search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Emit .note.GNU-stack for hard-float linux targets.
[official-gcc.git] / gcc / tree-ssa-strlen.c
blobad9e98973b128d16c281e77b7b73dc8a85ac099a
1 /* String length optimization
2 Copyright (C) 2011-2020 Free Software Foundation, Inc.
3 Contributed by Jakub Jelinek <jakub@redhat.com>
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
11
12 GCC is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "backend.h"
25 #include "rtl.h"
26 #include "tree.h"
27 #include "gimple.h"
28 #include "alloc-pool.h"
29 #include "tree-pass.h"
30 #include "ssa.h"
31 #include "cgraph.h"
32 #include "gimple-pretty-print.h"
33 #include "gimple-ssa-warn-restrict.h"
34 #include "fold-const.h"
35 #include "stor-layout.h"
36 #include "gimple-fold.h"
37 #include "tree-eh.h"
38 #include "gimplify.h"
39 #include "gimple-iterator.h"
40 #include "gimplify-me.h"
41 #include "expr.h"
42 #include "tree-cfg.h"
43 #include "tree-dfa.h"
44 #include "domwalk.h"
45 #include "tree-ssa-alias.h"
46 #include "tree-ssa-propagate.h"
47 #include "tree-ssa-strlen.h"
48 #include "tree-hash-traits.h"
49 #include "tree-object-size.h"
50 #include "builtins.h"
51 #include "target.h"
52 #include "diagnostic-core.h"
53 #include "diagnostic.h"
54 #include "intl.h"
55 #include "attribs.h"
56 #include "calls.h"
57 #include "cfgloop.h"
58 #include "tree-ssa-loop.h"
59 #include "tree-scalar-evolution.h"
60
61 #include "vr-values.h"
62 #include "gimple-ssa-evrp-analyze.h"
63
64 /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
65 is an index into strinfo vector, negative value stands for
66 string length of a string literal (~strlen). */
67 static vec<int> ssa_ver_to_stridx;
68
69 /* Number of currently active string indexes plus one. */
70 static int max_stridx;
71
72 /* Set to true to optimize, false when just checking. */
73 static bool strlen_optimize;
74
75 /* String information record. */
76 struct strinfo
77 {
78 /* Number of leading characters that are known to be nonzero. This is
79 also the length of the string if FULL_STRING_P.
80
81 The values in a list of related string pointers must be consistent;
82 that is, if strinfo B comes X bytes after strinfo A, it must be
83 the case that A->nonzero_chars == X + B->nonzero_chars. */
84 tree nonzero_chars;
85 /* Any of the corresponding pointers for querying alias oracle. */
86 tree ptr;
87 /* STMT is used for two things:
88
89 - To record the statement that should be used for delayed length
90 computations. We maintain the invariant that all related strinfos
91 have delayed lengths or none do.
92
93 - To record the malloc or calloc call that produced this result
94 to optimize away malloc/memset sequences. STMT is reset after
95 a calloc-allocated object has been stored a non-zero value into. */
96 gimple *stmt;
97 /* Set to the dynamic allocation statement for the object (alloca,
98 calloc, malloc, or VLA). Unlike STMT, once set for a strinfo
99 object, ALLOC doesn't change. */
100 gimple *alloc;
101 /* Pointer to '\0' if known, if NULL, it can be computed as
102 ptr + length. */
103 tree endptr;
104 /* Reference count. Any changes to strinfo entry possibly shared
105 with dominating basic blocks need unshare_strinfo first, except
106 for dont_invalidate which affects only the immediately next
107 maybe_invalidate. */
108 int refcount;
109 /* Copy of index. get_strinfo (si->idx) should return si; */
110 int idx;
111 /* These 3 fields are for chaining related string pointers together.
112 E.g. for
113 bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
114 strcpy (c, d); e = c + dl;
115 strinfo(a) -> strinfo(c) -> strinfo(e)
116 All have ->first field equal to strinfo(a)->idx and are doubly
117 chained through prev/next fields. The later strinfos are required
118 to point into the same string with zero or more bytes after
119 the previous pointer and all bytes in between the two pointers
120 must be non-zero. Functions like strcpy or memcpy are supposed
121 to adjust all previous strinfo lengths, but not following strinfo
122 lengths (those are uncertain, usually invalidated during
123 maybe_invalidate, except when the alias oracle knows better).
124 Functions like strcat on the other side adjust the whole
125 related strinfo chain.
126 They are updated lazily, so to use the chain the same first fields
127 and si->prev->next == si->idx needs to be verified. */
128 int first;
129 int next;
130 int prev;
131 /* A flag whether the string is known to be written in the current
132 function. */
133 bool writable;
134 /* A flag for the next maybe_invalidate that this strinfo shouldn't
135 be invalidated. Always cleared by maybe_invalidate. */
136 bool dont_invalidate;
137 /* True if the string is known to be nul-terminated after NONZERO_CHARS
138 characters. False is useful when detecting strings that are built
139 up via successive memcpys. */
140 bool full_string_p;
141 };
142
143 /* Pool for allocating strinfo_struct entries. */
144 static object_allocator<strinfo> strinfo_pool ("strinfo pool");
145
146 /* Vector mapping positive string indexes to strinfo, for the
147 current basic block. The first pointer in the vector is special,
148 it is either NULL, meaning the vector isn't shared, or it is
149 a basic block pointer to the owner basic_block if shared.
150 If some other bb wants to modify the vector, the vector needs
151 to be unshared first, and only the owner bb is supposed to free it. */
152 static vec<strinfo *, va_heap, vl_embed> *stridx_to_strinfo;
153
154 /* One OFFSET->IDX mapping. */
155 struct stridxlist
156 {
157 struct stridxlist *next;
158 HOST_WIDE_INT offset;
159 int idx;
160 };
161
162 /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
163 struct decl_stridxlist_map
164 {
165 struct tree_map_base base;
166 struct stridxlist list;
167 };
168
169 /* Hash table for mapping decls to a chained list of offset -> idx
170 mappings. */
171 typedef hash_map<tree_decl_hash, stridxlist> decl_to_stridxlist_htab_t;
172 static decl_to_stridxlist_htab_t *decl_to_stridxlist_htab;
173
174 /* Hash table mapping strlen (or strnlen with constant bound and return
175 smaller than bound) calls to stridx instances describing
176 the calls' arguments. Non-null only when warn_stringop_truncation
177 is non-zero. */
178 typedef std::pair<int, location_t> stridx_strlenloc;
179 static hash_map<tree, stridx_strlenloc> *strlen_to_stridx;
180
181 /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
182 static struct obstack stridx_obstack;
183
184 /* Last memcpy statement if it could be adjusted if the trailing
185 '\0' written is immediately overwritten, or
186 *x = '\0' store that could be removed if it is immediately overwritten. */
187 struct laststmt_struct
188 {
189 gimple *stmt;
190 tree len;
191 int stridx;
192 } laststmt;
193
194 static int get_stridx_plus_constant (strinfo *, unsigned HOST_WIDE_INT, tree);
195 static void handle_builtin_stxncpy (built_in_function, gimple_stmt_iterator *);
196
197 /* Sets MINMAX to either the constant value or the range VAL is in
198 and returns either the constant value or VAL on success or null
199 when the range couldn't be determined. Uses RVALS when nonnull
200 to determine the range, otherwise get_range_info. */
201
202 tree
203 get_range (tree val, wide_int minmax[2], const vr_values *rvals /* = NULL */)
204 {
205 if (TREE_CODE (val) == INTEGER_CST)
206 {
207 minmax[0] = minmax[1] = wi::to_wide (val);
208 return val;
209 }
210
211 if (TREE_CODE (val) != SSA_NAME)
212 return NULL_TREE;
213
214 if (rvals)
215 {
216 /* The range below may be "inaccurate" if a constant has been
217 substituted earlier for VAL by this pass that hasn't been
218 propagated through the CFG. This shoud be fixed by the new
219 on-demand VRP if/when it becomes available (hopefully in
220 GCC 11). */
221 const value_range *vr
222 = (CONST_CAST (class vr_values *, rvals)->get_value_range (val));
223 value_range_kind rng = vr->kind ();
224 if (rng != VR_RANGE || !range_int_cst_p (vr))
225 return NULL_TREE;
226
227 minmax[0] = wi::to_wide (vr->min ());
228 minmax[1] = wi::to_wide (vr->max ());
229 return val;
230 }
231
232 value_range_kind rng = get_range_info (val, minmax, minmax + 1);
233 if (rng == VR_RANGE)
234 return val;
235
236 /* Do not handle anti-ranges and instead make use of the on-demand
237 VRP if/when it becomes available (hopefully in GCC 11). */
238 return NULL_TREE;
239 }
240
241 /* Return:
242
243 * +1 if SI is known to start with more than OFF nonzero characters.
244
245 * 0 if SI is known to start with exactly OFF nonzero characters.
246
247 * -1 if SI either does not start with OFF nonzero characters
248 or the relationship between the number of leading nonzero
249 characters in SI and OFF is unknown. */
250
251 static inline int
252 compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off)
253 {
254 if (si->nonzero_chars
255 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
256 return compare_tree_int (si->nonzero_chars, off);
257 else
258 return -1;
259 }
260
261 /* Same as above but suitable also for strings with non-constant lengths.
262 Uses RVALS to determine length range. */
263
264 static int
265 compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off,
266 const vr_values *rvals)
267 {
268 if (!si->nonzero_chars)
269 return -1;
270
271 if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
272 return compare_tree_int (si->nonzero_chars, off);
273
274 if (!rvals || TREE_CODE (si->nonzero_chars) != SSA_NAME)
275 return -1;
276
277 const value_range_equiv *vr
278 = (CONST_CAST (class vr_values *, rvals)
279 ->get_value_range (si->nonzero_chars));
280
281 value_range_kind rng = vr->kind ();
282 if (rng != VR_RANGE || !range_int_cst_p (vr))
283 return -1;
284
285 /* If the offset is less than the minimum length or if the bounds
286 of the length range are equal return the result of the comparison
287 same as in the constant case. Otherwise return a conservative
288 result. */
289 int cmpmin = compare_tree_int (vr->min (), off);
290 if (cmpmin > 0 || tree_int_cst_equal (vr->min (), vr->max ()))
291 return cmpmin;
292
293 return -1;
294 }
295
296 /* Return true if SI is known to be a zero-length string. */
297
298 static inline bool
299 zero_length_string_p (strinfo *si)
300 {
301 return si->full_string_p && integer_zerop (si->nonzero_chars);
302 }
303
304 /* Return strinfo vector entry IDX. */
305
306 static inline strinfo *
307 get_strinfo (int idx)
308 {
309 if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
310 return NULL;
311 return (*stridx_to_strinfo)[idx];
312 }
313
314 /* Get the next strinfo in the chain after SI, or null if none. */
315
316 static inline strinfo *
317 get_next_strinfo (strinfo *si)
318 {
319 if (si->next == 0)
320 return NULL;
321 strinfo *nextsi = get_strinfo (si->next);
322 if (nextsi == NULL || nextsi->first != si->first || nextsi->prev != si->idx)
323 return NULL;
324 return nextsi;
325 }
326
327 /* Helper function for get_stridx. Return the strinfo index of the address
328 of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
329 OK to return the index for some X <= &EXP and store &EXP - X in
330 *OFFSET_OUT. When nonnull uses RVALS to determine range information. */
331
332 static int
333 get_addr_stridx (tree exp, tree ptr, unsigned HOST_WIDE_INT *offset_out,
334 const vr_values *rvals = NULL)
335 {
336 HOST_WIDE_INT off;
337 struct stridxlist *list, *last = NULL;
338 tree base;
339
340 if (!decl_to_stridxlist_htab)
341 return 0;
342
343 poly_int64 poff;
344 base = get_addr_base_and_unit_offset (exp, &poff);
345 if (base == NULL || !DECL_P (base) || !poff.is_constant (&off))
346 return 0;
347
348 list = decl_to_stridxlist_htab->get (base);
349 if (list == NULL)
350 return 0;
351
352 do
353 {
354 if (list->offset == off)
355 {
356 if (offset_out)
357 *offset_out = 0;
358 return list->idx;
359 }
360 if (list->offset > off)
361 return 0;
362 last = list;
363 list = list->next;
364 }
365 while (list);
366
367 if ((offset_out || ptr) && last && last->idx > 0)
368 {
369 unsigned HOST_WIDE_INT rel_off
370 = (unsigned HOST_WIDE_INT) off - last->offset;
371 strinfo *si = get_strinfo (last->idx);
372 if (si && compare_nonzero_chars (si, rel_off, rvals) >= 0)
373 {
374 if (offset_out)
375 {
376 *offset_out = rel_off;
377 return last->idx;
378 }
379 else
380 return get_stridx_plus_constant (si, rel_off, ptr);
381 }
382 }
383 return 0;
384 }
385
386 /* Returns string index for EXP. When EXP is an SSA_NAME that refers
387 to a known strinfo with an offset and OFFRNG is non-null, sets
388 both elements of the OFFRNG array to the range of the offset and
389 returns the index of the known strinfo. In this case the result
390 must not be used in for functions that modify the string.
391 When nonnull, uses RVALS to determine range information. */
392
393 static int
394 get_stridx (tree exp, wide_int offrng[2] = NULL, const vr_values *rvals = NULL)
395 {
396 if (offrng)
397 offrng[0] = offrng[1] = wi::zero (TYPE_PRECISION (ptrdiff_type_node));
398
399 if (TREE_CODE (exp) == SSA_NAME)
400 {
401 if (ssa_ver_to_stridx[SSA_NAME_VERSION (exp)])
402 return ssa_ver_to_stridx[SSA_NAME_VERSION (exp)];
403
404 tree e = exp;
405 int last_idx = 0;
406 HOST_WIDE_INT offset = 0;
407 /* Follow a chain of at most 5 assignments. */
408 for (int i = 0; i < 5; i++)
409 {
410 gimple *def_stmt = SSA_NAME_DEF_STMT (e);
411 if (!is_gimple_assign (def_stmt))
412 return last_idx;
413
414 tree_code rhs_code = gimple_assign_rhs_code (def_stmt);
415 tree ptr, off;
416
417 if (rhs_code == ADDR_EXPR)
418 {
419 /* Handle indices/offsets into VLAs which are implemented
420 as pointers to arrays. */
421 ptr = gimple_assign_rhs1 (def_stmt);
422 ptr = TREE_OPERAND (ptr, 0);
423
424 /* Handle also VLAs of types larger than char. */
425 if (tree eltsize = TYPE_SIZE_UNIT (TREE_TYPE (ptr)))
426 {
427 if (TREE_CODE (ptr) == ARRAY_REF)
428 {
429 off = TREE_OPERAND (ptr, 1);
430 ptr = TREE_OPERAND (ptr, 0);
431 if (!integer_onep (eltsize))
432 {
433 /* Scale the array index by the size of the element
434 type in the rare case that it's greater than
435 the typical 1 for char, making sure both operands
436 have the same type. */
437 eltsize = fold_convert (ssizetype, eltsize);
438 off = fold_convert (ssizetype, off);
439 off = fold_build2 (MULT_EXPR, ssizetype, off, eltsize);
440 }
441 }
442 else
443 off = integer_zero_node;
444 }
445 else
446 return 0;
447
448 if (TREE_CODE (ptr) != MEM_REF)
449 return 0;
450
451 /* Add the MEM_REF byte offset. */
452 tree mem_off = TREE_OPERAND (ptr, 1);
453 off = fold_build2 (PLUS_EXPR, TREE_TYPE (off), off, mem_off);
454 ptr = TREE_OPERAND (ptr, 0);
455 }
456 else if (rhs_code == POINTER_PLUS_EXPR)
457 {
458 ptr = gimple_assign_rhs1 (def_stmt);
459 off = gimple_assign_rhs2 (def_stmt);
460 }
461 else
462 return 0;
463
464 if (TREE_CODE (ptr) != SSA_NAME)
465 return 0;
466
467 if (!tree_fits_shwi_p (off))
468 {
469 if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
470 if (offrng)
471 {
472 /* Only when requested by setting OFFRNG to non-null,
473 return the index corresponding to the SSA_NAME.
474 Do this irrespective of the whether the offset
475 is known. */
476 if (get_range (off, offrng, rvals))
477 {
478 /* When the offset range is known, increment it
479 it by the constant offset computed in prior
480 iterations and store it in the OFFRNG array. */
481 offrng[0] += offset;
482 offrng[1] += offset;
483 }
484 else
485 {
486 /* When the offset range cannot be determined
487 store [0, SIZE_MAX] and let the caller decide
488 if the offset matters. */
489 offrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
490 offrng[0] = wi::zero (offrng[1].get_precision ());
491 }
492 return idx;
493 }
494 return 0;
495 }
496
497 HOST_WIDE_INT this_off = tree_to_shwi (off);
498 if (offrng)
499 {
500 offrng[0] += wi::shwi (this_off, offrng->get_precision ());
501 offrng[1] += offrng[0];
502 }
503
504 if (this_off < 0)
505 return last_idx;
506
507 offset = (unsigned HOST_WIDE_INT) offset + this_off;
508 if (offset < 0)
509 return last_idx;
510
511 if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
512 {
513 strinfo *si = get_strinfo (idx);
514 if (si)
515 {
516 if (compare_nonzero_chars (si, offset) >= 0)
517 return get_stridx_plus_constant (si, offset, exp);
518
519 if (offrng)
520 last_idx = idx;
521 }
522 }
523 e = ptr;
524 }
525
526 return last_idx;
527 }
528
529 if (TREE_CODE (exp) == ADDR_EXPR)
530 {
531 int idx = get_addr_stridx (TREE_OPERAND (exp, 0), exp, NULL);
532 if (idx != 0)
533 return idx;
534 }
535
536 const char *p = c_getstr (exp);
537 if (p)
538 return ~(int) strlen (p);
539
540 return 0;
541 }
542
543 /* Return true if strinfo vector is shared with the immediate dominator. */
544
545 static inline bool
546 strinfo_shared (void)
547 {
548 return vec_safe_length (stridx_to_strinfo)
549 && (*stridx_to_strinfo)[0] != NULL;
550 }
551
552 /* Unshare strinfo vector that is shared with the immediate dominator. */
553
554 static void
555 unshare_strinfo_vec (void)
556 {
557 strinfo *si;
558 unsigned int i = 0;
559
560 gcc_assert (strinfo_shared ());
561 stridx_to_strinfo = vec_safe_copy (stridx_to_strinfo);
562 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
563 if (si != NULL)
564 si->refcount++;
565 (*stridx_to_strinfo)[0] = NULL;
566 }
567
568 /* Attempt to create a string index for exp, ADDR_EXPR's operand.
569 Return a pointer to the location where the string index can
570 be stored (if 0) or is stored, or NULL if this can't be tracked. */
571
572 static int *
573 addr_stridxptr (tree exp)
574 {
575 HOST_WIDE_INT off;
576
577 poly_int64 poff;
578 tree base = get_addr_base_and_unit_offset (exp, &poff);
579 if (base == NULL_TREE || !DECL_P (base) || !poff.is_constant (&off))
580 return NULL;
581
582 if (!decl_to_stridxlist_htab)
583 {
584 decl_to_stridxlist_htab
585 = new hash_map<tree_decl_hash, stridxlist> (64);
586 gcc_obstack_init (&stridx_obstack);
587 }
588
589 bool existed;
590 stridxlist *list = &decl_to_stridxlist_htab->get_or_insert (base, &existed);
591 if (existed)
592 {
593 int i;
594 stridxlist *before = NULL;
595 for (i = 0; i < 32; i++)
596 {
597 if (list->offset == off)
598 return &list->idx;
599 if (list->offset > off && before == NULL)
600 before = list;
601 if (list->next == NULL)
602 break;
603 list = list->next;
604 }
605 if (i == 32)
606 return NULL;
607 if (before)
608 {
609 list = before;
610 before = XOBNEW (&stridx_obstack, struct stridxlist);
611 *before = *list;
612 list->next = before;
613 list->offset = off;
614 list->idx = 0;
615 return &list->idx;
616 }
617 list->next = XOBNEW (&stridx_obstack, struct stridxlist);
618 list = list->next;
619 }
620
621 list->next = NULL;
622 list->offset = off;
623 list->idx = 0;
624 return &list->idx;
625 }
626
627 /* Create a new string index, or return 0 if reached limit. */
628
629 static int
630 new_stridx (tree exp)
631 {
632 int idx;
633 if (max_stridx >= param_max_tracked_strlens)
634 return 0;
635 if (TREE_CODE (exp) == SSA_NAME)
636 {
637 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp))
638 return 0;
639 idx = max_stridx++;
640 ssa_ver_to_stridx[SSA_NAME_VERSION (exp)] = idx;
641 return idx;
642 }
643 if (TREE_CODE (exp) == ADDR_EXPR)
644 {
645 int *pidx = addr_stridxptr (TREE_OPERAND (exp, 0));
646 if (pidx != NULL)
647 {
648 gcc_assert (*pidx == 0);
649 *pidx = max_stridx++;
650 return *pidx;
651 }
652 }
653 return 0;
654 }
655
656 /* Like new_stridx, but for ADDR_EXPR's operand instead. */
657
658 static int
659 new_addr_stridx (tree exp)
660 {
661 int *pidx;
662 if (max_stridx >= param_max_tracked_strlens)
663 return 0;
664 pidx = addr_stridxptr (exp);
665 if (pidx != NULL)
666 {
667 gcc_assert (*pidx == 0);
668 *pidx = max_stridx++;
669 return *pidx;
670 }
671 return 0;
672 }
673
674 /* Create a new strinfo. */
675
676 static strinfo *
677 new_strinfo (tree ptr, int idx, tree nonzero_chars, bool full_string_p)
678 {
679 strinfo *si = strinfo_pool.allocate ();
680 si->nonzero_chars = nonzero_chars;
681 si->ptr = ptr;
682 si->stmt = NULL;
683 si->alloc = NULL;
684 si->endptr = NULL_TREE;
685 si->refcount = 1;
686 si->idx = idx;
687 si->first = 0;
688 si->prev = 0;
689 si->next = 0;
690 si->writable = false;
691 si->dont_invalidate = false;
692 si->full_string_p = full_string_p;
693 return si;
694 }
695
696 /* Decrease strinfo refcount and free it if not referenced anymore. */
697
698 static inline void
699 free_strinfo (strinfo *si)
700 {
701 if (si && --si->refcount == 0)
702 strinfo_pool.remove (si);
703 }
704
705 /* Set strinfo in the vector entry IDX to SI. */
706
707 static inline void
708 set_strinfo (int idx, strinfo *si)
709 {
710 if (vec_safe_length (stridx_to_strinfo) && (*stridx_to_strinfo)[0])
711 unshare_strinfo_vec ();
712 if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
713 vec_safe_grow_cleared (stridx_to_strinfo, idx + 1);
714 (*stridx_to_strinfo)[idx] = si;
715 }
716
717 /* Return the first strinfo in the related strinfo chain
718 if all strinfos in between belong to the chain, otherwise NULL. */
719
720 static strinfo *
721 verify_related_strinfos (strinfo *origsi)
722 {
723 strinfo *si = origsi, *psi;
724
725 if (origsi->first == 0)
726 return NULL;
727 for (; si->prev; si = psi)
728 {
729 if (si->first != origsi->first)
730 return NULL;
731 psi = get_strinfo (si->prev);
732 if (psi == NULL)
733 return NULL;
734 if (psi->next != si->idx)
735 return NULL;
736 }
737 if (si->idx != si->first)
738 return NULL;
739 return si;
740 }
741
742 /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
743 Use LOC for folding. */
744
745 static void
746 set_endptr_and_length (location_t loc, strinfo *si, tree endptr)
747 {
748 si->endptr = endptr;
749 si->stmt = NULL;
750 tree start_as_size = fold_convert_loc (loc, size_type_node, si->ptr);
751 tree end_as_size = fold_convert_loc (loc, size_type_node, endptr);
752 si->nonzero_chars = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
753 end_as_size, start_as_size);
754 si->full_string_p = true;
755 }
756
757 /* Return the string length, or NULL if it can't be computed.
