search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[Ada] Do not perform useless work in Check_No_Parts_Violations
[official-gcc.git] / gcc / tree-ssa-strlen.c
blob6add8c99032df09bf282d4917b2b29f02697b175
1 /* String length optimization
2 Copyright (C) 2011-2021 Free Software Foundation, Inc.
3 Contributed by Jakub Jelinek <jakub@redhat.com>
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
11
12 GCC is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "backend.h"
25 #include "rtl.h"
26 #include "tree.h"
27 #include "gimple.h"
28 #include "alloc-pool.h"
29 #include "tree-pass.h"
30 #include "ssa.h"
31 #include "cgraph.h"
32 #include "gimple-pretty-print.h"
33 #include "gimple-ssa-warn-restrict.h"
34 #include "fold-const.h"
35 #include "stor-layout.h"
36 #include "gimple-fold.h"
37 #include "tree-eh.h"
38 #include "gimplify.h"
39 #include "gimple-iterator.h"
40 #include "gimplify-me.h"
41 #include "expr.h"
42 #include "tree-cfg.h"
43 #include "tree-dfa.h"
44 #include "domwalk.h"
45 #include "tree-ssa-alias.h"
46 #include "tree-ssa-propagate.h"
47 #include "tree-ssa-strlen.h"
48 #include "tree-hash-traits.h"
49 #include "builtins.h"
50 #include "target.h"
51 #include "diagnostic-core.h"
52 #include "diagnostic.h"
53 #include "intl.h"
54 #include "attribs.h"
55 #include "calls.h"
56 #include "cfgloop.h"
57 #include "tree-ssa-loop.h"
58 #include "tree-scalar-evolution.h"
59 #include "vr-values.h"
60 #include "gimple-ssa-evrp-analyze.h"
61 #include "tree-ssa.h"
62
63 /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
64 is an index into strinfo vector, negative value stands for
65 string length of a string literal (~strlen). */
66 static vec<int> ssa_ver_to_stridx;
67
68 /* Number of currently active string indexes plus one. */
69 static int max_stridx;
70
71 /* Set to true to optimize, false when just checking. */
72 static bool strlen_optimize;
73
74 /* String information record. */
75 struct strinfo
76 {
77 /* Number of leading characters that are known to be nonzero. This is
78 also the length of the string if FULL_STRING_P.
79
80 The values in a list of related string pointers must be consistent;
81 that is, if strinfo B comes X bytes after strinfo A, it must be
82 the case that A->nonzero_chars == X + B->nonzero_chars. */
83 tree nonzero_chars;
84 /* Any of the corresponding pointers for querying alias oracle. */
85 tree ptr;
86 /* STMT is used for two things:
87
88 - To record the statement that should be used for delayed length
89 computations. We maintain the invariant that all related strinfos
90 have delayed lengths or none do.
91
92 - To record the malloc or calloc call that produced this result
93 to optimize away malloc/memset sequences. STMT is reset after
94 a calloc-allocated object has been stored a non-zero value into. */
95 gimple *stmt;
96 /* Set to the dynamic allocation statement for the object (alloca,
97 calloc, malloc, or VLA). Unlike STMT, once set for a strinfo
98 object, ALLOC doesn't change. */
99 gimple *alloc;
100 /* Pointer to '\0' if known, if NULL, it can be computed as
101 ptr + length. */
102 tree endptr;
103 /* Reference count. Any changes to strinfo entry possibly shared
104 with dominating basic blocks need unshare_strinfo first, except
105 for dont_invalidate which affects only the immediately next
106 maybe_invalidate. */
107 int refcount;
108 /* Copy of index. get_strinfo (si->idx) should return si; */
109 int idx;
110 /* These 3 fields are for chaining related string pointers together.
111 E.g. for
112 bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
113 strcpy (c, d); e = c + dl;
114 strinfo(a) -> strinfo(c) -> strinfo(e)
115 All have ->first field equal to strinfo(a)->idx and are doubly
116 chained through prev/next fields. The later strinfos are required
117 to point into the same string with zero or more bytes after
118 the previous pointer and all bytes in between the two pointers
119 must be non-zero. Functions like strcpy or memcpy are supposed
120 to adjust all previous strinfo lengths, but not following strinfo
121 lengths (those are uncertain, usually invalidated during
122 maybe_invalidate, except when the alias oracle knows better).
123 Functions like strcat on the other side adjust the whole
124 related strinfo chain.
125 They are updated lazily, so to use the chain the same first fields
126 and si->prev->next == si->idx needs to be verified. */
127 int first;
128 int next;
129 int prev;
130 /* A flag whether the string is known to be written in the current
131 function. */
132 bool writable;
133 /* A flag for the next maybe_invalidate that this strinfo shouldn't
134 be invalidated. Always cleared by maybe_invalidate. */
135 bool dont_invalidate;
136 /* True if the string is known to be nul-terminated after NONZERO_CHARS
137 characters. False is useful when detecting strings that are built
138 up via successive memcpys. */
139 bool full_string_p;
140 };
141
142 /* Pool for allocating strinfo_struct entries. */
143 static object_allocator<strinfo> strinfo_pool ("strinfo pool");
144
145 /* Vector mapping positive string indexes to strinfo, for the
146 current basic block. The first pointer in the vector is special,
147 it is either NULL, meaning the vector isn't shared, or it is
148 a basic block pointer to the owner basic_block if shared.
149 If some other bb wants to modify the vector, the vector needs
150 to be unshared first, and only the owner bb is supposed to free it. */
151 static vec<strinfo *, va_heap, vl_embed> *stridx_to_strinfo;
152
153 /* One OFFSET->IDX mapping. */
154 struct stridxlist
155 {
156 struct stridxlist *next;
157 HOST_WIDE_INT offset;
158 int idx;
159 };
160
161 /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
162 struct decl_stridxlist_map
163 {
164 struct tree_map_base base;
165 struct stridxlist list;
166 };
167
168 /* Hash table for mapping decls to a chained list of offset -> idx
169 mappings. */
170 typedef hash_map<tree_decl_hash, stridxlist> decl_to_stridxlist_htab_t;
171 static decl_to_stridxlist_htab_t *decl_to_stridxlist_htab;
172
173 /* Hash table mapping strlen (or strnlen with constant bound and return
174 smaller than bound) calls to stridx instances describing
175 the calls' arguments. Non-null only when warn_stringop_truncation
176 is non-zero. */
177 typedef std::pair<int, location_t> stridx_strlenloc;
178 static hash_map<tree, stridx_strlenloc> *strlen_to_stridx;
179
180 /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
181 static struct obstack stridx_obstack;
182
183 /* Last memcpy statement if it could be adjusted if the trailing
184 '\0' written is immediately overwritten, or
185 *x = '\0' store that could be removed if it is immediately overwritten. */
186 struct laststmt_struct
187 {
188 gimple *stmt;
189 tree len;
190 int stridx;
191 } laststmt;
192
193 static int get_stridx_plus_constant (strinfo *, unsigned HOST_WIDE_INT, tree);
194 static void handle_builtin_stxncpy_strncat (bool, gimple_stmt_iterator *);
195
196 /* Sets MINMAX to either the constant value or the range VAL is in
197 and returns either the constant value or VAL on success or null
198 when the range couldn't be determined. Uses RVALS when nonnull
199 to determine the range, otherwise uses global range info. */
200
201 tree
202 get_range (tree val, gimple *stmt, wide_int minmax[2],
203 range_query *rvals /* = NULL */)
204 {
205 if (TREE_CODE (val) == INTEGER_CST)
206 {
207 minmax[0] = minmax[1] = wi::to_wide (val);
208 return val;
209 }
210
211 if (TREE_CODE (val) != SSA_NAME)
212 return NULL_TREE;
213
214 value_range vr;
215 if (rvals && stmt)
216 {
217 if (!rvals->range_of_expr (vr, val, stmt))
218 return NULL_TREE;
219 value_range_kind rng = vr.kind ();
220 if (rng != VR_RANGE)
221 return NULL_TREE;
222
223 minmax[0] = wi::to_wide (vr.min ());
224 minmax[1] = wi::to_wide (vr.max ());
225 return val;
226 }
227
228 // ?? This entire function should use get_range_query or get_global_range_query (),
229 // instead of doing something different for RVALS and global ranges.
