| blob | 74cd6c44874c48c741110ed8bad7f16764d74ece |
1 /* String length optimization
2 Copyright (C) 2011-2019 Free Software Foundation, Inc.
3 Contributed by Jakub Jelinek <jakub@redhat.com>
5 This file is part of GCC.
7 GCC is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
12 GCC is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
59 /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
60 is an index into strinfo vector, negative value stands for
61 string length of a string literal (~strlen). */
64 /* Number of currently active string indexes plus one. */
67 /* String information record. */
68 struct strinfo
69 {
70 /* Number of leading characters that are known to be nonzero. This is
71 also the length of the string if FULL_STRING_P.
73 The values in a list of related string pointers must be consistent;
74 that is, if strinfo B comes X bytes after strinfo A, it must be
75 the case that A->nonzero_chars == X + B->nonzero_chars. */
76 tree nonzero_chars;
77 /* Any of the corresponding pointers for querying alias oracle. */
78 tree ptr;
79 /* This is used for two things:
81 - To record the statement that should be used for delayed length
82 computations. We maintain the invariant that all related strinfos
83 have delayed lengths or none do.
85 - To record the malloc or calloc call that produced this result. */
87 /* Pointer to '\0' if known, if NULL, it can be computed as
88 ptr + length. */
89 tree endptr;
90 /* Reference count. Any changes to strinfo entry possibly shared
91 with dominating basic blocks need unshare_strinfo first, except
92 for dont_invalidate which affects only the immediately next
93 maybe_invalidate. */
95 /* Copy of index. get_strinfo (si->idx) should return si; */
97 /* These 3 fields are for chaining related string pointers together.
98 E.g. for
99 bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
100 strcpy (c, d); e = c + dl;
101 strinfo(a) -> strinfo(c) -> strinfo(e)
102 All have ->first field equal to strinfo(a)->idx and are doubly
103 chained through prev/next fields. The later strinfos are required
104 to point into the same string with zero or more bytes after
105 the previous pointer and all bytes in between the two pointers
106 must be non-zero. Functions like strcpy or memcpy are supposed
107 to adjust all previous strinfo lengths, but not following strinfo
108 lengths (those are uncertain, usually invalidated during
109 maybe_invalidate, except when the alias oracle knows better).
110 Functions like strcat on the other side adjust the whole
111 related strinfo chain.
112 They are updated lazily, so to use the chain the same first fields
113 and si->prev->next == si->idx needs to be verified. */
117 /* A flag whether the string is known to be written in the current
118 function. */
120 /* A flag for the next maybe_invalidate that this strinfo shouldn't
121 be invalidated. Always cleared by maybe_invalidate. */
123 /* True if the string is known to be nul-terminated after NONZERO_CHARS
124 characters. False is useful when detecting strings that are built
125 up via successive memcpys. */
127 };
129 /* Pool for allocating strinfo_struct entries. */
132 /* Vector mapping positive string indexes to strinfo, for the
133 current basic block. The first pointer in the vector is special,
134 it is either NULL, meaning the vector isn't shared, or it is
135 a basic block pointer to the owner basic_block if shared.
136 If some other bb wants to modify the vector, the vector needs
137 to be unshared first, and only the owner bb is supposed to free it. */
140 /* One OFFSET->IDX mapping. */
141 struct stridxlist
142 {
144 HOST_WIDE_INT offset;
146 };
148 /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
149 struct decl_stridxlist_map
150 {
153 };
155 /* Hash table for mapping decls to a chained list of offset -> idx
156 mappings. */
159 /* Hash table mapping strlen (or strnlen with constant bound and return
160 smaller than bound) calls to stridx instances describing
161 the calls' arguments. Non-null only when warn_stringop_truncation
162 is non-zero. */
166 /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
169 /* Last memcpy statement if it could be adjusted if the trailing
170 '\0' written is immediately overwritten, or
171 *x = '\0' store that could be removed if it is immediately overwritten. */
172 struct laststmt_struct
173 {
175 tree len;
182 /* Return:
184 - 1 if SI is known to start with more than OFF nonzero characters.
186 - 0 if SI is known to start with OFF nonzero characters,
187 but is not known to start with more.
189 - -1 if SI might not start with OFF nonzero characters. */
193 {
197 else
199 }
201 /* Return true if SI is known to be a zero-length string. */
205 {
207 }
209 /* Return strinfo vector entry IDX. */
213 {
217 }
219 /* Get the next strinfo in the chain after SI, or null if none. */
223 {
230 }
232 /* Helper function for get_stridx. Return the strinfo index of the address
233 of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
234 OK to return the index for some X <= &EXP and store &EXP - X in
235 *OFFSET_OUT. */
237 static int
239 {
240 HOST_WIDE_INT off;
242 tree base;
247 poly_int64 poff;
256 do
257 {
259 {
263 }
268 }
272 {
273 unsigned HOST_WIDE_INT rel_off
277 {
279 {
282 }
283 else
285 }
286 }
288 }
290 /* Return string index for EXP. */
292 static int
294 {
296 {
302 /* Follow a chain of at most 5 assignments. */
304 {
313 {
314 /* Handle indices/offsets into VLAs which are implemented
315 as pointers to arrays. */
319 /* Handle also VLAs of types larger than char. */
321 {
323 {
327 {
328 /* Scale the array index by the size of the element
329 type in the rare case that it's greater than
330 the typical 1 for char, making sure both operands
331 have the same type. */
335 }
336 }
337 else
339 }
340 else
346 /* Add the MEM_REF byte offset. */
350 }
352 {
355 }
356 else
369 {
370 strinfo *si
374 }
376 }
378 }
381 {
385 }
392 }
394 /* Return true if strinfo vector is shared with the immediate dominator. */
398 {
401 }
403 /* Unshare strinfo vector that is shared with the immediate dominator. */
405 static void
407 {
417 }
419 /* Attempt to create a string index for exp, ADDR_EXPR's operand.