758 The length may but need not be constant. Instead, it might be
759 the result of a strlen() call. */
760
761 static tree
762 get_string_length (strinfo *si)
763 {
764 /* If the length has already been computed return it if it's exact
765 (i.e., the string is nul-terminated at NONZERO_CHARS), or return
766 null if it isn't. */
767 if (si->nonzero_chars)
768 return si->full_string_p ? si->nonzero_chars : NULL;
769
770 /* If the string is the result of one of the built-in calls below
771 attempt to compute the length from the call statement. */
772 if (si->stmt)
773 {
774 gimple *stmt = si->stmt, *lenstmt;
775 tree callee, lhs, fn, tem;
776 location_t loc;
777 gimple_stmt_iterator gsi;
778
779 gcc_assert (is_gimple_call (stmt));
780 callee = gimple_call_fndecl (stmt);
781 gcc_assert (callee && fndecl_built_in_p (callee, BUILT_IN_NORMAL));
782 lhs = gimple_call_lhs (stmt);
783 /* unshare_strinfo is intentionally not called here. The (delayed)
784 transformation of strcpy or strcat into stpcpy is done at the place
785 of the former strcpy/strcat call and so can affect all the strinfos
786 with the same stmt. If they were unshared before and transformation
787 has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
788 just compute the right length. */
789 switch (DECL_FUNCTION_CODE (callee))
790 {
791 case BUILT_IN_STRCAT:
792 case BUILT_IN_STRCAT_CHK:
793 gsi = gsi_for_stmt (stmt);
794 fn = builtin_decl_implicit (BUILT_IN_STRLEN);
795 gcc_assert (lhs == NULL_TREE);
796 tem = unshare_expr (gimple_call_arg (stmt, 0));
797 lenstmt = gimple_build_call (fn, 1, tem);
798 lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), lenstmt);
799 gimple_call_set_lhs (lenstmt, lhs);
800 gimple_set_vuse (lenstmt, gimple_vuse (stmt));
801 gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
802 tem = gimple_call_arg (stmt, 0);
803 if (!ptrofftype_p (TREE_TYPE (lhs)))
804 {
805 lhs = convert_to_ptrofftype (lhs);
806 lhs = force_gimple_operand_gsi (&gsi, lhs, true, NULL_TREE,
807 true, GSI_SAME_STMT);
808 }
809 lenstmt = gimple_build_assign
810 (make_ssa_name (TREE_TYPE (gimple_call_arg (stmt, 0))),
811 POINTER_PLUS_EXPR,tem, lhs);
812 gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
813 gimple_call_set_arg (stmt, 0, gimple_assign_lhs (lenstmt));
814 lhs = NULL_TREE;
815 /* FALLTHRU */
816 case BUILT_IN_STRCPY:
817 case BUILT_IN_STRCPY_CHK:
818 gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY));
819 if (gimple_call_num_args (stmt) == 2)
820 fn = builtin_decl_implicit (BUILT_IN_STPCPY);
821 else
822 fn = builtin_decl_explicit (BUILT_IN_STPCPY_CHK);
823 gcc_assert (lhs == NULL_TREE);
824 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
825 {
826 fprintf (dump_file, "Optimizing: ");
827 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
828 }
829 gimple_call_set_fndecl (stmt, fn);
830 lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt);
831 gimple_call_set_lhs (stmt, lhs);
832 update_stmt (stmt);
833 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
834 {
835 fprintf (dump_file, "into: ");
836 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
837 }
838 /* FALLTHRU */
839 case BUILT_IN_STPCPY:
840 case BUILT_IN_STPCPY_CHK:
841 gcc_assert (lhs != NULL_TREE);
842 loc = gimple_location (stmt);
843 set_endptr_and_length (loc, si, lhs);
844 for (strinfo *chainsi = verify_related_strinfos (si);
845 chainsi != NULL;
846 chainsi = get_next_strinfo (chainsi))
847 if (chainsi->nonzero_chars == NULL)
848 set_endptr_and_length (loc, chainsi, lhs);
849 break;
850 case BUILT_IN_ALLOCA:
851 case BUILT_IN_ALLOCA_WITH_ALIGN:
852 case BUILT_IN_MALLOC:
853 break;
854 /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
855 default:
856 gcc_unreachable ();
857 break;
858 }
859 }
860
861 return si->nonzero_chars;
862 }
863
864 /* Dump strlen data to FP for statement STMT. When non-null, RVALS
865 points to EVRP info and is used to dump strlen range for non-constant
866 results. */
867
868 DEBUG_FUNCTION void
869 dump_strlen_info (FILE *fp, gimple *stmt, const vr_values *rvals)
870 {
871 if (stmt)
872 {
873 fprintf (fp, "\nDumping strlen pass data after ");
874 print_gimple_expr (fp, stmt, TDF_LINENO);
875 fputc ('\n', fp);
876 }
877 else
878 fprintf (fp, "\nDumping strlen pass data\n");
879
880 fprintf (fp, "max_stridx = %i\n", max_stridx);
881 fprintf (fp, "ssa_ver_to_stridx has %u elements\n",
882 ssa_ver_to_stridx.length ());
883 fprintf (fp, "stridx_to_strinfo");
884 if (stridx_to_strinfo)
885 {
886 fprintf (fp, " has %u elements\n", stridx_to_strinfo->length ());
887 for (unsigned i = 0; i != stridx_to_strinfo->length (); ++i)
888 {
889 if (strinfo *si = (*stridx_to_strinfo)[i])
890 {
891 if (!si->idx)
892 continue;
893 fprintf (fp, " idx = %i", si->idx);
894 if (si->ptr)
895 {
896 fprintf (fp, ", ptr = ");
897 print_generic_expr (fp, si->ptr);
898 }
899
900 if (si->nonzero_chars)
901 {
902 fprintf (fp, ", nonzero_chars = ");
903 print_generic_expr (fp, si->nonzero_chars);
904 if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
905 {
906 value_range_kind rng = VR_UNDEFINED;
907 wide_int min, max;
908 if (rvals)
909 {
910 const value_range *vr
911 = CONST_CAST (class vr_values *, rvals)
912 ->get_value_range (si->nonzero_chars);
913 rng = vr->kind ();
914 if (range_int_cst_p (vr))
915 {
916 min = wi::to_wide (vr->min ());
917 max = wi::to_wide (vr->max ());
918 }
919 else
920 rng = VR_UNDEFINED;
921 }
922 else
923 rng = get_range_info (si->nonzero_chars, &min, &max);
924
925 if (rng == VR_RANGE || rng == VR_ANTI_RANGE)
926 {
927 fprintf (fp, " %s[%llu, %llu]",
928 rng == VR_RANGE ? "" : "~",
929 (long long) min.to_uhwi (),
930 (long long) max.to_uhwi ());
931 }
932 }
933 }
934
935 fprintf (fp, ", refcount = %i", si->refcount);
936 if (si->stmt)
937 {
938 fprintf (fp, ", stmt = ");
939 print_gimple_expr (fp, si->stmt, 0);
940 }
941 if (si->alloc)
942 {
943 fprintf (fp, ", alloc = ");
944 print_gimple_expr (fp, si->alloc, 0);
945 }
946 if (si->writable)
947 fprintf (fp, ", writable");
948 if (si->dont_invalidate)
949 fprintf (fp, ", dont_invalidate");
950 if (si->full_string_p)
951 fprintf (fp, ", full_string_p");
952 if (strinfo *next = get_next_strinfo (si))
953 {
954 fprintf (fp, ", {");
955 do
956 fprintf (fp, "%i%s", next->idx, next->first ? ", " : "");
957 while ((next = get_next_strinfo (next)));
958 fprintf (fp, "}");
959 }
960 fputs ("\n", fp);
961 }
962 }
963 }
964 else
965 fprintf (fp, " = null\n");
966
967 fprintf (fp, "decl_to_stridxlist_htab");
968 if (decl_to_stridxlist_htab)
969 {
970 fputs ("\n", fp);
971 typedef decl_to_stridxlist_htab_t::iterator iter_t;
972 for (iter_t it = decl_to_stridxlist_htab->begin ();
973 it != decl_to_stridxlist_htab->end (); ++it)
974 {
975 tree decl = (*it).first;
976 stridxlist *list = &(*it).second;
977 fprintf (fp, " decl = ");
978 print_generic_expr (fp, decl);
979 if (list)
980 {
981 fprintf (fp, ", offsets = {");
982 for (; list; list = list->next)
983 fprintf (fp, "%lli%s", (long long) list->offset,
984 list->next ? ", " : "");
985 fputs ("}", fp);
986 }
987 fputs ("\n", fp);
988 }
989 }
990 else
991 fprintf (fp, " = null\n");
992
993 if (laststmt.stmt)
994 {
995 fprintf (fp, "laststmt = ");
996 print_gimple_expr (fp, laststmt.stmt, 0);
997 fprintf (fp, ", len = ");
998 print_generic_expr (fp, laststmt.len);
999 fprintf (fp, ", stridx = %i\n", laststmt.stridx);
1000 }
1001 }
1002
1003 /* Attempt to determine the length of the string SRC. On success, store
1004 the length in *PDATA and return true. Otherwise, return false.
1005 VISITED is a bitmap of visited PHI nodes. RVALS points to EVRP info
1006 and PSSA_DEF_MAX to an SSA_NAME assignment limit used to prevent runaway
1007 recursion. */
1008
1009 static bool
1010 get_range_strlen_dynamic (tree src, c_strlen_data *pdata, bitmap *visited,
1011 const vr_values *rvals, unsigned *pssa_def_max)
1012 {
1013 int idx = get_stridx (src);
1014 if (!idx)
1015 {
1016 if (TREE_CODE (src) == SSA_NAME)
1017 {
1018 gimple *def_stmt = SSA_NAME_DEF_STMT (src);
1019 if (gimple_code (def_stmt) == GIMPLE_PHI)
1020 {
1021 if (!*visited)
1022 *visited = BITMAP_ALLOC (NULL);
1023
1024 if (!bitmap_set_bit (*visited, SSA_NAME_VERSION (src)))
1025 return true;
1026
1027 if (*pssa_def_max == 0)
1028 return false;
1029
1030 --*pssa_def_max;
1031
1032 /* Iterate over the PHI arguments and determine the minimum
1033 and maximum length/size of each and incorporate them into
1034 the overall result. */
1035 gphi *phi = as_a <gphi *> (def_stmt);
1036 for (unsigned i = 0; i != gimple_phi_num_args (phi); ++i)
1037 {
1038 tree arg = gimple_phi_arg_def (phi, i);
1039 if (arg == gimple_phi_result (def_stmt))
1040 continue;
1041
1042 c_strlen_data argdata = { };
1043 if (get_range_strlen_dynamic (arg, &argdata, visited, rvals,
1044 pssa_def_max))
1045 {
1046 /* Set the DECL of an unterminated array this argument
1047 refers to if one hasn't been found yet. */
1048 if (!pdata->decl && argdata.decl)
1049 pdata->decl = argdata.decl;
1050
1051 if (!argdata.minlen
1052 || (integer_zerop (argdata.minlen)
1053 && (!argdata.maxbound
1054 || integer_all_onesp (argdata.maxbound))
1055 && integer_all_onesp (argdata.maxlen)))
1056 {
1057 /* Set the upper bound of the length to unbounded. */
1058 pdata->maxlen = build_all_ones_cst (size_type_node);
1059 continue;
1060 }
1061
1062 /* Adjust the minimum and maximum length determined
1063 so far and the upper bound on the array size. */
1064 if (!pdata->minlen
1065 || tree_int_cst_lt (argdata.minlen, pdata->minlen))
1066 pdata->minlen = argdata.minlen;
1067 if (!pdata->maxlen
1068 || (argdata.maxlen
1069 && tree_int_cst_lt (pdata->maxlen, argdata.maxlen)))
1070 pdata->maxlen = argdata.maxlen;
1071 if (!pdata->maxbound
1072 || TREE_CODE (pdata->maxbound) != INTEGER_CST
1073 || (argdata.maxbound
1074 && tree_int_cst_lt (pdata->maxbound,
1075 argdata.maxbound)
1076 && !integer_all_onesp (argdata.maxbound)))
1077 pdata->maxbound = argdata.maxbound;
1078 }
1079 else
1080 pdata->maxlen = build_all_ones_cst (size_type_node);
1081 }
1082
1083 return true;
1084 }
1085 }
1086
1087 /* Return success regardless of the result and handle *PDATA
1088 in the caller. */
1089 get_range_strlen (src, pdata, 1);
1090 return true;
1091 }
1092
1093 if (idx < 0)
1094 {
1095 /* SRC is a string of constant length. */
1096 pdata->minlen = build_int_cst (size_type_node, ~idx);
1097 pdata->maxlen = pdata->minlen;
1098 pdata->maxbound = pdata->maxlen;
1099 return true;
1100 }
1101
1102 if (strinfo *si = get_strinfo (idx))
1103 {
1104 pdata->minlen = get_string_length (si);
1105 if (!pdata->minlen && si->nonzero_chars)
1106 {
1107 if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
1108 pdata->minlen = si->nonzero_chars;
1109 else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
1110 {
1111 const value_range_equiv *vr
1112 = CONST_CAST (class vr_values *, rvals)
1113 ->get_value_range (si->nonzero_chars);
1114 if (vr->kind () == VR_RANGE
1115 && range_int_cst_p (vr))
1116 {
1117 pdata->minlen = vr->min ();
1118 pdata->maxlen = vr->max ();
1119 }
1120 else
1121 pdata->minlen = build_zero_cst (size_type_node);
1122 }
1123 else
1124 pdata->minlen = build_zero_cst (size_type_node);
1125
1126 tree base = si->ptr;
1127 if (TREE_CODE (base) == ADDR_EXPR)
1128 base = TREE_OPERAND (base, 0);
1129
1130 HOST_WIDE_INT off;
1131 poly_int64 poff;
1132 base = get_addr_base_and_unit_offset (base, &poff);
1133 if (base
1134 && DECL_P (base)
1135 && TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE
1136 && TYPE_SIZE_UNIT (TREE_TYPE (base))
1137 && poff.is_constant (&off))
1138 {
1139 tree basetype = TREE_TYPE (base);
1140 tree size = TYPE_SIZE_UNIT (basetype);
1141 ++off; /* Increment for the terminating nul. */
1142 pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node, size,
1143 build_int_cst (size_type_node, off));
1144 pdata->maxbound = pdata->maxlen;
1145 }
1146 else
1147 pdata->maxlen = build_all_ones_cst (size_type_node);
1148 }
1149 else if (pdata->minlen && TREE_CODE (pdata->minlen) == SSA_NAME)
1150 {
1151 const value_range_equiv *vr
1152 = CONST_CAST (class vr_values *, rvals)
1153 ->get_value_range (si->nonzero_chars);
1154 if (vr->kind () == VR_RANGE
1155 && range_int_cst_p (vr))
1156 {
1157 pdata->minlen = vr->min ();
1158 pdata->maxlen = vr->max ();
1159 pdata->maxbound = pdata->maxlen;
1160 }
1161 else
1162 {
1163 pdata->minlen = build_zero_cst (size_type_node);
1164 pdata->maxlen = build_all_ones_cst (size_type_node);
1165 }
1166 }
1167 else if (pdata->minlen && TREE_CODE (pdata->minlen) == INTEGER_CST)
1168 {
1169 pdata->maxlen = pdata->minlen;
1170 pdata->maxbound = pdata->minlen;
1171 }
1172 else
1173 {
1174 /* For PDATA->MINLEN that's a non-constant expression such
1175 as PLUS_EXPR whose value range is unknown, set the bounds
1176 to zero and SIZE_MAX. */
1177 pdata->minlen = build_zero_cst (size_type_node);
1178 pdata->maxlen = build_all_ones_cst (size_type_node);
1179 }
1180
1181 return true;
1182 }
1183
1184 return false;
1185 }
1186
1187 /* Analogous to get_range_strlen but for dynamically created strings,
1188 i.e., those created by calls to strcpy as opposed to just string
1189 constants.
1190 Try to obtain the range of the lengths of the string(s) referenced
1191 by SRC, or the size of the largest array SRC refers to if the range
1192 of lengths cannot be determined, and store all in *PDATA. RVALS
1193 points to EVRP info. */
1194
1195 void
1196 get_range_strlen_dynamic (tree src, c_strlen_data *pdata,
1197 const vr_values *rvals)
1198 {
1199 bitmap visited = NULL;
1200 tree maxbound = pdata->maxbound;
1201
1202 unsigned limit = param_ssa_name_def_chain_limit;
1203 if (!get_range_strlen_dynamic (src, pdata, &visited, rvals, &limit))
1204 {
1205 /* On failure extend the length range to an impossible maximum
1206 (a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other
1207 members can stay unchanged regardless. */
1208 pdata->minlen = ssize_int (0);
1209 pdata->maxlen = build_all_ones_cst (size_type_node);
1210 }
1211 else if (!pdata->minlen)
1212 pdata->minlen = ssize_int (0);
1213
1214 /* If it's unchanged from it initial non-null value, set the conservative
1215 MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */
1216 if (maxbound && pdata->maxbound == maxbound)
1217 pdata->maxbound = build_all_ones_cst (size_type_node);
1218
1219 if (visited)
1220 BITMAP_FREE (visited);
1221 }
1222
1223 /* Invalidate string length information for strings whose length might
1224 change due to stores in STMT, except those marked DONT_INVALIDATE.
1225 For string-modifying statements, ZERO_WRITE is set when the statement
1226 wrote only zeros.
1227 Returns true if any STRIDX_TO_STRINFO entries were considered
1228 for invalidation. */
1229
1230 static bool
1231 maybe_invalidate (gimple *stmt, bool zero_write = false)
1232 {
1233 if (dump_file && (dump_flags & TDF_DETAILS))
1234 {
1235 fprintf (dump_file, "%s called for ", __func__);
1236 print_gimple_stmt (dump_file, stmt, TDF_LINENO);
1237 }
1238
1239 strinfo *si;
1240 bool nonempty = false;
1241
1242 for (unsigned i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
1243 {
1244 if (si == NULL || !POINTER_TYPE_P (TREE_TYPE (si->ptr)))
1245 continue;
1246
1247 nonempty = true;
1248
1249 /* Unconditionally reset DONT_INVALIDATE. */
1250 bool dont_invalidate = si->dont_invalidate;
1251 si->dont_invalidate = false;
1252
1253 if (dont_invalidate)
1254 continue;
1255
1256 ao_ref r;
1257 tree size = NULL_TREE;
1258 if (si->nonzero_chars)
1259 {
1260 /* Include the terminating nul in the size of the string
1261 to consider when determining possible clobber. */
1262 tree type = TREE_TYPE (si->nonzero_chars);
1263 size = fold_build2 (PLUS_EXPR, type, si->nonzero_chars,
1264 build_int_cst (type, 1));
1265 }
1266 ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
1267 if (stmt_may_clobber_ref_p_1 (stmt, &r))
1268 {
1269 if (dump_file && (dump_flags & TDF_DETAILS))
1270 {
1271 fputs (" statement may clobber object ", dump_file);
1272 print_generic_expr (dump_file, si->ptr);
1273 if (size && tree_fits_uhwi_p (size))
1274 fprintf (dump_file, " " HOST_WIDE_INT_PRINT_UNSIGNED
1275 " bytes in size", tree_to_uhwi (size));
1276 fputc ('\n', dump_file);
1277 }
1278
1279 set_strinfo (i, NULL);
1280 free_strinfo (si);
1281 continue;
1282 }
1283
1284 if (size
1285 && !zero_write
1286 && si->stmt
1287 && is_gimple_call (si->stmt)
1288 && (DECL_FUNCTION_CODE (gimple_call_fndecl (si->stmt))
1289 == BUILT_IN_CALLOC))
1290 {
1291 /* If the clobber test above considered the length of
1292 the string (including the nul), then for (potentially)
1293 non-zero writes that might modify storage allocated by
1294 calloc consider the whole object and if it might be
1295 clobbered by the statement reset the statement. */
1296 ao_ref_init_from_ptr_and_size (&r, si->ptr, NULL_TREE);
1297 if (stmt_may_clobber_ref_p_1 (stmt, &r))
1298 si->stmt = NULL;
1299 }
1300 }
1301
1302 if (dump_file && (dump_flags & TDF_DETAILS))
1303 fprintf (dump_file, "%s returns %i\n", __func__, nonempty);
1304
1305 return nonempty;
1306 }
1307
1308 /* Unshare strinfo record SI, if it has refcount > 1 or
1309 if stridx_to_strinfo vector is shared with some other
1310 bbs. */
1311
1312 static strinfo *
1313 unshare_strinfo (strinfo *si)
1314 {
1315 strinfo *nsi;
1316
1317 if (si->refcount == 1 && !strinfo_shared ())
1318 return si;
1319
1320 nsi = new_strinfo (si->ptr, si->idx, si->nonzero_chars, si->full_string_p);
1321 nsi->stmt = si->stmt;
1322 nsi->alloc = si->alloc;
1323 nsi->endptr = si->endptr;
1324 nsi->first = si->first;
1325 nsi->prev = si->prev;
1326 nsi->next = si->next;
1327 nsi->writable = si->writable;
1328 set_strinfo (si->idx, nsi);
1329 free_strinfo (si);
1330 return nsi;
1331 }
1332
1333 /* Attempt to create a new strinfo for BASESI + OFF, or find existing
1334 strinfo if there is any. Return it's idx, or 0 if no strinfo has
1335 been created. */
1336
1337 static int
1338 get_stridx_plus_constant (strinfo *basesi, unsigned HOST_WIDE_INT off,
1339 tree ptr)
1340 {
1341 if (TREE_CODE (ptr) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1342 return 0;
1343
1344 if (compare_nonzero_chars (basesi, off) < 0
1345 || !tree_fits_uhwi_p (basesi->nonzero_chars))
1346 return 0;
1347
1348 unsigned HOST_WIDE_INT nonzero_chars
1349 = tree_to_uhwi (basesi->nonzero_chars) - off;
1350 strinfo *si = basesi, *chainsi;
1351 if (si->first || si->prev || si->next)
1352 si = verify_related_strinfos (basesi);
1353 if (si == NULL
1354 || si->nonzero_chars == NULL_TREE
1355 || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1356 return 0;
1357
1358 if (TREE_CODE (ptr) == SSA_NAME
1359 && ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1360 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names);
1361
1362 gcc_checking_assert (compare_tree_int (si->nonzero_chars, off) != -1);
1363 for (chainsi = si; chainsi->next; chainsi = si)
1364 {
1365 si = get_next_strinfo (chainsi);
1366 if (si == NULL
1367 || si->nonzero_chars == NULL_TREE
1368 || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1369 break;
1370 int r = compare_tree_int (si->nonzero_chars, nonzero_chars);
1371 if (r != 1)
1372 {
1373 if (r == 0)
1374 {
1375 if (TREE_CODE (ptr) == SSA_NAME)
1376 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = si->idx;
1377 else
1378 {
1379 int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1380 if (pidx != NULL && *pidx == 0)
1381 *pidx = si->idx;
1382 }
1383 return si->idx;
1384 }
1385 break;
1386 }
1387 }
1388
1389 int idx = new_stridx (ptr);
1390 if (idx == 0)
1391 return 0;
1392 si = new_strinfo (ptr, idx, build_int_cst (size_type_node, nonzero_chars),
1393 basesi->full_string_p);
1394 set_strinfo (idx, si);
1395 if (strinfo *nextsi = get_strinfo (chainsi->next))
1396 {
1397 nextsi = unshare_strinfo (nextsi);
1398 si->next = nextsi->idx;
1399 nextsi->prev = idx;
1400 }
1401 chainsi = unshare_strinfo (chainsi);
1402 if (chainsi->first == 0)
1403 chainsi->first = chainsi->idx;
1404 chainsi->next = idx;
1405 if (chainsi->endptr == NULL_TREE && zero_length_string_p (si))
1406 chainsi->endptr = ptr;
1407 si->endptr = chainsi->endptr;
1408 si->prev = chainsi->idx;
1409 si->first = chainsi->first;
1410 si->writable = chainsi->writable;
1411 return si->idx;
1412 }
1413
1414 /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
1415 to a zero-length string and if possible chain it to a related strinfo
1416 chain whose part is or might be CHAINSI. */
1417
1418 static strinfo *
1419 zero_length_string (tree ptr, strinfo *chainsi)
1420 {
1421 strinfo *si;
1422 int idx;
1423 if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1424 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names);
1425 gcc_checking_assert (TREE_CODE (ptr) == SSA_NAME
1426 && ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] == 0);
1427
1428 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1429 return NULL;
1430 if (chainsi != NULL)
1431 {
1432 si = verify_related_strinfos (chainsi);
1433 if (si)
1434 {
1435 do
1436 {
1437 /* We shouldn't mix delayed and non-delayed lengths. */
1438 gcc_assert (si->full_string_p);
1439 if (si->endptr == NULL_TREE)
1440 {
1441 si = unshare_strinfo (si);
1442 si->endptr = ptr;
1443 }
1444 chainsi = si;
1445 si = get_next_strinfo (si);
1446 }
1447 while (si != NULL);
1448 if (zero_length_string_p (chainsi))
1449 {
1450 if (chainsi->next)
1451 {
1452 chainsi = unshare_strinfo (chainsi);
1453 chainsi->next = 0;
1454 }
1455 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = chainsi->idx;
1456 return chainsi;
1457 }
1458 }
1459 else
1460 {
1461 /* We shouldn't mix delayed and non-delayed lengths. */
1462 gcc_assert (chainsi->full_string_p);
1463 if (chainsi->first || chainsi->prev || chainsi->next)
1464 {
1465 chainsi = unshare_strinfo (chainsi);
1466 chainsi->first = 0;
1467 chainsi->prev = 0;
1468 chainsi->next = 0;
1469 }
1470 }
1471 }
1472 idx = new_stridx (ptr);
1473 if (idx == 0)
1474 return NULL;
1475 si = new_strinfo (ptr, idx, build_int_cst (size_type_node, 0), true);
1476 set_strinfo (idx, si);
1477 si->endptr = ptr;
1478 if (chainsi != NULL)
1479 {
1480 chainsi = unshare_strinfo (chainsi);
1481 if (chainsi->first == 0)
1482 chainsi->first = chainsi->idx;
1483 chainsi->next = idx;
1484 if (chainsi->endptr == NULL_TREE)
1485 chainsi->endptr = ptr;
1486 si->prev = chainsi->idx;
1487 si->first = chainsi->first;
1488 si->writable = chainsi->writable;
1489 }
1490 return si;
1491 }
1492
1493 /* For strinfo ORIGSI whose length has been just updated, adjust other
1494 related strinfos so that they match the new ORIGSI. This involves:
1495
1496 - adding ADJ to the nonzero_chars fields
1497 - copying full_string_p from the new ORIGSI. */
1498
1499 static void
1500 adjust_related_strinfos (location_t loc, strinfo *origsi, tree adj)
1501 {
1502 strinfo *si = verify_related_strinfos (origsi);
1503
1504 if (si == NULL)
1505 return;
1506
1507 while (1)
1508 {
1509 strinfo *nsi;
1510
1511 if (si != origsi)
1512 {
1513 tree tem;
1514
1515 si = unshare_strinfo (si);
1516 /* We shouldn't see delayed lengths here; the caller must
1517 have calculated the old length in order to calculate
1518 the adjustment. */
1519 gcc_assert (si->nonzero_chars);
1520 tem = fold_convert_loc (loc, TREE_TYPE (si->nonzero_chars), adj);
1521 si->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
1522 TREE_TYPE (si->nonzero_chars),
1523 si->nonzero_chars, tem);
1524 si->full_string_p = origsi->full_string_p;
1525
1526 si->endptr = NULL_TREE;
1527 si->dont_invalidate = true;
1528 }
1529 nsi = get_next_strinfo (si);
1530 if (nsi == NULL)
1531 return;
1532 si = nsi;
1533 }
1534 }
1535
1536 /* Find if there are other SSA_NAME pointers equal to PTR
1537 for which we don't track their string lengths yet. If so, use
1538 IDX for them. */
1539
1540 static void
1541 find_equal_ptrs (tree ptr, int idx)
1542 {
1543 if (TREE_CODE (ptr) != SSA_NAME)
1544 return;
1545 while (1)
1546 {
1547 gimple *stmt = SSA_NAME_DEF_STMT (ptr);
1548 if (!is_gimple_assign (stmt))
1549 return;
1550 ptr = gimple_assign_rhs1 (stmt);
1551 switch (gimple_assign_rhs_code (stmt))
1552 {
1553 case SSA_NAME:
1554 break;
1555 CASE_CONVERT:
1556 if (!POINTER_TYPE_P (TREE_TYPE (ptr)))
1557 return;
1558 if (TREE_CODE (ptr) == SSA_NAME)
1559 break;
1560 if (TREE_CODE (ptr) != ADDR_EXPR)
1561 return;
1562 /* FALLTHRU */
1563 case ADDR_EXPR:
1564 {
1565 int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1566 if (pidx != NULL && *pidx == 0)
1567 *pidx = idx;
1568 return;
1569 }
1570 default:
1571 return;
1572 }
1573
1574 /* We might find an endptr created in this pass. Grow the
1575 vector in that case. */
1576 if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1577 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names);
1578
1579 if (ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] != 0)
1580 return;
1581 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = idx;
1582 }
1583 }
1584
1585 /* Return true if STMT is a call to a builtin function with the right
1586 arguments and attributes that should be considered for optimization
1587 by this pass. */
1588
1589 static bool
1590 valid_builtin_call (gimple *stmt)
1591 {
1592 if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
1593 return false;
1594
1595 tree callee = gimple_call_fndecl (stmt);
1596 tree decl = builtin_decl_explicit (DECL_FUNCTION_CODE (callee));
1597 if (decl
1598 && decl != callee
1599 && !gimple_builtin_call_types_compatible_p (stmt, decl))
1600 return false;
1601
1602 switch (DECL_FUNCTION_CODE (callee))
1603 {
1604 case BUILT_IN_MEMCMP:
1605 case BUILT_IN_MEMCMP_EQ:
1606 case BUILT_IN_STRCMP:
1607 case BUILT_IN_STRNCMP:
1608 case BUILT_IN_STRCHR:
1609 case BUILT_IN_STRLEN:
1610 case BUILT_IN_STRNLEN:
1611 /* The above functions should be pure. Punt if they aren't. */
1612 if (gimple_vdef (stmt) || gimple_vuse (stmt) == NULL_TREE)
1613 return false;