230
231 if (!get_global_range_query ()->range_of_expr (vr, val) || vr.undefined_p ())
232 return NULL_TREE;
233
234 minmax[0] = wi::to_wide (vr.min ());
235 minmax[1] = wi::to_wide (vr.max ());
236 value_range_kind rng = vr.kind ();
237 if (rng == VR_RANGE)
238 /* This may be an inverted range whose MINMAX[1] < MINMAX[0]. */
239 return val;
240
241 if (rng == VR_ANTI_RANGE)
242 {
243 /* An anti-range is the same as an ordinary range with inverted
244 bounds (where MINMAX[1] < MINMAX[0] is true) that may result
245 from the conversion of a signed anti-range to unsigned. */
246 wide_int tmp = minmax[0];
247 minmax[0] = minmax[1] + 1;
248 minmax[1] = wi::sub (tmp, 1);
249 return val;
250 }
251
252 /* Do not handle anti-ranges and instead make use of the on-demand
253 VRP if/when it becomes available (hopefully in GCC 11). */
254 return NULL_TREE;
255 }
256
257 /* Return:
258
259 * +1 if SI is known to start with more than OFF nonzero characters.
260
261 * 0 if SI is known to start with exactly OFF nonzero characters.
262
263 * -1 if SI either does not start with OFF nonzero characters
264 or the relationship between the number of leading nonzero
265 characters in SI and OFF is unknown. */
266
267 static inline int
268 compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off)
269 {
270 if (si->nonzero_chars
271 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
272 return compare_tree_int (si->nonzero_chars, off);
273 else
274 return -1;
275 }
276
277 /* Same as above but suitable also for strings with non-constant lengths.
278 Uses RVALS to determine length range. */
279
280 static int
281 compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off,
282 range_query *rvals)
283 {
284 if (!si->nonzero_chars)
285 return -1;
286
287 if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
288 return compare_tree_int (si->nonzero_chars, off);
289
290 if (!rvals || TREE_CODE (si->nonzero_chars) != SSA_NAME)
291 return -1;
292
293 value_range vr;
294 if (!rvals->range_of_expr (vr, si->nonzero_chars, si->stmt))
295 return -1;
296 value_range_kind rng = vr.kind ();
297 if (rng != VR_RANGE)
298 return -1;
299
300 /* If the offset is less than the minimum length or if the bounds
301 of the length range are equal return the result of the comparison
302 same as in the constant case. Otherwise return a conservative
303 result. */
304 int cmpmin = compare_tree_int (vr.min (), off);
305 if (cmpmin > 0 || tree_int_cst_equal (vr.min (), vr.max ()))
306 return cmpmin;
307
308 return -1;
309 }
310
311 /* Return true if SI is known to be a zero-length string. */
312
313 static inline bool
314 zero_length_string_p (strinfo *si)
315 {
316 return si->full_string_p && integer_zerop (si->nonzero_chars);
317 }
318
319 /* Return strinfo vector entry IDX. */
320
321 static inline strinfo *
322 get_strinfo (int idx)
323 {
324 if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
325 return NULL;
326 return (*stridx_to_strinfo)[idx];
327 }
328
329 /* Get the next strinfo in the chain after SI, or null if none. */
330
331 static inline strinfo *
332 get_next_strinfo (strinfo *si)
333 {
334 if (si->next == 0)
335 return NULL;
336 strinfo *nextsi = get_strinfo (si->next);
337 if (nextsi == NULL || nextsi->first != si->first || nextsi->prev != si->idx)
338 return NULL;
339 return nextsi;
340 }
341
342 /* Helper function for get_stridx. Return the strinfo index of the address
343 of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
344 OK to return the index for some X <= &EXP and store &EXP - X in
345 *OFFSET_OUT. When RVALS is nonnull uses it to determine range
346 information. */
347
348 static int
349 get_addr_stridx (tree exp, tree ptr, unsigned HOST_WIDE_INT *offset_out,
350 range_query *rvals = NULL)
351 {
352 HOST_WIDE_INT off;
353 struct stridxlist *list, *last = NULL;
354 tree base;
355
356 if (!decl_to_stridxlist_htab)
357 return 0;
358
359 poly_int64 poff;
360 base = get_addr_base_and_unit_offset (exp, &poff);
361 if (base == NULL || !DECL_P (base) || !poff.is_constant (&off))
362 return 0;
363
364 list = decl_to_stridxlist_htab->get (base);
365 if (list == NULL)
366 return 0;
367
368 do
369 {
370 if (list->offset == off)
371 {
372 if (offset_out)
373 *offset_out = 0;
374 return list->idx;
375 }
376 if (list->offset > off)
377 return 0;
378 last = list;
379 list = list->next;
380 }
381 while (list);
382
383 if ((offset_out || ptr) && last && last->idx > 0)
384 {
385 unsigned HOST_WIDE_INT rel_off
386 = (unsigned HOST_WIDE_INT) off - last->offset;
387 strinfo *si = get_strinfo (last->idx);
388 if (si && compare_nonzero_chars (si, rel_off, rvals) >= 0)
389 {
390 if (offset_out)
391 {
392 *offset_out = rel_off;
393 return last->idx;
394 }
395 else
396 return get_stridx_plus_constant (si, rel_off, ptr);
397 }
398 }
399 return 0;
400 }
401
402 /* Returns string index for EXP. When EXP is an SSA_NAME that refers
403 to a known strinfo with an offset and OFFRNG is non-null, sets
404 both elements of the OFFRNG array to the range of the offset and
405 returns the index of the known strinfo. In this case the result
406 must not be used in for functions that modify the string.