420 Return a pointer to the location where the string index can
421 be stored (if 0) or is stored, or NULL if this can't be tracked. */
425 {
426 HOST_WIDE_INT off;
428 poly_int64 poff;
434 {
435 decl_to_stridxlist_htab
438 }
443 {
447 {
455 }
459 {
467 }
470 }
476 }
478 /* Create a new string index, or return 0 if reached limit. */
480 static int
482 {
487 {
493 }
495 {
498 {
502 }
503 }
505 }
507 /* Like new_stridx, but for ADDR_EXPR's operand instead. */
509 static int
511 {
517 {
521 }
523 }
525 /* Create a new strinfo. */
529 {
544 }
546 /* Decrease strinfo refcount and free it if not referenced anymore. */
550 {
553 }
555 /* Set strinfo in the vector entry IDX to SI. */
559 {
565 }
567 /* Return the first strinfo in the related strinfo chain
568 if all strinfos in between belong to the chain, otherwise NULL. */
572 {
578 {
586 }
590 }
592 /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
593 Use LOC for folding. */
595 static void
597 {
605 }
607 /* Return string length, or NULL if it can't be computed. */
609 static tree
611 {
616 {
619 location_t loc;
620 gimple_stmt_iterator gsi;
626 /* unshare_strinfo is intentionally not called here. The (delayed)
627 transformation of strcpy or strcat into stpcpy is done at the place
628 of the former strcpy/strcat call and so can affect all the strinfos
629 with the same stmt. If they were unshared before and transformation
630 has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
631 just compute the right length. */
633 {
647 {
651 }
652 lenstmt = gimple_build_assign
658 /* FALLTHRU */
664 else
668 {
671 }
677 {
680 }
681 /* FALLTHRU */
695 /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
699 }
700 }
703 }
705 /* Invalidate string length information for strings whose length
706 might change due to stores in stmt. */
708 static bool
710 {
717 {
719 {
720 ao_ref r;
721 /* Do not use si->nonzero_chars. */
724 {
728 }
729 }
732 }
734 }
736 /* Unshare strinfo record SI, if it has refcount > 1 or
737 if stridx_to_strinfo vector is shared with some other
738 bbs. */
742 {
758 }
760 /* Attempt to create a new strinfo for BASESI + OFF, or find existing
761 strinfo if there is any. Return it's idx, or 0 if no strinfo has
762 been created. */
764 static int
766 tree ptr)
767 {
775 unsigned HOST_WIDE_INT nonzero_chars
791 {
799 {
801 {
804 else
805 {
809 }
811 }
813 }
814 }
823 {
827 }
839 }
841 /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
842 to a zero-length string and if possible chain it to a related strinfo
843 chain whose part is or might be CHAINSI. */
847 {
858 {
861 {
862 do
863 {
864 /* We shouldn't mix delayed and non-delayed lengths. */
867 {
870 }
873 }
876 {
878 {
881 }
884 }
885 }
886 else
887 {
888 /* We shouldn't mix delayed and non-delayed lengths. */
891 {
896 }
897 }
898 }
906 {
916 }
918 }
920 /* For strinfo ORIGSI whose length has been just updated, adjust other
921 related strinfos so that they match the new ORIGSI. This involves:
923 - adding ADJ to the nonzero_chars fields
924 - copying full_string_p from the new ORIGSI. */
926 static void
928 {
935 {
939 {
940 tree tem;
943 /* We shouldn't see delayed lengths here; the caller must
944 have calculated the old length in order to calculate
945 the adjustment. */
955 }
960 }
961 }
963 /* Find if there are other SSA_NAME pointers equal to PTR
964 for which we don't track their string lengths yet. If so, use
965 IDX for them. */
967 static void
969 {
973 {
979 {
982 CASE_CONVERT:
989 /* FALLTHRU */
991 {
996 }
999 }
1001 /* We might find an endptr created in this pass. Grow the
1002 vector in that case. */
1009 }
1010 }
1012 /* Return true if STMT is a call to a builtin function with the right
1013 arguments and attributes that should be considered for optimization
1014 by this pass. */
1016 static bool
1018 {
1030 {
1038 /* The above functions should be pure. Punt if they aren't. */
1062 /* The above functions should be neither const nor pure. Punt if they
1063 aren't. */
1070 }
1073 }
1075 /* If the last .MEM setter statement before STMT is
1076 memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1077 and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1078 just memcpy (x, y, strlen (y)). SI must be the zero length
1079 strinfo. */
1081 static void
1083 {
1108 {
1116 {
1120 }
1121 }
1127 {
1128 gimple_stmt_iterator gsi;
1139 }
1146 {
1152 }
1156 {
1161 /* Don't adjust the length if it is divisible by 4, it is more efficient
1162 to store the extra '\0' in that case. */
1166 /* Don't fold away an out of bounds access, as this defeats proper
1167 warnings. */
1172 }
1174 {
1181 }
1182 else
1187 }
1189 /* For an LHS that is an SSA_NAME that is the result of a strlen()
1190 call, or when BOUND is non-null, of a strnlen() call, set LHS
1191 range info to [0, min (MAX, BOUND)] when the range includes more
1192 than one value and return LHS. Otherwise, when the range
1193 [MIN, MAX] is such that MIN == MAX, return the tree representation
