned nchars = TREE_STRING_LENGTH (exp);
4763 if (nchars < offset)
4764 return false;
4765
4766 if (!nbytes)
4767 /* If NBYTES hasn't been determined earlier, either from ADDR_EXPR
4768 (i.e., it's the size of a pointer), or from MEM_REF (as the size
4769 of the access), set it here to the size of the string, including
4770 all internal and trailing nuls if the string has any. */
4771 nbytes = nchars - offset;
4772 else if (nchars - offset < nbytes)
4773 return false;
4774
4775 prep = TREE_STRING_POINTER (exp) + offset;
4776 }
4777
4778 unsigned char buf[256];
4779 if (!prep)
4780 {
4781 if (CHAR_BIT != 8 || BITS_PER_UNIT != 8)
4782 return false;
4783 /* If the pointer to representation hasn't been set above
4784 for STRING_CST point it at the buffer. */
4785 prep = reinterpret_cast <char *>(buf);
4786 /* Try to extract the representation of the constant object
4787 or expression starting from the offset. */
4788 unsigned repsize = native_encode_expr (exp, buf, sizeof buf, offset);
4789 if (repsize < nbytes)
4790 {
4791 /* This should only happen when REPSIZE is zero because EXP
4792 doesn't denote an object with a known initializer, except
4793 perhaps when the reference reads past its end. */
4794 lenrange[0] = 0;
4795 prep = NULL;
4796 }
4797 else if (!nbytes)
4798 nbytes = repsize;
4799 else if (nbytes < repsize)
4800 return false;
4801 }
4802
4803 if (!nbytes)
4804 return false;
4805
4806 /* Compute the number of leading nonzero bytes in the representation
4807 and update the minimum and maximum. */
4808 unsigned n = prep ? strnlen (prep, nbytes) : nbytes;
4809
4810 if (n < lenrange[0])
4811 lenrange[0] = n;
4812 if (lenrange[1] < n)
4813 lenrange[1] = n;
4814
4815 /* Set the size of the representation. */
4816 if (lenrange[2] < nbytes)
4817 lenrange[2] = nbytes;
4818
4819 /* Clear NULTERM if none of the bytes is zero. */
4820 if (n == nbytes)
4821 *nulterm = false;
4822
4823 if (n)
4824 {
4825 /* When the initial number of non-zero bytes N is non-zero, reset
4826 *ALLNUL; if N is less than that the size of the representation
4827 also clear *ALLNONNUL. */
4828 *allnul = false;
4829 if (n < nbytes)
4830 *allnonnul = false;
4831 }
4832 else if (*allnul || *allnonnul)
4833 {
4834 *allnonnul = false;
4835
4836 if (*allnul)
4837 {
4838 /* When either ALLNUL is set and N is zero, also determine
4839 whether all subsequent bytes after the first one (which
4840 is nul) are zero or nonzero and clear ALLNUL if not. */
4841 for (const char *p = prep; p != prep + nbytes; ++p)
4842 if (*p)
4843 {
4844 *allnul = false;
4845 break;
4846 }
4847 }
4848 }
4849
4850 return true;
4851 }
4852
4853 /* Like count_nonzero_bytes, but instead of counting bytes in EXP, count
4854 bytes that are pointed to by EXP, which should be a pointer. */
4855
4856 static bool
4857 count_nonzero_bytes_addr (tree exp, unsigned HOST_WIDE_INT offset,
4858 unsigned HOST_WIDE_INT nbytes,
4859 unsigned lenrange[3], bool *nulterm,
4860 bool *allnul, bool *allnonnul,
4861 range_query *rvals, ssa_name_limit_t &snlim)
4862 {
4863 int idx = get_stridx (exp);
4864 if (idx > 0)
4865 {
4866 strinfo *si = get_strinfo (idx);
4867 if (!si)
4868 return false;
4869
4870 /* Handle both constant lengths as well non-constant lengths
4871 in some range. */
4872 unsigned HOST_WIDE_INT minlen, maxlen;
4873 if (tree_fits_shwi_p (si->nonzero_chars))
4874 minlen = maxlen = tree_to_shwi (si->nonzero_chars);
4875 else if (si->nonzero_chars
4876 && TREE_CODE (si->nonzero_chars) == SSA_NAME)
4877 {
4878 value_range vr;
4879 rvals->range_of_expr (vr, si->nonzero_chars, si->stmt);
4880 if (vr.kind () != VR_RANGE)
4881 return false;
4882
4883 minlen = tree_to_uhwi (vr.min ());
4884 maxlen = tree_to_uhwi (vr.max ());
4885 }
4886 else
4887 return false;
4888
4889 if (maxlen < offset)
4890 return false;
4891
4892 minlen = minlen < offset ? 0 : minlen - offset;
4893 maxlen -= offset;
4894 if (maxlen + 1 < nbytes)
4895 return false;
4896
4897 if (nbytes <= minlen)
4898 *nulterm = false;
4899
4900 if (nbytes < minlen)
4901 {
4902 minlen = nbytes;
4903 if (nbytes < maxlen)
4904 maxlen = nbytes;
4905 }
4906
4907 if (minlen < lenrange[0])
4908 lenrange[0] = minlen;
4909 if (lenrange[1] < maxlen)
4910 lenrange[1] = maxlen;
4911
4912 if (lenrange[2] < nbytes)
4913 lenrange[2] = nbytes;
4914
4915 /* Since only the length of the string are known and not its contents,
4916 clear ALLNUL and ALLNONNUL purely on the basis of the length. */