1614 break;
1615
1616 case BUILT_IN_ALLOCA:
1617 case BUILT_IN_ALLOCA_WITH_ALIGN:
1618 case BUILT_IN_CALLOC:
1619 case BUILT_IN_MALLOC:
1620 case BUILT_IN_MEMCPY:
1621 case BUILT_IN_MEMCPY_CHK:
1622 case BUILT_IN_MEMPCPY:
1623 case BUILT_IN_MEMPCPY_CHK:
1624 case BUILT_IN_MEMSET:
1625 case BUILT_IN_STPCPY:
1626 case BUILT_IN_STPCPY_CHK:
1627 case BUILT_IN_STPNCPY:
1628 case BUILT_IN_STPNCPY_CHK:
1629 case BUILT_IN_STRCAT:
1630 case BUILT_IN_STRCAT_CHK:
1631 case BUILT_IN_STRCPY:
1632 case BUILT_IN_STRCPY_CHK:
1633 case BUILT_IN_STRNCAT:
1634 case BUILT_IN_STRNCAT_CHK:
1635 case BUILT_IN_STRNCPY:
1636 case BUILT_IN_STRNCPY_CHK:
1637 /* The above functions should be neither const nor pure. Punt if they
1638 aren't. */
1639 if (gimple_vdef (stmt) == NULL_TREE || gimple_vuse (stmt) == NULL_TREE)
1640 return false;
1641 break;
1642
1643 default:
1644 break;
1645 }
1646
1647 return true;
1648 }
1649
1650 /* If the last .MEM setter statement before STMT is
1651 memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1652 and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1653 just memcpy (x, y, strlen (y)). SI must be the zero length
1654 strinfo. */
1655
1656 static void
1657 adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat)
1658 {
1659 tree vuse, callee, len;
1660 struct laststmt_struct last = laststmt;
1661 strinfo *lastsi, *firstsi;
1662 unsigned len_arg_no = 2;
1663
1664 laststmt.stmt = NULL;
1665 laststmt.len = NULL_TREE;
1666 laststmt.stridx = 0;
1667
1668 if (last.stmt == NULL)
1669 return;
1670
1671 vuse = gimple_vuse (stmt);
1672 if (vuse == NULL_TREE
1673 || SSA_NAME_DEF_STMT (vuse) != last.stmt
1674 || !has_single_use (vuse))
1675 return;
1676
1677 gcc_assert (last.stridx > 0);
1678 lastsi = get_strinfo (last.stridx);
1679 if (lastsi == NULL)
1680 return;
1681
1682 if (lastsi != si)
1683 {
1684 if (lastsi->first == 0 || lastsi->first != si->first)
1685 return;
1686
1687 firstsi = verify_related_strinfos (si);
1688 if (firstsi == NULL)
1689 return;
1690 while (firstsi != lastsi)
1691 {
1692 firstsi = get_next_strinfo (firstsi);
1693 if (firstsi == NULL)
1694 return;
1695 }
1696 }
1697
1698 if (!is_strcat && !zero_length_string_p (si))
1699 return;
1700
1701 if (is_gimple_assign (last.stmt))
1702 {
1703 gimple_stmt_iterator gsi;
1704
1705 if (!integer_zerop (gimple_assign_rhs1 (last.stmt)))
1706 return;
1707 if (stmt_could_throw_p (cfun, last.stmt))
1708 return;
1709 gsi = gsi_for_stmt (last.stmt);
1710 unlink_stmt_vdef (last.stmt);
1711 release_defs (last.stmt);
1712 gsi_remove (&gsi, true);
1713 return;
1714 }
1715
1716 if (!valid_builtin_call (last.stmt))
1717 return;
1718
1719 callee = gimple_call_fndecl (last.stmt);
1720 switch (DECL_FUNCTION_CODE (callee))
1721 {
1722 case BUILT_IN_MEMCPY:
1723 case BUILT_IN_MEMCPY_CHK:
1724 break;
1725 default:
1726 return;
1727 }
1728
1729 len = gimple_call_arg (last.stmt, len_arg_no);
1730 if (tree_fits_uhwi_p (len))
1731 {
1732 if (!tree_fits_uhwi_p (last.len)
1733 || integer_zerop (len)
1734 || tree_to_uhwi (len) != tree_to_uhwi (last.len) + 1)
1735 return;
1736 /* Don't adjust the length if it is divisible by 4, it is more efficient
1737 to store the extra '\0' in that case. */
1738 if ((tree_to_uhwi (len) & 3) == 0)
1739 return;
1740
1741 /* Don't fold away an out of bounds access, as this defeats proper
1742 warnings. */
1743 tree dst = gimple_call_arg (last.stmt, 0);
1744 tree size = compute_objsize (dst, 0);
1745 if (size && tree_int_cst_lt (size, len))
1746 return;
1747 }
1748 else if (TREE_CODE (len) == SSA_NAME)
1749 {
1750 gimple *def_stmt = SSA_NAME_DEF_STMT (len);
1751 if (!is_gimple_assign (def_stmt)
1752 || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
1753 || gimple_assign_rhs1 (def_stmt) != last.len
1754 || !integer_onep (gimple_assign_rhs2 (def_stmt)))
1755 return;
1756 }
1757 else
1758 return;
1759
1760 gimple_call_set_arg (last.stmt, len_arg_no, last.len);
1761 update_stmt (last.stmt);
1762 }
1763
1764 /* For an LHS that is an SSA_NAME that is the result of a strlen()
1765 call, or when BOUND is non-null, of a strnlen() call, set LHS
1766 range info to [0, min (MAX, BOUND)] when the range includes more
1767 than one value and return LHS. Otherwise, when the range
1768 [MIN, MAX] is such that MIN == MAX, return the tree representation
1769 of (MIN). The latter allows callers to fold suitable strnlen() calls
1770 to constants. */
1771
1772 tree
1773 set_strlen_range (tree lhs, wide_int min, wide_int max,
1774 tree bound /* = NULL_TREE */)
1775 {
1776 if (TREE_CODE (lhs) != SSA_NAME
1777 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1778 return NULL_TREE;
1779
1780 if (bound)
1781 {
1782 /* For strnlen, adjust MIN and MAX as necessary. If the bound
1783 is less than the size of the array set MAX to it. It it's
1784 greater than MAX and MAX is non-zero bump MAX down to account
1785 for the necessary terminating nul. Otherwise leave it alone. */
1786 if (TREE_CODE (bound) == INTEGER_CST)
1787 {
1788 wide_int wibnd = wi::to_wide (bound);
1789 int cmp = wi::cmpu (wibnd, max);
1790 if (cmp < 0)
1791 max = wibnd;
1792 else if (cmp && wi::ne_p (max, min))
1793 --max;
1794 }
1795 else if (TREE_CODE (bound) == SSA_NAME)
1796 {
1797 wide_int minbound, maxbound;
1798 value_range_kind rng = get_range_info (bound, &minbound, &maxbound);
1799 if (rng == VR_RANGE)
1800 {
1801 /* For a bound in a known range, adjust the range determined
1802 above as necessary. For a bound in some anti-range or
1803 in an unknown range, use the range determined by callers. */
1804 if (wi::ltu_p (minbound, min))
1805 min = minbound;
1806 if (wi::ltu_p (maxbound, max))
1807 max = maxbound;
1808 }
1809 }
1810 }
1811
1812 if (min == max)
1813 return wide_int_to_tree (size_type_node, min);
1814
1815 set_range_info (lhs, VR_RANGE, min, max);
1816 return lhs;
1817 }
1818
1819 /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1820 SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1821 a character array A[N] with unknown length bounded by N, and for
1822 strnlen(), by min (N, BOUND). */
1823
1824 static tree
1825 maybe_set_strlen_range (tree lhs, tree src, tree bound)
1826 {
1827 if (TREE_CODE (lhs) != SSA_NAME
1828 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1829 return NULL_TREE;
1830
1831 if (TREE_CODE (src) == SSA_NAME)
1832 {
1833 gimple *def = SSA_NAME_DEF_STMT (src);
1834 if (is_gimple_assign (def)
1835 && gimple_assign_rhs_code (def) == ADDR_EXPR)
1836 src = gimple_assign_rhs1 (def);
1837 }
1838
1839 /* The longest string is PTRDIFF_MAX - 1 bytes including the final
1840 NUL so that the difference between a pointer to just past it and
1841 one to its beginning is positive. */
1842 wide_int max = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
1843
1844 if (TREE_CODE (src) == ADDR_EXPR)
1845 {
1846 /* The last array member of a struct can be bigger than its size
1847 suggests if it's treated as a poor-man's flexible array member. */
1848 src = TREE_OPERAND (src, 0);
1849 if (TREE_CODE (src) != MEM_REF
1850 && !array_at_struct_end_p (src))
1851 {
1852 tree type = TREE_TYPE (src);
1853 tree size = TYPE_SIZE_UNIT (type);
1854 if (size
1855 && TREE_CODE (size) == INTEGER_CST
1856 && !integer_zerop (size))
1857 {
1858 /* Even though such uses of strlen would be undefined,
1859 avoid relying on arrays of arrays in case some genius
1860 decides to call strlen on an unterminated array element
1861 that's followed by a terminated one. Likewise, avoid
1862 assuming that a struct array member is necessarily
1863 nul-terminated (the nul may be in the member that
1864 follows). In those cases, assume that the length
1865 of the string stored in such an array is bounded
1866 by the size of the enclosing object if one can be
1867 determined. */
1868 tree base = get_base_address (src);
1869 if (VAR_P (base))
1870 {
1871 if (tree size = DECL_SIZE_UNIT (base))
1872 if (size
1873 && TREE_CODE (size) == INTEGER_CST
1874 && TREE_CODE (TREE_TYPE (base)) != POINTER_TYPE)
1875 max = wi::to_wide (size);
1876 }
1877 }
1878
1879 /* For strlen() the upper bound above is equal to
1880 the longest string that can be stored in the array
1881 (i.e., it accounts for the terminating nul. For
1882 strnlen() bump up the maximum by one since the array
1883 need not be nul-terminated. */
1884 if (!bound && max != 0)
1885 --max;
1886 }
1887 }
1888
1889 wide_int min = wi::zero (max.get_precision ());
1890 return set_strlen_range (lhs, min, max, bound);
1891 }
1892
1893 /* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes,
1894 either into a region allocated for the object SI when non-null,
1895 or into an object designated by the LHS of STMT otherwise.
1896 When nonnull uses RVALS to determine range information.
1897 RAWMEM may be set by memcpy and other raw memory functions
1898 to allow accesses across subobject boundaries. */
1899
1900 static void
1901 maybe_warn_overflow (gimple *stmt, tree len,
1902 const vr_values *rvals = NULL,
1903 strinfo *si = NULL, bool plus_one = false,
1904 bool rawmem = false)
1905 {
1906 if (!len || gimple_no_warning_p (stmt))
1907 return;
1908
1909 /* The DECL of the function performing the write if it is done
1910 by one. */
1911 tree writefn = NULL_TREE;
1912 /* The destination expression involved in the store STMT. */
1913 tree dest = NULL_TREE;
1914
1915 if (is_gimple_assign (stmt))
1916 dest = gimple_assign_lhs (stmt);
1917 else if (is_gimple_call (stmt))
1918 {
1919 dest = gimple_call_arg (stmt, 0);
1920 writefn = gimple_call_fndecl (stmt);
1921 }
1922
1923 if (TREE_NO_WARNING (dest))
1924 return;
1925
1926 /* The offset into the destination object computed below and not
1927 reflected in DESTSIZE. */
1928 wide_int offrng[2];
1929 const int off_prec = TYPE_PRECISION (ptrdiff_type_node);
1930 offrng[0] = offrng[1] = wi::zero (off_prec);
1931
1932 if (!si)
1933 {
1934 /* If no destination STRINFO was provided try to get it from
1935 the DEST argument. */
1936 tree ref = dest;
1937 if (TREE_CODE (ref) == ARRAY_REF)
1938 {
1939 /* Handle stores to VLAs (represented as
1940 ARRAY_REF (MEM_REF (vlaptr, 0), N]. */
1941 tree off = TREE_OPERAND (ref, 1);
1942 ref = TREE_OPERAND (ref, 0);
1943 if (get_range (off, offrng, rvals))
1944 {
1945 offrng[0] = offrng[0].from (offrng[0], off_prec, SIGNED);
1946 offrng[1] = offrng[1].from (offrng[1], off_prec, SIGNED);
1947 }
1948 else
1949 {
1950 offrng[0] = wi::to_wide (TYPE_MIN_VALUE (ptrdiff_type_node));
1951 offrng[1] = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
1952 }
1953 }
1954
1955 if (TREE_CODE (ref) == MEM_REF)
1956 {
1957 tree mem_off = TREE_OPERAND (ref, 1);
1958 ref = TREE_OPERAND (ref, 0);
1959 wide_int memoffrng[2];
1960 if (get_range (mem_off, memoffrng, rvals))
1961 {
1962 offrng[0] += memoffrng[0];
1963 offrng[1] += memoffrng[1];
1964 }
1965 else
1966 {
1967 offrng[0] = wi::to_wide (TYPE_MIN_VALUE (ptrdiff_type_node));
1968 offrng[1] = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
1969 }
1970 }
1971
1972 wide_int stroffrng[2];
1973 if (int idx = get_stridx (ref, stroffrng, rvals))
1974 {
1975 si = get_strinfo (idx);
1976 offrng[0] += stroffrng[0];
1977 offrng[1] += stroffrng[1];
1978 }
1979 }
1980
1981 /* The allocation call if the destination object was allocated
1982 by one. */
1983 gimple *alloc_call = NULL;
1984 /* The DECL of the destination object if known and not dynamically
1985 allocated. */
1986 tree destdecl = NULL_TREE;
1987 /* The offset into the destination object set by compute_objsize
1988 but already reflected in DESTSIZE. */
1989 tree destoff = NULL_TREE;
1990 /* The size of the destination region (which is smaller than
1991 the destination object for stores at a non-zero offset). */
1992 tree destsize = NULL_TREE;
1993
1994 /* Compute the range of sizes of the destination object. The range
1995 is constant for declared objects but may be a range for allocated
1996 objects. */
1997 const int siz_prec = TYPE_PRECISION (size_type_node);
1998 wide_int sizrng[2];
1999 if (si)
2000 {
2001 destsize = gimple_call_alloc_size (si->alloc, sizrng, rvals);
2002 alloc_call = si->alloc;
2003 }
2004 else
2005 offrng[0] = offrng[1] = wi::zero (off_prec);
2006
2007 if (!destsize)
2008 {
2009 /* If there is no STRINFO for DEST, fall back on compute_objsize. */
2010 tree off = NULL_TREE;
2011 destsize = compute_objsize (dest, rawmem ? 0 : 1, &destdecl, &off, rvals);
2012 if (destsize)
2013 {
2014 /* Remember OFF but clear OFFRNG that may have been set above. */
2015 destoff = off;
2016 offrng[0] = offrng[1] = wi::zero (off_prec);
2017
2018 if (destdecl && TREE_CODE (destdecl) == SSA_NAME)
2019 {
2020 gimple *stmt = SSA_NAME_DEF_STMT (destdecl);
2021 if (is_gimple_call (stmt))
2022 alloc_call = stmt;
2023 destdecl = NULL_TREE;
2024 }
2025
2026 if (!get_range (destsize, sizrng, rvals))
2027 {
2028 /* On failure, rather than failing, set the maximum range
2029 so that overflow in allocated objects whose size depends
2030 on the strlen of the source can still be diagnosed
2031 below. */
2032 sizrng[0] = wi::zero (siz_prec);
2033 sizrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
2034 }
2035 }
2036 }
2037
2038 if (!destsize)
2039 {
2040 sizrng[0] = wi::zero (siz_prec);
2041 sizrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
2042 };
2043
2044 sizrng[0] = sizrng[0].from (sizrng[0], siz_prec, UNSIGNED);
2045 sizrng[1] = sizrng[1].from (sizrng[1], siz_prec, UNSIGNED);
2046
2047 /* Return early if the DESTSIZE size expression is the same as LEN
2048 and the offset into the destination is zero. This might happen
2049 in the case of a pair of malloc and memset calls to allocate
2050 an object and clear it as if by calloc. */
2051 if (destsize == len && !plus_one && offrng[0] == 0 && offrng[0] == offrng[1])
2052 return;
2053
2054 wide_int lenrng[2];
2055 if (!get_range (len, lenrng, rvals))
2056 return;
2057
2058 if (plus_one)
2059 {
2060 lenrng[0] += 1;
2061 lenrng[1] += 1;
2062 }
2063
2064 /* The size of the remaining space in the destination computed
2065 as the size of the latter minus the offset into it. */
2066 wide_int spcrng[2] = { sizrng[0], sizrng[1] };
2067 if (wi::neg_p (offrng[0]) && wi::neg_p (offrng[1]))
2068 {
2069 /* When the offset is negative and the size of the destination
2070 object unknown there is little to do.
2071 FIXME: Detect offsets that are necessarily invalid regardless
2072 of the size of the object. */
2073 if (!destsize)
2074 return;
2075
2076 /* The remaining space is necessarily zero. */
2077 spcrng[0] = spcrng[1] = wi::zero (spcrng->get_precision ());
2078 }
2079 else if (wi::neg_p (offrng[0]))
2080 {
2081 /* When the lower bound of the offset is negative but the upper
2082 bound is not, reduce the upper bound of the remaining space
2083 by the upper bound of the offset but leave the lower bound
2084 unchanged. If that makes the upper bound of the space less
2085 than the lower bound swap the two. */
2086 spcrng[1] -= wi::ltu_p (offrng[1], spcrng[1]) ? offrng[1] : spcrng[1];
2087 if (wi::ltu_p (spcrng[1], spcrng[0]))
2088 std::swap (spcrng[1], spcrng[0]);
2089 }
2090 else
2091 {
2092 /* When the offset is positive reduce the remaining space by
2093 the lower bound of the offset or clear it if the offset is
2094 greater. */
2095 spcrng[0] -= wi::ltu_p (offrng[0], spcrng[0]) ? offrng[0] : spcrng[0];
2096 spcrng[1] -= wi::ltu_p (offrng[0], spcrng[1]) ? offrng[0] : spcrng[1];
2097 }
2098
2099 if (wi::leu_p (lenrng[0], spcrng[0])
2100 && wi::leu_p (lenrng[1], spcrng[1]))
2101 return;
2102
2103 if (lenrng[0] == spcrng[1]
2104 && (len != destsize
2105 || !si || !is_strlen_related_p (si->ptr, len)))
2106 return;
2107
2108 location_t loc = gimple_nonartificial_location (stmt);
2109 if (loc == UNKNOWN_LOCATION && dest && EXPR_HAS_LOCATION (dest))
2110 loc = tree_nonartificial_location (dest);
2111 loc = expansion_point_location_if_in_system_header (loc);
2112
2113 bool warned = false;
2114 if (wi::leu_p (lenrng[0], spcrng[1]))
2115 {
2116 if (len != destsize
2117 && (!si || !is_strlen_related_p (si->ptr, len)))
2118 return;
2119
2120 warned = (writefn
2121 ? warning_at (loc, OPT_Wstringop_overflow_,
2122 "%G%qD writing one too many bytes into a region "
2123 "of a size that depends on %<strlen%>",
2124 stmt, writefn)
2125 : warning_at (loc, OPT_Wstringop_overflow_,
2126 "%Gwriting one too many bytes into a region "
2127 "of a size that depends on %<strlen%>",
2128 stmt));
2129 }
2130 else if (lenrng[0] == lenrng[1])
2131 {
2132 if (spcrng[0] == spcrng[1])
2133 warned = (writefn
2134 ? warning_n (loc, OPT_Wstringop_overflow_,
2135 lenrng[0].to_uhwi (),
2136 "%G%qD writing %wu byte into a region "
2137 "of size %wu",
2138 "%G%qD writing %wu bytes into a region "
2139 "of size %wu",
2140 stmt, writefn, lenrng[0].to_uhwi (),
2141 spcrng[0].to_uhwi ())
2142 : warning_n (loc, OPT_Wstringop_overflow_,
2143 lenrng[0].to_uhwi (),
2144 "%Gwriting %wu byte into a region "
2145 "of size %wu",
2146 "%Gwriting %wu bytes into a region "
2147 "of size %wu",
2148 stmt, lenrng[0].to_uhwi (),
2149 spcrng[0].to_uhwi ()));
2150 else
2151 warned = (writefn
2152 ? warning_n (loc, OPT_Wstringop_overflow_,
2153 lenrng[0].to_uhwi (),
2154 "%G%qD writing %wu byte into a region "
2155 "of size between %wu and %wu",
2156 "%G%qD writing %wu bytes into a region "
2157 "of size between %wu and %wu",
2158 stmt, writefn, lenrng[0].to_uhwi (),
2159 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2160 : warning_n (loc, OPT_Wstringop_overflow_,
2161 lenrng[0].to_uhwi (),
2162 "%Gwriting %wu byte into a region "
2163 "of size between %wu and %wu",
2164 "%Gwriting %wu bytes into a region "
2165 "of size between %wu and %wu",
2166 stmt, lenrng[0].to_uhwi (),
2167 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2168 }
2169 else if (spcrng[0] == spcrng[1])
2170 warned = (writefn
2171 ? warning_at (loc, OPT_Wstringop_overflow_,
2172 "%G%qD writing between %wu and %wu bytes "
2173 "into a region of size %wu",
2174 stmt, writefn, lenrng[0].to_uhwi (),
2175 lenrng[1].to_uhwi (),
2176 spcrng[0].to_uhwi ())
2177 : warning_at (loc, OPT_Wstringop_overflow_,
2178 "%Gwriting between %wu and %wu bytes "
2179 "into a region of size %wu",
2180 stmt, lenrng[0].to_uhwi (),
2181 lenrng[1].to_uhwi (),
2182 spcrng[0].to_uhwi ()));
2183 else
2184 warned = (writefn
2185 ? warning_at (loc, OPT_Wstringop_overflow_,
2186 "%G%qD writing between %wu and %wu bytes "
2187 "into a region of size between %wu and %wu",
2188 stmt, writefn, lenrng[0].to_uhwi (),
2189 lenrng[1].to_uhwi (),
2190 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2191 : warning_at (loc, OPT_Wstringop_overflow_,
2192 "%Gwriting between %wu and %wu bytes "
2193 "into a region of size between %wu and %wu",
2194 stmt, lenrng[0].to_uhwi (),
2195 lenrng[1].to_uhwi (),
2196 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2197
2198 if (!warned)
2199 return;
2200
2201 gimple_set_no_warning (stmt, true);
2202
2203 /* If DESTOFF is not null, use it to format the offset value/range. */
2204 if (destoff)
2205 get_range (destoff, offrng);
2206
2207 /* Format the offset to keep the number of inform calls from growing
2208 out of control. */
2209 char offstr[64];
2210 if (offrng[0] == offrng[1])
2211 sprintf (offstr, "%lli", (long long) offrng[0].to_shwi ());
2212 else
2213 sprintf (offstr, "[%lli, %lli]",
2214 (long long) offrng[0].to_shwi (), (long long) offrng[1].to_shwi ());
2215
2216 if (destdecl)
2217 {
2218 if (tree size = DECL_SIZE_UNIT (destdecl))
2219 inform (DECL_SOURCE_LOCATION (destdecl),
2220 "at offset %s to object %qD with size %E declared here",
2221 offstr, destdecl, size);
2222 else
2223 inform (DECL_SOURCE_LOCATION (destdecl),
2224 "at offset %s to object %qD declared here",
2225 offstr, destdecl);
2226 return;
2227 }
2228
2229 if (!alloc_call)
2230 return;
2231
2232 tree allocfn = gimple_call_fndecl (alloc_call);
2233 if (!allocfn)
2234 {
2235 /* For an ALLOC_CALL via a function pointer make a small effort
2236 to determine the destination of the pointer. */
2237 allocfn = gimple_call_fn (alloc_call);
2238 if (TREE_CODE (allocfn) == SSA_NAME)
2239 {
2240 gimple *def = SSA_NAME_DEF_STMT (allocfn);
2241 if (gimple_assign_single_p (def))
2242 {
2243 tree rhs = gimple_assign_rhs1 (def);
2244 if (DECL_P (rhs))
2245 allocfn = rhs;
2246 else if (TREE_CODE (rhs) == COMPONENT_REF)
2247 allocfn = TREE_OPERAND (rhs, 1);
2248 }
2249 }
2250 }
2251
2252 if (gimple_call_builtin_p (alloc_call, BUILT_IN_ALLOCA_WITH_ALIGN))
2253 {
2254 if (sizrng[0] == sizrng[1])
2255 inform (gimple_location (alloc_call),
2256 "at offset %s to an object with size %wu declared here",
2257 offstr, sizrng[0].to_uhwi ());
2258 else if (sizrng[0] == 0)
2259 {
2260 /* Avoid printing impossible sizes. */
2261 if (wi::ltu_p (sizrng[1],
2262 wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2))
2263 inform (gimple_location (alloc_call),
2264 "at offset %s to an object with size at most %wu "
2265 "declared here",
2266 offstr, sizrng[1].to_uhwi ());
2267 else
2268 inform (gimple_location (alloc_call),
2269 "at offset %s to an object declared here", offstr);
2270 }
2271 else
2272 inform (gimple_location (alloc_call),
2273 "at offset %s to an object with size between %wu and %wu "
2274 "declared here",
2275 offstr, sizrng[0].to_uhwi (), sizrng[1].to_uhwi ());
2276 return;
2277 }
2278
2279 if (sizrng[0] == sizrng[1])
2280 inform (gimple_location (alloc_call),
2281 "at offset %s to an object with size %wu allocated by %qE here",
2282 offstr, sizrng[0].to_uhwi (), allocfn);
2283 else if (sizrng[0] == 0)
2284 {
2285 /* Avoid printing impossible sizes. */
2286 if (wi::ltu_p (sizrng[1],
2287 wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2))
2288 inform (gimple_location (alloc_call),
2289 "at offset %s to an object with size at most %wu allocated "
2290 "by %qD here",
2291 offstr, sizrng[1].to_uhwi (), allocfn);
2292 else
2293 inform (gimple_location (alloc_call),
2294 "at offset %s to an object allocated by %qE here",
2295 offstr, allocfn);
2296 }
2297 else
2298 inform (gimple_location (alloc_call),
2299 "at offset %s to an object with size between %wu and %wu "
2300 "allocated by %qE here",
2301 offstr, sizrng[0].to_uhwi (), sizrng[1].to_uhwi (), allocfn);
2302 }
2303
2304 /* Convenience wrapper for the above. */
2305
2306 static inline void
2307 maybe_warn_overflow (gimple *stmt, unsigned HOST_WIDE_INT len,
2308 const vr_values *rvals = NULL, strinfo *si = NULL,
2309 bool plus_one = false, bool rawmem = false)
2310 {
2311 maybe_warn_overflow (stmt, build_int_cst (size_type_node, len), rvals,
2312 si, plus_one, rawmem);
2313 }
2314
2315 /* Handle a strlen call. If strlen of the argument is known, replace
2316 the strlen call with the known value, otherwise remember that strlen
2317 of the argument is stored in the lhs SSA_NAME. */
2318
2319 static void
2320 handle_builtin_strlen (gimple_stmt_iterator *gsi)
2321 {
2322 gimple *stmt = gsi_stmt (*gsi);
2323 tree lhs = gimple_call_lhs (stmt);
2324
2325 if (lhs == NULL_TREE)
2326 return;
2327
2328 location_t loc = gimple_location (stmt);
2329 tree callee = gimple_call_fndecl (stmt);
2330 tree src = gimple_call_arg (stmt, 0);
2331 tree bound = (DECL_FUNCTION_CODE (callee) == BUILT_IN_STRNLEN
2332 ? gimple_call_arg (stmt, 1) : NULL_TREE);
2333 int idx = get_stridx (src);
2334 if (idx || (bound && integer_zerop (bound)))
2335 {
2336 strinfo *si = NULL;
2337 tree rhs;
2338
2339 if (idx < 0)
2340 rhs = build_int_cst (TREE_TYPE (lhs), ~idx);
2341 else if (idx == 0)
2342 rhs = bound;
2343 else
2344 {
2345 rhs = NULL_TREE;
2346 si = get_strinfo (idx);
2347 if (si != NULL)
2348 {
2349 rhs = get_string_length (si);
2350 /* For strnlen, if bound is constant, even if si is not known
2351 to be zero terminated, if we know at least bound bytes are
2352 not zero, the return value will be bound. */
2353 if (rhs == NULL_TREE
2354 && bound != NULL_TREE
2355 && TREE_CODE (bound) == INTEGER_CST
2356 && si->nonzero_chars != NULL_TREE
2357 && TREE_CODE (si->nonzero_chars) == INTEGER_CST
2358 && tree_int_cst_le (bound, si->nonzero_chars))
2359 rhs = bound;
2360 }
2361 }
2362 if (rhs != NULL_TREE)
2363 {
2364 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2365 {
2366 fprintf (dump_file, "Optimizing: ");
2367 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2368 }
2369 rhs = unshare_expr (rhs);
2370 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
2371 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2372
2373 if (bound)
2374 rhs = fold_build2_loc (loc, MIN_EXPR, TREE_TYPE (rhs), rhs, bound);
2375
2376 if (!update_call_from_tree (gsi, rhs))
2377 gimplify_and_update_call_from_tree (gsi, rhs);
2378 stmt = gsi_stmt (*gsi);
2379 update_stmt (stmt);
2380 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2381 {
2382 fprintf (dump_file, "into: ");
2383 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2384 }
2385
2386 if (si != NULL
2387 /* Don't update anything for strnlen. */
2388 && bound == NULL_TREE
2389 && TREE_CODE (si->nonzero_chars) != SSA_NAME
2390 && TREE_CODE (si->nonzero_chars) != INTEGER_CST
2391 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2392 {
2393 si = unshare_strinfo (si);
2394 si->nonzero_chars = lhs;
2395 gcc_assert (si->full_string_p);
2396 }
2397
2398 if (strlen_to_stridx
2399 && (bound == NULL_TREE
2400 /* For strnlen record this only if the call is proven
2401 to return the same value as strlen would. */
2402 || (TREE_CODE (bound) == INTEGER_CST
2403 && TREE_CODE (rhs) == INTEGER_CST
2404 && tree_int_cst_lt (rhs, bound))))
2405 strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2406
2407 return;
2408 }
2409 }
2410 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2411 return;
2412
2413 if (idx == 0)
2414 idx = new_stridx (src);
2415 else
2416 {
2417 strinfo *si = get_strinfo (idx);
2418 if (si != NULL)
2419 {
2420 if (!si->full_string_p && !si->stmt)
2421 {
2422 /* Until now we only had a lower bound on the string length.