1194 of (MIN). The latter allows callers to fold suitable strnlen() calls
1195 to constants. */
1197 tree
1199 {
1207 {
1208 /* For strnlen, adjust MIN and MAX as necessary. If the bound
1209 is less than the size of the array set MAX to it. It it's
1210 greater than MAX and MAX is non-zero bump MAX down to account
1211 for the necessary terminating nul. Otherwise leave it alone. */
1213 {
1220 }
1222 {
1226 {
1227 /* For a bound in a known range, adjust the range determined
1228 above as necessary. For a bound in some anti-range or
1229 in an unknown range, use the range determined by callers. */
1234 }
1235 }
1236 }
1243 }
1245 /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1246 SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1247 a character array A[N] with unknown length bounded by N, and for
1248 strnlen(), by min (N, BOUND). */
1250 static tree
1252 {
1258 {
1263 }
1265 /* The longest string is PTRDIFF_MAX - 1 bytes including the final
1266 NUL so that the difference between a pointer to just past it and
1267 one to its beginning is positive. */
1271 {
1272 /* The last array member of a struct can be bigger than its size
1273 suggests if it's treated as a poor-man's flexible array member. */
1277 {
1283 {
1284 /* Even though such uses of strlen would be undefined,
1285 avoid relying on arrays of arrays in case some genius
1286 decides to call strlen on an unterminated array element
1287 that's followed by a terminated one. Likewise, avoid
1288 assuming that a struct array member is necessarily
1289 nul-terminated (the nul may be in the member that
1290 follows). In those cases, assume that the length
1291 of the string stored in such an array is bounded
1292 by the size of the enclosing object if one can be
1293 determined. */
1296 {
1302 }
1303 }
1305 /* For strlen() the upper bound above is equal to
1306 the longest string that can be stored in the array
1307 (i.e., it accounts for the terminating nul. For
1308 strnlen() bump up the maximum by one since the array
1309 need not be nul-terminated. */
1312 }
1313 }
1316 }
1318 /* Handle a strlen call. If strlen of the argument is known, replace
1319 the strlen call with the known value, otherwise remember that strlen
1320 of the argument is stored in the lhs SSA_NAME. */
1322 static void
1324 {
1338 {
1340 tree rhs;
1346 else
1347 {
1351 {
1353 /* For strnlen, if bound is constant, even if si is not known
1354 to be zero terminated, if we know at least bound bytes are
1355 not zero, the return value will be bound. */
1363 }
1364 }
1366 {
1368 {
1371 }
1384 {
1387 }
1390 /* Don't update anything for strnlen. */
1395 {
1399 }
1403 /* For strnlen record this only if the call is proven
1404 to return the same value as strlen would. */
1411 }
1412 }
1418 else
1419 {
1422 {
1424 {
1425 /* Until now we only had a lower bound on the string length.
1426 Install LHS as the actual length. */
1432 {
1437 }
1438 else
1439 {
1443 }
1444 }
1446 }
1447 }
1449 {
1451 {
1452 /* Only store the new length information for calls to strlen(),
1453 not for those to strnlen(). */
1457 }
1459 /* For SRC that is an array of N elements, set LHS's range
1460 to [0, min (N, BOUND)]. A constant return value means
1461 the range would have consisted of a single value. In
1462 that case, fold the result into the returned constant. */
1465 {
1467 {
1470 }
1478 {
1481 }
1482 }
1486 }
1487 }
1489 /* Handle a strchr call. If strlen of the first argument is known, replace
1490 the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
1491 that lhs of the call is endptr and strlen of the argument is endptr - x. */
1493 static void
1495 {
1497 tree src;
1510 {
1512 tree rhs;
1516 else
1517 {
1522 }
1524 {
1528 {
1531 }
1533 {
1538 }
1539 else
1540 {
1547 }
1553 {
1556 }
1560 {
1563 }
1566 }
1567 }
1571 {
1575 {
1578 }
1580 {
1591 }
1592 }
1593 else
1595 }
1597 /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
1598 If strlen of the second argument is known, strlen of the first argument
1599 is the same after this call. Furthermore, attempt to convert it to
1600 memcpy. */
1602 static void
1604 {
1610 location_t loc;
1640 {
1650 else
1651 {
1656 }
1660 }
1663 {
1667 }
1669 {
1674 /* Break the chain, so adjust_related_strinfo on later pointers in
1675 the chain won't adjust this one anymore. */
1679 }
1680 else
1681 {
1685 }
1690 {
1693 /* If string length of src is unknown, use delayed length
1694 computation. If string lenth of dst will be needed, it
1695 can be computed by transforming this strcpy call into
1696 stpcpy and subtracting dst from the return value. */
1698 /* Look for earlier strings whose length could be determined if
1699 this strcpy is turned into an stpcpy. */
1702 {
1704 {
1705 /* When setting a stmt for delayed length computation
1706 prevent all strinfos through dsi from being
1707 invalidated. */
1714 }
1715 }
1718 /* Try to detect overlap before returning. This catches cases
1719 like strcpy (d, d + n) where n is non-constant whose range
1720 is such that (n <= strlen (d) holds).