4917 *allnul = false;
4918 if (minlen < nbytes)
4919 *allnonnul = false;
4920
4921 return true;
4922 }
4923
4924 if (TREE_CODE (exp) == ADDR_EXPR)
4925 return count_nonzero_bytes (TREE_OPERAND (exp, 0), offset, nbytes,
4926 lenrange, nulterm, allnul, allnonnul, rvals,
4927 snlim);
4928
4929 if (TREE_CODE (exp) == SSA_NAME)
4930 {
4931 gimple *stmt = SSA_NAME_DEF_STMT (exp);
4932 if (gimple_code (stmt) == GIMPLE_PHI)
4933 {
4934 /* Avoid processing an SSA_NAME that has already been visited
4935 or if an SSA_NAME limit has been reached. Indicate success
4936 if the former and failure if the latter. */
4937 if (int res = snlim.next_ssa_name (exp))
4938 return res > 0;
4939
4940 /* Determine the minimum and maximum from the PHI arguments. */
4941 unsigned int n = gimple_phi_num_args (stmt);
4942 for (unsigned i = 0; i != n; i++)
4943 {
4944 tree def = gimple_phi_arg_def (stmt, i);
4945 if (!count_nonzero_bytes_addr (def, offset, nbytes, lenrange,
4946 nulterm, allnul, allnonnul, rvals,
4947 snlim))
4948 return false;
4949 }
4950
4951 return true;
4952 }
4953 }
4954
4955 /* Otherwise we don't know anything. */
4956 lenrange[0] = 0;
4957 if (lenrange[1] < nbytes)
4958 lenrange[1] = nbytes;
4959 if (lenrange[2] < nbytes)
4960 lenrange[2] = nbytes;
4961 *nulterm = false;
4962 *allnul = false;
4963 *allnonnul = false;
4964 return true;
4965 }
4966
4967 /* Same as above except with an implicit SSA_NAME limit. RVALS is used
4968 to determine ranges of dynamically computed string lengths (the results
4969 of strlen). */
4970
4971 static bool
4972 count_nonzero_bytes (tree exp, unsigned lenrange[3], bool *nulterm,
4973 bool *allnul, bool *allnonnul, range_query *rvals)
4974 {
4975 /* Set to optimistic values so the caller doesn't have to worry about
4976 initializing these and to what. On success, the function will clear
4977 these if it determines their values are different but being recursive
4978 it never sets either to true. On failure, their values are
4979 unspecified. */
4980 *nulterm = true;
4981 *allnul = true;
4982 *allnonnul = true;
4983
4984 ssa_name_limit_t snlim;
4985 return count_nonzero_bytes (exp, 0, 0, lenrange, nulterm, allnul, allnonnul,
4986 rvals, snlim);
4987 }
4988
4989 /* Handle a single or multibyte store other than by a built-in function,
4990 either via a single character assignment or by multi-byte assignment
4991 either via MEM_REF or via a type other than char (such as in
4992 '*(int*)a = 12345'). Return true to let the caller advance *GSI to
4993 the next statement in the basic block and false otherwise. */
4994
4995 static bool
4996 handle_store (gimple_stmt_iterator *gsi, bool *zero_write,
4997 range_query *rvals)
4998 {
4999 int idx = -1;
5000 strinfo *si = NULL;
5001 gimple *stmt = gsi_stmt (*gsi);
5002 tree ssaname = NULL_TREE, lhs = gimple_assign_lhs (stmt);
5003 tree rhs = gimple_assign_rhs1 (stmt);
5004
5005 /* The offset of the first byte in LHS modified by the store. */
5006 unsigned HOST_WIDE_INT offset = 0;
5007
5008 if (TREE_CODE (lhs) == MEM_REF
5009 && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME)
5010 {
5011 tree mem_offset = TREE_OPERAND (lhs, 1);
5012 if (tree_fits_uhwi_p (mem_offset))
5013 {
5014 /* Get the strinfo for the base, and use it if it starts with at
5015 least OFFSET nonzero characters. This is trivially true if
5016 OFFSET is zero. */
5017 offset = tree_to_uhwi (mem_offset);
5018 idx = get_stridx (TREE_OPERAND (lhs, 0));
5019 if (idx > 0)
5020 si = get_strinfo (idx);
5021 if (offset == 0)
5022 ssaname = TREE_OPERAND (lhs, 0);
5023 else if (si == NULL || compare_nonzero_chars (si, offset, rvals) < 0)
5024 {
5025 *zero_write = initializer_zerop (rhs);
5026
5027 bool dummy;
5028 unsigned lenrange[] = { UINT_MAX, 0, 0 };
5029 if (count_nonzero_bytes (rhs, lenrange, &dummy, &dummy, &dummy,
5030 rvals))
5031 maybe_warn_overflow (stmt, lenrange[2], rvals);
5032
5033 return true;
5034 }
5035 }
5036 }
5037 else
5038 {
5039 idx = get_addr_stridx (lhs, NULL_TREE, &offset, rvals);
5040 if (idx > 0)
5041 si = get_strinfo (idx);
5042 }
5043
5044 /* Minimum and maximum leading non-zero bytes and the size of the store. */
5045 unsigned lenrange[] = { UINT_MAX, 0, 0 };
5046
5047 /* Set to the minimum length of the string being assigned if known. */
5048 unsigned HOST_WIDE_INT rhs_minlen;
5049
5050 /* STORING_NONZERO_P is true iff not all stored characters are zero.