407 When nonnull, uses RVALS to determine range information. */
408
409 static int
410 get_stridx (tree exp, wide_int offrng[2] = NULL, range_query *rvals = NULL)
411 {
412 if (offrng)
413 offrng[0] = offrng[1] = wi::zero (TYPE_PRECISION (ptrdiff_type_node));
414
415 if (TREE_CODE (exp) == SSA_NAME)
416 {
417 if (ssa_ver_to_stridx[SSA_NAME_VERSION (exp)])
418 return ssa_ver_to_stridx[SSA_NAME_VERSION (exp)];
419
420 tree e = exp;
421 int last_idx = 0;
422 HOST_WIDE_INT offset = 0;
423 /* Follow a chain of at most 5 assignments. */
424 for (int i = 0; i < 5; i++)
425 {
426 gimple *def_stmt = SSA_NAME_DEF_STMT (e);
427 if (!is_gimple_assign (def_stmt))
428 return last_idx;
429
430 tree_code rhs_code = gimple_assign_rhs_code (def_stmt);
431 tree ptr, off;
432
433 if (rhs_code == ADDR_EXPR)
434 {
435 /* Handle indices/offsets into VLAs which are implemented
436 as pointers to arrays. */
437 ptr = gimple_assign_rhs1 (def_stmt);
438 ptr = TREE_OPERAND (ptr, 0);
439
440 /* Handle also VLAs of types larger than char. */
441 if (tree eltsize = TYPE_SIZE_UNIT (TREE_TYPE (ptr)))
442 {
443 if (TREE_CODE (ptr) == ARRAY_REF)
444 {
445 off = TREE_OPERAND (ptr, 1);
446 ptr = TREE_OPERAND (ptr, 0);
447 if (!integer_onep (eltsize))
448 {
449 /* Scale the array index by the size of the element
450 type in the rare case that it's greater than
451 the typical 1 for char, making sure both operands
452 have the same type. */
453 eltsize = fold_convert (ssizetype, eltsize);
454 off = fold_convert (ssizetype, off);
455 off = fold_build2 (MULT_EXPR, ssizetype, off, eltsize);
456 }
457 }
458 else
459 off = integer_zero_node;
460 }
461 else
462 return 0;
463
464 if (TREE_CODE (ptr) != MEM_REF)
465 return 0;
466
467 /* Add the MEM_REF byte offset. */
468 tree mem_off = TREE_OPERAND (ptr, 1);
469 off = fold_build2 (PLUS_EXPR, TREE_TYPE (off), off, mem_off);
470 ptr = TREE_OPERAND (ptr, 0);
471 }
472 else if (rhs_code == POINTER_PLUS_EXPR)
473 {
474 ptr = gimple_assign_rhs1 (def_stmt);
475 off = gimple_assign_rhs2 (def_stmt);
476 }
477 else
478 return 0;
479
480 if (TREE_CODE (ptr) != SSA_NAME)
481 return 0;
482
483 if (!tree_fits_shwi_p (off))
484 {
485 if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
486 if (offrng)
487 {
488 /* Only when requested by setting OFFRNG to non-null,
489 return the index corresponding to the SSA_NAME.
490 Do this irrespective of the whether the offset
491 is known. */
492 if (get_range (off, def_stmt, offrng, rvals))
493 {
494 /* When the offset range is known, increment it
495 it by the constant offset computed in prior
496 iterations and store it in the OFFRNG array. */
497 offrng[0] += offset;
498 offrng[1] += offset;
499 }
500 else
501 {
502 /* When the offset range cannot be determined
503 store [0, SIZE_MAX] and let the caller decide
504 if the offset matters. */
505 offrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
506 offrng[0] = wi::zero (offrng[1].get_precision ());
507 }
508 return idx;
509 }
510 return 0;
511 }
512
513 HOST_WIDE_INT this_off = tree_to_shwi (off);
514 if (offrng)
515 {
516 offrng[0] += wi::shwi (this_off, offrng->get_precision ());
517 offrng[1] += offrng[0];
518 }
519
520 if (this_off < 0)
521 return last_idx;
522
523 offset = (unsigned HOST_WIDE_INT) offset + this_off;
524 if (offset < 0)
525 return last_idx;
526
527 if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
528 {
529 strinfo *si = get_strinfo (idx);
530 if (si)
531 {
532 if (compare_nonzero_chars (si, offset) >= 0)
533 return get_stridx_plus_constant (si, offset, exp);
534
535 if (offrng)
536 last_idx = idx;
537 }
538 }
539 e = ptr;
540 }
541
542 return last_idx;
543 }
544
545 if (TREE_CODE (exp) == ADDR_EXPR)
546 {
547 int idx = get_addr_stridx (TREE_OPERAND (exp, 0), exp, NULL);
548 if (idx != 0)
549 return idx;
550 }
551
552 const char *p = c_getstr (exp);
553 if (p)
554 return ~(int) strlen (p);
555
556 return 0;
557 }
558
559 /* Return true if strinfo vector is shared with the immediate dominator. */
560
561 static inline bool
562 strinfo_shared (void)
563 {
564 return vec_safe_length (stridx_to_strinfo)
565 && (*stridx_to_strinfo)[0] != NULL;
566 }
567
568 /* Unshare strinfo vector that is shared with the immediate dominator. */
569
570 static void
571 unshare_strinfo_vec (void)
572 {
573 strinfo *si;
574 unsigned int i = 0;
575
576 gcc_assert (strinfo_shared ());
577 stridx_to_strinfo = vec_safe_copy (stridx_to_strinfo);
578 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
579 if (si != NULL)
580 si->refcount++;
581 (*stridx_to_strinfo)[0] = NULL;
582 }
583
584 /* Attempt to create a string index for exp, ADDR_EXPR's operand.