1722 OLDDSI->NONZERO_chars may have been reset by this point with
1723 oldlen holding it original value. */
1725 {
1726 /* Add 1 for the terminating NUL. */
1731 }
1734 }
1737 {
1740 ;
1748 oldlen));
1751 else
1753 }
1754 /* strcpy src may not overlap dst, so src doesn't need to be
1755 invalidated either. */
1762 {
1774 /* This would need adjustment of the lhs (subtract one),
1775 or detection that the trailing '\0' doesn't need to be
1776 written, if it will be immediately overwritten.
1777 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
1779 {
1782 }
1785 /* This would need adjustment of the lhs (subtract one),
1786 or detection that the trailing '\0' doesn't need to be
1787 written, if it will be immediately overwritten.
1788 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
1790 {
1793 }
1797 }
1802 {
1805 }
1806 else
1812 /* Set the no-warning bit on the transformed statement? */
1818 {
1821 }
1827 GSI_SAME_STMT);
1829 {
1832 }
1835 else
1839 {
1843 {
1846 }
1847 /* Allow adjust_last_stmt to decrease this memcpy's size. */
1851 }
1857 }
1859 /* Check the size argument to the built-in forms of stpncpy and strncpy
1860 for out-of-bounds offsets or overlapping access, and to see if the
1861 size argument is derived from a call to strlen() on the source argument,
1862 and if so, issue an appropriate warning. */
1864 static void
1866 {
1867 /* Same as stxncpy(). */
1869 }
1871 /* Return true if LEN depends on a call to strlen(SRC) in an interesting
1872 way. LEN can either be an integer expression, or a pointer (to char).
1873 When it is the latter (such as in recursive calls to self) is is
1874 assumed to be the argument in some call to strlen() whose relationship
1875 to SRC is being ascertained. */
1877 bool
1879 {
1892 {
1900 }
1913 {
1914 /* Pointer plus (an integer), and truncation are considered among
1915 the (potentially) related expressions to strlen. */
1917 }
1920 {
1921 /* Integer subtraction is considered strlen-related when both
1922 arguments are integers and second one is strlen-related. */
1926 }
1929 }
1931 /* Called by handle_builtin_stxncpy and by gimple_fold_builtin_strncpy
1932 in gimple-fold.c.
1933 Check to see if the specified bound is a) equal to the size of
1934 the destination DST and if so, b) if it's immediately followed by
1935 DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
1936 do nothing. Return true if diagnostic has been issued.