5051 STORING_ALL_NONZERO_P is true if all stored characters are zero.
5052 STORING_ALL_ZEROS_P is true iff all stored characters are zero.
5053 Both are false when it's impossible to determine which is true. */
5054 bool storing_nonzero_p;
5055 bool storing_all_nonzero_p;
5056 bool storing_all_zeros_p;
5057 /* FULL_STRING_P is set when the stored sequence of characters form
5058 a nul-terminated string. */
5059 bool full_string_p;
5060
5061 const bool ranges_valid
5062 = count_nonzero_bytes (rhs, lenrange, &full_string_p,
5063 &storing_all_zeros_p, &storing_all_nonzero_p,
5064 rvals);
5065 if (ranges_valid)
5066 {
5067 rhs_minlen = lenrange[0];
5068 storing_nonzero_p = lenrange[1] > 0;
5069 *zero_write = storing_all_zeros_p;
5070
5071 maybe_warn_overflow (stmt, lenrange[2], rvals);
5072 }
5073 else
5074 {
5075 rhs_minlen = HOST_WIDE_INT_M1U;
5076 full_string_p = false;
5077 storing_nonzero_p = false;
5078 storing_all_zeros_p = false;
5079 storing_all_nonzero_p = false;
5080 }
5081
5082 if (si != NULL)
5083 {
5084 /* The corresponding element is set to 1 if the first and last
5085 element, respectively, of the sequence of characters being
5086 written over the string described by SI ends before
5087 the terminating nul (if it has one), to zero if the nul is
5088 being overwritten but not beyond, or negative otherwise. */
5089 int store_before_nul[2];
5090 if (ranges_valid)
5091 {
5092 /* The offset of the last stored byte. */
5093 unsigned HOST_WIDE_INT endoff = offset + lenrange[2] - 1;
5094 store_before_nul[0] = compare_nonzero_chars (si, offset, rvals);
5095 if (endoff == offset)
5096 store_before_nul[1] = store_before_nul[0];
5097 else
5098 store_before_nul[1] = compare_nonzero_chars (si, endoff, rvals);
5099 }
5100 else
5101 {
5102 store_before_nul[0] = compare_nonzero_chars (si, offset, rvals);
5103 store_before_nul[1] = store_before_nul[0];
5104 gcc_assert (offset == 0 || store_before_nul[0] >= 0);
5105 }
5106
5107 if (storing_all_zeros_p
5108 && store_before_nul[0] == 0
5109 && store_before_nul[1] == 0
5110 && si->full_string_p)
5111 {
5112 /* When overwriting a '\0' with a '\0', the store can be removed
5113 if we know it has been stored in the current function. */
5114 if (!stmt_could_throw_p (cfun, stmt) && si->writable)
5115 {
5116 unlink_stmt_vdef (stmt);
5117 release_defs (stmt);
5118 gsi_remove (gsi, true);
5119 return false;
5120 }
5121 else
5122 {
5123 si->writable = true;
5124 gsi_next (gsi);
5125 return false;
5126 }
5127 }
5128
5129 if (store_before_nul[1] > 0
5130 && storing_nonzero_p
5131 && lenrange[0] == lenrange[1]
5132 && lenrange[0] == lenrange[2]
5133 && TREE_CODE (TREE_TYPE (rhs)) == INTEGER_TYPE)
5134 {
5135 /* Handle a store of one or more non-nul characters that ends
5136 before the terminating nul of the destination and so does
5137 not affect its length
5138 If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
5139 and if we aren't storing '\0', we know that the length of
5140 the string and any other zero terminated string in memory
5141 remains the same. In that case we move to the next gimple
5142 statement and return to signal the caller that it shouldn't
5143 invalidate anything.
5144
5145 This is beneficial for cases like:
5146
5147 char p[20];
5148 void foo (char *q)
5149 {
5150 strcpy (p, "foobar");
5151 size_t len = strlen (p); // can be folded to 6
5152 size_t len2 = strlen (q); // has to be computed
5153 p[0] = 'X';
5154 size_t len3 = strlen (p); // can be folded to 6
5155 size_t len4 = strlen (q); // can be folded to len2
5156 bar (len, len2, len3, len4);
5157 } */
5158 gsi_next (gsi);
5159 return false;
5160 }
5161
5162 if (storing_all_zeros_p
5163 || storing_nonzero_p
5164 || (offset != 0 && store_before_nul[1] > 0))
5165 {
5166 /* When STORING_NONZERO_P, we know that the string will start
5167 with at least OFFSET + 1 nonzero characters. If storing
5168 a single character, set si->NONZERO_CHARS to the result.
5169 If storing multiple characters, try to determine the number
5170 of leading non-zero characters and set si->NONZERO_CHARS to
5171 the result instead.
5172
5173 When STORING_ALL_ZEROS_P, we know that the string is now
5174 OFFSET characters long.
5175
5176 Otherwise, we're storing an unknown value at offset OFFSET,
5177 so need to clip the nonzero_chars to OFFSET.
5178 Use the minimum length of the string (or individual character)
5179 being stored if it's known. Otherwise, STORING_NONZERO_P
5180 guarantees it's at least 1. */
5181 HOST_WIDE_INT len
5182 = storing_nonzero_p && ranges_valid ? lenrange[0] : 1;
5183 location_t loc = gimple_location (stmt);
5184 tree oldlen = si->nonzero_chars;
5185 if (store_before_nul[1] == 0 && si->full_string_p)
5186 /* We're overwriting the nul terminator with a nonzero or
5187 unknown character. If the previous stmt was a memcpy,
5188 its length may be decreased. */
5189 adjust_last_stmt (si, stmt, false);
5190 si = unshare_strinfo (si);
5191 if (storing_nonzero_p)
5192 {
5193 gcc_assert (len >= 0);
5194 si->nonzero_chars = build_int_cst (size_type_node, offset + len);
5195 }
5196 else
5197 si->nonzero_chars = build_int_cst (size_type_node, offset);
5198
5199 /* Set FULL_STRING_P only if the length of the strings being
5200 written is the same, and clear it if the strings have
5201 different lengths. In the latter case the length stored
5202 in si->NONZERO_CHARS becomes the lower bound.