585 Return a pointer to the location where the string index can
586 be stored (if 0) or is stored, or NULL if this can't be tracked. */
587
588 static int *
589 addr_stridxptr (tree exp)
590 {
591 HOST_WIDE_INT off;
592
593 poly_int64 poff;
594 tree base = get_addr_base_and_unit_offset (exp, &poff);
595 if (base == NULL_TREE || !DECL_P (base) || !poff.is_constant (&off))
596 return NULL;
597
598 if (!decl_to_stridxlist_htab)
599 {
600 decl_to_stridxlist_htab
601 = new hash_map<tree_decl_hash, stridxlist> (64);
602 gcc_obstack_init (&stridx_obstack);
603 }
604
605 bool existed;
606 stridxlist *list = &decl_to_stridxlist_htab->get_or_insert (base, &existed);
607 if (existed)
608 {
609 int i;
610 stridxlist *before = NULL;
611 for (i = 0; i < 32; i++)
612 {
613 if (list->offset == off)
614 return &list->idx;
615 if (list->offset > off && before == NULL)
616 before = list;
617 if (list->next == NULL)
618 break;
619 list = list->next;
620 }
621 if (i == 32)
622 return NULL;
623 if (before)
624 {
625 list = before;
626 before = XOBNEW (&stridx_obstack, struct stridxlist);
627 *before = *list;
628 list->next = before;
629 list->offset = off;
630 list->idx = 0;
631 return &list->idx;
632 }
633 list->next = XOBNEW (&stridx_obstack, struct stridxlist);
634 list = list->next;
635 }
636
637 list->next = NULL;
638 list->offset = off;
639 list->idx = 0;
640 return &list->idx;
641 }
642
643 /* Create a new string index, or return 0 if reached limit. */
644
645 static int
646 new_stridx (tree exp)
647 {
648 int idx;
649 if (max_stridx >= param_max_tracked_strlens)
650 return 0;
651 if (TREE_CODE (exp) == SSA_NAME)
652 {
653 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp))
654 return 0;
655 idx = max_stridx++;
656 ssa_ver_to_stridx[SSA_NAME_VERSION (exp)] = idx;
657 return idx;
658 }
659 if (TREE_CODE (exp) == ADDR_EXPR)
660 {
661 int *pidx = addr_stridxptr (TREE_OPERAND (exp, 0));
662 if (pidx != NULL)
663 {
664 gcc_assert (*pidx == 0);
665 *pidx = max_stridx++;
666 return *pidx;
667 }
668 }
669 return 0;
670 }
671
672 /* Like new_stridx, but for ADDR_EXPR's operand instead. */
673
674 static int
675 new_addr_stridx (tree exp)
676 {
677 int *pidx;
678 if (max_stridx >= param_max_tracked_strlens)
679 return 0;
680 pidx = addr_stridxptr (exp);
681 if (pidx != NULL)
682 {
683 gcc_assert (*pidx == 0);
684 *pidx = max_stridx++;
685 return *pidx;
686 }
687 return 0;
688 }
689
690 /* Create a new strinfo. */
691
692 static strinfo *
693 new_strinfo (tree ptr, int idx, tree nonzero_chars, bool full_string_p)
694 {
695 strinfo *si = strinfo_pool.allocate ();
696 si->nonzero_chars = nonzero_chars;
697 STRIP_USELESS_TYPE_CONVERSION (ptr);
698 si->ptr = ptr;
699 si->stmt = NULL;
700 si->alloc = NULL;
701 si->endptr = NULL_TREE;
702 si->refcount = 1;
703 si->idx = idx;
704 si->first = 0;
705 si->prev = 0;
706 si->next = 0;
707 si->writable = false;
708 si->dont_invalidate = false;
709 si->full_string_p = full_string_p;
710 return si;
711 }
712
713 /* Decrease strinfo refcount and free it if not referenced anymore. */
714
715 static inline void
716 free_strinfo (strinfo *si)
717 {
718 if (si && --si->refcount == 0)
719 strinfo_pool.remove (si);
720 }
721
722 /* Set strinfo in the vector entry IDX to SI. */
723
724 static inline void
725 set_strinfo (int idx, strinfo *si)
726 {
727 if (vec_safe_length (stridx_to_strinfo) && (*stridx_to_strinfo)[0])
728 unshare_strinfo_vec ();
729 if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
730 vec_safe_grow_cleared (stridx_to_strinfo, idx + 1, true);
731 (*stridx_to_strinfo)[idx] = si;
732 }
733
734 /* Return the first strinfo in the related strinfo chain
735 if all strinfos in between belong to the chain, otherwise NULL. */
736
737 static strinfo *
738 verify_related_strinfos (strinfo *origsi)
739 {
740 strinfo *si = origsi, *psi;
741
742 if (origsi->first == 0)
743 return NULL;
744 for (; si->prev; si = psi)
745 {
746 if (si->first != origsi->first)
747 return NULL;
748 psi = get_strinfo (si->prev);
749 if (psi == NULL)
750 return NULL;
751 if (psi->next != si->idx)
752 return NULL;
753 }
754 if (si->idx != si->first)
755 return NULL;
756 return si;
757 }
758
759 /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
760 Use LOC for folding. */
761
762 static void
763 set_endptr_and_length (location_t loc, strinfo *si, tree endptr)
764 {
765 si->endptr = endptr;
766 si->stmt = NULL;
767 tree start_as_size = fold_convert_loc (loc, size_type_node, si->ptr);
768 tree end_as_size = fold_convert_loc (loc, size_type_node, endptr);
769 si->nonzero_chars = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
770 end_as_size, start_as_size);
771 si->full_string_p = true;
772 }
773
774 /* Return the string length, or NULL if it can't be computed.
775 The length may but need not be constant. Instead, it might be
776 the result of a strlen() call. */
777
778 static tree
779 get_string_length (strinfo *si)
780 {
781 /* If the length has already been computed return it if it's exact
782 (i.e., the string is nul-terminated at NONZERO_CHARS), or return
783 null if it isn't. */
784 if (si->nonzero_chars)
785 return si->full_string_p ? si->nonzero_chars : NULL;
786
787 /* If the string is the result of one of the built-in calls below
788 attempt to compute the length from the call statement. */
789 if (si->stmt)
790 {
791 gimple *stmt = si->stmt, *lenstmt;
792 tree callee, lhs, fn, tem;
793 location_t loc;
794 gimple_stmt_iterator gsi;
795
796 gcc_assert (is_gimple_call (stmt));
797 callee = gimple_call_fndecl (stmt);
798 gcc_assert (callee && fndecl_built_in_p (callee, BUILT_IN_NORMAL));
799 lhs = gimple_call_lhs (stmt);
800 /* unshare_strinfo is intentionally not called here. The (delayed)
801 transformation of strcpy or strcat into stpcpy is done at the place
802 of the former strcpy/strcat call and so can affect all the strinfos
803 with the same stmt. If they were unshared before and transformation
804 has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
805 just compute the right length. */
806 switch (DECL_FUNCTION_CODE (callee))
807 {
808 case BUILT_IN_STRCAT:
809 case BUILT_IN_STRCAT_CHK:
810 gsi = gsi_for_stmt (stmt);
811 fn = builtin_decl_implicit (BUILT_IN_STRLEN);
812 gcc_assert (lhs == NULL_TREE);