2423 Install LHS as the actual length. */
2424 si = unshare_strinfo (si);
2425 tree old = si->nonzero_chars;
2426 si->nonzero_chars = lhs;
2427 si->full_string_p = true;
2428 if (old && TREE_CODE (old) == INTEGER_CST)
2429 {
2430 old = fold_convert_loc (loc, TREE_TYPE (lhs), old);
2431 tree adj = fold_build2_loc (loc, MINUS_EXPR,
2432 TREE_TYPE (lhs), lhs, old);
2433 adjust_related_strinfos (loc, si, adj);
2434 /* Use the constant minimum length as the lower bound
2435 of the non-constant length. */
2436 wide_int min = wi::to_wide (old);
2437 wide_int max
2438 = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
2439 set_strlen_range (lhs, min, max);
2440 }
2441 else
2442 {
2443 si->first = 0;
2444 si->prev = 0;
2445 si->next = 0;
2446 }
2447 }
2448 return;
2449 }
2450 }
2451 if (idx)
2452 {
2453 if (!bound)
2454 {
2455 /* Only store the new length information for calls to strlen(),
2456 not for those to strnlen(). */
2457 strinfo *si = new_strinfo (src, idx, lhs, true);
2458 set_strinfo (idx, si);
2459 find_equal_ptrs (src, idx);
2460 }
2461
2462 /* For SRC that is an array of N elements, set LHS's range
2463 to [0, min (N, BOUND)]. A constant return value means
2464 the range would have consisted of a single value. In
2465 that case, fold the result into the returned constant. */
2466 if (tree ret = maybe_set_strlen_range (lhs, src, bound))
2467 if (TREE_CODE (ret) == INTEGER_CST)
2468 {
2469 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2470 {
2471 fprintf (dump_file, "Optimizing: ");
2472 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2473 }
2474 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (ret)))
2475 ret = fold_convert_loc (loc, TREE_TYPE (lhs), ret);
2476 if (!update_call_from_tree (gsi, ret))
2477 gimplify_and_update_call_from_tree (gsi, ret);
2478 stmt = gsi_stmt (*gsi);
2479 update_stmt (stmt);
2480 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2481 {
2482 fprintf (dump_file, "into: ");
2483 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2484 }
2485 }
2486
2487 if (strlen_to_stridx && !bound)
2488 strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2489 }
2490 }
2491
2492 /* Handle a strchr call. If strlen of the first argument is known, replace
2493 the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
2494 that lhs of the call is endptr and strlen of the argument is endptr - x. */
2495
2496 static void
2497 handle_builtin_strchr (gimple_stmt_iterator *gsi)
2498 {
2499 gimple *stmt = gsi_stmt (*gsi);
2500 tree lhs = gimple_call_lhs (stmt);
2501
2502 if (lhs == NULL_TREE)
2503 return;
2504
2505 if (!integer_zerop (gimple_call_arg (stmt, 1)))
2506 return;
2507
2508 tree src = gimple_call_arg (stmt, 0);
2509
2510 /* Avoid folding if the first argument is not a nul-terminated array.
2511 Defer warning until later. */
2512 if (!check_nul_terminated_array (NULL_TREE, src))
2513 return;
2514
2515 int idx = get_stridx (src);
2516 if (idx)
2517 {
2518 strinfo *si = NULL;
2519 tree rhs;
2520
2521 if (idx < 0)
2522 rhs = build_int_cst (size_type_node, ~idx);
2523 else
2524 {
2525 rhs = NULL_TREE;
2526 si = get_strinfo (idx);
2527 if (si != NULL)
2528 rhs = get_string_length (si);
2529 }
2530 if (rhs != NULL_TREE)
2531 {
2532 location_t loc = gimple_location (stmt);
2533
2534 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2535 {
2536 fprintf (dump_file, "Optimizing: ");
2537 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2538 }
2539 if (si != NULL && si->endptr != NULL_TREE)
2540 {
2541 rhs = unshare_expr (si->endptr);
2542 if (!useless_type_conversion_p (TREE_TYPE (lhs),
2543 TREE_TYPE (rhs)))
2544 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2545 }
2546 else
2547 {
2548 rhs = fold_convert_loc (loc, sizetype, unshare_expr (rhs));
2549 rhs = fold_build2_loc (loc, POINTER_PLUS_EXPR,
2550 TREE_TYPE (src), src, rhs);
2551 if (!useless_type_conversion_p (TREE_TYPE (lhs),
2552 TREE_TYPE (rhs)))
2553 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2554 }
2555 if (!update_call_from_tree (gsi, rhs))
2556 gimplify_and_update_call_from_tree (gsi, rhs);
2557 stmt = gsi_stmt (*gsi);
2558 update_stmt (stmt);
2559 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2560 {
2561 fprintf (dump_file, "into: ");
2562 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2563 }
2564 if (si != NULL
2565 && si->endptr == NULL_TREE
2566 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2567 {
2568 si = unshare_strinfo (si);
2569 si->endptr = lhs;
2570 }
2571 zero_length_string (lhs, si);
2572 return;
2573 }
2574 }
2575 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2576 return;
2577 if (TREE_CODE (src) != SSA_NAME || !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src))
2578 {
2579 if (idx == 0)
2580 idx = new_stridx (src);
2581 else if (get_strinfo (idx) != NULL)
2582 {
2583 zero_length_string (lhs, NULL);
2584 return;
2585 }
2586 if (idx)
2587 {
2588 location_t loc = gimple_location (stmt);
2589 tree lhsu = fold_convert_loc (loc, size_type_node, lhs);
2590 tree srcu = fold_convert_loc (loc, size_type_node, src);
2591 tree length = fold_build2_loc (loc, MINUS_EXPR,
2592 size_type_node, lhsu, srcu);
2593 strinfo *si = new_strinfo (src, idx, length, true);
2594 si->endptr = lhs;
2595 set_strinfo (idx, si);
2596 find_equal_ptrs (src, idx);
2597 zero_length_string (lhs, si);
2598 }
2599 }
2600 else
2601 zero_length_string (lhs, NULL);
2602 }
2603
2604 /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
2605 If strlen of the second argument is known, strlen of the first argument
2606 is the same after this call. Furthermore, attempt to convert it to
2607 memcpy. Uses RVALS to determine range information. */
2608
2609 static void
2610 handle_builtin_strcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi,
2611 const vr_values *rvals)
2612 {
2613 int idx, didx;
2614 tree src, dst, srclen, len, lhs, type, fn, oldlen;
2615 bool success;
2616 gimple *stmt = gsi_stmt (*gsi);
2617 strinfo *si, *dsi, *olddsi, *zsi;
2618 location_t loc;
2619
2620 src = gimple_call_arg (stmt, 1);
2621 dst = gimple_call_arg (stmt, 0);
2622 lhs = gimple_call_lhs (stmt);
2623 idx = get_stridx (src);
2624 si = NULL;
2625 if (idx > 0)
2626 si = get_strinfo (idx);
2627
2628 didx = get_stridx (dst);
2629 olddsi = NULL;
2630 oldlen = NULL_TREE;
2631 if (didx > 0)
2632 olddsi = get_strinfo (didx);
2633 else if (didx < 0)
2634 return;
2635
2636 if (olddsi != NULL)
2637 adjust_last_stmt (olddsi, stmt, false);
2638
2639 srclen = NULL_TREE;
2640 if (si != NULL)
2641 srclen = get_string_length (si);
2642 else if (idx < 0)
2643 srclen = build_int_cst (size_type_node, ~idx);
2644
2645 maybe_warn_overflow (stmt, srclen, rvals, olddsi, true);
2646
2647 if (olddsi != NULL)
2648 adjust_last_stmt (olddsi, stmt, false);
2649
2650 loc = gimple_location (stmt);
2651 if (srclen == NULL_TREE)
2652 switch (bcode)
2653 {
2654 case BUILT_IN_STRCPY:
2655 case BUILT_IN_STRCPY_CHK:
2656 if (lhs != NULL_TREE || !builtin_decl_implicit_p (BUILT_IN_STPCPY))
2657 return;
2658 break;
2659 case BUILT_IN_STPCPY:
2660 case BUILT_IN_STPCPY_CHK:
2661 if (lhs == NULL_TREE)
2662 return;
2663 else
2664 {
2665 tree lhsuint = fold_convert_loc (loc, size_type_node, lhs);
2666 srclen = fold_convert_loc (loc, size_type_node, dst);
2667 srclen = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
2668 lhsuint, srclen);
2669 }
2670 break;
2671 default:
2672 gcc_unreachable ();
2673 }
2674
2675 if (didx == 0)
2676 {
2677 didx = new_stridx (dst);
2678 if (didx == 0)
2679 return;
2680 }
2681 if (olddsi != NULL)
2682 {
2683 oldlen = olddsi->nonzero_chars;
2684 dsi = unshare_strinfo (olddsi);
2685 dsi->nonzero_chars = srclen;
2686 dsi->full_string_p = (srclen != NULL_TREE);
2687 /* Break the chain, so adjust_related_strinfo on later pointers in
2688 the chain won't adjust this one anymore. */
2689 dsi->next = 0;
2690 dsi->stmt = NULL;
2691 dsi->endptr = NULL_TREE;
2692 }
2693 else
2694 {
2695 dsi = new_strinfo (dst, didx, srclen, srclen != NULL_TREE);
2696 set_strinfo (didx, dsi);
2697 find_equal_ptrs (dst, didx);
2698 }
2699 dsi->writable = true;
2700 dsi->dont_invalidate = true;
2701
2702 if (dsi->nonzero_chars == NULL_TREE)
2703 {
2704 strinfo *chainsi;
2705
2706 /* If string length of src is unknown, use delayed length
2707 computation. If string length of dst will be needed, it
2708 can be computed by transforming this strcpy call into
2709 stpcpy and subtracting dst from the return value. */
2710
2711 /* Look for earlier strings whose length could be determined if
2712 this strcpy is turned into an stpcpy. */
2713
2714 if (dsi->prev != 0 && (chainsi = verify_related_strinfos (dsi)) != NULL)
2715 {
2716 for (; chainsi && chainsi != dsi; chainsi = get_strinfo (chainsi->next))
2717 {
2718 /* When setting a stmt for delayed length computation
2719 prevent all strinfos through dsi from being
2720 invalidated. */
2721 chainsi = unshare_strinfo (chainsi);
2722 chainsi->stmt = stmt;
2723 chainsi->nonzero_chars = NULL_TREE;
2724 chainsi->full_string_p = false;
2725 chainsi->endptr = NULL_TREE;
2726 chainsi->dont_invalidate = true;
2727 }
2728 }
2729 dsi->stmt = stmt;
2730
2731 /* Try to detect overlap before returning. This catches cases
2732 like strcpy (d, d + n) where n is non-constant whose range
2733 is such that (n <= strlen (d) holds).
2734
2735 OLDDSI->NONZERO_chars may have been reset by this point with
2736 oldlen holding it original value. */
2737 if (olddsi && oldlen)
2738 {
2739 /* Add 1 for the terminating NUL. */
2740 tree type = TREE_TYPE (oldlen);
2741 oldlen = fold_build2 (PLUS_EXPR, type, oldlen,
2742 build_int_cst (type, 1));
2743 check_bounds_or_overlap (stmt, olddsi->ptr, src, oldlen, NULL_TREE);
2744 }
2745
2746 return;
2747 }
2748
2749 if (olddsi != NULL)
2750 {
2751 tree adj = NULL_TREE;
2752 if (oldlen == NULL_TREE)
2753 ;
2754 else if (integer_zerop (oldlen))
2755 adj = srclen;
2756 else if (TREE_CODE (oldlen) == INTEGER_CST
2757 || TREE_CODE (srclen) == INTEGER_CST)
2758 adj = fold_build2_loc (loc, MINUS_EXPR,
2759 TREE_TYPE (srclen), srclen,
2760 fold_convert_loc (loc, TREE_TYPE (srclen),
2761 oldlen));
2762 if (adj != NULL_TREE)
2763 adjust_related_strinfos (loc, dsi, adj);
2764 else
2765 dsi->prev = 0;
2766 }
2767 /* strcpy src may not overlap dst, so src doesn't need to be
2768 invalidated either. */
2769 if (si != NULL)
2770 si->dont_invalidate = true;
2771
2772 fn = NULL_TREE;
2773 zsi = NULL;
2774 switch (bcode)
2775 {
2776 case BUILT_IN_STRCPY:
2777 fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
2778 if (lhs)
2779 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2780 break;
2781 case BUILT_IN_STRCPY_CHK:
2782 fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
2783 if (lhs)
2784 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2785 break;
2786 case BUILT_IN_STPCPY:
2787 /* This would need adjustment of the lhs (subtract one),
2788 or detection that the trailing '\0' doesn't need to be
2789 written, if it will be immediately overwritten.
2790 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
2791 if (lhs)
2792 {
2793 dsi->endptr = lhs;
2794 zsi = zero_length_string (lhs, dsi);
2795 }
2796 break;
2797 case BUILT_IN_STPCPY_CHK:
2798 /* This would need adjustment of the lhs (subtract one),
2799 or detection that the trailing '\0' doesn't need to be
2800 written, if it will be immediately overwritten.
2801 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
2802 if (lhs)
2803 {
2804 dsi->endptr = lhs;
2805 zsi = zero_length_string (lhs, dsi);
2806 }
2807 break;
2808 default:
2809 gcc_unreachable ();
2810 }
2811 if (zsi != NULL)
2812 zsi->dont_invalidate = true;
2813
2814 if (fn)
2815 {
2816 tree args = TYPE_ARG_TYPES (TREE_TYPE (fn));
2817 type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
2818 }
2819 else
2820 type = size_type_node;
2821
2822 len = fold_convert_loc (loc, type, unshare_expr (srclen));
2823 len = fold_build2_loc (loc, PLUS_EXPR, type, len, build_int_cst (type, 1));
2824
2825 /* Set the no-warning bit on the transformed statement? */
2826 bool set_no_warning = false;
2827
2828 if (const strinfo *chksi = olddsi ? olddsi : dsi)
2829 if (si
2830 && check_bounds_or_overlap (stmt, chksi->ptr, si->ptr, NULL_TREE, len))
2831 {
2832 gimple_set_no_warning (stmt, true);
2833 set_no_warning = true;
2834 }
2835
2836 if (fn == NULL_TREE)
2837 return;
2838
2839 len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
2840 GSI_SAME_STMT);
2841 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2842 {
2843 fprintf (dump_file, "Optimizing: ");
2844 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2845 }
2846 if (gimple_call_num_args (stmt) == 2)
2847 success = update_gimple_call (gsi, fn, 3, dst, src, len);
2848 else
2849 success = update_gimple_call (gsi, fn, 4, dst, src, len,
2850 gimple_call_arg (stmt, 2));
2851 if (success)
2852 {
2853 stmt = gsi_stmt (*gsi);
2854 update_stmt (stmt);
2855 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2856 {
2857 fprintf (dump_file, "into: ");
2858 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2859 }
2860 /* Allow adjust_last_stmt to decrease this memcpy's size. */
2861 laststmt.stmt = stmt;
2862 laststmt.len = srclen;
2863 laststmt.stridx = dsi->idx;
2864 }
2865 else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2866 fprintf (dump_file, "not possible.\n");
2867
2868 if (set_no_warning)
2869 gimple_set_no_warning (stmt, true);
2870 }
2871
2872 /* Check the size argument to the built-in forms of stpncpy and strncpy
2873 for out-of-bounds offsets or overlapping access, and to see if the
2874 size argument is derived from a call to strlen() on the source argument,
2875 and if so, issue an appropriate warning. */
2876
2877 static void
2878 handle_builtin_strncat (built_in_function bcode, gimple_stmt_iterator *gsi)
2879 {
2880 /* Same as stxncpy(). */
2881 handle_builtin_stxncpy (bcode, gsi);
2882 }
2883
2884 /* Return true if LEN depends on a call to strlen(SRC) in an interesting
2885 way. LEN can either be an integer expression, or a pointer (to char).
2886 When it is the latter (such as in recursive calls to self) is is
2887 assumed to be the argument in some call to strlen() whose relationship
2888 to SRC is being ascertained. */
2889
2890 bool
2891 is_strlen_related_p (tree src, tree len)
2892 {
2893 if (TREE_CODE (TREE_TYPE (len)) == POINTER_TYPE
2894 && operand_equal_p (src, len, 0))
2895 return true;
2896
2897 if (TREE_CODE (len) != SSA_NAME)
2898 return false;
2899
2900 if (TREE_CODE (src) == SSA_NAME)
2901 {
2902 gimple *srcdef = SSA_NAME_DEF_STMT (src);
2903 if (is_gimple_assign (srcdef))
2904 {
2905 /* Handle bitwise AND used in conversions from wider size_t
2906 to narrower unsigned types. */
2907 tree_code code = gimple_assign_rhs_code (srcdef);
2908 if (code == BIT_AND_EXPR
2909 || code == NOP_EXPR)
2910 return is_strlen_related_p (gimple_assign_rhs1 (srcdef), len);
2911
2912 return false;
2913 }
2914
2915 if (gimple_call_builtin_p (srcdef, BUILT_IN_NORMAL))
2916 {
2917 /* If SRC is the result of a call to an allocation function
2918 or strlen, use the function's argument instead. */
2919 tree func = gimple_call_fndecl (srcdef);
2920 built_in_function code = DECL_FUNCTION_CODE (func);
2921 if (code == BUILT_IN_ALLOCA
2922 || code == BUILT_IN_ALLOCA_WITH_ALIGN
2923 || code == BUILT_IN_MALLOC
2924 || code == BUILT_IN_STRLEN)
2925 return is_strlen_related_p (gimple_call_arg (srcdef, 0), len);
2926
2927 /* FIXME: Handle other functions with attribute alloc_size. */
2928 return false;
2929 }
2930 }
2931
2932 gimple *lendef = SSA_NAME_DEF_STMT (len);
2933 if (!lendef)
2934 return false;
2935
2936 if (is_gimple_call (lendef))
2937 {
2938 tree func = gimple_call_fndecl (lendef);
2939 if (!valid_builtin_call (lendef)
2940 || DECL_FUNCTION_CODE (func) != BUILT_IN_STRLEN)
2941 return false;
2942
2943 tree arg = gimple_call_arg (lendef, 0);
2944 return is_strlen_related_p (src, arg);
2945 }
2946
2947 if (!is_gimple_assign (lendef))
2948 return false;
2949
2950 tree_code code = gimple_assign_rhs_code (lendef);
2951 tree rhs1 = gimple_assign_rhs1 (lendef);
2952 tree rhstype = TREE_TYPE (rhs1);
2953
2954 if ((TREE_CODE (rhstype) == POINTER_TYPE && code == POINTER_PLUS_EXPR)
2955 || (INTEGRAL_TYPE_P (rhstype)
2956 && (code == BIT_AND_EXPR
2957 || code == NOP_EXPR)))
2958 {
2959 /* Pointer plus (an integer), and truncation are considered among
2960 the (potentially) related expressions to strlen. */
2961 return is_strlen_related_p (src, rhs1);
2962 }
2963
2964 if (tree rhs2 = gimple_assign_rhs2 (lendef))
2965 {
2966 /* Integer subtraction is considered strlen-related when both
2967 arguments are integers and second one is strlen-related. */
2968 rhstype = TREE_TYPE (rhs2);
2969 if (INTEGRAL_TYPE_P (rhstype) && code == MINUS_EXPR)
2970 return is_strlen_related_p (src, rhs2);
2971 }
2972
2973 return false;
2974 }
2975
2976 /* Called by handle_builtin_stxncpy and by gimple_fold_builtin_strncpy
2977 in gimple-fold.c.
2978 Check to see if the specified bound is a) equal to the size of
2979 the destination DST and if so, b) if it's immediately followed by
2980 DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
2981 do nothing. Return true if diagnostic has been issued.
2982
2983 The purpose is to diagnose calls to strncpy and stpncpy that do
2984 not nul-terminate the copy while allowing for the idiom where
2985 such a call is immediately followed by setting the last element
2986 to nul, as in:
2987 char a[32];
2988 strncpy (a, s, sizeof a);
2989 a[sizeof a - 1] = '\0';
2990 */
2991
2992 bool
2993 maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi, tree src, tree cnt)
2994 {
2995 gimple *stmt = gsi_stmt (gsi);
2996 if (gimple_no_warning_p (stmt))
2997 return false;
2998
2999 wide_int cntrange[2];
3000
3001 if (TREE_CODE (cnt) == INTEGER_CST)
3002 cntrange[0] = cntrange[1] = wi::to_wide (cnt);
3003 else if (TREE_CODE (cnt) == SSA_NAME)
3004 {
3005 enum value_range_kind rng = get_range_info (cnt, cntrange, cntrange + 1);
3006 if (rng == VR_RANGE)
3007 ;
3008 else if (rng == VR_ANTI_RANGE)
3009 {
3010 wide_int maxobjsize = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
3011
3012 if (wi::ltu_p (cntrange[1], maxobjsize))
3013 {
3014 cntrange[0] = cntrange[1] + 1;
3015 cntrange[1] = maxobjsize;
3016 }
3017 else
3018 {
3019 cntrange[1] = cntrange[0] - 1;
3020 cntrange[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt)));
3021 }
3022 }
3023 else
3024 return false;
3025 }
3026 else
3027 return false;
3028
3029 /* Negative value is the constant string length. If it's less than
3030 the lower bound there is no truncation. Avoid calling get_stridx()
3031 when ssa_ver_to_stridx is empty. That implies the caller isn't
3032 running under the control of this pass and ssa_ver_to_stridx hasn't
3033 been created yet. */
3034 int sidx = ssa_ver_to_stridx.length () ? get_stridx (src) : 0;
3035 if (sidx < 0 && wi::gtu_p (cntrange[0], ~sidx))
3036 return false;
3037
3038 tree dst = gimple_call_arg (stmt, 0);
3039 tree dstdecl = dst;
3040 if (TREE_CODE (dstdecl) == ADDR_EXPR)
3041 dstdecl = TREE_OPERAND (dstdecl, 0);
3042
3043 tree ref = NULL_TREE;
3044
3045 if (!sidx)
3046 {
3047 /* If the source is a non-string return early to avoid warning
3048 for possible truncation (if the truncation is certain SIDX
3049 is non-zero). */
3050 tree srcdecl = gimple_call_arg (stmt, 1);
3051 if (TREE_CODE (srcdecl) == ADDR_EXPR)
3052 srcdecl = TREE_OPERAND (srcdecl, 0);
3053 if (get_attr_nonstring_decl (srcdecl, &ref))
3054 return false;
3055 }
3056
3057 /* Likewise, if the destination refers to a an array/pointer declared
3058 nonstring return early. */
3059 if (get_attr_nonstring_decl (dstdecl, &ref))
3060 return false;
3061
3062 /* Look for dst[i] = '\0'; after the stxncpy() call and if found
3063 avoid the truncation warning. */
3064 gsi_next_nondebug (&gsi);
3065 gimple *next_stmt = gsi_stmt (gsi);
3066 if (!next_stmt)
3067 {
3068 /* When there is no statement in the same basic block check
3069 the immediate successor block. */
3070 if (basic_block bb = gimple_bb (stmt))
3071 {
3072 if (single_succ_p (bb))
3073 {
3074 /* For simplicity, ignore blocks with multiple outgoing
3075 edges for now and only consider successor blocks along
3076 normal edges. */
3077 edge e = EDGE_SUCC (bb, 0);
3078 if (!(e->flags & EDGE_ABNORMAL))
3079 {
3080 gsi = gsi_start_bb (e->dest);
3081 next_stmt = gsi_stmt (gsi);
3082 if (next_stmt && is_gimple_debug (next_stmt))
3083 {
3084 gsi_next_nondebug (&gsi);
3085 next_stmt = gsi_stmt (gsi);
3086 }
3087 }
3088 }
3089 }
3090 }
3091
3092 if (next_stmt && is_gimple_assign (next_stmt))
3093 {
3094 tree lhs = gimple_assign_lhs (next_stmt);
3095 tree_code code = TREE_CODE (lhs);
3096 if (code == ARRAY_REF || code == MEM_REF)
3097 lhs = TREE_OPERAND (lhs, 0);
3098
3099 tree func = gimple_call_fndecl (stmt);
3100 if (DECL_FUNCTION_CODE (func) == BUILT_IN_STPNCPY)
3101 {
3102 tree ret = gimple_call_lhs (stmt);
3103 if (ret && operand_equal_p (ret, lhs, 0))
3104 return false;
3105 }
3106
3107 /* Determine the base address and offset of the reference,
3108 ignoring the innermost array index. */
3109 if (TREE_CODE (ref) == ARRAY_REF)
3110 ref = TREE_OPERAND (ref, 0);
3111
3112 poly_int64 dstoff;
3113 tree dstbase = get_addr_base_and_unit_offset (ref, &dstoff);
3114
3115 poly_int64 lhsoff;
3116 tree lhsbase = get_addr_base_and_unit_offset (lhs, &lhsoff);
3117 if (lhsbase
3118 && dstbase
3119 && known_eq (dstoff, lhsoff)
3120 && operand_equal_p (dstbase, lhsbase, 0))
3121 return false;
3122 }
3123
3124 int prec = TYPE_PRECISION (TREE_TYPE (cnt));
3125 wide_int lenrange[2];
3126 if (strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL)
3127 {
3128 lenrange[0] = (sisrc->nonzero_chars
3129 && TREE_CODE (sisrc->nonzero_chars) == INTEGER_CST
3130 ? wi::to_wide (sisrc->nonzero_chars)
3131 : wi::zero (prec));
3132 lenrange[1] = lenrange[0];
3133 }
3134 else if (sidx < 0)
3135 lenrange[0] = lenrange[1] = wi::shwi (~sidx, prec);
3136 else
3137 {
3138 c_strlen_data lendata = { };
3139 /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
3140 to have it set to the length of the longest string in a PHI. */
3141 lendata.maxbound = src;
3142 get_range_strlen (src, &lendata, /* eltsize = */1);
3143 if (TREE_CODE (lendata.minlen) == INTEGER_CST
3144 && TREE_CODE (lendata.maxbound) == INTEGER_CST)
3145 {
3146 /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
3147 which stores the length of the shortest known string. */
3148 if (integer_all_onesp (lendata.maxlen))
3149 lenrange[0] = wi::shwi (0, prec);
3150 else
3151 lenrange[0] = wi::to_wide (lendata.minlen, prec);
3152 lenrange[1] = wi::to_wide (lendata.maxbound, prec);
3153 }
3154 else
3155 {
3156 lenrange[0] = wi::shwi (0, prec);
3157 lenrange[1] = wi::shwi (-1, prec);
3158 }
3159 }
3160
3161 location_t callloc = gimple_nonartificial_location (stmt);
3162 callloc = expansion_point_location_if_in_system_header (callloc);
3163
3164 tree func = gimple_call_fndecl (stmt);
3165
3166 if (lenrange[0] != 0 || !wi::neg_p (lenrange[1]))
3167 {
3168 /* If the longest source string is shorter than the lower bound
3169 of the specified count the copy is definitely nul-terminated. */
3170 if (wi::ltu_p (lenrange[1], cntrange[0]))
3171 return false;
3172
3173 if (wi::neg_p (lenrange[1]))
3174 {
3175 /* The length of one of the strings is unknown but at least
3176 one has non-zero length and that length is stored in
3177 LENRANGE[1]. Swap the bounds to force a "may be truncated"
3178 warning below. */
3179 lenrange[1] = lenrange[0];
3180 lenrange[0] = wi::shwi (0, prec);
3181 }
3182
3183 /* Set to true for strncat whose bound is derived from the length
3184 of the destination (the expected usage pattern). */
3185 bool cat_dstlen_bounded = false;
3186 if (DECL_FUNCTION_CODE (func) == BUILT_IN_STRNCAT)
3187 cat_dstlen_bounded = is_strlen_related_p (dst, cnt);
3188
3189 if (lenrange[0] == cntrange[1] && cntrange[0] == cntrange[1])
3190 return warning_n (callloc, OPT_Wstringop_truncation,
3191 cntrange[0].to_uhwi (),
3192 "%G%qD output truncated before terminating "
3193 "nul copying %E byte from a string of the "
3194 "same length",
3195 "%G%qD output truncated before terminating nul "
3196 "copying %E bytes from a string of the same "
3197 "length",
3198 stmt, func, cnt);
3199 else if (!cat_dstlen_bounded)
3200 {
3201 if (wi::geu_p (lenrange[0], cntrange[1]))
3202 {
3203 /* The shortest string is longer than the upper bound of
3204 the count so the truncation is certain. */
3205 if (cntrange[0] == cntrange[1])
3206 return warning_n (callloc, OPT_Wstringop_truncation,
3207 cntrange[0].to_uhwi (),
3208 "%G%qD output truncated copying %E byte "
3209 "from a string of length %wu",
3210 "%G%qD output truncated copying %E bytes "
3211 "from a string of length %wu",
3212 stmt, func, cnt, lenrange[0].to_uhwi ());
3213
3214 return warning_at (callloc, OPT_Wstringop_truncation,
3215 "%G%qD output truncated copying between %wu "
3216 "and %wu bytes from a string of length %wu",
3217 stmt, func, cntrange[0].to_uhwi (),
3218 cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3219 }
3220 else if (wi::geu_p (lenrange[1], cntrange[1]))
3221 {
3222 /* The longest string is longer than the upper bound of
3223 the count so the truncation is possible. */
3224 if (cntrange[0] == cntrange[1])
3225 return warning_n (callloc, OPT_Wstringop_truncation,
3226 cntrange[0].to_uhwi (),
3227 "%G%qD output may be truncated copying %E "
3228 "byte from a string of length %wu",
3229 "%G%qD output may be truncated copying %E "
3230 "bytes from a string of length %wu",
3231 stmt, func, cnt, lenrange[1].to_uhwi ());
3232
3233 return warning_at (callloc, OPT_Wstringop_truncation,
3234 "%G%qD output may be truncated copying between "
3235 "%wu and %wu bytes from a string of length %wu",
3236 stmt, func, cntrange[0].to_uhwi (),
3237 cntrange[1].to_uhwi (), lenrange[1].to_uhwi ());
3238 }
3239 }
3240
3241 if (!cat_dstlen_bounded
3242 && cntrange[0] != cntrange[1]
3243 && wi::leu_p (cntrange[0], lenrange[0])
3244 && wi::leu_p (cntrange[1], lenrange[0] + 1))
3245 {
3246 /* If the source (including the terminating nul) is longer than
3247 the lower bound of the specified count but shorter than the
3248 upper bound the copy may (but need not) be truncated. */
3249 return warning_at (callloc, OPT_Wstringop_truncation,
3250 "%G%qD output may be truncated copying between "
3251 "%wu and %wu bytes from a string of length %wu",
3252 stmt, func, cntrange[0].to_uhwi (),
3253 cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3254 }
3255 }
3256
3257 if (tree dstsize = compute_objsize (dst, 1))
3258 {
3259 /* The source length is unknown. Try to determine the destination
3260 size and see if it matches the specified bound. If not, bail.