5203 FIXME: Handle the upper bound of the length if possible. */
5204 si->full_string_p = full_string_p && lenrange[0] == lenrange[1];
5205
5206 if (storing_all_zeros_p
5207 && ssaname
5208 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
5209 si->endptr = ssaname;
5210 else
5211 si->endptr = NULL;
5212 si->next = 0;
5213 si->stmt = NULL;
5214 si->writable = true;
5215 si->dont_invalidate = true;
5216 if (oldlen)
5217 {
5218 tree adj = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
5219 si->nonzero_chars, oldlen);
5220 adjust_related_strinfos (loc, si, adj);
5221 }
5222 else
5223 si->prev = 0;
5224 }
5225 }
5226 else if (idx == 0 && (storing_all_zeros_p || storing_nonzero_p))
5227 {
5228 if (ssaname)
5229 idx = new_stridx (ssaname);
5230 else
5231 idx = new_addr_stridx (lhs);
5232 if (idx != 0)
5233 {
5234 tree ptr = (ssaname ? ssaname : build_fold_addr_expr (lhs));
5235
5236 HOST_WIDE_INT slen;
5237 if (storing_all_zeros_p)
5238 slen = 0;
5239 else if (storing_nonzero_p && ranges_valid)
5240 {
5241 /* FIXME: Handle the upper bound of the length when
5242 LENRANGE[0] != LENRANGE[1]. */
5243 slen = lenrange[0];
5244 if (lenrange[0] != lenrange[1])
5245 /* Set the minimum length but ignore the maximum
5246 for now. */
5247 full_string_p = false;
5248 }
5249 else
5250 slen = -1;
5251
5252 tree len = (slen <= 0
5253 ? size_zero_node
5254 : build_int_cst (size_type_node, slen));
5255 si = new_strinfo (ptr, idx, len, slen >= 0 && full_string_p);
5256 set_strinfo (idx, si);
5257 if (storing_all_zeros_p
5258 && ssaname
5259 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
5260 si->endptr = ssaname;
5261 si->dont_invalidate = true;
5262 si->writable = true;
5263 }
5264 }
5265 else if (idx == 0
5266 && rhs_minlen < HOST_WIDE_INT_M1U
5267 && ssaname == NULL_TREE
5268 && TREE_CODE (TREE_TYPE (lhs)) == ARRAY_TYPE)
5269 {
5270 HOST_WIDE_INT a = int_size_in_bytes (TREE_TYPE (lhs));
5271 if (a > 0 && (unsigned HOST_WIDE_INT) a > rhs_minlen)
5272 {
5273 int idx = new_addr_stridx (lhs);
5274 if (idx != 0)
5275 {
5276 si = new_strinfo (build_fold_addr_expr (lhs), idx,
5277 build_int_cst (size_type_node, rhs_minlen),
5278 full_string_p);
5279 set_strinfo (idx, si);
5280 si->dont_invalidate = true;
5281 }
5282 }
5283 }
5284
5285 if (si != NULL && offset == 0 && storing_all_zeros_p && lenrange[2] == 1)
5286 {
5287 /* For single-byte stores only, allow adjust_last_stmt to remove
5288 the statement if the stored '\0' is immediately overwritten. */
5289 laststmt.stmt = stmt;
5290 laststmt.len = build_int_cst (size_type_node, 1);
5291 laststmt.stridx = si->idx;
5292 }
5293 return true;
5294 }
5295
5296 /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
5297
5298 static void
5299 fold_strstr_to_strncmp (tree rhs1, tree rhs2, gimple *stmt)
5300 {
5301 if (TREE_CODE (rhs1) != SSA_NAME
5302 || TREE_CODE (rhs2) != SSA_NAME)
5303 return;
5304
5305 gimple *call_stmt = NULL;
5306 for (int pass = 0; pass < 2; pass++)
5307 {
5308 gimple *g = SSA_NAME_DEF_STMT (rhs1);
5309 if (gimple_call_builtin_p (g, BUILT_IN_STRSTR)
5310 && has_single_use (rhs1)
5311 && gimple_call_arg (g, 0) == rhs2)
5312 {
5313 call_stmt = g;
5314 break;
5315 }
5316 std::swap (rhs1, rhs2);
5317 }
5318
5319 if (call_stmt)
5320 {
5321 tree arg0 = gimple_call_arg (call_stmt, 0);
5322
5323 if (arg0 == rhs2)
5324 {
5325 tree arg1 = gimple_call_arg (call_stmt, 1);
5326 tree arg1_len = NULL_TREE;
5327 int idx = get_stridx (arg1);
5328
5329 if (idx)
5330 {
5331 if (idx < 0)
5332 arg1_len = build_int_cst (size_type_node, ~idx);
5333 else
5334 {
5335 strinfo *si = get_strinfo (idx);
5336 if (si)
5337 arg1_len = get_string_length (si);
5338 }
5339 }
5340
5341 if (arg1_len != NULL_TREE)
5342 {
5343 gimple_stmt_iterator gsi = gsi_for_stmt (call_stmt);
5344 tree strncmp_decl = builtin_decl_explicit (BUILT_IN_STRNCMP);
5345
5346 if (!is_gimple_val (arg1_len))
5347 {
5348 tree arg1_len_tmp = make_ssa_name (TREE_TYPE (arg1_len));
5349 gassign *arg1_stmt = gimple_build_assign (arg1_len_tmp,
5350 arg1_len);
5351 gsi_insert_before (&gsi, arg1_stmt, GSI_SAME_STMT);
5352 arg1_len = arg1_len_tmp;
5353 }
5354
5355 gcall *strncmp_call = gimple_build_call (strncmp_decl, 3,
5356 arg0, arg1, arg1_len);
5357 tree strncmp_lhs = make_ssa_name (integer_type_node);
5358 gimple_set_vuse (strncmp_call, gimple_vuse (call_stmt));
5359 gimple_call_set_lhs (strncmp_call, strncmp_lhs);
5360 gsi_remove (&gsi, true);
5361 gsi_insert_before (&gsi, strncmp_call, GSI_SAME_STMT);
5362 tree zero = build_zero_cst (TREE_TYPE (strncmp_lhs));
5363
5364 if (is_gimple_assign (stmt))
5365 {
5366 if (gimple_assign_rhs_code (stmt) == COND_EXPR)
5367 {
5368 tree cond = gimple_assign_rhs1 (stmt);
5369 TREE_OPERAND (cond, 0) = strncmp_lhs;
5370 TREE_OPERAND (cond, 1) = zero;
5371 }
5372 else
5373 {
5374 gimple_assign_set_rhs1 (stmt, strncmp_lhs);
5375 gimple_assign_set_rhs2 (stmt, zero);
5376 }
5377 }
5378 else
5379 {
5380 gcond *cond = as_a<gcond *> (stmt);
5381 gimple_cond_set_lhs (cond, strncmp_lhs);
5382 gimple_cond_set_rhs (cond, zero);
5383 }
5384 update_stmt (stmt);
5385 }
5386 }
5387 }
5388 }
5389
5390 /* Return true if TYPE corresponds to a narrow character type. */
5391
5392 static bool
5393 is_char_type (tree type)
5394 {
5395 return (TREE_CODE (type) == INTEGER_TYPE
5396 && TYPE_MODE (type) == TYPE_MODE (char_type_node)
5397 && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node));
5398 }
5399
5400 /* Check the built-in call at GSI for validity and optimize it.