813 tem = unshare_expr (gimple_call_arg (stmt, 0));
814 lenstmt = gimple_build_call (fn, 1, tem);
815 lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), lenstmt);
816 gimple_call_set_lhs (lenstmt, lhs);
817 gimple_set_vuse (lenstmt, gimple_vuse (stmt));
818 gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
819 tem = gimple_call_arg (stmt, 0);
820 if (!ptrofftype_p (TREE_TYPE (lhs)))
821 {
822 lhs = convert_to_ptrofftype (lhs);
823 lhs = force_gimple_operand_gsi (&gsi, lhs, true, NULL_TREE,
824 true, GSI_SAME_STMT);
825 }
826 lenstmt = gimple_build_assign
827 (make_ssa_name (TREE_TYPE (gimple_call_arg (stmt, 0))),
828 POINTER_PLUS_EXPR,tem, lhs);
829 gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
830 gimple_call_set_arg (stmt, 0, gimple_assign_lhs (lenstmt));
831 lhs = NULL_TREE;
832 /* FALLTHRU */
833 case BUILT_IN_STRCPY:
834 case BUILT_IN_STRCPY_CHK:
835 gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY));
836 if (gimple_call_num_args (stmt) == 2)
837 fn = builtin_decl_implicit (BUILT_IN_STPCPY);
838 else
839 fn = builtin_decl_explicit (BUILT_IN_STPCPY_CHK);
840 gcc_assert (lhs == NULL_TREE);
841 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
842 {
843 fprintf (dump_file, "Optimizing: ");
844 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
845 }
846 gimple_call_set_fndecl (stmt, fn);
847 lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt);
848 gimple_call_set_lhs (stmt, lhs);
849 update_stmt (stmt);
850 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
851 {
852 fprintf (dump_file, "into: ");
853 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
854 }
855 /* FALLTHRU */
856 case BUILT_IN_STPCPY:
857 case BUILT_IN_STPCPY_CHK:
858 gcc_assert (lhs != NULL_TREE);
859 loc = gimple_location (stmt);
860 set_endptr_and_length (loc, si, lhs);
861 for (strinfo *chainsi = verify_related_strinfos (si);
862 chainsi != NULL;
863 chainsi = get_next_strinfo (chainsi))
864 if (chainsi->nonzero_chars == NULL)
865 set_endptr_and_length (loc, chainsi, lhs);
866 break;
867 case BUILT_IN_ALLOCA:
868 case BUILT_IN_ALLOCA_WITH_ALIGN:
869 case BUILT_IN_MALLOC:
870 break;
871 /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
872 default:
873 gcc_unreachable ();
874 break;
875 }
876 }
877
878 return si->nonzero_chars;
879 }
880
881 /* Dump strlen data to FP for statement STMT. When non-null, RVALS
882 points to the valuation engine used to calculate ranges, and is
883 used to dump strlen range for non-constant results. */
884
885 DEBUG_FUNCTION void
886 dump_strlen_info (FILE *fp, gimple *stmt, range_query *rvals)
887 {
888 if (stmt)
889 {
890 fprintf (fp, "\nDumping strlen pass data after ");
891 print_gimple_expr (fp, stmt, TDF_LINENO);
892 fputc ('\n', fp);
893 }
894 else
895 fprintf (fp, "\nDumping strlen pass data\n");
896
897 fprintf (fp, "max_stridx = %i\n", max_stridx);
898 fprintf (fp, "ssa_ver_to_stridx has %u elements\n",
899 ssa_ver_to_stridx.length ());
900 fprintf (fp, "stridx_to_strinfo");
901 if (stridx_to_strinfo)
902 {
903 fprintf (fp, " has %u elements\n", stridx_to_strinfo->length ());
904 for (unsigned i = 0; i != stridx_to_strinfo->length (); ++i)
905 {
906 if (strinfo *si = (*stridx_to_strinfo)[i])
907 {
908 if (!si->idx)
909 continue;
910 fprintf (fp, " idx = %i", si->idx);
911 if (si->ptr)
912 {
913 fprintf (fp, ", ptr = ");
914 print_generic_expr (fp, si->ptr);
915 }
916
917 if (si->nonzero_chars)
918 {
919 fprintf (fp, ", nonzero_chars = ");
920 print_generic_expr (fp, si->nonzero_chars);
921 if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
922 {
923 value_range_kind rng = VR_UNDEFINED;
924 wide_int min, max;
925 if (rvals)
926 {
927 value_range vr;
928 rvals->range_of_expr (vr, si->nonzero_chars,
929 si->stmt);
930 rng = vr.kind ();
931 if (range_int_cst_p (&vr))
932 {
933 min = wi::to_wide (vr.min ());
934 max = wi::to_wide (vr.max ());
935 }
936 else
937 rng = VR_UNDEFINED;
938 }
939 else
940 {
941 value_range vr;
942 get_global_range_query ()->range_of_expr (vr,
943 si->nonzero_chars);
944 rng = vr.kind ();
945 if (!vr.undefined_p ())
946 {
947 min = wi::to_wide (vr.min ());
948 max = wi::to_wide (vr.max ());
949 }
950 }
951
952 if (rng == VR_RANGE || rng == VR_ANTI_RANGE)
953 {
954 fprintf (fp, " %s[%llu, %llu]",
955 rng == VR_RANGE ? "" : "~",
956 (long long) min.to_uhwi (),
957 (long long) max.to_uhwi ());
958 }
959 }
960 }
961
962 fprintf (fp, ", refcount = %i", si->refcount);
963 if (si->stmt)
964 {
965 fprintf (fp, ", stmt = ");
966 print_gimple_expr (fp, si->stmt, 0);
967 }
968 if (si->alloc)
969 {
970 fprintf (fp, ", alloc = ");
971 print_gimple_expr (fp, si->alloc, 0);
972 }
973 if (si->writable)
974 fprintf (fp, ", writable");
975 if (si->dont_invalidate)
976 fprintf (fp, ", dont_invalidate");
977 if (si->full_string_p)
978 fprintf (fp, ", full_string_p");
979 if (strinfo *next = get_next_strinfo (si))
980 {
981 fprintf (fp, ", {");
982 do
983 fprintf (fp, "%i%s", next->idx, next->first ? ", " : "");
984 while ((next = get_next_strinfo (next)));
985 fprintf (fp, "}");
986 }
987 fputs ("\n", fp);
988 }
989 }
990 }
991 else
992 fprintf (fp, " = null\n");
993
994 fprintf (fp, "decl_to_stridxlist_htab");
995 if (decl_to_stridxlist_htab)
996 {
997 fputs ("\n", fp);
998 typedef decl_to_stridxlist_htab_t::iterator iter_t;
999 for (iter_t it = decl_to_stridxlist_htab->begin ();
1000 it != decl_to_stridxlist_htab->end (); ++it)
1001 {
1002 tree decl = (*it).first;
1003 stridxlist *list = &(*it).second;
1004 fprintf (fp, " decl = ");
1005 print_generic_expr (fp, decl);
1006 if (list)
1007 {
1008 fprintf (fp, ", offsets = {");
1009 for (; list; list = list->next)
1010 fprintf (fp, "%lli%s", (long long) list->offset,
1011 list->next ? ", " : "");
1012 fputs ("}", fp);
1013 }
1014 fputs ("\n", fp);
1015 }
1016 }
1017 else
1018 fprintf (fp, " = null\n");
1019
1020 if (laststmt.stmt)
1021 {
1022 fprintf (fp, "laststmt = ");
1023 print_gimple_expr (fp, laststmt.stmt, 0);
1024 fprintf (fp, ", len = ");
1025 print_generic_expr (fp, laststmt.len);
1026 fprintf (fp, ", stridx = %i\n", laststmt.stridx);
1027 }
1028 }
1029
1030 /* Attempt to determine the length of the string SRC. On success, store
1031 the length in *PDATA and return true. Otherwise, return false.