3261 Otherwise go on to see if it should be diagnosed for possible
3262 truncation. */
3263 if (!dstsize)
3264 return false;
3265
3266 if (wi::to_wide (dstsize) != cntrange[1])
3267 return false;
3268
3269 /* Avoid warning for strncpy(a, b, N) calls where the following
3270 equalities hold:
3271 N == sizeof a && N == sizeof b */
3272 if (tree srcsize = compute_objsize (src, 1))
3273 if (wi::to_wide (srcsize) == cntrange[1])
3274 return false;
3275
3276 if (cntrange[0] == cntrange[1])
3277 return warning_at (callloc, OPT_Wstringop_truncation,
3278 "%G%qD specified bound %E equals destination size",
3279 stmt, func, cnt);
3280 }
3281
3282 return false;
3283 }
3284
3285 /* Check the arguments to the built-in forms of stpncpy and strncpy for
3286 out-of-bounds offsets or overlapping access, and to see if the size
3287 is derived from calling strlen() on the source argument, and if so,
3288 issue the appropriate warning. */
3289
3290 static void
3291 handle_builtin_stxncpy (built_in_function, gimple_stmt_iterator *gsi)
3292 {
3293 if (!strlen_to_stridx)
3294 return;
3295
3296 gimple *stmt = gsi_stmt (*gsi);
3297
3298 tree dst = gimple_call_arg (stmt, 0);
3299 tree src = gimple_call_arg (stmt, 1);
3300 tree len = gimple_call_arg (stmt, 2);
3301 tree dstsize = NULL_TREE, srcsize = NULL_TREE;
3302
3303 int didx = get_stridx (dst);
3304 if (strinfo *sidst = didx > 0 ? get_strinfo (didx) : NULL)
3305 {
3306 /* Compute the size of the destination string including the nul
3307 if it is known to be nul-terminated. */
3308 if (sidst->nonzero_chars)
3309 {
3310 if (sidst->full_string_p)
3311 {
3312 /* String is known to be nul-terminated. */
3313 tree type = TREE_TYPE (sidst->nonzero_chars);
3314 dstsize = fold_build2 (PLUS_EXPR, type, sidst->nonzero_chars,
3315 build_int_cst (type, 1));
3316 }
3317 else
3318 dstsize = sidst->nonzero_chars;
3319 }
3320
3321 dst = sidst->ptr;
3322 }
3323
3324 int sidx = get_stridx (src);
3325 strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL;
3326 if (sisrc)
3327 {
3328 /* strncat() and strncpy() can modify the source string by writing
3329 over the terminating nul so SISRC->DONT_INVALIDATE must be left
3330 clear. */
3331
3332 /* Compute the size of the source string including the terminating
3333 nul if its known to be nul-terminated. */
3334 if (sisrc->nonzero_chars)
3335 {
3336 if (sisrc->full_string_p)
3337 {
3338 tree type = TREE_TYPE (sisrc->nonzero_chars);
3339 srcsize = fold_build2 (PLUS_EXPR, type, sisrc->nonzero_chars,
3340 build_int_cst (type, 1));
3341 }
3342 else
3343 srcsize = sisrc->nonzero_chars;
3344 }
3345
3346 src = sisrc->ptr;
3347 }
3348 else
3349 srcsize = NULL_TREE;
3350
3351 if (check_bounds_or_overlap (stmt, dst, src, dstsize, srcsize))
3352 {
3353 gimple_set_no_warning (stmt, true);
3354 return;
3355 }
3356
3357 /* If the length argument was computed from strlen(S) for some string
3358 S retrieve the strinfo index for the string (PSS->FIRST) along with
3359 the location of the strlen() call (PSS->SECOND). */
3360 stridx_strlenloc *pss = strlen_to_stridx->get (len);
3361 if (!pss || pss->first <= 0)
3362 {
3363 if (maybe_diag_stxncpy_trunc (*gsi, src, len))
3364 gimple_set_no_warning (stmt, true);
3365
3366 return;
3367 }
3368
3369 /* Retrieve the strinfo data for the string S that LEN was computed
3370 from as some function F of strlen (S) (i.e., LEN need not be equal
3371 to strlen(S)). */
3372 strinfo *silen = get_strinfo (pss->first);
3373
3374 location_t callloc = gimple_nonartificial_location (stmt);
3375 callloc = expansion_point_location_if_in_system_header (callloc);
3376
3377 tree func = gimple_call_fndecl (stmt);
3378
3379 bool warned = false;
3380
3381 /* When -Wstringop-truncation is set, try to determine truncation
3382 before diagnosing possible overflow. Truncation is implied by
3383 the LEN argument being equal to strlen(SRC), regardless of
3384 whether its value is known. Otherwise, issue the more generic
3385 -Wstringop-overflow which triggers for LEN arguments that in
3386 any meaningful way depend on strlen(SRC). */
3387 if (sisrc == silen
3388 && is_strlen_related_p (src, len)
3389 && warning_at (callloc, OPT_Wstringop_truncation,
3390 "%G%qD output truncated before terminating nul "
3391 "copying as many bytes from a string as its length",
3392 stmt, func))
3393 warned = true;
3394 else if (silen && is_strlen_related_p (src, silen->ptr))
3395 warned = warning_at (callloc, OPT_Wstringop_overflow_,
3396 "%G%qD specified bound depends on the length "
3397 "of the source argument",
3398 stmt, func);
3399 if (warned)
3400 {
3401 location_t strlenloc = pss->second;
3402 if (strlenloc != UNKNOWN_LOCATION && strlenloc != callloc)
3403 inform (strlenloc, "length computed here");
3404 }
3405 }
3406
3407 /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
3408 If strlen of the second argument is known and length of the third argument
3409 is that plus one, strlen of the first argument is the same after this
3410 call. Uses RVALS to determine range information. */
3411
3412 static void
3413 handle_builtin_memcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi,
3414 const vr_values *rvals)
3415 {
3416 tree lhs, oldlen, newlen;
3417 gimple *stmt = gsi_stmt (*gsi);
3418 strinfo *si, *dsi;
3419
3420 tree len = gimple_call_arg (stmt, 2);
3421 tree src = gimple_call_arg (stmt, 1);
3422 tree dst = gimple_call_arg (stmt, 0);
3423
3424 int didx = get_stridx (dst);
3425 strinfo *olddsi = NULL;
3426 if (didx > 0)
3427 olddsi = get_strinfo (didx);
3428 else if (didx < 0)
3429 return;
3430
3431 if (olddsi != NULL
3432 && !integer_zerop (len))
3433 {
3434 maybe_warn_overflow (stmt, len, rvals, olddsi, false, true);
3435 adjust_last_stmt (olddsi, stmt, false);
3436 }
3437
3438 int idx = get_stridx (src);
3439 if (idx == 0)
3440 return;
3441
3442 bool full_string_p;
3443 if (idx > 0)
3444 {
3445 gimple *def_stmt;
3446
3447 /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
3448 is known. */
3449 si = get_strinfo (idx);
3450 if (si == NULL || si->nonzero_chars == NULL_TREE)
3451 return;
3452 if (TREE_CODE (len) == INTEGER_CST
3453 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
3454 {
3455 if (tree_int_cst_le (len, si->nonzero_chars))
3456 {
3457 /* Copying LEN nonzero characters, where LEN is constant. */
3458 newlen = len;
3459 full_string_p = false;
3460 }
3461 else
3462 {
3463 /* Copying the whole of the analyzed part of SI. */
3464 newlen = si->nonzero_chars;
3465 full_string_p = si->full_string_p;
3466 }
3467 }
3468 else
3469 {
3470 if (!si->full_string_p)
3471 return;
3472 if (TREE_CODE (len) != SSA_NAME)
3473 return;
3474 def_stmt = SSA_NAME_DEF_STMT (len);
3475 if (!is_gimple_assign (def_stmt)
3476 || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
3477 || gimple_assign_rhs1 (def_stmt) != si->nonzero_chars
3478 || !integer_onep (gimple_assign_rhs2 (def_stmt)))
3479 return;
3480 /* Copying variable-length string SI (and no more). */
3481 newlen = si->nonzero_chars;
3482 full_string_p = true;
3483 }
3484 }
3485 else
3486 {
3487 si = NULL;
3488 /* Handle memcpy (x, "abcd", 5) or
3489 memcpy (x, "abc\0uvw", 7). */
3490 if (!tree_fits_uhwi_p (len))
3491 return;
3492
3493 unsigned HOST_WIDE_INT clen = tree_to_uhwi (len);
3494 unsigned HOST_WIDE_INT nonzero_chars = ~idx;
3495 newlen = build_int_cst (size_type_node, MIN (nonzero_chars, clen));
3496 full_string_p = clen > nonzero_chars;
3497 }
3498
3499 if (!full_string_p
3500 && olddsi
3501 && olddsi->nonzero_chars
3502 && TREE_CODE (olddsi->nonzero_chars) == INTEGER_CST
3503 && tree_int_cst_le (newlen, olddsi->nonzero_chars))
3504 {
3505 /* The SRC substring being written strictly overlaps
3506 a subsequence of the existing string OLDDSI. */
3507 newlen = olddsi->nonzero_chars;
3508 full_string_p = olddsi->full_string_p;
3509 }
3510
3511 if (olddsi != NULL && TREE_CODE (len) == SSA_NAME)
3512 adjust_last_stmt (olddsi, stmt, false);
3513
3514 if (didx == 0)
3515 {
3516 didx = new_stridx (dst);
3517 if (didx == 0)
3518 return;
3519 }
3520 oldlen = NULL_TREE;
3521 if (olddsi != NULL)
3522 {
3523 dsi = unshare_strinfo (olddsi);
3524 oldlen = olddsi->nonzero_chars;
3525 dsi->nonzero_chars = newlen;
3526 dsi->full_string_p = full_string_p;
3527 /* Break the chain, so adjust_related_strinfo on later pointers in
3528 the chain won't adjust this one anymore. */
3529 dsi->next = 0;
3530 dsi->stmt = NULL;
3531 dsi->endptr = NULL_TREE;
3532 }
3533 else
3534 {
3535 dsi = new_strinfo (dst, didx, newlen, full_string_p);
3536 set_strinfo (didx, dsi);
3537 find_equal_ptrs (dst, didx);
3538 }
3539 dsi->writable = true;
3540 dsi->dont_invalidate = true;
3541 if (olddsi != NULL)
3542 {
3543 tree adj = NULL_TREE;
3544 location_t loc = gimple_location (stmt);
3545 if (oldlen == NULL_TREE)
3546 ;
3547 else if (integer_zerop (oldlen))
3548 adj = newlen;
3549 else if (TREE_CODE (oldlen) == INTEGER_CST
3550 || TREE_CODE (newlen) == INTEGER_CST)
3551 adj = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (newlen), newlen,
3552 fold_convert_loc (loc, TREE_TYPE (newlen),
3553 oldlen));
3554 if (adj != NULL_TREE)
3555 adjust_related_strinfos (loc, dsi, adj);
3556 else
3557 dsi->prev = 0;
3558 }
3559 /* memcpy src may not overlap dst, so src doesn't need to be
3560 invalidated either. */
3561 if (si != NULL)
3562 si->dont_invalidate = true;
3563
3564 if (full_string_p)
3565 {
3566 lhs = gimple_call_lhs (stmt);
3567 switch (bcode)
3568 {
3569 case BUILT_IN_MEMCPY:
3570 case BUILT_IN_MEMCPY_CHK:
3571 /* Allow adjust_last_stmt to decrease this memcpy's size. */
3572 laststmt.stmt = stmt;
3573 laststmt.len = dsi->nonzero_chars;
3574 laststmt.stridx = dsi->idx;
3575 if (lhs)
3576 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
3577 break;
3578 case BUILT_IN_MEMPCPY:
3579 case BUILT_IN_MEMPCPY_CHK:
3580 break;
3581 default:
3582 gcc_unreachable ();
3583 }
3584 }
3585 }
3586
3587 /* Handle a strcat-like ({strcat,__strcat_chk}) call.
3588 If strlen of the second argument is known, strlen of the first argument
3589 is increased by the length of the second argument. Furthermore, attempt
3590 to convert it to memcpy/strcpy if the length of the first argument
3591 is known. */
3592
3593 static void
3594 handle_builtin_strcat (enum built_in_function bcode, gimple_stmt_iterator *gsi)
3595 {
3596 int idx, didx;
3597 tree srclen, args, type, fn, objsz, endptr;
3598 bool success;
3599 gimple *stmt = gsi_stmt (*gsi);
3600 strinfo *si, *dsi;
3601 location_t loc = gimple_location (stmt);
3602
3603 tree src = gimple_call_arg (stmt, 1);
3604 tree dst = gimple_call_arg (stmt, 0);
3605
3606 /* Bail if the source is the same as destination. It will be diagnosed
3607 elsewhere. */
3608 if (operand_equal_p (src, dst, 0))
3609 return;
3610
3611 tree lhs = gimple_call_lhs (stmt);
3612
3613 didx = get_stridx (dst);
3614 if (didx < 0)
3615 return;
3616
3617 dsi = NULL;
3618 if (didx > 0)
3619 dsi = get_strinfo (didx);
3620
3621 srclen = NULL_TREE;
3622 si = NULL;
3623 idx = get_stridx (src);
3624 if (idx < 0)
3625 srclen = build_int_cst (size_type_node, ~idx);
3626 else if (idx > 0)
3627 {
3628 si = get_strinfo (idx);
3629 if (si != NULL)
3630 srclen = get_string_length (si);
3631 }
3632
3633 /* Set the no-warning bit on the transformed statement? */
3634 bool set_no_warning = false;
3635
3636 if (dsi == NULL || get_string_length (dsi) == NULL_TREE)
3637 {
3638 {
3639 /* The concatenation always involves copying at least one byte
3640 (the terminating nul), even if the source string is empty.
3641 If the source is unknown assume it's one character long and
3642 used that as both sizes. */
3643 tree slen = srclen;
3644 if (slen)
3645 {
3646 tree type = TREE_TYPE (slen);
3647 slen = fold_build2 (PLUS_EXPR, type, slen, build_int_cst (type, 1));
3648 }
3649
3650 tree sptr = si && si->ptr ? si->ptr : src;
3651
3652 if (check_bounds_or_overlap (stmt, dst, sptr, NULL_TREE, slen))
3653 {
3654 gimple_set_no_warning (stmt, true);
3655 set_no_warning = true;
3656 }
3657 }
3658
3659 /* strcat (p, q) can be transformed into
3660 tmp = p + strlen (p); endptr = stpcpy (tmp, q);
3661 with length endptr - p if we need to compute the length
3662 later on. Don't do this transformation if we don't need
3663 it. */
3664 if (builtin_decl_implicit_p (BUILT_IN_STPCPY) && lhs == NULL_TREE)
3665 {
3666 if (didx == 0)
3667 {
3668 didx = new_stridx (dst);
3669 if (didx == 0)
3670 return;
3671 }
3672 if (dsi == NULL)
3673 {
3674 dsi = new_strinfo (dst, didx, NULL_TREE, false);
3675 set_strinfo (didx, dsi);
3676 find_equal_ptrs (dst, didx);
3677 }
3678 else
3679 {
3680 dsi = unshare_strinfo (dsi);
3681 dsi->nonzero_chars = NULL_TREE;
3682 dsi->full_string_p = false;
3683 dsi->next = 0;
3684 dsi->endptr = NULL_TREE;
3685 }
3686 dsi->writable = true;
3687 dsi->stmt = stmt;
3688 dsi->dont_invalidate = true;
3689 }
3690 return;
3691 }
3692
3693 tree dstlen = dsi->nonzero_chars;
3694 endptr = dsi->endptr;
3695
3696 dsi = unshare_strinfo (dsi);
3697 dsi->endptr = NULL_TREE;
3698 dsi->stmt = NULL;
3699 dsi->writable = true;
3700
3701 if (srclen != NULL_TREE)
3702 {
3703 dsi->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
3704 TREE_TYPE (dsi->nonzero_chars),
3705 dsi->nonzero_chars, srclen);
3706 gcc_assert (dsi->full_string_p);
3707 adjust_related_strinfos (loc, dsi, srclen);
3708 dsi->dont_invalidate = true;
3709 }
3710 else
3711 {
3712 dsi->nonzero_chars = NULL;
3713 dsi->full_string_p = false;
3714 if (lhs == NULL_TREE && builtin_decl_implicit_p (BUILT_IN_STPCPY))
3715 dsi->dont_invalidate = true;
3716 }
3717
3718 if (si != NULL)
3719 /* strcat src may not overlap dst, so src doesn't need to be
3720 invalidated either. */
3721 si->dont_invalidate = true;
3722
3723 /* For now. Could remove the lhs from the call and add
3724 lhs = dst; afterwards. */
3725 if (lhs)
3726 return;
3727
3728 fn = NULL_TREE;
3729 objsz = NULL_TREE;
3730 switch (bcode)
3731 {
3732 case BUILT_IN_STRCAT:
3733 if (srclen != NULL_TREE)
3734 fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
3735 else
3736 fn = builtin_decl_implicit (BUILT_IN_STRCPY);
3737 break;
3738 case BUILT_IN_STRCAT_CHK:
3739 if (srclen != NULL_TREE)
3740 fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
3741 else
3742 fn = builtin_decl_explicit (BUILT_IN_STRCPY_CHK);
3743 objsz = gimple_call_arg (stmt, 2);
3744 break;
3745 default:
3746 gcc_unreachable ();
3747 }
3748
3749 if (fn == NULL_TREE)
3750 return;
3751
3752 if (dsi && dstlen)
3753 {
3754 tree type = TREE_TYPE (dstlen);
3755
3756 /* Compute the size of the source sequence, including the nul. */
3757 tree srcsize = srclen ? srclen : size_zero_node;
3758 tree one = build_int_cst (type, 1);
3759 srcsize = fold_build2 (PLUS_EXPR, type, srcsize, one);
3760 tree dstsize = fold_build2 (PLUS_EXPR, type, dstlen, one);
3761 tree sptr = si && si->ptr ? si->ptr : src;
3762
3763 if (check_bounds_or_overlap (stmt, dst, sptr, dstsize, srcsize))
3764 {
3765 gimple_set_no_warning (stmt, true);
3766 set_no_warning = true;
3767 }
3768 }
3769
3770 tree len = NULL_TREE;
3771 if (srclen != NULL_TREE)
3772 {
3773 args = TYPE_ARG_TYPES (TREE_TYPE (fn));
3774 type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
3775
3776 len = fold_convert_loc (loc, type, unshare_expr (srclen));
3777 len = fold_build2_loc (loc, PLUS_EXPR, type, len,
3778 build_int_cst (type, 1));
3779 len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
3780 GSI_SAME_STMT);
3781 }
3782 if (endptr)
3783 dst = fold_convert_loc (loc, TREE_TYPE (dst), unshare_expr (endptr));
3784 else
3785 dst = fold_build2_loc (loc, POINTER_PLUS_EXPR, TREE_TYPE (dst), dst,
3786 fold_convert_loc (loc, sizetype,
3787 unshare_expr (dstlen)));
3788 dst = force_gimple_operand_gsi (gsi, dst, true, NULL_TREE, true,
3789 GSI_SAME_STMT);
3790 if (objsz)
3791 {
3792 objsz = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (objsz), objsz,
3793 fold_convert_loc (loc, TREE_TYPE (objsz),
3794 unshare_expr (dstlen)));
3795 objsz = force_gimple_operand_gsi (gsi, objsz, true, NULL_TREE, true,
3796 GSI_SAME_STMT);
3797 }
3798 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3799 {
3800 fprintf (dump_file, "Optimizing: ");
3801 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3802 }
3803 if (srclen != NULL_TREE)
3804 success = update_gimple_call (gsi, fn, 3 + (objsz != NULL_TREE),
3805 dst, src, len, objsz);
3806 else
3807 success = update_gimple_call (gsi, fn, 2 + (objsz != NULL_TREE),
3808 dst, src, objsz);
3809 if (success)
3810 {
3811 stmt = gsi_stmt (*gsi);
3812 update_stmt (stmt);
3813 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3814 {
3815 fprintf (dump_file, "into: ");
3816 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3817 }
3818 /* If srclen == NULL, note that current string length can be
3819 computed by transforming this strcpy into stpcpy. */
3820 if (srclen == NULL_TREE && dsi->dont_invalidate)
3821 dsi->stmt = stmt;
3822 adjust_last_stmt (dsi, stmt, true);
3823 if (srclen != NULL_TREE)
3824 {
3825 laststmt.stmt = stmt;
3826 laststmt.len = srclen;
3827 laststmt.stridx = dsi->idx;
3828 }
3829 }
3830 else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3831 fprintf (dump_file, "not possible.\n");
3832
3833 if (set_no_warning)
3834 gimple_set_no_warning (stmt, true);
3835 }
3836
3837 /* Handle a call to an allocation function like alloca, malloc or calloc,
3838 or an ordinary allocation function declared with attribute alloc_size. */
3839
3840 static void
3841 handle_alloc_call (enum built_in_function bcode, gimple_stmt_iterator *gsi)
3842 {
3843 gimple *stmt = gsi_stmt (*gsi);
3844 tree lhs = gimple_call_lhs (stmt);
3845 if (lhs == NULL_TREE)
3846 return;
3847
3848 gcc_assert (get_stridx (lhs) == 0);
3849 int idx = new_stridx (lhs);
3850 tree length = NULL_TREE;
3851 if (bcode == BUILT_IN_CALLOC)
3852 length = build_int_cst (size_type_node, 0);
3853 strinfo *si = new_strinfo (lhs, idx, length, length != NULL_TREE);
3854 if (bcode == BUILT_IN_CALLOC)
3855 {
3856 /* Only set STMT for calloc and malloc. */
3857 si->stmt = stmt;
3858 /* Only set ENDPTR for calloc. */
3859 si->endptr = lhs;
3860 }
3861 else if (bcode == BUILT_IN_MALLOC)
3862 si->stmt = stmt;
3863
3864 /* Set ALLOC is set for all allocation functions. */
3865 si->alloc = stmt;
3866 set_strinfo (idx, si);
3867 si->writable = true;
3868 si->dont_invalidate = true;
3869 }
3870
3871 /* Handle a call to memset.
3872 After a call to calloc, memset(,0,) is unnecessary.
3873 memset(malloc(n),0,n) is calloc(n,1).