5401 Uses RVALS to determine range information.
5402 Return true to let the caller advance *GSI to the next statement
5403 in the basic block and false otherwise. */
5404
5405 static bool
5406 strlen_check_and_optimize_call (gimple_stmt_iterator *gsi, bool *zero_write,
5407 range_query *rvals)
5408 {
5409 gimple *stmt = gsi_stmt (*gsi);
5410
5411 if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
5412 {
5413 tree fntype = gimple_call_fntype (stmt);
5414 if (fntype && lookup_attribute ("alloc_size", TYPE_ATTRIBUTES (fntype)))
5415 handle_alloc_call (BUILT_IN_NONE, gsi);
5416 }
5417
5418 /* When not optimizing we must be checking printf calls which
5419 we do even for user-defined functions when they are declared
5420 with attribute format. */
5421 if (!flag_optimize_strlen
5422 || !strlen_optimize
5423 || !valid_builtin_call (stmt))
5424 return !handle_printf_call (gsi, rvals);
5425
5426 tree callee = gimple_call_fndecl (stmt);
5427 switch (DECL_FUNCTION_CODE (callee))
5428 {
5429 case BUILT_IN_STRLEN:
5430 case BUILT_IN_STRNLEN:
5431 handle_builtin_strlen (gsi);
5432 break;
5433 case BUILT_IN_STRCHR:
5434 handle_builtin_strchr (gsi);
5435 break;
5436 case BUILT_IN_STRCPY:
5437 case BUILT_IN_STRCPY_CHK:
5438 case BUILT_IN_STPCPY:
5439 case BUILT_IN_STPCPY_CHK:
5440 handle_builtin_strcpy (DECL_FUNCTION_CODE (callee), gsi, rvals);
5441 break;
5442
5443 case BUILT_IN_STRNCAT:
5444 case BUILT_IN_STRNCAT_CHK:
5445 handle_builtin_strncat (DECL_FUNCTION_CODE (callee), gsi);
5446 break;
5447
5448 case BUILT_IN_STPNCPY:
5449 case BUILT_IN_STPNCPY_CHK:
5450 case BUILT_IN_STRNCPY:
5451 case BUILT_IN_STRNCPY_CHK:
5452 handle_builtin_stxncpy_strncat (false, gsi);
5453 break;
5454
5455 case BUILT_IN_MEMCPY:
5456 case BUILT_IN_MEMCPY_CHK:
5457 case BUILT_IN_MEMPCPY:
5458 case BUILT_IN_MEMPCPY_CHK:
5459 handle_builtin_memcpy (DECL_FUNCTION_CODE (callee), gsi, rvals);
5460 break;
5461 case BUILT_IN_STRCAT:
5462 case BUILT_IN_STRCAT_CHK:
5463 handle_builtin_strcat (DECL_FUNCTION_CODE (callee), gsi);
5464 break;
5465 case BUILT_IN_ALLOCA:
5466 case BUILT_IN_ALLOCA_WITH_ALIGN:
5467 case BUILT_IN_MALLOC:
5468 case BUILT_IN_CALLOC:
5469 handle_alloc_call (DECL_FUNCTION_CODE (callee), gsi);
5470 break;
5471 case BUILT_IN_MEMSET:
5472 if (handle_builtin_memset (gsi, zero_write, rvals))
5473 return false;
5474 break;
5475 case BUILT_IN_MEMCMP:
5476 if (handle_builtin_memcmp (gsi))
5477 return false;
5478 break;
5479 case BUILT_IN_STRCMP:
5480 case BUILT_IN_STRNCMP:
5481 if (handle_builtin_string_cmp (gsi, rvals))
5482 return false;
5483 break;
5484 default:
5485 if (handle_printf_call (gsi, rvals))
5486 return false;
5487 break;
5488 }
5489
5490 return true;
5491 }
5492
5493 /* Handle an assignment statement at *GSI to a LHS of integral type.
5494 If GSI's basic block needs clean-up of EH, set *CLEANUP_EH to true. */
5495
5496 static void
5497 handle_integral_assign (gimple_stmt_iterator *gsi, bool *cleanup_eh,
5498 range_query *rvals)
5499 {
5500 gimple *stmt = gsi_stmt (*gsi);
5501 tree lhs = gimple_assign_lhs (stmt);
5502 tree lhs_type = TREE_TYPE (lhs);
5503
5504 enum tree_code code = gimple_assign_rhs_code (stmt);
5505 if (code == COND_EXPR)
5506 {
5507 tree cond = gimple_assign_rhs1 (stmt);
5508 enum tree_code cond_code = TREE_CODE (cond);
5509
5510 if (cond_code == EQ_EXPR || cond_code == NE_EXPR)
5511 fold_strstr_to_strncmp (TREE_OPERAND (cond, 0),
5512 TREE_OPERAND (cond, 1), stmt);
5513 }
5514 else if (code == EQ_EXPR || code == NE_EXPR)
5515 fold_strstr_to_strncmp (gimple_assign_rhs1 (stmt),
5516 gimple_assign_rhs2 (stmt), stmt);
5517 else if (gimple_assign_load_p (stmt)
5518 && TREE_CODE (lhs_type) == INTEGER_TYPE
5519 && TYPE_MODE (lhs_type) == TYPE_MODE (char_type_node)
5520 && (TYPE_PRECISION (lhs_type)
5521 == TYPE_PRECISION (char_type_node))
5522 && !gimple_has_volatile_ops (stmt))
5523 {
5524 tree off = integer_zero_node;
5525 unsigned HOST_WIDE_INT coff = 0;
5526 int idx = 0;
5527 tree rhs1 = gimple_assign_rhs1 (stmt);
5528 if (code == MEM_REF)
5529 {
5530 idx = get_stridx (TREE_OPERAND (rhs1, 0));
5531 if (idx > 0)
5532 {
5533 strinfo *si = get_strinfo (idx);
5534 if (si
5535 && si->nonzero_chars
5536 && TREE_CODE (si->nonzero_chars) == INTEGER_CST
5537 && (wi::to_widest (si->nonzero_chars)
5538 >= wi::to_widest (off)))
5539 off = TREE_OPERAND (rhs1, 1);
5540 else
5541 /* This case is not useful. See if get_addr_stridx
5542 returns something usable. */
5543 idx = 0;
5544 }
5545 }
5546 if (idx <= 0)
5547 idx = get_addr_stridx (rhs1, NULL_TREE, &coff);
5548 if (idx > 0)
5549 {
5550 strinfo *si = get_strinfo (idx);
5551 if (si
5552 && si->nonzero_chars
5553 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
5554 {
5555 widest_int w1 = wi::to_widest (si->nonzero_chars);
5556 widest_int w2 = wi::to_widest (off) + coff;
5557 if (w1 == w2
5558 && si->full_string_p)
5559 {
5560 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5561 {
5562 fprintf (dump_file, "Optimizing: ");
5563 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5564 }
5565
5566 /* Reading the final '\0' character. */
5567 tree zero = build_int_cst (lhs_type, 0);
5568 gimple_set_vuse (stmt, NULL_TREE);
5569 gimple_assign_set_rhs_from_tree (gsi, zero);
5570 *cleanup_eh
5571 |= maybe_clean_or_replace_eh_stmt (stmt,
5572 gsi_stmt (*gsi));
5573 stmt = gsi_stmt (*gsi);
5574 update_stmt (stmt);
5575
5576 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5577 {
5578 fprintf (dump_file, "into: ");
5579 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5580 }
5581 }
5582 else if (w1 > w2)
5583 {
5584 /* Reading a character before the final '\0'
5585 character. Just set the value range to ~[0, 0]
5586 if we don't have anything better. */
5587 wide_int min, max;
5588 signop sign = TYPE_SIGN (lhs_type);
5589 int prec = TYPE_PRECISION (lhs_type);
5590 // FIXME: Use range_query instead of global ranges.