1032 VISITED is a bitmap of visited PHI nodes. RVALS points to the valuation
1033 engine used to calculate ranges. PSSA_DEF_MAX to an SSA_NAME
1034 assignment limit used to prevent runaway recursion. */
1035
1036 static bool
1037 get_range_strlen_dynamic (tree src, gimple *stmt,
1038 c_strlen_data *pdata, bitmap *visited,
1039 range_query *rvals, unsigned *pssa_def_max)
1040 {
1041 int idx = get_stridx (src);
1042 if (!idx)
1043 {
1044 if (TREE_CODE (src) == SSA_NAME)
1045 {
1046 gimple *def_stmt = SSA_NAME_DEF_STMT (src);
1047 if (gimple_code (def_stmt) == GIMPLE_PHI)
1048 {
1049 if (!*visited)
1050 *visited = BITMAP_ALLOC (NULL);
1051
1052 if (!bitmap_set_bit (*visited, SSA_NAME_VERSION (src)))
1053 return true;
1054
1055 if (*pssa_def_max == 0)
1056 return false;
1057
1058 --*pssa_def_max;
1059
1060 /* Iterate over the PHI arguments and determine the minimum
1061 and maximum length/size of each and incorporate them into
1062 the overall result. */
1063 gphi *phi = as_a <gphi *> (def_stmt);
1064 for (unsigned i = 0; i != gimple_phi_num_args (phi); ++i)
1065 {
1066 tree arg = gimple_phi_arg_def (phi, i);
1067 if (arg == gimple_phi_result (def_stmt))
1068 continue;
1069
1070 c_strlen_data argdata = { };
1071 if (get_range_strlen_dynamic (arg, phi, &argdata, visited,
1072 rvals, pssa_def_max))
1073 {
1074 /* Set the DECL of an unterminated array this argument
1075 refers to if one hasn't been found yet. */
1076 if (!pdata->decl && argdata.decl)
1077 pdata->decl = argdata.decl;
1078
1079 if (!argdata.minlen
1080 || (integer_zerop (argdata.minlen)
1081 && (!argdata.maxbound
1082 || integer_all_onesp (argdata.maxbound))
1083 && integer_all_onesp (argdata.maxlen)))
1084 {
1085 /* Set the upper bound of the length to unbounded. */
1086 pdata->maxlen = build_all_ones_cst (size_type_node);
1087 continue;
1088 }
1089
1090 /* Adjust the minimum and maximum length determined
1091 so far and the upper bound on the array size. */
1092 if (!pdata->minlen
1093 || tree_int_cst_lt (argdata.minlen, pdata->minlen))
1094 pdata->minlen = argdata.minlen;
1095 if (!pdata->maxlen
1096 || (argdata.maxlen
1097 && tree_int_cst_lt (pdata->maxlen, argdata.maxlen)))
1098 pdata->maxlen = argdata.maxlen;
1099 if (!pdata->maxbound
1100 || TREE_CODE (pdata->maxbound) != INTEGER_CST
1101 || (argdata.maxbound
1102 && tree_int_cst_lt (pdata->maxbound,
1103 argdata.maxbound)
1104 && !integer_all_onesp (argdata.maxbound)))
1105 pdata->maxbound = argdata.maxbound;
1106 }
1107 else
1108 pdata->maxlen = build_all_ones_cst (size_type_node);
1109 }
1110
1111 return true;
1112 }
1113 }
1114
1115 /* Return success regardless of the result and handle *PDATA
1116 in the caller. */
1117 get_range_strlen (src, pdata, 1);
1118 return true;
1119 }
1120
1121 if (idx < 0)
1122 {
1123 /* SRC is a string of constant length. */
1124 pdata->minlen = build_int_cst (size_type_node, ~idx);
1125 pdata->maxlen = pdata->minlen;
1126 pdata->maxbound = pdata->maxlen;
1127 return true;
1128 }
1129
1130 if (strinfo *si = get_strinfo (idx))
1131 {
1132 pdata->minlen = get_string_length (si);
1133 if (!pdata->minlen && si->nonzero_chars)
1134 {
1135 if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
1136 pdata->minlen = si->nonzero_chars;
1137 else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
1138 {
1139 value_range vr;
1140 rvals->range_of_expr (vr, si->nonzero_chars, si->stmt);
1141 if (range_int_cst_p (&vr))
1142 {
1143 pdata->minlen = vr.min ();
1144 pdata->maxlen = vr.max ();
1145 }
1146 else
1147 pdata->minlen = build_zero_cst (size_type_node);
1148 }
1149 else
1150 pdata->minlen = build_zero_cst (size_type_node);
1151
1152 tree base = si->ptr;
1153 if (TREE_CODE (base) == ADDR_EXPR)
1154 base = TREE_OPERAND (base, 0);
1155
1156 HOST_WIDE_INT off;
1157 poly_int64 poff;
1158 base = get_addr_base_and_unit_offset (base, &poff);
1159 if (base
1160 && DECL_P (base)
1161 && TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE
1162 && TYPE_SIZE_UNIT (TREE_TYPE (base))
1163 && poff.is_constant (&off))
1164 {
1165 tree basetype = TREE_TYPE (base);
1166 tree size = TYPE_SIZE_UNIT (basetype);
1167 if (TREE_CODE (size) == INTEGER_CST)
1168 {
1169 ++off; /* Increment for the terminating nul. */
1170 tree toffset = build_int_cst (size_type_node, off);
1171 pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node, size,
1172 toffset);
1173 pdata->maxbound = pdata->maxlen;
1174 }
1175 else
1176 pdata->maxlen = build_all_ones_cst (size_type_node);
1177 }
1178 else
1179 pdata->maxlen = build_all_ones_cst (size_type_node);
1180 }
1181 else if (pdata->minlen && TREE_CODE (pdata->minlen) == SSA_NAME)
1182 {
1183 value_range vr;
1184 rvals->range_of_expr (vr, si->nonzero_chars, stmt);
1185 if (range_int_cst_p (&vr))
1186 {
1187 pdata->minlen = vr.min ();
1188 pdata->maxlen = vr.max ();
1189 pdata->maxbound = pdata->maxlen;
1190 }
1191 else
1192 {
1193 pdata->minlen = build_zero_cst (size_type_node);
1194 pdata->maxlen = build_all_ones_cst (size_type_node);
1195 }
1196 }
1197 else if (pdata->minlen && TREE_CODE (pdata->minlen) == INTEGER_CST)
1198 {
1199 pdata->maxlen = pdata->minlen;
1200 pdata->maxbound = pdata->minlen;
1201 }
1202 else
1203 {
1204 /* For PDATA->MINLEN that's a non-constant expression such
1205 as PLUS_EXPR whose value range is unknown, set the bounds
1206 to zero and SIZE_MAX. */
1207 pdata->minlen = build_zero_cst (size_type_node);
1208 pdata->maxlen = build_all_ones_cst (size_type_node);
1209 }
1210
1211 return true;
1212 }
1213
1214 return false;
1215 }
1216
1217 /* Analogous to get_range_strlen but for dynamically created strings,
1218 i.e., those created by calls to strcpy as opposed to just string
1219 constants.