3874 return true when the call is transformed, false otherwise.
3875 When nonnull uses RVALS to determine range information. */
3876
3877 static bool
3878 handle_builtin_memset (gimple_stmt_iterator *gsi, bool *zero_write,
3879 const vr_values *rvals)
3880 {
3881 gimple *memset_stmt = gsi_stmt (*gsi);
3882 tree ptr = gimple_call_arg (memset_stmt, 0);
3883 /* Set to the non-constant offset added to PTR. */
3884 wide_int offrng[2];
3885 int idx1 = get_stridx (ptr, offrng, rvals);
3886 if (idx1 <= 0)
3887 return false;
3888 strinfo *si1 = get_strinfo (idx1);
3889 if (!si1)
3890 return false;
3891 gimple *alloc_stmt = si1->alloc;
3892 if (!alloc_stmt || !is_gimple_call (alloc_stmt))
3893 return false;
3894 tree callee1 = gimple_call_fndecl (alloc_stmt);
3895 if (!valid_builtin_call (alloc_stmt))
3896 return false;
3897 tree alloc_size = gimple_call_arg (alloc_stmt, 0);
3898 tree memset_size = gimple_call_arg (memset_stmt, 2);
3899
3900 /* Check for overflow. */
3901 maybe_warn_overflow (memset_stmt, memset_size, rvals, NULL, false, true);
3902
3903 /* Bail when there is no statement associated with the destination
3904 (the statement may be null even when SI1->ALLOC is not). */
3905 if (!si1->stmt)
3906 return false;
3907
3908 /* Avoid optimizing if store is at a variable offset from the beginning
3909 of the allocated object. */
3910 if (offrng[0] != 0 || offrng[0] != offrng[1])
3911 return false;
3912
3913 /* Bail when the call writes a non-zero value. */
3914 if (!integer_zerop (gimple_call_arg (memset_stmt, 1)))
3915 return false;
3916
3917 /* Let the caller know the memset call cleared the destination. */
3918 *zero_write = true;
3919
3920 enum built_in_function code1 = DECL_FUNCTION_CODE (callee1);
3921 if (code1 == BUILT_IN_CALLOC)
3922 /* Not touching alloc_stmt */ ;
3923 else if (code1 == BUILT_IN_MALLOC
3924 && operand_equal_p (memset_size, alloc_size, 0))
3925 {
3926 /* Replace the malloc + memset calls with calloc. */
3927 gimple_stmt_iterator gsi1 = gsi_for_stmt (si1->stmt);
3928 update_gimple_call (&gsi1, builtin_decl_implicit (BUILT_IN_CALLOC), 2,
3929 alloc_size, build_one_cst (size_type_node));
3930 si1->nonzero_chars = build_int_cst (size_type_node, 0);
3931 si1->full_string_p = true;
3932 si1->stmt = gsi_stmt (gsi1);
3933 }
3934 else
3935 return false;
3936 tree lhs = gimple_call_lhs (memset_stmt);
3937 unlink_stmt_vdef (memset_stmt);
3938 if (lhs)
3939 {
3940 gimple *assign = gimple_build_assign (lhs, ptr);
3941 gsi_replace (gsi, assign, false);
3942 }
3943 else
3944 {
3945 gsi_remove (gsi, true);
3946 release_defs (memset_stmt);
3947 }
3948
3949 return true;
3950 }
3951
3952 /* Return a pointer to the first such equality expression if RES is used
3953 only in expressions testing its equality to zero, and null otherwise. */
3954
3955 static gimple *
3956 used_only_for_zero_equality (tree res)
3957 {
3958 gimple *first_use = NULL;
3959
3960 use_operand_p use_p;
3961 imm_use_iterator iter;
3962
3963 FOR_EACH_IMM_USE_FAST (use_p, iter, res)
3964 {
3965 gimple *use_stmt = USE_STMT (use_p);
3966
3967 if (is_gimple_debug (use_stmt))
3968 continue;
3969 if (gimple_code (use_stmt) == GIMPLE_ASSIGN)
3970 {
3971 tree_code code = gimple_assign_rhs_code (use_stmt);
3972 if (code == COND_EXPR)
3973 {
3974 tree cond_expr = gimple_assign_rhs1 (use_stmt);
3975 if ((TREE_CODE (cond_expr) != EQ_EXPR
3976 && (TREE_CODE (cond_expr) != NE_EXPR))
3977 || !integer_zerop (TREE_OPERAND (cond_expr, 1)))
3978 return NULL;
3979 }
3980 else if (code == EQ_EXPR || code == NE_EXPR)
3981 {
3982 if (!integer_zerop (gimple_assign_rhs2 (use_stmt)))
3983 return NULL;
3984 }
3985 else
3986 return NULL;
3987 }
3988 else if (gimple_code (use_stmt) == GIMPLE_COND)
3989 {
3990 tree_code code = gimple_cond_code (use_stmt);
3991 if ((code != EQ_EXPR && code != NE_EXPR)
3992 || !integer_zerop (gimple_cond_rhs (use_stmt)))
3993 return NULL;
3994 }
3995 else
3996 return NULL;
3997
3998 if (!first_use)
3999 first_use = use_stmt;
4000 }
4001
4002 return first_use;
4003 }
4004
4005 /* Handle a call to memcmp. We try to handle small comparisons by
4006 converting them to load and compare, and replacing the call to memcmp
4007 with a __builtin_memcmp_eq call where possible.
4008 return true when call is transformed, return false otherwise. */
4009
4010 static bool
4011 handle_builtin_memcmp (gimple_stmt_iterator *gsi)
4012 {
4013 gcall *stmt = as_a <gcall *> (gsi_stmt (*gsi));
4014 tree res = gimple_call_lhs (stmt);
4015
4016 if (!res || !used_only_for_zero_equality (res))
4017 return false;
4018
4019 tree arg1 = gimple_call_arg (stmt, 0);
4020 tree arg2 = gimple_call_arg (stmt, 1);
4021 tree len = gimple_call_arg (stmt, 2);
4022 unsigned HOST_WIDE_INT leni;
4023
4024 if (tree_fits_uhwi_p (len)
4025 && (leni = tree_to_uhwi (len)) <= GET_MODE_SIZE (word_mode)
4026 && pow2p_hwi (leni))
4027 {
4028 leni *= CHAR_TYPE_SIZE;
4029 unsigned align1 = get_pointer_alignment (arg1);
4030 unsigned align2 = get_pointer_alignment (arg2);
4031 unsigned align = MIN (align1, align2);
4032 scalar_int_mode mode;
4033 if (int_mode_for_size (leni, 1).exists (&mode)
4034 && (align >= leni || !targetm.slow_unaligned_access (mode, align)))
4035 {
4036 location_t loc = gimple_location (stmt);
4037 tree type, off;
4038 type = build_nonstandard_integer_type (leni, 1);
4039 gcc_assert (known_eq (GET_MODE_BITSIZE (TYPE_MODE (type)), leni));
4040 tree ptrtype = build_pointer_type_for_mode (char_type_node,
4041 ptr_mode, true);
4042 off = build_int_cst (ptrtype, 0);
4043 arg1 = build2_loc (loc, MEM_REF, type, arg1, off);
4044 arg2 = build2_loc (loc, MEM_REF, type, arg2, off);
4045 tree tem1 = fold_const_aggregate_ref (arg1);
4046 if (tem1)
4047 arg1 = tem1;
4048 tree tem2 = fold_const_aggregate_ref (arg2);
4049 if (tem2)
4050 arg2 = tem2;
4051 res = fold_convert_loc (loc, TREE_TYPE (res),
4052 fold_build2_loc (loc, NE_EXPR,
4053 boolean_type_node,
4054 arg1, arg2));
4055 gimplify_and_update_call_from_tree (gsi, res);
4056 return true;
4057 }
4058 }
4059
4060 gimple_call_set_fndecl (stmt, builtin_decl_explicit (BUILT_IN_MEMCMP_EQ));
4061 return true;
4062 }
4063
4064 /* Given an index to the strinfo vector, compute the string length
4065 for the corresponding string. Return -1 when unknown. */
4066
4067 static HOST_WIDE_INT
4068 compute_string_length (int idx)
4069 {
4070 HOST_WIDE_INT string_leni = -1;
4071 gcc_assert (idx != 0);
4072
4073 if (idx < 0)
4074 return ~idx;
4075
4076 strinfo *si = get_strinfo (idx);
4077 if (si)
4078 {
4079 tree const_string_len = get_string_length (si);
4080 if (const_string_len && tree_fits_shwi_p (const_string_len))
4081 string_leni = tree_to_shwi (const_string_len);
4082 }
4083
4084 if (string_leni < 0)
4085 return -1;
4086
4087 return string_leni;
4088 }
4089
4090 /* Determine the minimum size of the object referenced by DEST expression
4091 which must have a pointer type.
4092 Return the minimum size of the object if successful or HWI_M1U when
4093 the size cannot be determined. */
4094
4095 static unsigned HOST_WIDE_INT
4096 determine_min_objsize (tree dest)
4097 {
4098 unsigned HOST_WIDE_INT size = 0;
4099
4100 init_object_sizes ();
4101
4102 if (compute_builtin_object_size (dest, 2, &size))
4103 return size;
4104
4105 /* Try to determine the size of the object through the RHS
4106 of the assign statement. */
4107 if (TREE_CODE (dest) == SSA_NAME)
4108 {
4109 gimple *stmt = SSA_NAME_DEF_STMT (dest);
4110 if (!is_gimple_assign (stmt))
4111 return HOST_WIDE_INT_M1U;
4112
4113 if (!gimple_assign_single_p (stmt)
4114 && !gimple_assign_unary_nop_p (stmt))
4115 return HOST_WIDE_INT_M1U;
4116
4117 dest = gimple_assign_rhs1 (stmt);
4118 return determine_min_objsize (dest);
4119 }
4120
4121 /* Try to determine the size of the object from its type. */
4122 if (TREE_CODE (dest) != ADDR_EXPR)
4123 return HOST_WIDE_INT_M1U;
4124
4125 tree type = TREE_TYPE (dest);
4126 if (TREE_CODE (type) == POINTER_TYPE)
4127 type = TREE_TYPE (type);
4128
4129 type = TYPE_MAIN_VARIANT (type);
4130
4131 /* The size of a flexible array cannot be determined. Otherwise,
4132 for arrays with more than one element, return the size of its
4133 type. GCC itself misuses arrays of both zero and one elements
4134 as flexible array members so they are excluded as well. */
4135 if (TREE_CODE (type) != ARRAY_TYPE
4136 || !array_at_struct_end_p (dest))
4137 {
4138 tree type_size = TYPE_SIZE_UNIT (type);
4139 if (type_size && TREE_CODE (type_size) == INTEGER_CST
4140 && !integer_onep (type_size)
4141 && !integer_zerop (type_size))
4142 return tree_to_uhwi (type_size);
4143 }
4144
4145 return HOST_WIDE_INT_M1U;
4146 }
4147
4148 /* Given strinfo IDX for ARG, set LENRNG[] to the range of lengths
4149 of the string(s) referenced by ARG if it can be determined.
4150 If the length cannot be determined, set *SIZE to the size of
4151 the array the string is stored in, if any. If no such array is
4152 known, set *SIZE to -1. When the strings are nul-terminated set
4153 *NULTERM to true, otherwise to false. Return true on success. */
4154
4155 static bool
4156 get_len_or_size (tree arg, int idx, unsigned HOST_WIDE_INT lenrng[2],
4157 unsigned HOST_WIDE_INT *size, bool *nulterm)
4158 {
4159 /* Set so that both LEN and ~LEN are invalid lengths, i.e.,
4160 maximum possible length + 1. */
4161 lenrng[0] = lenrng[1] = HOST_WIDE_INT_MAX;
4162
4163 *size = HOST_WIDE_INT_M1U;
4164
4165 if (idx < 0)
4166 {
4167 /* IDX is the inverted constant string length. */
4168 lenrng[0] = ~idx;
4169 lenrng[1] = lenrng[0];
4170 *nulterm = true;
4171 }
4172 else if (idx == 0)
4173 ; /* Handled below. */
4174 else if (strinfo *si = get_strinfo (idx))
4175 {
4176 if (!si->nonzero_chars)
4177 arg = si->ptr;
4178 else if (tree_fits_uhwi_p (si->nonzero_chars))
4179 {
4180 lenrng[0] = tree_to_uhwi (si->nonzero_chars);
4181 *nulterm = si->full_string_p;
4182 /* Set the upper bound only if the string is known to be
4183 nul-terminated, otherwise leave it at maximum + 1. */
4184 if (*nulterm)
4185 lenrng[1] = lenrng[0];
4186 }
4187 else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
4188 {
4189 wide_int min, max;
4190 value_range_kind rng = get_range_info (si->nonzero_chars, &min, &max);
4191 if (rng == VR_RANGE)
4192 {
4193 lenrng[0] = min.to_uhwi ();
4194 lenrng[1] = max.to_uhwi ();
4195 *nulterm = si->full_string_p;
4196 }
4197 }
4198 else if (si->ptr)
4199 arg = si->ptr;
4200 }
4201
4202 if (lenrng[0] == HOST_WIDE_INT_MAX)
4203 {
4204 /* Compute the minimum and maximum real or possible lengths. */
4205 c_strlen_data lendata = { };
4206 if (get_range_strlen (arg, &lendata, /* eltsize = */1))
4207 {
4208 if (tree_fits_shwi_p (lendata.maxlen) && !lendata.maxbound)
4209 {
4210 lenrng[0] = tree_to_shwi (lendata.minlen);
4211 lenrng[1] = tree_to_shwi (lendata.maxlen);
4212 *nulterm = true;
4213 }
4214 else if (lendata.maxbound && tree_fits_shwi_p (lendata.maxbound))
4215 {
4216 /* Set *SIZE to the conservative LENDATA.MAXBOUND which
4217 is a conservative estimate of the longest string based
4218 on the sizes of the arrays referenced by ARG. */
4219 *size = tree_to_uhwi (lendata.maxbound) + 1;
4220 *nulterm = false;
4221 }
4222 }
4223 else
4224 {
4225 /* Set *SIZE to the size of the smallest object referenced
4226 by ARG if ARG denotes a single object, or to HWI_M1U
4227 otherwise. */
4228 *size = determine_min_objsize (arg);
4229 *nulterm = false;
4230 }
4231 }
4232
4233 return lenrng[0] != HOST_WIDE_INT_MAX || *size != HOST_WIDE_INT_M1U;
4234 }
4235
4236 /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return
4237 the result of 0 == strncmp (A, B, BOUND) (which is the same as strcmp
4238 for a sufficiently large BOUND). If the result is based on the length
4239 of one string being greater than the longest string that would fit in
4240 the array pointer to by the argument, set *PLEN and *PSIZE to
4241 the corresponding length (or its complement when the string is known
4242 to be at least as long and need not be nul-terminated) and size.
4243 Otherwise return null. */
4244
4245 static tree
4246 strxcmp_eqz_result (tree arg1, int idx1, tree arg2, int idx2,
4247 unsigned HOST_WIDE_INT bound, unsigned HOST_WIDE_INT len[2],
4248 unsigned HOST_WIDE_INT *psize)
4249 {
4250 /* Determine the range the length of each string is in and whether it's
4251 known to be nul-terminated, or the size of the array it's stored in. */
4252 bool nul1, nul2;
4253 unsigned HOST_WIDE_INT siz1, siz2;
4254 unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4255 if (!get_len_or_size (arg1, idx1, len1rng, &siz1, &nul1)
4256 || !get_len_or_size (arg2, idx2, len2rng, &siz2, &nul2))
4257 return NULL_TREE;
4258
4259 /* BOUND is set to HWI_M1U for strcmp and less to strncmp, and LENiRNG
4260 to HWI_MAX when invalid. Adjust the length of each string to consider
4261 to be no more than BOUND. */
4262 if (len1rng[0] < HOST_WIDE_INT_MAX && len1rng[0] > bound)
4263 len1rng[0] = bound;
4264 if (len1rng[1] < HOST_WIDE_INT_MAX && len1rng[1] > bound)
4265 len1rng[1] = bound;
4266 if (len2rng[0] < HOST_WIDE_INT_MAX && len2rng[0] > bound)
4267 len2rng[0] = bound;
4268 if (len2rng[1] < HOST_WIDE_INT_MAX && len2rng[1] > bound)
4269 len2rng[1] = bound;
4270
4271 /* Two empty strings are equal. */
4272 if (len1rng[1] == 0 && len2rng[1] == 0)
4273 return integer_one_node;
4274
4275 /* The strings are definitely unequal when the lower bound of the length
4276 of one of them is greater than the length of the longest string that
4277 would fit into the other array. */
4278 if (len1rng[0] == HOST_WIDE_INT_MAX
4279 && len2rng[0] != HOST_WIDE_INT_MAX
4280 && ((len2rng[0] < bound && len2rng[0] >= siz1)
4281 || len2rng[0] > siz1))
4282 {
4283 *psize = siz1;
4284 len[0] = len1rng[0];
4285 /* Set LEN[0] to the lower bound of ARG1's length when it's
4286 nul-terminated or to the complement of its minimum length
4287 otherwise, */
4288 len[1] = nul2 ? len2rng[0] : ~len2rng[0];
4289 return integer_zero_node;
4290 }
4291
4292 if (len2rng[0] == HOST_WIDE_INT_MAX
4293 && len1rng[0] != HOST_WIDE_INT_MAX
4294 && ((len1rng[0] < bound && len1rng[0] >= siz2)
4295 || len1rng[0] > siz2))
4296 {
4297 *psize = siz2;
4298 len[0] = nul1 ? len1rng[0] : ~len1rng[0];
4299 len[1] = len2rng[0];
4300 return integer_zero_node;
4301 }
4302
4303 /* The strings are also definitely unequal when their lengths are unequal
4304 and at least one is nul-terminated. */
4305 if (len1rng[0] != HOST_WIDE_INT_MAX
4306 && len2rng[0] != HOST_WIDE_INT_MAX
4307 && ((len1rng[1] < len2rng[0] && nul1)
4308 || (len2rng[1] < len1rng[0] && nul2)))
4309 {
4310 if (bound <= len1rng[0] || bound <= len2rng[0])
4311 *psize = bound;
4312 else
4313 *psize = HOST_WIDE_INT_M1U;
4314
4315 len[0] = len1rng[0];
4316 len[1] = len2rng[0];
4317 return integer_zero_node;
4318 }
4319
4320 /* The string lengths may be equal or unequal. Even when equal and
4321 both strings nul-terminated, without the string contents there's
4322 no way to determine whether they are equal. */
4323 return NULL_TREE;
4324 }
4325
4326 /* Diagnose pointless calls to strcmp or strncmp STMT with string
4327 arguments of lengths LEN or size SIZ and (for strncmp) BOUND,
4328 whose result is used in equality expressions that evaluate to
4329 a constant due to one argument being longer than the size of
4330 the other. */
4331
4332 static void
4333 maybe_warn_pointless_strcmp (gimple *stmt, HOST_WIDE_INT bound,
4334 unsigned HOST_WIDE_INT len[2],
4335 unsigned HOST_WIDE_INT siz)
4336 {
4337 tree lhs = gimple_call_lhs (stmt);
4338 gimple *use = used_only_for_zero_equality (lhs);
4339 if (!use)
4340 return;
4341
4342 bool at_least = false;
4343
4344 /* Excessive LEN[i] indicates a lower bound. */
4345 if (len[0] > HOST_WIDE_INT_MAX)
4346 {
4347 at_least = true;
4348 len[0] = ~len[0];
4349 }
4350
4351 if (len[1] > HOST_WIDE_INT_MAX)
4352 {
4353 at_least = true;
4354 len[1] = ~len[1];
4355 }
4356
4357 unsigned HOST_WIDE_INT minlen = MIN (len[0], len[1]);
4358
4359 /* FIXME: Include a note pointing to the declaration of the smaller
4360 array. */
4361 location_t stmt_loc = gimple_nonartificial_location (stmt);
4362 if (stmt_loc == UNKNOWN_LOCATION && EXPR_HAS_LOCATION (lhs))
4363 stmt_loc = tree_nonartificial_location (lhs);
4364 stmt_loc = expansion_point_location_if_in_system_header (stmt_loc);
4365
4366 tree callee = gimple_call_fndecl (stmt);
4367 bool warned = false;
4368 if (siz <= minlen && bound == -1)
4369 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4370 (at_least
4371 ? G_("%G%qD of a string of length %wu or more and "
4372 "an array of size %wu evaluates to nonzero")
4373 : G_("%G%qD of a string of length %wu and an array "
4374 "of size %wu evaluates to nonzero")),
4375 stmt, callee, minlen, siz);
4376 else if (!at_least && siz <= HOST_WIDE_INT_MAX)
4377 {
4378 if (len[0] != HOST_WIDE_INT_MAX && len[1] != HOST_WIDE_INT_MAX)
4379 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4380 "%G%qD of strings of length %wu and %wu "
4381 "and bound of %wu evaluates to nonzero",
4382 stmt, callee, len[0], len[1], bound);
4383 else
4384 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4385 "%G%qD of a string of length %wu, an array "
4386 "of size %wu and bound of %wu evaluates to "
4387 "nonzero",
4388 stmt, callee, minlen, siz, bound);
4389 }
4390
4391 if (warned)
4392 {
4393 location_t use_loc = gimple_location (use);
4394 if (LOCATION_LINE (stmt_loc) != LOCATION_LINE (use_loc))
4395 inform (use_loc, "in this expression");
4396 }
4397 }
4398
4399
4400 /* Optimize a call to strcmp or strncmp either by folding it to a constant
4401 when possible or by transforming the latter to the former. Warn about
4402 calls where the length of one argument is greater than the size of
4403 the array to which the other argument points if the latter's length
4404 is not known. Return true when the call has been transformed into
4405 another and false otherwise. */
4406
4407 static bool
4408 handle_builtin_string_cmp (gimple_stmt_iterator *gsi)
4409 {
4410 gcall *stmt = as_a <gcall *> (gsi_stmt (*gsi));
4411 tree lhs = gimple_call_lhs (stmt);
4412
4413 if (!lhs)
4414 return false;
4415
4416 tree arg1 = gimple_call_arg (stmt, 0);
4417 tree arg2 = gimple_call_arg (stmt, 1);
4418 int idx1 = get_stridx (arg1);
4419 int idx2 = get_stridx (arg2);
4420
4421 /* For strncmp set to the the value of the third argument if known. */
4422 HOST_WIDE_INT bound = -1;
4423 tree len = NULL_TREE;
4424 /* Extract the strncmp bound. */
4425 if (gimple_call_num_args (stmt) == 3)
4426 {
4427 len = gimple_call_arg (stmt, 2);
4428 if (tree_fits_shwi_p (len))
4429 bound = tree_to_shwi (len);
4430
4431 /* If the bound argument is NOT known, do nothing. */
4432 if (bound < 0)
4433 return false;
4434 }
4435
4436 /* Avoid folding if either argument is not a nul-terminated array.
4437 Defer warning until later. */
4438 if (!check_nul_terminated_array (NULL_TREE, arg1, len)
4439 || !check_nul_terminated_array (NULL_TREE, arg2, len))
4440 return false;
4441
4442 {
4443 /* Set to the length of one argument (or its complement if it's
4444 the lower bound of a range) and the size of the array storing
4445 the other if the result is based on the former being equal to
4446 or greater than the latter. */
4447 unsigned HOST_WIDE_INT len[2] = { HOST_WIDE_INT_MAX, HOST_WIDE_INT_MAX };
4448 unsigned HOST_WIDE_INT siz = HOST_WIDE_INT_M1U;
4449
4450 /* Try to determine if the two strings are either definitely equal
4451 or definitely unequal and if so, either fold the result to zero
4452 (when equal) or set the range of the result to ~[0, 0] otherwise. */
4453 if (tree eqz = strxcmp_eqz_result (arg1, idx1, arg2, idx2, bound,
4454 len, &siz))
4455 {
4456 if (integer_zerop (eqz))
4457 {
4458 maybe_warn_pointless_strcmp (stmt, bound, len, siz);
4459
4460 /* When the lengths of the first two string arguments are
4461 known to be unequal set the range of the result to non-zero.
4462 This allows the call to be eliminated if its result is only
4463 used in tests for equality to zero. */
4464 wide_int zero = wi::zero (TYPE_PRECISION (TREE_TYPE (lhs)));
4465 set_range_info (lhs, VR_ANTI_RANGE, zero, zero);
4466 return false;
4467 }
4468 /* When the two strings are definitely equal (such as when they
4469 are both empty) fold the call to the constant result. */
4470 replace_call_with_value (gsi, integer_zero_node);
4471 return true;
4472 }
4473 }
4474
4475 /* Return if nothing is known about the strings pointed to by ARG1
4476 and ARG2. */
4477 if (idx1 == 0 && idx2 == 0)
4478 return false;
4479
4480 /* Determine either the length or the size of each of the strings,
4481 whichever is available. */
4482 HOST_WIDE_INT cstlen1 = -1, cstlen2 = -1;
4483 HOST_WIDE_INT arysiz1 = -1, arysiz2 = -1;
4484
4485 if (idx1)
4486 cstlen1 = compute_string_length (idx1);
4487 else
4488 arysiz1 = determine_min_objsize (arg1);
4489
4490 /* Bail if neither the string length nor the size of the array
4491 it is stored in can be determined. */
4492 if (cstlen1 < 0 && arysiz1 < 0)
4493 return false;
4494
4495 /* Repeat for the second argument. */
4496 if (idx2)
4497 cstlen2 = compute_string_length (idx2);
4498 else
4499 arysiz2 = determine_min_objsize (arg2);
4500
4501 if (cstlen2 < 0 && arysiz2 < 0)
4502 return false;
4503
4504 if (cstlen1 < 0 && cstlen2 < 0)
4505 return false;
4506
4507 if (cstlen1 >= 0)
4508 ++cstlen1;
4509 if (cstlen2 >= 0)
4510 ++cstlen2;
4511
4512 /* The exact number of characters to compare. */
4513 HOST_WIDE_INT cmpsiz = bound < 0 ? cstlen1 < 0 ? cstlen2 : cstlen1 : bound;
4514 /* The size of the array in which the unknown string is stored. */
4515 HOST_WIDE_INT varsiz = arysiz1 < 0 ? arysiz2 : arysiz1;
4516
4517 if (cmpsiz < varsiz && used_only_for_zero_equality (lhs))
4518 {
4519 /* If the known length is less than the size of the other array
4520 and the strcmp result is only used to test equality to zero,
4521 transform the call to the equivalent _eq call. */
4522 if (tree fn = builtin_decl_implicit (bound < 0 ? BUILT_IN_STRCMP_EQ
4523 : BUILT_IN_STRNCMP_EQ))
4524 {
4525 tree n = build_int_cst (size_type_node, cmpsiz);
4526 update_gimple_call (gsi, fn, 3, arg1, arg2, n);
4527 return true;
4528 }
4529 }
4530
4531 return false;
4532 }
4533
4534 /* Handle a POINTER_PLUS_EXPR statement.