5591 value_range_kind vr = get_range_info (lhs, &min, &max);
5592 if (vr == VR_VARYING
5593 || (vr == VR_RANGE
5594 && min == wi::min_value (prec, sign)
5595 && max == wi::max_value (prec, sign)))
5596 set_range_info (lhs, VR_ANTI_RANGE,
5597 wi::zero (prec), wi::zero (prec));
5598 }
5599 }
5600 }
5601 }
5602 else if (code == MEM_REF && TREE_CODE (lhs) == SSA_NAME)
5603 {
5604 if (int idx = new_stridx (lhs))
5605 {
5606 /* Record multi-byte assignments from MEM_REFs. */
5607 bool storing_all_nonzero_p;
5608 bool storing_all_zeros_p;
5609 bool full_string_p;
5610 unsigned lenrange[] = { UINT_MAX, 0, 0 };
5611 tree rhs = gimple_assign_rhs1 (stmt);
5612 const bool ranges_valid
5613 = count_nonzero_bytes (rhs, lenrange, &full_string_p,
5614 &storing_all_zeros_p, &storing_all_nonzero_p,
5615 rvals);
5616 if (ranges_valid)
5617 {
5618 tree length = build_int_cst (sizetype, lenrange[0]);
5619 strinfo *si = new_strinfo (lhs, idx, length, full_string_p);
5620 set_strinfo (idx, si);
5621 si->writable = true;
5622 si->dont_invalidate = true;
5623 }
5624 }
5625 }
5626
5627 if (strlen_to_stridx)
5628 {
5629 tree rhs1 = gimple_assign_rhs1 (stmt);
5630 if (stridx_strlenloc *ps = strlen_to_stridx->get (rhs1))
5631 strlen_to_stridx->put (lhs, stridx_strlenloc (*ps));
5632 }
5633 }
5634
5635 /* Attempt to check for validity of the performed access a single statement
5636 at *GSI using string length knowledge, and to optimize it.
5637 If the given basic block needs clean-up of EH, CLEANUP_EH is set to
5638 true. Return true to let the caller advance *GSI to the next statement
5639 in the basic block and false otherwise. */
5640
5641 static bool
5642 check_and_optimize_stmt (gimple_stmt_iterator *gsi, bool *cleanup_eh,
5643 range_query *rvals)
5644 {
5645 gimple *stmt = gsi_stmt (*gsi);
5646
5647 /* For statements that modify a string, set to true if the write
5648 is only zeros. */
5649 bool zero_write = false;
5650
5651 if (is_gimple_call (stmt))
5652 {
5653 if (!strlen_check_and_optimize_call (gsi, &zero_write, rvals))
5654 return false;
5655 }
5656 else if (!flag_optimize_strlen || !strlen_optimize)
5657 return true;
5658 else if (is_gimple_assign (stmt) && !gimple_clobber_p (stmt))
5659 {
5660 /* Handle non-clobbering assignment. */
5661 tree lhs = gimple_assign_lhs (stmt);
5662 tree lhs_type = TREE_TYPE (lhs);
5663
5664 if (TREE_CODE (lhs) == SSA_NAME && POINTER_TYPE_P (lhs_type))
5665 {
5666 if (gimple_assign_single_p (stmt)
5667 || (gimple_assign_cast_p (stmt)
5668 && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (stmt)))))
5669 {
5670 int idx = get_stridx (gimple_assign_rhs1 (stmt));
5671 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = idx;
5672 }
5673 else if (gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
5674 handle_pointer_plus (gsi);
5675 }
5676 else if (TREE_CODE (lhs) == SSA_NAME && INTEGRAL_TYPE_P (lhs_type))
5677 /* Handle assignment to a character. */
5678 handle_integral_assign (gsi, cleanup_eh, rvals);
5679 else if (TREE_CODE (lhs) != SSA_NAME && !TREE_SIDE_EFFECTS (lhs))
5680 {
5681 tree type = TREE_TYPE (lhs);
5682 if (TREE_CODE (type) == ARRAY_TYPE)
5683 type = TREE_TYPE (type);
5684
5685 bool is_char_store = is_char_type (type);
5686 if (!is_char_store && TREE_CODE (lhs) == MEM_REF)
5687 {
5688 /* To consider stores into char objects via integer types
5689 other than char but not those to non-character objects,
5690 determine the type of the destination rather than just
5691 the type of the access. */
5692 for (int i = 0; i != 2; ++i)
5693 {
5694 tree ref = TREE_OPERAND (lhs, i);
5695 type = TREE_TYPE (ref);
5696 if (TREE_CODE (type) == POINTER_TYPE)
5697 type = TREE_TYPE (type);
5698 if (TREE_CODE (type) == ARRAY_TYPE)
5699 type = TREE_TYPE (type);
5700 if (is_char_type (type))
5701 {
5702 is_char_store = true;
5703 break;
5704 }
5705 }
5706 }
5707
5708 /* Handle a single or multibyte assignment. */
5709 if (is_char_store && !handle_store (gsi, &zero_write, rvals))
5710 return false;
5711 }
5712 }
5713 else if (gcond *cond = dyn_cast<gcond *> (stmt))
5714 {
5715 enum tree_code code = gimple_cond_code (cond);
5716 if (code == EQ_EXPR || code == NE_EXPR)
5717 fold_strstr_to_strncmp (gimple_cond_lhs (stmt),
5718 gimple_cond_rhs (stmt), stmt);
5719 }
5720
5721 if (gimple_vdef (stmt))
5722 maybe_invalidate (stmt, zero_write);
5723 return true;
5724 }
5725
5726 /* Recursively call maybe_invalidate on stmts that might be executed
5727 in between dombb and current bb and that contain a vdef. Stop when
5728 *count stmts are inspected, or if the whole strinfo vector has
5729 been invalidated. */
5730
5731 static void
5732 do_invalidate (basic_block dombb, gimple *phi, bitmap visited, int *count)
5733 {
5734 unsigned int i, n = gimple_phi_num_args (phi);
5735
5736 for (i = 0; i < n; i++)
5737 {