1220 Try to obtain the range of the lengths of the string(s) referenced
1221 by SRC, or the size of the largest array SRC refers to if the range
1222 of lengths cannot be determined, and store all in *PDATA. RVALS
1223 points to the valuation engine used to calculate ranges. */
1224
1225 void
1226 get_range_strlen_dynamic (tree src, gimple *stmt, c_strlen_data *pdata,
1227 range_query *rvals)
1228 {
1229 bitmap visited = NULL;
1230 tree maxbound = pdata->maxbound;
1231
1232 unsigned limit = param_ssa_name_def_chain_limit;
1233 if (!get_range_strlen_dynamic (src, stmt, pdata, &visited, rvals, &limit))
1234 {
1235 /* On failure extend the length range to an impossible maximum
1236 (a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other
1237 members can stay unchanged regardless. */
1238 pdata->minlen = ssize_int (0);
1239 pdata->maxlen = build_all_ones_cst (size_type_node);
1240 }
1241 else if (!pdata->minlen)
1242 pdata->minlen = ssize_int (0);
1243
1244 /* If it's unchanged from it initial non-null value, set the conservative
1245 MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */
1246 if (maxbound && pdata->maxbound == maxbound)
1247 pdata->maxbound = build_all_ones_cst (size_type_node);
1248
1249 if (visited)
1250 BITMAP_FREE (visited);
1251 }
1252
1253 /* Invalidate string length information for strings whose length might
1254 change due to stores in STMT, except those marked DONT_INVALIDATE.
1255 For string-modifying statements, ZERO_WRITE is set when the statement
1256 wrote only zeros.
1257 Returns true if any STRIDX_TO_STRINFO entries were considered
1258 for invalidation. */
1259
1260 static bool
1261 maybe_invalidate (gimple *stmt, bool zero_write = false)
1262 {
1263 if (dump_file && (dump_flags & TDF_DETAILS))
1264 {
1265 fprintf (dump_file, "%s called for ", __func__);
1266 print_gimple_stmt (dump_file, stmt, TDF_LINENO);
1267 }
1268
1269 strinfo *si;
1270 bool nonempty = false;
1271
1272 for (unsigned i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
1273 {
1274 if (si == NULL || !POINTER_TYPE_P (TREE_TYPE (si->ptr)))
1275 continue;
1276
1277 nonempty = true;
1278
1279 /* Unconditionally reset DONT_INVALIDATE. */
1280 bool dont_invalidate = si->dont_invalidate;
1281 si->dont_invalidate = false;
1282
1283 if (dont_invalidate)
1284 continue;
1285
1286 ao_ref r;
1287 tree size = si->nonzero_chars;
1288 ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
1289 /* Include the terminating nul in the size of the string
1290 to consider when determining possible clobber. But do not
1291 add it to 'size' since we don't know whether it would
1292 actually fit the allocated area. */
1293 if (known_size_p (r.size))
1294 {
1295 if (known_le (r.size, HOST_WIDE_INT_MAX - BITS_PER_UNIT))
1296 r.max_size += BITS_PER_UNIT;
1297 else
1298 r.max_size = -1;
1299 }
1300 if (stmt_may_clobber_ref_p_1 (stmt, &r))
1301 {
1302 if (dump_file && (dump_flags & TDF_DETAILS))
1303 {
1304 fputs (" statement may clobber object ", dump_file);
1305 print_generic_expr (dump_file, si->ptr);
1306 if (size && tree_fits_uhwi_p (size))
1307 fprintf (dump_file, " " HOST_WIDE_INT_PRINT_UNSIGNED
1308 " bytes in size", tree_to_uhwi (size));
1309 fputc ('\n', dump_file);
1310 }
1311
1312 set_strinfo (i, NULL);
1313 free_strinfo (si);
1314 continue;
1315 }
1316
1317 if (size
1318 && !zero_write
1319 && si->stmt
1320 && is_gimple_call (si->stmt)
1321 && (DECL_FUNCTION_CODE (gimple_call_fndecl (si->stmt))
1322 == BUILT_IN_CALLOC))
1323 {
1324 /* If the clobber test above considered the length of
1325 the string (including the nul), then for (potentially)
1326 non-zero writes that might modify storage allocated by
1327 calloc consider the whole object and if it might be
1328 clobbered by the statement reset the statement. */
1329 ao_ref_init_from_ptr_and_size (&r, si->ptr, NULL_TREE);
1330 if (stmt_may_clobber_ref_p_1 (stmt, &r))
1331 si->stmt = NULL;
1332 }
1333 }
1334
1335 if (dump_file && (dump_flags & TDF_DETAILS))
1336 fprintf (dump_file, "%s returns %i\n", __func__, nonempty);
1337
1338 return nonempty;
1339 }
1340
1341 /* Unshare strinfo record SI, if it has refcount > 1 or
1342 if stridx_to_strinfo vector is shared with some other
1343 bbs. */
1344
1345 static strinfo *
1346 unshare_strinfo (strinfo *si)
1347 {
1348 strinfo *nsi;
1349
1350 if (si->refcount == 1 && !strinfo_shared ())
1351 return si;
1352
1353 nsi = new_strinfo (si->ptr, si->idx, si->nonzero_chars, si->full_string_p);
1354 nsi->stmt = si->stmt;
1355 nsi->alloc = si->alloc;
1356 nsi->endptr = si->endptr;
1357 nsi->first = si->first;
1358 nsi->prev = si->prev;
1359 nsi->next = si->next;
1360 nsi->writable = si->writable;
1361 set_strinfo (si->idx, nsi);
1362 free_strinfo (si);
1363 return nsi;
1364 }
1365
1366 /* Attempt to create a new strinfo for BASESI + OFF, or find existing
1367 strinfo if there is any. Return it's idx, or 0 if no strinfo has
1368 been created. */
1369
1370 static int
1371 get_stridx_plus_constant (strinfo *basesi, unsigned HOST_WIDE_INT off,
1372 tree ptr)
1373 {
1374 if (TREE_CODE (ptr) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1375 return 0;
1376
1377 if (compare_nonzero_chars (basesi, off) < 0
1378 || !tree_fits_uhwi_p (basesi->nonzero_chars))
1379 return 0;
1380
1381 unsigned HOST_WIDE_INT nonzero_chars
1382 = tree_to_uhwi (basesi->nonzero_chars) - off;
1383 strinfo *si = basesi, *chainsi;
1384 if (si->first || si->prev || si->next)
1385 si = verify_related_strinfos (basesi);
1386 if (si == NULL
1387 || si->nonzero_chars == NULL_TREE
1388 || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1389 return 0;
1390
1391 if (TREE_CODE (ptr) == SSA_NAME
1392 && ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1393 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1394
1395 gcc_checking_assert (compare_tree_int (si->nonzero_chars, off) != -1);
1396 for (chainsi = si; chainsi->next; chainsi = si)
1397 {
1398 si = get_next_strinfo (chainsi);
1399 if (si == NULL
1400 || si->nonzero_chars == NULL_TREE
1401 || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1402 break;
1403 int r = compare_tree_int (si->nonzero_chars, nonzero_chars);
1404 if (r != 1)
1405 {
1406 if (r == 0)
1407 {
1408 if (TREE_CODE (ptr) == SSA_NAME)
1409 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = si->idx;
1410 else
1411 {