4535 For p = "abcd" + 2; compute associated length, or if
4536 p = q + off is pointing to a '\0' character of a string, call
4537 zero_length_string on it. */
4538
4539 static void
4540 handle_pointer_plus (gimple_stmt_iterator *gsi)
4541 {
4542 gimple *stmt = gsi_stmt (*gsi);
4543 tree lhs = gimple_assign_lhs (stmt), off;
4544 int idx = get_stridx (gimple_assign_rhs1 (stmt));
4545 strinfo *si, *zsi;
4546
4547 if (idx == 0)
4548 return;
4549
4550 if (idx < 0)
4551 {
4552 tree off = gimple_assign_rhs2 (stmt);
4553 if (tree_fits_uhwi_p (off)
4554 && tree_to_uhwi (off) <= (unsigned HOST_WIDE_INT) ~idx)
4555 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)]
4556 = ~(~idx - (int) tree_to_uhwi (off));
4557 return;
4558 }
4559
4560 si = get_strinfo (idx);
4561 if (si == NULL || si->nonzero_chars == NULL_TREE)
4562 return;
4563
4564 off = gimple_assign_rhs2 (stmt);
4565 zsi = NULL;
4566 if (si->full_string_p && operand_equal_p (si->nonzero_chars, off, 0))
4567 zsi = zero_length_string (lhs, si);
4568 else if (TREE_CODE (off) == SSA_NAME)
4569 {
4570 gimple *def_stmt = SSA_NAME_DEF_STMT (off);
4571 if (gimple_assign_single_p (def_stmt)
4572 && si->full_string_p
4573 && operand_equal_p (si->nonzero_chars,
4574 gimple_assign_rhs1 (def_stmt), 0))
4575 zsi = zero_length_string (lhs, si);
4576 }
4577 if (zsi != NULL
4578 && si->endptr != NULL_TREE
4579 && si->endptr != lhs
4580 && TREE_CODE (si->endptr) == SSA_NAME)
4581 {
4582 enum tree_code rhs_code
4583 = useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (si->endptr))
4584 ? SSA_NAME : NOP_EXPR;
4585 gimple_assign_set_rhs_with_ops (gsi, rhs_code, si->endptr);
4586 gcc_assert (gsi_stmt (*gsi) == stmt);
4587 update_stmt (stmt);
4588 }
4589 }
4590
4591 /* Describes recursion limits used by count_nonzero_bytes. */
4592
4593 class ssa_name_limit_t
4594 {
4595 bitmap visited; /* Bitmap of visited SSA_NAMEs. */
4596 unsigned ssa_def_max; /* Longest chain of SSA_NAMEs to follow. */
4597
4598 /* Not copyable or assignable. */
4599 ssa_name_limit_t (ssa_name_limit_t&);
4600 void operator= (ssa_name_limit_t&);
4601
4602 public:
4603
4604 ssa_name_limit_t ()
4605 : visited (NULL),
4606 ssa_def_max (param_ssa_name_def_chain_limit) { }
4607
4608 int next_ssa_name (tree);
4609
4610 ~ssa_name_limit_t ()
4611 {
4612 if (visited)
4613 BITMAP_FREE (visited);
4614 }
4615 };
4616
4617 /* If the SSA_NAME has already been "seen" return a positive value.
4618 Otherwise add it to VISITED. If the SSA_NAME limit has been
4619 reached, return a negative value. Otherwise return zero. */
4620
4621 int ssa_name_limit_t::next_ssa_name (tree ssa_name)
4622 {
4623 if (!visited)
4624 visited = BITMAP_ALLOC (NULL);
4625
4626 /* Return a positive value if SSA_NAME has already been visited. */
4627 if (!bitmap_set_bit (visited, SSA_NAME_VERSION (ssa_name)))
4628 return 1;
4629
4630 /* Return a negative value to let caller avoid recursing beyond
4631 the specified limit. */
4632 if (ssa_def_max == 0)
4633 return -1;
4634
4635 --ssa_def_max;
4636
4637 return 0;
4638 }
4639
4640 /* Determines the minimum and maximum number of leading non-zero bytes
4641 in the representation of EXP and set LENRANGE[0] and LENRANGE[1]
4642 to each. Sets LENRANGE[2] to the total number of bytes in
4643 the representation. Sets *NULTREM if the representation contains
4644 a zero byte, and sets *ALLNUL if all the bytes are zero.
4645 OFFSET and NBYTES are the offset into the representation and
4646 the size of the access to it determined from a MEM_REF or zero
4647 for other expressions.
4648 Uses RVALS to determine range information.
4649 Avoids recursing deeper than the limits in SNLIM allow.
4650 Returns true on success and false otherwise. */
4651
4652 static bool
4653 count_nonzero_bytes (tree exp, unsigned HOST_WIDE_INT offset,
4654 unsigned HOST_WIDE_INT nbytes,
4655 unsigned lenrange[3], bool *nulterm,
4656 bool *allnul, bool *allnonnul, const vr_values *rvals,
4657 ssa_name_limit_t &snlim)
4658 {
4659 int idx = get_stridx (exp);
4660 if (idx > 0)
4661 {
4662 strinfo *si = get_strinfo (idx);
4663 if (!si)
4664 return false;
4665
4666 /* Handle both constant lengths as well non-constant lengths
4667 in some range. */
4668 unsigned HOST_WIDE_INT minlen, maxlen;
4669 if (tree_fits_shwi_p (si->nonzero_chars))
4670 minlen = maxlen = tree_to_shwi (si->nonzero_chars);
4671 else if (nbytes
4672 && si->nonzero_chars
4673 && TREE_CODE (si->nonzero_chars) == SSA_NAME)
4674 {
4675 const value_range_equiv *vr
4676 = CONST_CAST (class vr_values *, rvals)
4677 ->get_value_range (si->nonzero_chars);
4678 if (vr->kind () != VR_RANGE
4679 || !range_int_cst_p (vr))
4680 return false;
4681
4682 minlen = tree_to_uhwi (vr->min ());
4683 maxlen = tree_to_uhwi (vr->max ());
4684 }
4685 else
4686 return false;
4687
4688 if (maxlen < offset)
4689 return false;
4690
4691 minlen = minlen < offset ? 0 : minlen - offset;
4692 maxlen -= offset;
4693 if (maxlen + 1 < nbytes)
4694 return false;
4695
4696 if (!nbytes
4697 && TREE_CODE (si->ptr) == SSA_NAME
4698 && !POINTER_TYPE_P (TREE_TYPE (si->ptr)))
4699 {
4700 /* SI->PTR is an SSA_NAME with a DEF_STMT like
4701 _1 = MEM <unsigned int> [(char * {ref-all})s_4(D)]; */
4702 gimple *stmt = SSA_NAME_DEF_STMT (exp);
4703 if (gimple_assign_single_p (stmt)
4704 && gimple_assign_rhs_code (stmt) == MEM_REF)
4705 {
4706 tree rhs = gimple_assign_rhs1 (stmt);
4707 if (tree refsize = TYPE_SIZE_UNIT (TREE_TYPE (rhs)))
4708 if (tree_fits_uhwi_p (refsize))
4709 {
4710 nbytes = tree_to_uhwi (refsize);
4711 maxlen = nbytes;
4712 }
4713 }
4714
4715 if (!nbytes)
4716 return false;
4717 }
4718
4719 if (nbytes <= minlen)
4720 *nulterm = false;
4721
4722 if (nbytes < minlen)
4723 {
4724 minlen = nbytes;
4725 if (nbytes < maxlen)
4726 maxlen = nbytes;
4727 }
4728
4729 if (minlen < lenrange[0])
4730 lenrange[0] = minlen;
4731 if (lenrange[1] < maxlen)
4732 lenrange[1] = maxlen;
4733
4734 if (lenrange[2] < nbytes)
4735 lenrange[2] = nbytes;
4736
4737 /* Since only the length of the string are known and not its contents,
4738 clear ALLNUL and ALLNONNUL purely on the basis of the length. */
4739 *allnul = false;
4740 if (minlen < nbytes)
4741 *allnonnul = false;
4742
4743 return true;
4744 }
4745
4746 if (TREE_CODE (exp) == ADDR_EXPR)
4747 exp = TREE_OPERAND (exp, 0);
4748
4749 if (TREE_CODE (exp) == SSA_NAME)
4750 {
4751 /* Handle non-zero single-character stores specially. */
4752 tree type = TREE_TYPE (exp);
4753 if (TREE_CODE (type) == INTEGER_TYPE
4754 && TYPE_MODE (type) == TYPE_MODE (char_type_node)
4755 && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node)
4756 && tree_expr_nonzero_p (exp))
4757 {
4758 /* If the character EXP is known to be non-zero (even if its
4759 exact value is not known) recurse once to set the range
4760 for an arbitrary constant. */
4761 exp = build_int_cst (type, 1);
4762 return count_nonzero_bytes (exp, offset, 1, lenrange,
4763 nulterm, allnul, allnonnul, rvals, snlim);
4764 }
4765
4766 gimple *stmt = SSA_NAME_DEF_STMT (exp);
4767 if (gimple_assign_single_p (stmt))
4768 {
4769 exp = gimple_assign_rhs1 (stmt);
4770 if (TREE_CODE (exp) != MEM_REF)
4771 return false;
4772 /* Handle MEM_REF below. */
4773 }
4774 else if (gimple_code (stmt) == GIMPLE_PHI)
4775 {
4776 /* Avoid processing an SSA_NAME that has already been visited
4777 or if an SSA_NAME limit has been reached. Indicate success
4778 if the former and failure if the latter. */
4779 if (int res = snlim.next_ssa_name (exp))
4780 return res > 0;
4781
4782 /* Determine the minimum and maximum from the PHI arguments. */
4783 unsigned int n = gimple_phi_num_args (stmt);
4784 for (unsigned i = 0; i != n; i++)
4785 {
4786 tree def = gimple_phi_arg_def (stmt, i);
4787 if (!count_nonzero_bytes (def, offset, nbytes, lenrange, nulterm,
4788 allnul, allnonnul, rvals, snlim))
4789 return false;
4790 }
4791
4792 return true;
4793 }
4794 }
4795
4796 if (TREE_CODE (exp) == MEM_REF)
4797 {
4798 if (nbytes)
4799 return false;
4800
4801 tree arg = TREE_OPERAND (exp, 0);
4802 tree off = TREE_OPERAND (exp, 1);
4803
4804 if (TREE_CODE (off) != INTEGER_CST
4805 || !tree_fits_uhwi_p (off))
4806 return false;
4807
4808 unsigned HOST_WIDE_INT wioff = tree_to_uhwi (off);
4809 if (INT_MAX < wioff)
4810 return false;
4811
4812 offset += wioff;
4813 if (INT_MAX < offset)
4814 return false;
4815
4816 /* The size of the MEM_REF access determines the number of bytes. */
4817 tree type = TREE_TYPE (exp);
4818 tree typesize = TYPE_SIZE_UNIT (type);
4819 if (!typesize || !tree_fits_uhwi_p (typesize))
4820 return false;
4821 nbytes = tree_to_uhwi (typesize);
4822
4823 /* Handle MEM_REF = SSA_NAME types of assignments. */
4824 return count_nonzero_bytes (arg, offset, nbytes, lenrange, nulterm,
4825 allnul, allnonnul, rvals, snlim);
4826 }
4827
4828 if (TREE_CODE (exp) == VAR_DECL && TREE_READONLY (exp))
4829 {
4830 exp = DECL_INITIAL (exp);
4831 if (!exp)
4832 return false;
4833 }
4834
4835 const char *prep = NULL;
4836 if (TREE_CODE (exp) == STRING_CST)
4837 {
4838 unsigned nchars = TREE_STRING_LENGTH (exp);
4839 if (nchars < offset)
4840 return false;
4841
4842 if (!nbytes)
4843 /* If NBYTES hasn't been determined earlier from MEM_REF,
4844 set it here. It includes all internal nuls, including
4845 the terminating one if the string has one. */
4846 nbytes = nchars - offset;
4847
4848 prep = TREE_STRING_POINTER (exp) + offset;
4849 }
4850
4851 unsigned char buf[256];
4852 if (!prep)
4853 {
4854 /* If the pointer to representation hasn't been set above
4855 for STRING_CST point it at the buffer. */
4856 prep = reinterpret_cast <char *>(buf);
4857 /* Try to extract the representation of the constant object
4858 or expression starting from the offset. */
4859 unsigned repsize = native_encode_expr (exp, buf, sizeof buf, offset);
4860 if (repsize < nbytes)
4861 {
4862 /* This should only happen when REPSIZE is zero because EXP
4863 doesn't denote an object with a known initializer, except
4864 perhaps when the reference reads past its end. */
4865 lenrange[0] = 0;
4866 prep = NULL;
4867 }
4868 else if (!nbytes)
4869 nbytes = repsize;
4870 else if (nbytes < repsize)
4871 return false;
4872 }
4873
4874 if (!nbytes)
4875 return false;
4876
4877 /* Compute the number of leading nonzero bytes in the representation
4878 and update the minimum and maximum. */
4879 unsigned n = prep ? strnlen (prep, nbytes) : nbytes;
4880
4881 if (n < lenrange[0])
4882 lenrange[0] = n;
4883 if (lenrange[1] < n)
4884 lenrange[1] = n;
4885
4886 /* Set the size of the representation. */
4887 if (lenrange[2] < nbytes)
4888 lenrange[2] = nbytes;
4889
4890 /* Clear NULTERM if none of the bytes is zero. */
4891 if (n == nbytes)
4892 *nulterm = false;
4893
4894 if (n)
4895 {
4896 /* When the initial number of non-zero bytes N is non-zero, reset
4897 *ALLNUL; if N is less than that the size of the representation
4898 also clear *ALLNONNUL. */
4899 *allnul = false;
4900 if (n < nbytes)
4901 *allnonnul = false;
4902 }
4903 else if (*allnul || *allnonnul)
4904 {
4905 *allnonnul = false;
4906
4907 if (*allnul)
4908 {
4909 /* When either ALLNUL is set and N is zero, also determine
4910 whether all subsequent bytes after the first one (which
4911 is nul) are zero or nonzero and clear ALLNUL if not. */
4912 for (const char *p = prep; p != prep + nbytes; ++p)
4913 if (*p)
4914 {
4915 *allnul = false;
4916 break;
4917 }
4918 }
4919 }
4920
4921 return true;
4922 }
4923
4924 /* Same as above except with an implicit SSA_NAME limit. RVALS is used
4925 to determine ranges of dynamically computed string lengths (the results
4926 of strlen). */
4927
4928 static bool
4929 count_nonzero_bytes (tree exp, unsigned lenrange[3], bool *nulterm,
4930 bool *allnul, bool *allnonnul, const vr_values *rvals)
4931 {
4932 /* Set to optimistic values so the caller doesn't have to worry about
4933 initializing these and to what. On success, the function will clear
4934 these if it determines their values are different but being recursive
4935 it never sets either to true. On failure, their values are
4936 unspecified. */
4937 *nulterm = true;
4938 *allnul = true;
4939 *allnonnul = true;
4940
4941 ssa_name_limit_t snlim;
4942 return count_nonzero_bytes (exp, 0, 0, lenrange, nulterm, allnul, allnonnul,
4943 rvals, snlim);
4944 }
4945
4946 /* Handle a single or multibyte store other than by a built-in function,
4947 either via a single character assignment or by multi-byte assignment
4948 either via MEM_REF or via a type other than char (such as in
4949 '*(int*)a = 12345'). Return true to let the caller advance *GSI to
4950 the next statement in the basic block and false otherwise. */
4951
4952 static bool
4953 handle_store (gimple_stmt_iterator *gsi, bool *zero_write,
4954 const vr_values *rvals)
4955 {
4956 int idx = -1;
4957 strinfo *si = NULL;
4958 gimple *stmt = gsi_stmt (*gsi);
4959 tree ssaname = NULL_TREE, lhs = gimple_assign_lhs (stmt);
4960 tree rhs = gimple_assign_rhs1 (stmt);
4961
4962 /* The offset of the first byte in LHS modified by the the store. */
4963 unsigned HOST_WIDE_INT offset = 0;
4964
4965 if (TREE_CODE (lhs) == MEM_REF
4966 && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME)
4967 {
4968 tree mem_offset = TREE_OPERAND (lhs, 1);
4969 if (tree_fits_uhwi_p (mem_offset))
4970 {
4971 /* Get the strinfo for the base, and use it if it starts with at
4972 least OFFSET nonzero characters. This is trivially true if
4973 OFFSET is zero. */
4974 offset = tree_to_uhwi (mem_offset);
4975 idx = get_stridx (TREE_OPERAND (lhs, 0));
4976 if (idx > 0)
4977 si = get_strinfo (idx);
4978 if (offset == 0)
4979 ssaname = TREE_OPERAND (lhs, 0);
4980 else if (si == NULL || compare_nonzero_chars (si, offset, rvals) < 0)
4981 {
4982 *zero_write = initializer_zerop (rhs);
4983
4984 bool dummy;
4985 unsigned lenrange[] = { UINT_MAX, 0, 0 };
4986 if (count_nonzero_bytes (rhs, lenrange, &dummy, &dummy, &dummy,
4987 rvals))
4988 maybe_warn_overflow (stmt, lenrange[2], rvals);
4989
4990 return true;
4991 }
4992 }
4993 }
4994 else
4995 {
4996 idx = get_addr_stridx (lhs, NULL_TREE, &offset, rvals);
4997 if (idx > 0)
4998 si = get_strinfo (idx);
4999 }
5000
5001 /* Minimum and maximum leading non-zero bytes and the size of the store. */
5002 unsigned lenrange[] = { UINT_MAX, 0, 0 };
5003
5004 /* Set to the minimum length of the string being assigned if known. */
5005 unsigned HOST_WIDE_INT rhs_minlen;
5006
5007 /* STORING_NONZERO_P is true iff not all stored characters are zero.
5008 STORING_ALL_NONZERO_P is true if all stored characters are zero.
5009 STORING_ALL_ZEROS_P is true iff all stored characters are zero.
5010 Both are false when it's impossible to determine which is true. */
5011 bool storing_nonzero_p;
5012 bool storing_all_nonzero_p;
5013 bool storing_all_zeros_p;
5014 /* FULL_STRING_P is set when the stored sequence of characters form
5015 a nul-terminated string. */
5016 bool full_string_p;
5017
5018 const bool ranges_valid
5019 = count_nonzero_bytes (rhs, lenrange, &full_string_p,
5020 &storing_all_zeros_p, &storing_all_nonzero_p,
5021 rvals);
5022 if (ranges_valid)
5023 {
5024 rhs_minlen = lenrange[0];
5025 storing_nonzero_p = lenrange[1] > 0;
5026 *zero_write = storing_all_zeros_p;
5027
5028 maybe_warn_overflow (stmt, lenrange[2], rvals);
5029 }
5030 else
5031 {
5032 rhs_minlen = HOST_WIDE_INT_M1U;
5033 full_string_p = false;
5034 storing_nonzero_p = false;
5035 storing_all_zeros_p = false;
5036 storing_all_nonzero_p = false;
5037 }
5038
5039 if (si != NULL)
5040 {
5041 /* The corresponding element is set to 1 if the first and last
5042 element, respectively, of the sequence of characters being
5043 written over the string described by SI ends before
5044 the terminating nul (if it has one), to zero if the nul is
5045 being overwritten but not beyond, or negative otherwise. */
5046 int store_before_nul[2];
5047 if (ranges_valid)
5048 {
5049 /* The offset of the last stored byte. */
5050 unsigned HOST_WIDE_INT endoff = offset + lenrange[2] - 1;
5051 store_before_nul[0] = compare_nonzero_chars (si, offset, rvals);
5052 if (endoff == offset)
5053 store_before_nul[1] = store_before_nul[0];
5054 else
5055 store_before_nul[1] = compare_nonzero_chars (si, endoff, rvals);
5056 }
5057 else
5058 {
5059 store_before_nul[0] = compare_nonzero_chars (si, offset, rvals);
5060 store_before_nul[1] = store_before_nul[0];
5061 gcc_assert (offset == 0 || store_before_nul[0] >= 0);
5062 }
5063
5064 if (storing_all_zeros_p
5065 && store_before_nul[0] == 0
5066 && store_before_nul[1] == 0
5067 && si->full_string_p)
5068 {
5069 /* When overwriting a '\0' with a '\0', the store can be removed
5070 if we know it has been stored in the current function. */
5071 if (!stmt_could_throw_p (cfun, stmt) && si->writable)
5072 {
5073 unlink_stmt_vdef (stmt);
5074 release_defs (stmt);
5075 gsi_remove (gsi, true);
5076 return false;
5077 }
5078 else
5079 {
5080 si->writable = true;
5081 gsi_next (gsi);
5082 return false;
5083 }
5084 }
5085
5086 if (store_before_nul[1] > 0
5087 && storing_nonzero_p
5088 && lenrange[0] == lenrange[1]
5089 && lenrange[0] == lenrange[2]
5090 && TREE_CODE (TREE_TYPE (rhs)) == INTEGER_TYPE)
5091 {
5092 /* Handle a store of one or more non-nul characters that ends
5093 before the terminating nul of the destination and so does
5094 not affect its length
5095 If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
5096 and if we aren't storing '\0', we know that the length of
5097 the string and any other zero terminated string in memory
5098 remains the same. In that case we move to the next gimple
5099 statement and return to signal the caller that it shouldn't
5100 invalidate anything.
5101
5102 This is beneficial for cases like:
5103
5104 char p[20];
5105 void foo (char *q)
5106 {
5107 strcpy (p, "foobar");
5108 size_t len = strlen (p); // can be folded to 6
5109 size_t len2 = strlen (q); // has to be computed
5110 p[0] = 'X';
5111 size_t len3 = strlen (p); // can be folded to 6
5112 size_t len4 = strlen (q); // can be folded to len2
5113 bar (len, len2, len3, len4);
5114 } */
5115 gsi_next (gsi);
5116 return false;
5117 }
5118
5119 if (storing_all_zeros_p
5120 || storing_nonzero_p
5121 || (offset != 0 && store_before_nul[1] > 0))
5122 {
5123 /* When STORING_NONZERO_P, we know that the string will start
5124 with at least OFFSET + 1 nonzero characters. If storing
5125 a single character, set si->NONZERO_CHARS to the result.
5126 If storing multiple characters, try to determine the number
5127 of leading non-zero characters and set si->NONZERO_CHARS to
5128 the result instead.
5129
5130 When STORING_ALL_ZEROS_P, we know that the string is now
5131 OFFSET characters long.
5132
5133 Otherwise, we're storing an unknown value at offset OFFSET,
5134 so need to clip the nonzero_chars to OFFSET.
5135 Use the minimum length of the string (or individual character)
5136 being stored if it's known. Otherwise, STORING_NONZERO_P
5137 guarantees it's at least 1. */
5138 HOST_WIDE_INT len
5139 = storing_nonzero_p && ranges_valid ? lenrange[0] : 1;
5140 location_t loc = gimple_location (stmt);
5141 tree oldlen = si->nonzero_chars;
5142 if (store_before_nul[1] == 0 && si->full_string_p)
5143 /* We're overwriting the nul terminator with a nonzero or
5144 unknown character. If the previous stmt was a memcpy,
5145 its length may be decreased. */
5146 adjust_last_stmt (si, stmt, false);
5147 si = unshare_strinfo (si);
5148 if (storing_nonzero_p)
5149 {
5150 gcc_assert (len >= 0);
5151 si->nonzero_chars = build_int_cst (size_type_node, offset + len);
5152 }
5153 else
5154 si->nonzero_chars = build_int_cst (size_type_node, offset);
5155
5156 /* Set FULL_STRING_P only if the length of the strings being
5157 written is the same, and clear it if the strings have
5158 different lengths. In the latter case the length stored
5159 in si->NONZERO_CHARS becomes the lower bound.
5160 FIXME: Handle the upper bound of the length if possible. */
5161 si->full_string_p = full_string_p && lenrange[0] == lenrange[1];
5162
5163 if (storing_all_zeros_p
5164 && ssaname
5165 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
5166 si->endptr = ssaname;
5167 else
5168 si->endptr = NULL;
5169 si->next = 0;
5170 si->stmt = NULL;
5171 si->writable = true;
5172 si->dont_invalidate = true;
5173 if (oldlen)
5174 {
5175 tree adj = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
5176 si->nonzero_chars, oldlen);
5177 adjust_related_strinfos (loc, si, adj);
5178 }
5179 else
5180 si->prev = 0;
5181 }
5182 }
5183 else if (idx == 0 && (storing_all_zeros_p || storing_nonzero_p))
5184 {
5185 if (ssaname)
5186 idx = new_stridx (ssaname);
5187 else
5188 idx = new_addr_stridx (lhs);
5189 if (idx != 0)
5190 {
5191 tree ptr = (ssaname ? ssaname : build_fold_addr_expr (lhs));
5192
5193 HOST_WIDE_INT slen;
5194 if (storing_all_zeros_p)
5195 slen = 0;
5196 else if (storing_nonzero_p && ranges_valid)
5197 {
5198 /* FIXME: Handle the upper bound of the length when
5199 LENRANGE[0] != LENRANGE[1]. */
5200 slen = lenrange[0];
5201 if (lenrange[0] != lenrange[1])
5202 /* Set the minimum length but ignore the maximum
5203 for now. */
5204 full_string_p = false;
5205 }
5206 else
5207 slen = -1;
5208
5209 tree len = (slen <= 0
5210 ? size_zero_node
5211 : build_int_cst (size_type_node, slen));
5212 si = new_strinfo (ptr, idx, len, slen >= 0 && full_string_p);
5213 set_strinfo (idx, si);
5214 if (storing_all_zeros_p
5215 && ssaname
5216 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
5217 si->endptr = ssaname;
5218 si->dont_invalidate = true;
5219 si->writable = true;
5220 }
5221 }
5222 else if (idx == 0
5223 && rhs_minlen < HOST_WIDE_INT_M1U
5224 && ssaname == NULL_TREE
5225 && TREE_CODE (TREE_TYPE (lhs)) == ARRAY_TYPE)
5226 {
5227 HOST_WIDE_INT a = int_size_in_bytes (TREE_TYPE (lhs));
5228 if (a > 0 && (unsigned HOST_WIDE_INT) a > rhs_minlen)
5229 {
5230 int idx = new_addr_stridx (lhs);
5231 if (idx != 0)
5232 {
5233 si = new_strinfo (build_fold_addr_expr (lhs), idx,
5234 build_int_cst (size_type_node, rhs_minlen),
5235 full_string_p);
5236 set_strinfo (idx, si);
5237 si->dont_invalidate = true;
5238 }
5239 }
5240 }
5241
5242 if (si != NULL && offset == 0 && storing_all_zeros_p && lenrange[2] == 1)
5243 {
5244 /* For single-byte stores only, allow adjust_last_stmt to remove
5245 the statement if the stored '\0' is immediately overwritten. */
5246 laststmt.stmt = stmt;
5247 laststmt.len = build_int_cst (size_type_node, 1);
5248 laststmt.stridx = si->idx;
5249 }
5250 return true;
5251 }
5252
5253 /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
5254
5255 static void
5256 fold_strstr_to_strncmp (tree rhs1, tree rhs2, gimple *stmt)
5257 {
5258 if (TREE_CODE (rhs1) != SSA_NAME
5259 || TREE_CODE (rhs2) != SSA_NAME)
5260 return;
5261
5262 gimple *call_stmt = NULL;
5263 for (int pass = 0; pass < 2; pass++)
5264 {
5265 gimple *g = SSA_NAME_DEF_STMT (rhs1);
5266 if (gimple_call_builtin_p (g, BUILT_IN_STRSTR)
5267 && has_single_use (rhs1)
5268 && gimple_call_arg (g, 0) == rhs2)
5269 {
5270 call_stmt = g;
5271 break;
5272 }
5273 std::swap (rhs1, rhs2);
5274 }
5275
5276 if (call_stmt)
5277 {
5278 tree arg0 = gimple_call_arg (call_stmt, 0);
5279
5280 if (arg0 == rhs2)
5281 {
5282 tree arg1 = gimple_call_arg (call_stmt, 1);
5283 tree arg1_len = NULL_TREE;
5284 int idx = get_stridx (arg1);
5285
5286 if (idx)
5287 {
5288 if (idx < 0)
5289 arg1_len = build_int_cst (size_type_node, ~idx);
5290 else
5291 {
5292 strinfo *si = get_strinfo (idx);
5293 if (si)
5294 arg1_len = get_string_length (si);
5295 }
5296 }
5297
5298 if (arg1_len != NULL_TREE)
5299 {
5300 gimple_stmt_iterator gsi = gsi_for_stmt (call_stmt);
5301 tree strncmp_decl = builtin_decl_explicit (BUILT_IN_STRNCMP);
5302
5303 if (!is_gimple_val (arg1_len))
5304 {
5305 tree arg1_len_tmp = make_ssa_name (TREE_TYPE (arg1_len));
5306 gassign *arg1_stmt = gimple_build_assign (arg1_len_tmp,
5307 arg1_len);
5308 gsi_insert_before (&gsi, arg1_stmt, GSI_SAME_STMT);
5309 arg1_len = arg1_len_tmp;
5310 }
5311
5312 gcall *strncmp_call = gimple_build_call (strncmp_decl, 3,
5313 arg0, arg1, arg1_len);
5314 tree strncmp_lhs = make_ssa_name (integer_type_node);
5315 gimple_set_vuse (strncmp_call, gimple_vuse (call_stmt));
5316 gimple_call_set_lhs (strncmp_call, strncmp_lhs);
5317 gsi_remove (&gsi, true);
5318 gsi_insert_before (&gsi, strncmp_call, GSI_SAME_STMT);
5319 tree zero = build_zero_cst (TREE_TYPE (strncmp_lhs));
5320
5321 if (is_gimple_assign (stmt))
5322 {
5323 if (gimple_assign_rhs_code (stmt) == COND_EXPR)
5324 {
5325 tree cond = gimple_assign_rhs1 (stmt);
5326 TREE_OPERAND (cond, 0) = strncmp_lhs;
5327 TREE_OPERAND (cond, 1) = zero;
5328 }
5329 else
5330 {
5331 gimple_assign_set_rhs1 (stmt, strncmp_lhs);
5332 gimple_assign_set_rhs2 (stmt, zero);
5333 }
5334 }
5335 else
5336 {
5337 gcond *cond = as_a<gcond *> (stmt);
5338 gimple_cond_set_lhs (cond, strncmp_lhs);
5339 gimple_cond_set_rhs (cond, zero);
5340 }
5341 update_stmt (stmt);
5342 }
5343 }
5344 }
5345 }
5346
5347 /* Return true if TYPE corresponds to a narrow character type. */
5348
5349 static bool
5350 is_char_type (tree type)
5351 {
5352 return (TREE_CODE (type) == INTEGER_TYPE
5353 && TYPE_MODE (type) == TYPE_MODE (char_type_node)
5354 && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node));
5355 }
5356
5357 /* Check the built-in call at GSI for validity and optimize it.