5738 tree vuse = gimple_phi_arg_def (phi, i);
5739 gimple *stmt = SSA_NAME_DEF_STMT (vuse);
5740 basic_block bb = gimple_bb (stmt);
5741 if (bb == NULL
5742 || bb == dombb
5743 || !bitmap_set_bit (visited, bb->index)
5744 || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5745 continue;
5746 while (1)
5747 {
5748 if (gimple_code (stmt) == GIMPLE_PHI)
5749 {
5750 do_invalidate (dombb, stmt, visited, count);
5751 if (*count == 0)
5752 return;
5753 break;
5754 }
5755 if (--*count == 0)
5756 return;
5757 if (!maybe_invalidate (stmt))
5758 {
5759 *count = 0;
5760 return;
5761 }
5762 vuse = gimple_vuse (stmt);
5763 stmt = SSA_NAME_DEF_STMT (vuse);
5764 if (gimple_bb (stmt) != bb)
5765 {
5766 bb = gimple_bb (stmt);
5767 if (bb == NULL
5768 || bb == dombb
5769 || !bitmap_set_bit (visited, bb->index)
5770 || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5771 break;
5772 }
5773 }
5774 }
5775 }
5776
5777 class strlen_dom_walker : public dom_walker
5778 {
5779 public:
5780 strlen_dom_walker (cdi_direction direction)
5781 : dom_walker (direction),
5782 evrp (false),
5783 m_cleanup_cfg (false)
5784 {}
5785
5786 virtual edge before_dom_children (basic_block);
5787 virtual void after_dom_children (basic_block);
5788
5789 /* EVRP analyzer used for printf argument range processing, and
5790 to track strlen results across integer variable assignments. */
5791 evrp_range_analyzer evrp;
5792
5793 /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
5794 execute function. */
5795 bool m_cleanup_cfg;
5796 };
5797
5798 /* Callback for walk_dominator_tree. Attempt to optimize various
5799 string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
5800
5801 edge
5802 strlen_dom_walker::before_dom_children (basic_block bb)
5803 {
5804 evrp.enter (bb);
5805
5806 basic_block dombb = get_immediate_dominator (CDI_DOMINATORS, bb);
5807
5808 if (dombb == NULL)
5809 stridx_to_strinfo = NULL;
5810 else
5811 {
5812 stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) dombb->aux);
5813 if (stridx_to_strinfo)
5814 {
5815 for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5816 gsi_next (&gsi))
5817 {
5818 gphi *phi = gsi.phi ();
5819 if (virtual_operand_p (gimple_phi_result (phi)))
5820 {
5821 bitmap visited = BITMAP_ALLOC (NULL);
5822 int count_vdef = 100;
5823 do_invalidate (dombb, phi, visited, &count_vdef);
5824 BITMAP_FREE (visited);
5825 if (count_vdef == 0)
5826 {
5827 /* If there were too many vdefs in between immediate
5828 dominator and current bb, invalidate everything.
5829 If stridx_to_strinfo has been unshared, we need
5830 to free it, otherwise just set it to NULL. */
5831 if (!strinfo_shared ())
5832 {
5833 unsigned int i;
5834 strinfo *si;
5835
5836 for (i = 1;
5837 vec_safe_iterate (stridx_to_strinfo, i, &si);
5838 ++i)
5839 {
5840 free_strinfo (si);
5841 (*stridx_to_strinfo)[i] = NULL;
5842 }
5843 }
5844 else
5845 stridx_to_strinfo = NULL;
5846 }
5847 break;
5848 }
5849 }
5850 }
5851 }
5852
5853 /* If all PHI arguments have the same string index, the PHI result
5854 has it as well. */
5855 for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5856 gsi_next (&gsi))
5857 {
5858 gphi *phi = gsi.phi ();
5859 tree result = gimple_phi_result (phi);
5860 if (!virtual_operand_p (result) && POINTER_TYPE_P (TREE_TYPE (result)))
5861 {
5862 int idx = get_stridx (gimple_phi_arg_def (phi, 0));
5863 if (idx != 0)
5864 {
5865 unsigned int i, n = gimple_phi_num_args (phi);
5866 for (i = 1; i < n; i++)
5867 if (idx != get_stridx (gimple_phi_arg_def (phi, i)))
5868 break;
5869 if (i == n)
5870 ssa_ver_to_stridx[SSA_NAME_VERSION (result)] = idx;
5871 }
5872 }
5873 }
5874
5875 bool cleanup_eh = false;
5876
5877 /* Attempt to optimize individual statements. */
5878 for (gimple_stmt_iterator gsi = gsi_start_bb (bb); !gsi_end_p (gsi); )
5879 {
5880 gimple *stmt = gsi_stmt (gsi);
5881
5882 /* First record ranges generated by this statement so they
5883 can be used by printf argument processing. */
5884 evrp.record_ranges_from_stmt (stmt, false);
5885
5886 if (check_and_optimize_stmt (&gsi, &cleanup_eh, &evrp))
5887 gsi_next (&gsi);
5888 }
5889
5890 if (cleanup_eh && gimple_purge_dead_eh_edges (bb))
5891 m_cleanup_cfg = true;
5892
5893 bb->aux = stridx_to_strinfo;
5894 if (vec_safe_length (stridx_to_strinfo) && !strinfo_shared ())
5895 (*stridx_to_strinfo)[0] = (strinfo *) bb;
5896 return NULL;
5897 }
5898
5899 /* Callback for walk_dominator_tree. Free strinfo vector if it is
5900 owned by the current bb, clear bb->aux. */
5901
5902 void
5903 strlen_dom_walker::after_dom_children (basic_block bb)
5904 {
5905 evrp.leave (bb);
5906
5907 if (bb->aux)
5908 {
5909 stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) bb->aux);
5910 if (vec_safe_length (stridx_to_strinfo)
5911 && (*stridx_to_strinfo)[0] == (strinfo *) bb)
5912 {
5913 unsigned int i;