1938 The purpose is to diagnose calls to strncpy and stpncpy that do
1939 not nul-terminate the copy while allowing for the idiom where
1940 such a call is immediately followed by setting the last element
1941 to nul, as in:
1942 char a[32];
1943 strncpy (a, s, sizeof a);
1944 a[sizeof a - 1] = '\0';
1945 */
1947 bool
1949 {
1959 {
1962 ;
1964 {
1968 {
1971 }
1972 else
1973 {
1976 }
1977 }
1978 else
1980 }
1981 else
1984 /* Negative value is the constant string length. If it's less than
1985 the lower bound there is no truncation. Avoid calling get_stridx()
1986 when ssa_ver_to_stridx is empty. That implies the caller isn't
1987 running under the control of this pass and ssa_ver_to_stridx hasn't
1988 been created yet. */
2001 {
2002 /* If the source is a non-string return early to avoid warning
2003 for possible truncation (if the truncation is certain SIDX
2004 is non-zero). */
2010 }
2012 /* Likewise, if the destination refers to a an array/pointer declared
2013 nonstring return early. */
2017 /* Look for dst[i] = '\0'; after the stxncpy() call and if found
2018 avoid the truncation warning. */
2022 {
2023 /* When there is no statement in the same basic block check
2024 the immediate successor block. */
2026 {
2028 {
2029 /* For simplicity, ignore blocks with multiple outgoing
2030 edges for now and only consider successor blocks along
2031 normal edges. */
2034 {
2038 {
2041 }
2042 }
2043 }
2044 }
2045 }
2048 {
2056 {
2060 }
2062 /* Determine the base address and offset of the reference,
2063 ignoring the innermost array index. */
2067 poly_int64 dstoff;
2070 poly_int64 lhsoff;
2073 && dstbase
2077 }
2082 {
2088 }
2091 else
2092 {
2093 c_strlen_data lendata = { };
2097 {
2098 /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
2099 which stores the length of the shortest known string. */
2102 else
2105 }
2106 else
2107 {
2110 }
2111 }
2119 {
2120 /* If the longest source string is shorter than the lower bound
2121 of the specified count the copy is definitely nul-terminated. */
2126 {
2127 /* The length of one of the strings is unknown but at least
2128 one has non-zero length and that length is stored in
2129 LENRANGE[1]. Swap the bounds to force a "may be truncated"
2130 warning below. */
2133 }
2135 /* Set to true for strncat whose bound is derived from the length
2136 of the destination (the expected usage pattern). */
2144 "%G%qD output truncated before terminating "
2145 "nul copying %E byte from a string of the "
2147 "%G%qD output truncated before terminating nul "
2148 "copying %E bytes from a string of the same "
2152 {
2154 {
2155 /* The shortest string is longer than the upper bound of
2156 the count so the truncation is certain. */
2160 "%G%qD output truncated copying %E byte "
2162 "%G%qD output truncated copying %E bytes "
2167 "%G%qD output truncated copying between %wu "
2171 }
2173 {
2174 /* The longest string is longer than the upper bound of
2175 the count so the truncation is possible. */
2179 "%G%qD output may be truncated copying %E "
2181 "%G%qD output may be truncated copying %E "
2186 "%G%qD output may be truncated copying between "
2190 }
2191 }
2197 {
2198 /* If the source (including the terminating nul) is longer than
2199 the lower bound of the specified count but shorter than the
2200 upper bound the copy may (but need not) be truncated. */
2202 "%G%qD output may be truncated copying between "
2206 }
2207 }
2210 {
2211 /* The source length is uknown. Try to determine the destination
2212 size and see if it matches the specified bound. If not, bail.
2213 Otherwise go on to see if it should be diagnosed for possible
2214 truncation. */
2221 /* Avoid warning for strncpy(a, b, N) calls where the following
2222 equalities hold:
2223 N == sizeof a && N == sizeof b */
2232 }
2235 }
2237 /* Check the arguments to the built-in forms of stpncpy and strncpy for
2238 out-of-bounds offsets or overlapping access, and to see if the size
2239 is derived from calling strlen() on the source argument, and if so,
2240 issue the appropriate warning. */
2242 static void
2244 {
2257 {
2258 /* Compute the size of the destination string including the nul
2259 if it is known to be nul-terminated. */
2261 {
2263 {
2264 /* String is known to be nul-terminated. */
2268 }
2269 else
2271 }
2274 }
2279 {
2280 /* strncat() and strncpy() can modify the source string by writing
2281 over the terminating nul so SISRC->DONT_INVALIDATE must be left
2282 clear. */
2284 /* Compute the size of the source string including the terminating
2285 nul if its known to be nul-terminated. */
2287 {
2289 {
2293 }
2294 else
2296 }
2299 }
2300 else
2304 {
2307 }
2309 /* If the length argument was computed from strlen(S) for some string
2310 S retrieve the strinfo index for the string (PSS->FIRST) alonng with
2311 the location of the strlen() call (PSS->SECOND). */
2314 {
2319 }
2321 /* Retrieve the strinfo data for the string S that LEN was computed
2322 from as some function F of strlen (S) (i.e., LEN need not be equal
2323 to strlen(S)). */
2333 /* When -Wstringop-truncation is set, try to determine truncation
2334 before diagnosing possible overflow. Truncation is implied by
2335 the LEN argument being equal to strlen(SRC), regardless of
2336 whether its value is known. Otherwise, issue the more generic
2337 -Wstringop-overflow which triggers for LEN arguments that in
2338 any meaningful way depend on strlen(SRC). */
2342 "%G%qD output truncated before terminating nul "
2348 "%G%qD specified bound depends on the length "
2352 {
2356 }
2357 }
2359 /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
2360 If strlen of the second argument is known and length of the third argument
2361 is that plus one, strlen of the first argument is the same after this
2362 call. */
2364 static void
2366 {
2393 {
2396 /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
2397 is known. */
2403 {
2405 {
2406 /* Copying LEN nonzero characters, where LEN is constant. */
2409 }
2410 else
2411 {
2412 /* Copying the whole of the analyzed part of SI. */
2415 }
2416 }
2417 else
2418 {
2429 /* Copying variable-length string SI (and no more). */
2432 }
2433 }
2434 else
2435 {
2437 /* Handle memcpy (x, "abcd", 5) or
2438 memcpy (x, "abc\0uvw", 7). */
2446 }
2449 && olddsi
2453 {
2454 /* The SRC substring being written strictly overlaps
2455 a subsequence of the existing string OLDDSI. */
2458 }
2464 {
2468 }
2471 {
2476 /* Break the chain, so adjust_related_strinfo on later pointers in
2477 the chain won't adjust this one anymore. */
2481 }
2482 else
2483 {
2487 }
2491 {
2495 ;
2502 oldlen));
2505 else
2507 }
2508 /* memcpy src may not overlap dst, so src doesn't need to be
2509 invalidated either. */
2514 {
2517 {
2520 /* Allow adjust_last_stmt to decrease this memcpy's size. */
2532 }
2533 }
2534 }
2536 /* Handle a strcat-like ({strcat,__strcat_chk}) call.