5358 Uses RVALS to determine range information.
5359 Return true to let the caller advance *GSI to the next statement
5360 in the basic block and false otherwise. */
5361
5362 static bool
5363 strlen_check_and_optimize_call (gimple_stmt_iterator *gsi, bool *zero_write,
5364 const vr_values *rvals)
5365 {
5366 gimple *stmt = gsi_stmt (*gsi);
5367
5368 if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
5369 {
5370 tree fntype = gimple_call_fntype (stmt);
5371 if (fntype && lookup_attribute ("alloc_size", TYPE_ATTRIBUTES (fntype)))
5372 handle_alloc_call (BUILT_IN_NONE, gsi);
5373 }
5374
5375 /* When not optimizing we must be checking printf calls which
5376 we do even for user-defined functions when they are declared
5377 with attribute format. */
5378 if (!flag_optimize_strlen
5379 || !strlen_optimize
5380 || !valid_builtin_call (stmt))
5381 return !handle_printf_call (gsi, rvals);
5382
5383 tree callee = gimple_call_fndecl (stmt);
5384 switch (DECL_FUNCTION_CODE (callee))
5385 {
5386 case BUILT_IN_STRLEN:
5387 case BUILT_IN_STRNLEN:
5388 handle_builtin_strlen (gsi);
5389 break;
5390 case BUILT_IN_STRCHR:
5391 handle_builtin_strchr (gsi);
5392 break;
5393 case BUILT_IN_STRCPY:
5394 case BUILT_IN_STRCPY_CHK:
5395 case BUILT_IN_STPCPY:
5396 case BUILT_IN_STPCPY_CHK:
5397 handle_builtin_strcpy (DECL_FUNCTION_CODE (callee), gsi, rvals);
5398 break;
5399
5400 case BUILT_IN_STRNCAT:
5401 case BUILT_IN_STRNCAT_CHK:
5402 handle_builtin_strncat (DECL_FUNCTION_CODE (callee), gsi);
5403 break;
5404
5405 case BUILT_IN_STPNCPY:
5406 case BUILT_IN_STPNCPY_CHK:
5407 case BUILT_IN_STRNCPY:
5408 case BUILT_IN_STRNCPY_CHK:
5409 handle_builtin_stxncpy (DECL_FUNCTION_CODE (callee), gsi);
5410 break;
5411
5412 case BUILT_IN_MEMCPY:
5413 case BUILT_IN_MEMCPY_CHK:
5414 case BUILT_IN_MEMPCPY:
5415 case BUILT_IN_MEMPCPY_CHK:
5416 handle_builtin_memcpy (DECL_FUNCTION_CODE (callee), gsi, rvals);
5417 break;
5418 case BUILT_IN_STRCAT:
5419 case BUILT_IN_STRCAT_CHK:
5420 handle_builtin_strcat (DECL_FUNCTION_CODE (callee), gsi);
5421 break;
5422 case BUILT_IN_ALLOCA:
5423 case BUILT_IN_ALLOCA_WITH_ALIGN:
5424 case BUILT_IN_MALLOC:
5425 case BUILT_IN_CALLOC:
5426 handle_alloc_call (DECL_FUNCTION_CODE (callee), gsi);
5427 break;
5428 case BUILT_IN_MEMSET:
5429 if (handle_builtin_memset (gsi, zero_write, rvals))
5430 return false;
5431 break;
5432 case BUILT_IN_MEMCMP:
5433 if (handle_builtin_memcmp (gsi))
5434 return false;
5435 break;
5436 case BUILT_IN_STRCMP:
5437 case BUILT_IN_STRNCMP:
5438 if (handle_builtin_string_cmp (gsi))
5439 return false;
5440 break;
5441 default:
5442 if (handle_printf_call (gsi, rvals))
5443 return false;
5444 break;
5445 }
5446
5447 return true;
5448 }
5449
5450 /* Handle an assignment statement at *GSI to a LHS of integral type.
5451 If GSI's basic block needs clean-up of EH, set *CLEANUP_EH to true. */
5452
5453 static void
5454 handle_integral_assign (gimple_stmt_iterator *gsi, bool *cleanup_eh,
5455 const vr_values *rvals)
5456 {
5457 gimple *stmt = gsi_stmt (*gsi);
5458 tree lhs = gimple_assign_lhs (stmt);
5459 tree lhs_type = TREE_TYPE (lhs);
5460
5461 enum tree_code code = gimple_assign_rhs_code (stmt);
5462 if (code == COND_EXPR)
5463 {
5464 tree cond = gimple_assign_rhs1 (stmt);
5465 enum tree_code cond_code = TREE_CODE (cond);
5466
5467 if (cond_code == EQ_EXPR || cond_code == NE_EXPR)
5468 fold_strstr_to_strncmp (TREE_OPERAND (cond, 0),
5469 TREE_OPERAND (cond, 1), stmt);
5470 }
5471 else if (code == EQ_EXPR || code == NE_EXPR)
5472 fold_strstr_to_strncmp (gimple_assign_rhs1 (stmt),
5473 gimple_assign_rhs2 (stmt), stmt);
5474 else if (gimple_assign_load_p (stmt)
5475 && TREE_CODE (lhs_type) == INTEGER_TYPE
5476 && TYPE_MODE (lhs_type) == TYPE_MODE (char_type_node)
5477 && (TYPE_PRECISION (lhs_type)
5478 == TYPE_PRECISION (char_type_node))
5479 && !gimple_has_volatile_ops (stmt))
5480 {
5481 tree off = integer_zero_node;
5482 unsigned HOST_WIDE_INT coff = 0;
5483 int idx = 0;
5484 tree rhs1 = gimple_assign_rhs1 (stmt);
5485 if (code == MEM_REF)
5486 {
5487 idx = get_stridx (TREE_OPERAND (rhs1, 0));
5488 if (idx > 0)
5489 {
5490 strinfo *si = get_strinfo (idx);
5491 if (si
5492 && si->nonzero_chars
5493 && TREE_CODE (si->nonzero_chars) == INTEGER_CST
5494 && (wi::to_widest (si->nonzero_chars)
5495 >= wi::to_widest (off)))
5496 off = TREE_OPERAND (rhs1, 1);
5497 else
5498 /* This case is not useful. See if get_addr_stridx
5499 returns something usable. */
5500 idx = 0;
5501 }
5502 }
5503 if (idx <= 0)
5504 idx = get_addr_stridx (rhs1, NULL_TREE, &coff);
5505 if (idx > 0)
5506 {
5507 strinfo *si = get_strinfo (idx);
5508 if (si
5509 && si->nonzero_chars
5510 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
5511 {
5512 widest_int w1 = wi::to_widest (si->nonzero_chars);
5513 widest_int w2 = wi::to_widest (off) + coff;
5514 if (w1 == w2
5515 && si->full_string_p)
5516 {
5517 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5518 {
5519 fprintf (dump_file, "Optimizing: ");
5520 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5521 }
5522
5523 /* Reading the final '\0' character. */
5524 tree zero = build_int_cst (lhs_type, 0);
5525 gimple_set_vuse (stmt, NULL_TREE);
5526 gimple_assign_set_rhs_from_tree (gsi, zero);
5527 *cleanup_eh
5528 |= maybe_clean_or_replace_eh_stmt (stmt,
5529 gsi_stmt (*gsi));
5530 stmt = gsi_stmt (*gsi);
5531 update_stmt (stmt);
5532
5533 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5534 {
5535 fprintf (dump_file, "into: ");
5536 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5537 }
5538 }
5539 else if (w1 > w2)
5540 {
5541 /* Reading a character before the final '\0'
5542 character. Just set the value range to ~[0, 0]
5543 if we don't have anything better. */
5544 wide_int min, max;
5545 signop sign = TYPE_SIGN (lhs_type);
5546 int prec = TYPE_PRECISION (lhs_type);
5547 value_range_kind vr = get_range_info (lhs, &min, &max);
5548 if (vr == VR_VARYING
5549 || (vr == VR_RANGE
5550 && min == wi::min_value (prec, sign)
5551 && max == wi::max_value (prec, sign)))
5552 set_range_info (lhs, VR_ANTI_RANGE,
5553 wi::zero (prec), wi::zero (prec));
5554 }
5555 }
5556 }
5557 }
5558 else if (code == MEM_REF && TREE_CODE (lhs) == SSA_NAME)
5559 {
5560 if (int idx = new_stridx (lhs))
5561 {
5562 /* Record multi-byte assignments from MEM_REFs. */
5563 bool storing_all_nonzero_p;
5564 bool storing_all_zeros_p;
5565 bool full_string_p;
5566 unsigned lenrange[] = { UINT_MAX, 0, 0 };
5567 tree rhs = gimple_assign_rhs1 (stmt);
5568 const bool ranges_valid
5569 = count_nonzero_bytes (rhs, lenrange, &full_string_p,
5570 &storing_all_zeros_p, &storing_all_nonzero_p,
5571 rvals);
5572 if (ranges_valid)
5573 {
5574 tree length = build_int_cst (sizetype, lenrange[0]);
5575 strinfo *si = new_strinfo (lhs, idx, length, full_string_p);
5576 set_strinfo (idx, si);
5577 si->writable = true;
5578 si->dont_invalidate = true;
5579 maybe_warn_overflow (stmt, lenrange[2], rvals);
5580 }
5581 }
5582 }
5583
5584 if (strlen_to_stridx)
5585 {
5586 tree rhs1 = gimple_assign_rhs1 (stmt);
5587 if (stridx_strlenloc *ps = strlen_to_stridx->get (rhs1))
5588 strlen_to_stridx->put (lhs, stridx_strlenloc (*ps));
5589 }
5590 }
5591
5592 /* Attempt to check for validity of the performed access a single statement
5593 at *GSI using string length knowledge, and to optimize it.
5594 If the given basic block needs clean-up of EH, CLEANUP_EH is set to
5595 true. Return true to let the caller advance *GSI to the next statement
5596 in the basic block and false otherwise. */
5597
5598 static bool
5599 check_and_optimize_stmt (gimple_stmt_iterator *gsi, bool *cleanup_eh,
5600 const vr_values *rvals)
5601 {
5602 gimple *stmt = gsi_stmt (*gsi);
5603
5604 /* For statements that modify a string, set to true if the write
5605 is only zeros. */
5606 bool zero_write = false;
5607
5608 if (is_gimple_call (stmt))
5609 {
5610 if (!strlen_check_and_optimize_call (gsi, &zero_write, rvals))
5611 return false;
5612 }
5613 else if (!flag_optimize_strlen || !strlen_optimize)
5614 return true;
5615 else if (is_gimple_assign (stmt) && !gimple_clobber_p (stmt))
5616 {
5617 /* Handle non-clobbering assignment. */
5618 tree lhs = gimple_assign_lhs (stmt);
5619 tree lhs_type = TREE_TYPE (lhs);
5620
5621 if (TREE_CODE (lhs) == SSA_NAME && POINTER_TYPE_P (lhs_type))
5622 {
5623 if (gimple_assign_single_p (stmt)
5624 || (gimple_assign_cast_p (stmt)
5625 && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (stmt)))))
5626 {
5627 int idx = get_stridx (gimple_assign_rhs1 (stmt));
5628 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = idx;
5629 }
5630 else if (gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
5631 handle_pointer_plus (gsi);
5632 }
5633 else if (TREE_CODE (lhs) == SSA_NAME && INTEGRAL_TYPE_P (lhs_type))
5634 /* Handle assignment to a character. */
5635 handle_integral_assign (gsi, cleanup_eh, rvals);
5636 else if (TREE_CODE (lhs) != SSA_NAME && !TREE_SIDE_EFFECTS (lhs))
5637 {
5638 tree type = TREE_TYPE (lhs);
5639 if (TREE_CODE (type) == ARRAY_TYPE)
5640 type = TREE_TYPE (type);
5641
5642 bool is_char_store = is_char_type (type);
5643 if (!is_char_store && TREE_CODE (lhs) == MEM_REF)
5644 {
5645 /* To consider stores into char objects via integer types
5646 other than char but not those to non-character objects,
5647 determine the type of the destination rather than just
5648 the type of the access. */
5649 for (int i = 0; i != 2; ++i)
5650 {
5651 tree ref = TREE_OPERAND (lhs, i);
5652 type = TREE_TYPE (ref);
5653 if (TREE_CODE (type) == POINTER_TYPE)
5654 type = TREE_TYPE (type);
5655 if (TREE_CODE (type) == ARRAY_TYPE)
5656 type = TREE_TYPE (type);
5657 if (is_char_type (type))
5658 {
5659 is_char_store = true;
5660 break;
5661 }
5662 }
5663 }
5664
5665 /* Handle a single or multibyte assignment. */
5666 if (is_char_store && !handle_store (gsi, &zero_write, rvals))
5667 return false;
5668 }
5669 }
5670 else if (gcond *cond = dyn_cast<gcond *> (stmt))
5671 {
5672 enum tree_code code = gimple_cond_code (cond);
5673 if (code == EQ_EXPR || code == NE_EXPR)
5674 fold_strstr_to_strncmp (gimple_cond_lhs (stmt),
5675 gimple_cond_rhs (stmt), stmt);
5676 }
5677
5678 if (gimple_vdef (stmt))
5679 maybe_invalidate (stmt, zero_write);
5680 return true;
5681 }
5682
5683 /* Recursively call maybe_invalidate on stmts that might be executed
5684 in between dombb and current bb and that contain a vdef. Stop when
5685 *count stmts are inspected, or if the whole strinfo vector has
5686 been invalidated. */
5687
5688 static void
5689 do_invalidate (basic_block dombb, gimple *phi, bitmap visited, int *count)
5690 {
5691 unsigned int i, n = gimple_phi_num_args (phi);
5692
5693 for (i = 0; i < n; i++)
5694 {
5695 tree vuse = gimple_phi_arg_def (phi, i);
5696 gimple *stmt = SSA_NAME_DEF_STMT (vuse);
5697 basic_block bb = gimple_bb (stmt);
5698 if (bb == NULL
5699 || bb == dombb
5700 || !bitmap_set_bit (visited, bb->index)
5701 || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5702 continue;
5703 while (1)
5704 {
5705 if (gimple_code (stmt) == GIMPLE_PHI)
5706 {
5707 do_invalidate (dombb, stmt, visited, count);
5708 if (*count == 0)
5709 return;
5710 break;
5711 }
5712 if (--*count == 0)
5713 return;
5714 if (!maybe_invalidate (stmt))
5715 {
5716 *count = 0;
5717 return;
5718 }
5719 vuse = gimple_vuse (stmt);
5720 stmt = SSA_NAME_DEF_STMT (vuse);
5721 if (gimple_bb (stmt) != bb)
5722 {
5723 bb = gimple_bb (stmt);
5724 if (bb == NULL
5725 || bb == dombb
5726 || !bitmap_set_bit (visited, bb->index)
5727 || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5728 break;
5729 }
5730 }
5731 }
5732 }
5733
5734 class strlen_dom_walker : public dom_walker
5735 {
5736 public:
5737 strlen_dom_walker (cdi_direction direction)
5738 : dom_walker (direction),
5739 evrp (false),
5740 m_cleanup_cfg (false)
5741 {}
5742
5743 virtual edge before_dom_children (basic_block);
5744 virtual void after_dom_children (basic_block);
5745
5746 /* EVRP analyzer used for printf argument range processing, and
5747 to track strlen results across integer variable assignments. */
5748 evrp_range_analyzer evrp;
5749
5750 /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
5751 execute function. */
5752 bool m_cleanup_cfg;
5753 };
5754
5755 /* Callback for walk_dominator_tree. Attempt to optimize various
5756 string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
5757
5758 edge
5759 strlen_dom_walker::before_dom_children (basic_block bb)
5760 {
5761 evrp.enter (bb);
5762
5763 basic_block dombb = get_immediate_dominator (CDI_DOMINATORS, bb);
5764
5765 if (dombb == NULL)
5766 stridx_to_strinfo = NULL;
5767 else
5768 {
5769 stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) dombb->aux);
5770 if (stridx_to_strinfo)
5771 {
5772 for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5773 gsi_next (&gsi))
5774 {
5775 gphi *phi = gsi.phi ();
5776 if (virtual_operand_p (gimple_phi_result (phi)))
5777 {
5778 bitmap visited = BITMAP_ALLOC (NULL);
5779 int count_vdef = 100;
5780 do_invalidate (dombb, phi, visited, &count_vdef);
5781 BITMAP_FREE (visited);
5782 if (count_vdef == 0)
5783 {
5784 /* If there were too many vdefs in between immediate
5785 dominator and current bb, invalidate everything.
5786 If stridx_to_strinfo has been unshared, we need
5787 to free it, otherwise just set it to NULL. */
5788 if (!strinfo_shared ())
5789 {
5790 unsigned int i;
5791 strinfo *si;
5792
5793 for (i = 1;
5794 vec_safe_iterate (stridx_to_strinfo, i, &si);
5795 ++i)
5796 {
5797 free_strinfo (si);
5798 (*stridx_to_strinfo)[i] = NULL;
5799 }
5800 }
5801 else
5802 stridx_to_strinfo = NULL;
5803 }
5804 break;
5805 }
5806 }
5807 }
5808 }
5809
5810 /* If all PHI arguments have the same string index, the PHI result
5811 has it as well. */
5812 for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5813 gsi_next (&gsi))
5814 {
5815 gphi *phi = gsi.phi ();
5816 tree result = gimple_phi_result (phi);
5817 if (!virtual_operand_p (result) && POINTER_TYPE_P (TREE_TYPE (result)))
5818 {
5819 int idx = get_stridx (gimple_phi_arg_def (phi, 0));
5820 if (idx != 0)
5821 {
5822 unsigned int i, n = gimple_phi_num_args (phi);
5823 for (i = 1; i < n; i++)
5824 if (idx != get_stridx (gimple_phi_arg_def (phi, i)))
5825 break;
5826 if (i == n)
5827 ssa_ver_to_stridx[SSA_NAME_VERSION (result)] = idx;
5828 }
5829 }
5830 }
5831
5832 bool cleanup_eh = false;
5833
5834 /* Attempt to optimize individual statements. */
5835 for (gimple_stmt_iterator gsi = gsi_start_bb (bb); !gsi_end_p (gsi); )
5836 {
5837 gimple *stmt = gsi_stmt (gsi);
5838
5839 /* First record ranges generated by this statement so they
5840 can be used by printf argument processing. */
5841 evrp.record_ranges_from_stmt (stmt, false);
5842
5843 if (check_and_optimize_stmt (&gsi, &cleanup_eh, evrp.get_vr_values ()))
5844 gsi_next (&gsi);
5845 }
5846
5847 if (cleanup_eh && gimple_purge_dead_eh_edges (bb))
5848 m_cleanup_cfg = true;
5849
5850 bb->aux = stridx_to_strinfo;
5851 if (vec_safe_length (stridx_to_strinfo) && !strinfo_shared ())
5852 (*stridx_to_strinfo)[0] = (strinfo *) bb;
5853 return NULL;
5854 }
5855
5856 /* Callback for walk_dominator_tree. Free strinfo vector if it is
5857 owned by the current bb, clear bb->aux. */
5858
5859 void
5860 strlen_dom_walker::after_dom_children (basic_block bb)
5861 {
5862 evrp.leave (bb);
5863
5864 if (bb->aux)
5865 {
5866 stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) bb->aux);
5867 if (vec_safe_length (stridx_to_strinfo)
5868 && (*stridx_to_strinfo)[0] == (strinfo *) bb)
5869 {
5870 unsigned int i;
5871 strinfo *si;
5872
5873 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
5874 free_strinfo (si);
5875 vec_free (stridx_to_strinfo);
5876 }
5877 bb->aux = NULL;
5878 }
5879 }
5880
5881 namespace {
5882
5883 static unsigned int
5884 printf_strlen_execute (function *fun, bool warn_only)
5885 {
5886 strlen_optimize = !warn_only;
5887
5888 calculate_dominance_info (CDI_DOMINATORS);
5889
5890 bool use_scev = optimize > 0 && flag_printf_return_value;
5891 if (use_scev)
5892 {
5893 loop_optimizer_init (LOOPS_NORMAL);
5894 scev_initialize ();
5895 }
5896
5897 gcc_assert (!strlen_to_stridx);
5898 if (warn_stringop_overflow || warn_stringop_truncation)
5899 strlen_to_stridx = new hash_map<tree, stridx_strlenloc> ();
5900
5901 /* This has to happen after initializing the loop optimizer
5902 and initializing SCEV as they create new SSA_NAMEs. */
5903 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names);
5904 max_stridx = 1;
5905
5906 /* String length optimization is implemented as a walk of the dominator
5907 tree and a forward walk of statements within each block. */
5908 strlen_dom_walker walker (CDI_DOMINATORS);
5909 walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun));
5910
5911 ssa_ver_to_stridx.release ();
5912 strinfo_pool.release ();
5913 if (decl_to_stridxlist_htab)
5914 {
5915 obstack_free (&stridx_obstack, NULL);
5916 delete decl_to_stridxlist_htab;
5917 decl_to_stridxlist_htab = NULL;
5918 }
5919 laststmt.stmt = NULL;
5920 laststmt.len = NULL_TREE;
5921 laststmt.stridx = 0;
5922
5923 if (strlen_to_stridx)
5924 {
5925 strlen_to_stridx->empty ();
5926 delete strlen_to_stridx;
5927 strlen_to_stridx = NULL;
5928 }
5929
5930 if (use_scev)
5931 {
5932 scev_finalize ();
5933 loop_optimizer_finalize ();
5934 }
5935
5936 /* Clean up object size info. */
5937 fini_object_sizes ();
5938
5939 return walker.m_cleanup_cfg ? TODO_cleanup_cfg : 0;
5940 }
5941
5942 /* This file defines two passes: one for warnings that runs only when
5943 optimization is disabled, and another that implements optimizations
5944 and also issues warnings. */
5945
5946 const pass_data pass_data_warn_printf =
5947 {
5948 GIMPLE_PASS, /* type */
5949 "warn-printf", /* name */
5950 OPTGROUP_NONE, /* optinfo_flags */
5951 TV_NONE, /* tv_id */
5952 /* Normally an optimization pass would require PROP_ssa but because
5953 this pass runs early, with no optimization, to do sprintf format
5954 checking, it only requires PROP_cfg. */
5955 PROP_cfg, /* properties_required */
5956 0, /* properties_provided */
5957 0, /* properties_destroyed */
5958 0, /* todo_flags_start */
5959 0, /* todo_flags_finish */
5960 };
5961
5962 class pass_warn_printf : public gimple_opt_pass
5963 {
5964 public:
5965 pass_warn_printf (gcc::context *ctxt)
5966 : gimple_opt_pass (pass_data_warn_printf, ctxt)
5967 {}
5968
5969 virtual bool gate (function *);
5970 virtual unsigned int execute (function *fun)
5971 {
5972 return printf_strlen_execute (fun, true);
5973 }
5974 };
5975
5976
5977 /* Return true to run the warning pass only when not optimizing and
5978 iff either -Wformat-overflow or -Wformat-truncation is specified. */
5979
5980 bool
5981 pass_warn_printf::gate (function *)
5982 {
5983 return !optimize && (warn_format_overflow > 0 || warn_format_trunc > 0);
5984 }
5985
5986 const pass_data pass_data_strlen =
5987 {
5988 GIMPLE_PASS, /* type */
5989 "strlen", /* name */
5990 OPTGROUP_NONE, /* optinfo_flags */
5991 TV_TREE_STRLEN, /* tv_id */
5992 PROP_cfg | PROP_ssa, /* properties_required */
5993 0, /* properties_provided */
5994 0, /* properties_destroyed */
5995 0, /* todo_flags_start */
5996 0, /* todo_flags_finish */
5997 };
5998
5999 class pass_strlen : public gimple_opt_pass
6000 {
6001 public:
6002 pass_strlen (gcc::context *ctxt)
6003 : gimple_opt_pass (pass_data_strlen, ctxt)
6004 {}
6005
6006 opt_pass * clone () { return new pass_strlen (m_ctxt); }
6007
6008 virtual bool gate (function *);
6009 virtual unsigned int execute (function *fun)
6010 {
6011 return printf_strlen_execute (fun, false);
6012 }
6013 };
6014
6015 /* Return true to run the pass only when the sprintf and/or strlen
6016 optimizations are enabled and -Wformat-overflow or -Wformat-truncation
6017 are specified. */
6018
6019 bool
6020 pass_strlen::gate (function *)
6021 {
6022 return ((warn_format_overflow > 0
6023 || warn_format_trunc > 0
6024 || warn_restrict > 0
6025 || flag_optimize_strlen > 0
6026 || flag_printf_return_value)
6027 && optimize > 0);
6028 }
6029
6030 } // anon namespace
6031
6032 gimple_opt_pass *
6033 make_pass_warn_printf (gcc::context *ctxt)
6034 {
6035 return new pass_warn_printf (ctxt);
6036 }
6037
6038 gimple_opt_pass *
6039 make_pass_strlen (gcc::context *ctxt)
6040 {
6041 return new pass_strlen (ctxt);
6042 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org