5914 strinfo *si;
5915
5916 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
5917 free_strinfo (si);
5918 vec_free (stridx_to_strinfo);
5919 }
5920 bb->aux = NULL;
5921 }
5922 }
5923
5924 namespace {
5925
5926 static unsigned int
5927 printf_strlen_execute (function *fun, bool warn_only)
5928 {
5929 strlen_optimize = !warn_only;
5930
5931 calculate_dominance_info (CDI_DOMINATORS);
5932
5933 bool use_scev = optimize > 0 && flag_printf_return_value;
5934 if (use_scev)
5935 {
5936 loop_optimizer_init (LOOPS_NORMAL);
5937 scev_initialize ();
5938 }
5939
5940 gcc_assert (!strlen_to_stridx);
5941 if (warn_stringop_overflow || warn_stringop_truncation)
5942 strlen_to_stridx = new hash_map<tree, stridx_strlenloc> ();
5943
5944 /* This has to happen after initializing the loop optimizer
5945 and initializing SCEV as they create new SSA_NAMEs. */
5946 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
5947 max_stridx = 1;
5948
5949 /* String length optimization is implemented as a walk of the dominator
5950 tree and a forward walk of statements within each block. */
5951 strlen_dom_walker walker (CDI_DOMINATORS);
5952 walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun));
5953
5954 ssa_ver_to_stridx.release ();
5955 strinfo_pool.release ();
5956 if (decl_to_stridxlist_htab)
5957 {
5958 obstack_free (&stridx_obstack, NULL);
5959 delete decl_to_stridxlist_htab;
5960 decl_to_stridxlist_htab = NULL;
5961 }
5962 laststmt.stmt = NULL;
5963 laststmt.len = NULL_TREE;
5964 laststmt.stridx = 0;
5965
5966 if (strlen_to_stridx)
5967 {
5968 strlen_to_stridx->empty ();
5969 delete strlen_to_stridx;
5970 strlen_to_stridx = NULL;
5971 }
5972
5973 if (use_scev)
5974 {
5975 scev_finalize ();
5976 loop_optimizer_finalize ();
5977 }
5978
5979 /* Clean up object size info. */
5980 fini_object_sizes ();
5981
5982 return walker.m_cleanup_cfg ? TODO_cleanup_cfg : 0;
5983 }
5984
5985 /* This file defines two passes: one for warnings that runs only when
5986 optimization is disabled, and another that implements optimizations
5987 and also issues warnings. */
5988
5989 const pass_data pass_data_warn_printf =
5990 {
5991 GIMPLE_PASS, /* type */
5992 "warn-printf", /* name */
5993 OPTGROUP_NONE, /* optinfo_flags */
5994 TV_NONE, /* tv_id */
5995 /* Normally an optimization pass would require PROP_ssa but because
5996 this pass runs early, with no optimization, to do sprintf format
5997 checking, it only requires PROP_cfg. */
5998 PROP_cfg, /* properties_required */
5999 0, /* properties_provided */
6000 0, /* properties_destroyed */
6001 0, /* todo_flags_start */
6002 0, /* todo_flags_finish */
6003 };
6004
6005 class pass_warn_printf : public gimple_opt_pass
6006 {
6007 public:
6008 pass_warn_printf (gcc::context *ctxt)
6009 : gimple_opt_pass (pass_data_warn_printf, ctxt)
6010 {}
6011
6012 virtual bool gate (function *);
6013 virtual unsigned int execute (function *fun)
6014 {
6015 return printf_strlen_execute (fun, true);
6016 }
6017 };
6018
6019
6020 /* Return true to run the warning pass only when not optimizing and
6021 iff either -Wformat-overflow or -Wformat-truncation is specified. */
6022
6023 bool
6024 pass_warn_printf::gate (function *)
6025 {
6026 return !optimize && (warn_format_overflow > 0 || warn_format_trunc > 0);
6027 }
6028
6029 const pass_data pass_data_strlen =
6030 {
6031 GIMPLE_PASS, /* type */
6032 "strlen", /* name */
6033 OPTGROUP_NONE, /* optinfo_flags */
6034 TV_TREE_STRLEN, /* tv_id */
6035 PROP_cfg | PROP_ssa, /* properties_required */
6036 0, /* properties_provided */
6037 0, /* properties_destroyed */
6038 0, /* todo_flags_start */
6039 0, /* todo_flags_finish */
6040 };
6041
6042 class pass_strlen : public gimple_opt_pass
6043 {
6044 public:
6045 pass_strlen (gcc::context *ctxt)
6046 : gimple_opt_pass (pass_data_strlen, ctxt)
6047 {}
6048
6049 opt_pass * clone () { return new pass_strlen (m_ctxt); }
6050
6051 virtual bool gate (function *);
6052 virtual unsigned int execute (function *fun)
6053 {
6054 return printf_strlen_execute (fun, false);
6055 }
6056 };
6057
6058 /* Return true to run the pass only when the sprintf and/or strlen
6059 optimizations are enabled and -Wformat-overflow or -Wformat-truncation
6060 are specified. */
6061
6062 bool
6063 pass_strlen::gate (function *)
6064 {
6065 return ((warn_format_overflow > 0
6066 || warn_format_trunc > 0
6067 || warn_restrict > 0
6068 || flag_optimize_strlen > 0
6069 || flag_printf_return_value)
6070 && optimize > 0);
6071 }
6072
6073 } // anon namespace
6074
6075 gimple_opt_pass *
6076 make_pass_warn_printf (gcc::context *ctxt)
6077 {
6078 return new pass_warn_printf (ctxt);
6079 }
6080
6081 gimple_opt_pass *
6082 make_pass_strlen (gcc::context *ctxt)
6083 {
6084 return new pass_strlen (ctxt);
6085 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org