2537 If strlen of the second argument is known, strlen of the first argument
2538 is increased by the length of the second argument. Furthermore, attempt
2539 to convert it to memcpy/strcpy if the length of the first argument
2540 is known. */
2542 static void
2544 {
2555 /* Bail if the source is the same as destination. It will be diagnosed
2556 elsewhere. */
2576 {
2580 }
2582 /* Set the no-warning bit on the transformed statement? */
2586 {
2587 {
2588 /* The concatenation always involves copying at least one byte
2589 (the terminating nul), even if the source string is empty.
2590 If the source is unknown assume it's one character long and
2591 used that as both sizes. */
2594 {
2597 }
2602 {
2605 }
2606 }
2608 /* strcat (p, q) can be transformed into
2609 tmp = p + strlen (p); endptr = stpcpy (tmp, q);
2610 with length endptr - p if we need to compute the length
2611 later on. Don't do this transformation if we don't need
2612 it. */
2614 {
2616 {
2620 }
2622 {
2626 }
2627 else
2628 {
2634 }
2638 }
2640 }
2651 {
2658 }
2659 else
2660 {
2665 }
2668 /* strcat src may not overlap dst, so src doesn't need to be
2669 invalidated either. */
2672 /* For now. Could remove the lhs from the call and add
2673 lhs = dst; afterwards. */
2680 {
2684 else
2690 else
2696 }
2702 {
2705 /* Compute the size of the source sequence, including the nul. */
2712 {
2715 }
2716 }
2720 {
2728 GSI_SAME_STMT);
2729 }
2732 else
2737 GSI_SAME_STMT);
2739 {
2744 GSI_SAME_STMT);
2745 }
2747 {
2750 }
2754 else
2758 {
2762 {
2765 }
2766 /* If srclen == NULL, note that current string length can be
2767 computed by transforming this strcpy into stpcpy. */
2772 {
2776 }
2777 }
2783 }
2785 /* Handle a call to malloc or calloc. */
2787 static void
2789 {
2807 }
2809 /* Handle a call to memset.
2810 After a call to calloc, memset(,0,) is unnecessary.
2811 memset(malloc(n),0,n) is calloc(n,1).
2812 return true when the call is transfomred, false otherwise. */
2814 static bool
2816 {
2839 {
2846 }
2847 else
2852 {
2855 }
2856 else
2857 {
2860 }
2863 }
2865 /* Handle a call to memcmp. We try to handle small comparisons by
2866 converting them to load and compare, and replacing the call to memcmp
2867 with a __builtin_memcmp_eq call where possible.
2868 return true when call is transformed, return false otherwise. */
2870 static bool
2872 {
2879 use_operand_p use_p;
2880 imm_use_iterator iter;
2886 {
2892 {
2898 }
2900 {
2905 }
2906 else
2908 }
2913 {
2918 scalar_int_mode mode;
2921 {
2939 boolean_type_node,
2943 }
2944 }
2948 }
2950 /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return
2951 the result of 0 == strncmp (A, B, N) (which is the same as strcmp for
2952 sufficiently large N). Otherwise return false. */
2954 static bool
2956 {
2964 {
2967 }
2969 {
2971 {
2974 }
2975 else
2977 }
2978 else
2982 {
2985 }
2987 {
2989 {
2992 }
2993 else
2995 }
2996 else
2999 /* N is set to UHWI_MAX for strcmp and less to strncmp. Adjust
3000 the length of each string to consider to be no more than N. */
3008 /* The string lengths are definitely unequal and the result can
3009 be folded to one (since it's used for comparison with zero). */
3012 /* The string lengths may be equal or unequal. Even when equal and
3013 both strings nul-terminated, without the string contents there's
3014 no way to determine whether they are equal. */
3016 }
3018 /* Given an index to the strinfo vector, compute the string length
3019 for the corresponding string. Return -1 when unknown. */
3021 static HOST_WIDE_INT
3023 {
3032 {
3036 }
3042 }
3044 /* Determine the minimum size of the object referenced by DEST expression
3045 which must have a pointer type.
3046 Return the minimum size of the object if successful or NULL when the size
3047 cannot be determined. */
3048 static tree
3050 {
3056 /* Try to determine the size of the object through the RHS
3057 of the assign statement. */
3059 {
3070 }
3072 /* Try to determine the size of the object from its type. */
3082 /* We cannot determine the size of the array if it's a flexible array,
3083 which is declared at the end of a structure. */
3086 {
3091 }
3094 }
3096 /* Handle a call to strcmp or strncmp. When the result is ONLY used to do
3097 equality test against zero:
3099 A. When the lengths of both arguments are constant and it's a strcmp:
3100 * if the lengths are NOT equal, we can safely fold the call
3101 to a non-zero value.
3102 * otherwise, do nothing now.
3104 B. When the length of one argument is constant, try to replace the call
3105 with a __builtin_str(n)cmp_eq call where possible, i.e:
3107 strncmp (s, STR, C) (!)= 0 in which, s is a pointer to a string, STR
3108 is a string with constant length , C is a constant.
3109 if (C <= strlen(STR) && sizeof_array(s) > C)
3110 {
3111 replace this call with
3112 strncmp_eq (s, STR, C) (!)= 0
3113 }
3114 if (C > strlen(STR)
3115 {
3116 it can be safely treated as a call to strcmp (s, STR) (!)= 0
3117 can handled by the following strcmp.
3118 }
3120 strcmp (s, STR) (!)= 0 in which, s is a pointer to a string, STR
3121 is a string with constant length.
3122 if (sizeof_array(s) > strlen(STR))
3123 {
3124 replace this call with
3125 strcmp_eq (s, STR, strlen(STR)+1) (!)= 0
3126 }
3128 Return true when the call is transformed, return false otherwise.
3129 */
3131 static bool
3133 {
3136 use_operand_p use_p;
3137 imm_use_iterator iter;
3148 /* When both arguments are unknown, do nothing. */
3152 /* Handle strncmp function. */
3154 {
3160 }
3162 /* For strncmp, if the length argument is NOT known, do nothing. */
3166 /* When the result is ONLY used to do equality test against zero. */
3168 {
3174 {
3177 {
3183 }
3185 {
3188 }
3189 else
3191 }
3193 {
3198 }
3199 else
3201 }
3203 /* When the lengths of the arguments are known to be unequal
3204 we can safely fold the call to a non-zero value for strcmp;
3205 otherwise, do nothing now. */
3207 {
3209 {
3212 }
3214 }
3216 /* When the length of one argument is constant. */
3221 {
3224 }
3225 else
3226 {
3230 }
3236 /* try to determine the minimum size of the object pointed by var_string. */
3248 /* For strncmp, if length > const_string_leni , this call can be safely
3249 transformed to a strcmp. */
3253 unsigned HOST_WIDE_INT final_length
3256 /* Replace strcmp or strncmp with the corresponding str(n)cmp_eq. */
3258 {
3259 tree fn
3260 = (is_ncmp
3267 }
3268 else
3272 }
3274 /* Handle a POINTER_PLUS_EXPR statement.
3275 For p = "abcd" + 2; compute associated length, or if
3276 p = q + off is pointing to a '\0' character of a string, call
3277 zero_length_string on it. */
3279 static void
3281 {
3291 {
3298 }
3309 {
3316 }
3321 {
3322 enum tree_code rhs_code
3328 }
3329 }
3331 /* If RHS, either directly or indirectly, refers to a string of constant
3332 length, return the length. Otherwise, if it refers to a character
3333 constant, return 1 if the constant is non-zero and 0 if it is nul.
3334 Otherwise, return a negative value. */
3336 static HOST_WIDE_INT
3338 {
3340 {
3342 {
3345 }
3349 }
3353 {
3356 {
3361 {
3364 {
3368 {
3371 }
3372 }
3373 }
3374 }
3375 }
3382 {
3386 }
3389 }
3391 /* Handle a single or multiple character store either by single
3392 character assignment or by multi-character assignment from
3393 MEM_REF. */
3395 static bool
3397 {
3407 {
3410 {
3411 /* Get the strinfo for the base, and use it if it starts with at
3412 least OFFSET nonzero characters. This is trivially true if
3413 OFFSET is zero. */
3422 }
3423 }
3424 else
3425 {
3429 }
3431 /* STORING_NONZERO_P is true iff not all stored characters are zero.
3432 STORING_ALL_ZEROS_P is true iff all stored characters are zero.
3433 Both are false when it's impossible to determine which is true. */
3440 /* Set to the length of the string being assigned if known. */
3441 HOST_WIDE_INT rhslen;
3444 {
3448 {
3449 /* When overwriting a '\0' with a '\0', the store can be removed
3450 if we know it has been stored in the current function. */
3452 {
3457 }
3458 else
3459 {
3463 }
3464 }
3465 /* If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
3466 and if we aren't storing '\0', we know that the length of the
3467 string and any other zero terminated string in memory remains
3468 the same. In that case we move to the next gimple statement and
3469 return to signal the caller that it shouldn't invalidate anything.
3471 This is benefical for cases like:
3473 char p[20];
3474 void foo (char *q)
3475 {
3476 strcpy (p, "foobar");
3477 size_t len = strlen (p); // This can be optimized into 6
3478 size_t len2 = strlen (q); // This has to be computed
3479 p[0] = 'X';
3480 size_t len3 = strlen (p); // This can be optimized into 6
3481 size_t len4 = strlen (q); // This can be optimized into len2
3482 bar (len, len2, len3, len4);
3483 }
3484 */
3486 {
3489 }
3491 || storing_nonzero_p
3493 {
3494 /* When STORING_NONZERO_P, we know that the string will start
3495 with at least OFFSET + 1 nonzero characters. If storing
3496 a single character, set si->NONZERO_CHARS to the result.
3497 If storing multiple characters, try to determine the number
3498 of leading non-zero characters and set si->NONZERO_CHARS to
3499 the result instead.
3501 When STORING_ALL_ZEROS_P, we know that the string is now
3502 OFFSET characters long.
3504 Otherwise, we're storing an unknown value at offset OFFSET,
3505 so need to clip the nonzero_chars to OFFSET. */
3509 {
3510 /* Try to get the minimum length of the string (or
3511 individual character) being stored. If it fails,
3512 STORING_NONZERO_P guarantees it's at least 1. */
3516 }
3521 /* We're overwriting the nul terminator with a nonzero or
3522 unknown character. If the previous stmt was a memcpy,
3523 its length may be decreased. */
3527 {
3530 }
3531 else
3535 && ssaname
3538 else
3545 {
3549 }
3550 else
3552 }
3553 }
3555 {
3558 else
3561 {
3563 HOST_WIDE_INT slen = (storing_all_zeros_p
3565 : (storing_nonzero_p
3569 ? size_zero_node
3574 && ssaname
3579 }
3580 }
3585 {
3588 {
3591 {
3594 full_string_p);
3597 }
3598 }
3599 }
3602 {
3603 /* Allow adjust_last_stmt to remove it if the stored '\0'
3604 is immediately overwritten. */
3608 }
3610 }
3612 /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
3614 static void
3616 {
3623 {
3628 {
3631 }
3633 }
3636 {
3640 {
3646 {
3649 else
3650 {
3654 }
3655 }
3658 {
3663 {
3666 arg1_len);
3669 }
3681 {
3683 {
3687 }
3688 else
3689 {
3692 }
3693 }
3694 else
3695 {
3699 }
3701 }
3702 }
3703 }
3704 }
3706 /* Attempt to check for validity of the performed access a single statement
3707 at *GSI using string length knowledge, and to optimize it.
3708 If the given basic block needs clean-up of EH, CLEANUP_EH is set to
3709 true. */
3711 static bool
3713 {
3717 {
3721 {
3777 }
3778 }
3780 {
3784 {
3788 {
3791 }
3794 }
3796 {
3799 {
3806 }
3816 {
3822 {
3825 {
3833 else
3834 /* This case is not useful. See if get_addr_stridx
3835 returns something usable. */
3837 }
3838 }
3842 {
3847 {
3852 {
3854 {
3857 }
3859 /* Reading the final '\0' character. */
3863 *cleanup_eh
3870 {
3873 }
3874 }
3876 {
3877 /* Reading a character before the final '\0'
3878 character. Just set the value range to ~[0, 0]
3879 if we don't have anything better. */
3882 enum value_range_kind vr
3893 }
3894 }
3895 }
3896 }
3899 {
3903 }
3904 }
3906 {
3913 {
3916 }
3917 }
3918 }
3920 {
3925 }
3930 }
3932 /* Recursively call maybe_invalidate on stmts that might be executed
3933 in between dombb and current bb and that contain a vdef. Stop when
3934 *count stmts are inspected, or if the whole strinfo vector has
3935 been invalidated. */
3937 static void
3939 {
3943 {
3953 {
3955 {
3960 }
3964 {
3967 }
3971 {
3978 }
3979 }
3980 }
3981 }
3984 {
3988 {}
3993 /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
3994 execute function. */
3996 };
3998 /* Callback for walk_dominator_tree. Attempt to optimize various
3999 string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
4001 edge
4003 {
4008 else
4009 {
4012 {
4015 {
4018 {
4024 {
4025 /* If there were too many vdefs in between immediate
4026 dominator and current bb, invalidate everything.
4027 If stridx_to_strinfo has been unshared, we need
4028 to free it, otherwise just set it to NULL. */
4030 {
4037 {
4040 }
4041 }
4042 else
4044 }
4046 }
4047 }
4048 }
4049 }
4051 /* If all PHI arguments have the same string index, the PHI result
4052 has it as well. */
4055 {
4059 {
4062 {
4069 }
4070 }
4071 }
4075 /* Attempt to optimize individual statements. */
4087 }
4089 /* Callback for walk_dominator_tree. Free strinfo vector if it is
4090 owned by the current bb, clear bb->aux. */
4092 void
4094 {
4096 {
4100 {
4107 }
4109 }
4110 }
4112 /* Main entry point. */
4117 {
4127 };
4130 {
4134 {}
4136 /* opt_pass methods: */
4142 unsigned int
4144 {
4154 /* String length optimization is implemented as a walk of the dominator
4155 tree and a forward walk of statements within each block. */
4162 {
4166 }
4172 {
4176 }
4179 }
4183 gimple_opt_pass *
4185 {
4187 }