1412 int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1413 if (pidx != NULL && *pidx == 0)
1414 *pidx = si->idx;
1415 }
1416 return si->idx;
1417 }
1418 break;
1419 }
1420 }
1421
1422 int idx = new_stridx (ptr);
1423 if (idx == 0)
1424 return 0;
1425 si = new_strinfo (ptr, idx, build_int_cst (size_type_node, nonzero_chars),
1426 basesi->full_string_p);
1427 set_strinfo (idx, si);
1428 if (strinfo *nextsi = get_strinfo (chainsi->next))
1429 {
1430 nextsi = unshare_strinfo (nextsi);
1431 si->next = nextsi->idx;
1432 nextsi->prev = idx;
1433 }
1434 chainsi = unshare_strinfo (chainsi);
1435 if (chainsi->first == 0)
1436 chainsi->first = chainsi->idx;
1437 chainsi->next = idx;
1438 if (chainsi->endptr == NULL_TREE && zero_length_string_p (si))
1439 chainsi->endptr = ptr;
1440 si->endptr = chainsi->endptr;
1441 si->prev = chainsi->idx;
1442 si->first = chainsi->first;
1443 si->writable = chainsi->writable;
1444 return si->idx;
1445 }
1446
1447 /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
1448 to a zero-length string and if possible chain it to a related strinfo
1449 chain whose part is or might be CHAINSI. */
1450
1451 static strinfo *
1452 zero_length_string (tree ptr, strinfo *chainsi)
1453 {
1454 strinfo *si;
1455 int idx;
1456 if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1457 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1458 gcc_checking_assert (TREE_CODE (ptr) == SSA_NAME
1459 && ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] == 0);
1460
1461 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1462 return NULL;
1463 if (chainsi != NULL)
1464 {
1465 si = verify_related_strinfos (chainsi);
1466 if (si)
1467 {
1468 do
1469 {
1470 /* We shouldn't mix delayed and non-delayed lengths. */
1471 gcc_assert (si->full_string_p);
1472 if (si->endptr == NULL_TREE)
1473 {
1474 si = unshare_strinfo (si);
1475 si->endptr = ptr;
1476 }
1477 chainsi = si;
1478 si = get_next_strinfo (si);
1479 }
1480 while (si != NULL);
1481 if (zero_length_string_p (chainsi))
1482 {
1483 if (chainsi->next)
1484 {
1485 chainsi = unshare_strinfo (chainsi);
1486 chainsi->next = 0;
1487 }
1488 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = chainsi->idx;
1489 return chainsi;
1490 }
1491 }
1492 else
1493 {
1494 /* We shouldn't mix delayed and non-delayed lengths. */
1495 gcc_assert (chainsi->full_string_p);
1496 if (chainsi->first || chainsi->prev || chainsi->next)
1497 {
1498 chainsi = unshare_strinfo (chainsi);
1499 chainsi->first = 0;
1500 chainsi->prev = 0;
1501 chainsi->next = 0;
1502 }
1503 }
1504 }
1505 idx = new_stridx (ptr);
1506 if (idx == 0)
1507 return NULL;
1508 si = new_strinfo (ptr, idx, build_int_cst (size_type_node, 0), true);
1509 set_strinfo (idx, si);
1510 si->endptr = ptr;
1511 if (chainsi != NULL)
1512 {
1513 chainsi = unshare_strinfo (chainsi);
1514 if (chainsi->first == 0)
1515 chainsi->first = chainsi->idx;
1516 chainsi->next = idx;
1517 if (chainsi->endptr == NULL_TREE)
1518 chainsi->endptr = ptr;
1519 si->prev = chainsi->idx;
1520 si->first = chainsi->first;
1521 si->writable = chainsi->writable;
1522 }
1523 return si;
1524 }
1525
1526 /* For strinfo ORIGSI whose length has been just updated, adjust other
1527 related strinfos so that they match the new ORIGSI. This involves:
1528
1529 - adding ADJ to the nonzero_chars fields
1530 - copying full_string_p from the new ORIGSI. */
1531
1532 static void
1533 adjust_related_strinfos (location_t loc, strinfo *origsi, tree adj)
1534 {
1535 strinfo *si = verify_related_strinfos (origsi);
1536
1537 if (si == NULL)
1538 return;
1539
1540 while (1)
1541 {
1542 strinfo *nsi;
1543
1544 if (si != origsi)
1545 {
1546 tree tem;
1547
1548 si = unshare_strinfo (si);
1549 /* We shouldn't see delayed lengths here; the caller must
1550 have calculated the old length in order to calculate
1551 the adjustment. */
1552 gcc_assert (si->nonzero_chars);
1553 tem = fold_convert_loc (loc, TREE_TYPE (si->nonzero_chars), adj);
1554 si->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
1555 TREE_TYPE (si->nonzero_chars),
1556 si->nonzero_chars, tem);
1557 si->full_string_p = origsi->full_string_p;
1558
1559 si->endptr = NULL_TREE;
1560 si->dont_invalidate = true;
1561 }
1562 nsi = get_next_strinfo (si);
1563 if (nsi == NULL)
1564 return;
1565 si = nsi;
1566 }
1567 }
1568
1569 /* Find if there are other SSA_NAME pointers equal to PTR
1570 for which we don't track their string lengths yet. If so, use
1571 IDX for them. */
1572
1573 static void
1574 find_equal_ptrs (tree ptr, int idx)
1575 {
1576 if (TREE_CODE (ptr) != SSA_NAME)
1577 return;
1578 while (1)
1579 {
1580 gimple *stmt = SSA_NAME_DEF_STMT (ptr);
1581 if (!is_gimple_assign (stmt))
1582 return;
1583 ptr = gimple_assign_rhs1 (stmt);
1584 switch (gimple_assign_rhs_code (stmt))
1585 {
1586 case SSA_NAME:
1587 break;
1588 CASE_CONVERT:
1589 if (!POINTER_TYPE_P (TREE_TYPE (ptr)))
1590 return;
1591 if (TREE_CODE (ptr) == SSA_NAME)
1592 break;
1593 if (TREE_CODE (ptr) != ADDR_EXPR)
1594 return;
1595 /* FALLTHRU */
1596 case ADDR_EXPR:
1597 {
1598 int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1599 if (pidx != NULL && *pidx == 0)
1600 *pidx = idx;
1601 return;
1602 }
1603 default:
1604 return;
1605 }
1606
1607 /* We might find an endptr created in this pass. Grow the
1608 vector in that case. */
1609 if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1610 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1611
1612 if (ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] != 0)
1613 return;
1614 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = idx;
1615 }
1616 }
1617
1618 /* Return true if STMT is a call to a builtin function with the right
1619 arguments and attributes that should be considered for optimization
1620 by this pass. */
1621
1622 static bool
1623 valid_builtin_call (gimple *stmt)
1624 {
1625 if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
1626 return false;
1627
1628 tree callee = gimple_call_fndecl (stmt);
1629 tree decl = builtin_decl_explicit (DECL_FUNCTION_CODE (callee));
1630 if (decl
1631 && decl != callee
1632 && !gimple_builtin_call_types_compatible_p (stmt, decl))
1633 return false;
1634
1635 switch (DECL_FUNCTION_CODE (callee))
1636 {
1637 case BUILT_IN_MEMCMP:
1638 case BUILT_IN_MEMCMP_EQ:
1639 case BUILT_IN_STRCMP:
1640 case BUILT_IN_STRNCMP:
1641 case BUILT_IN_STRCHR:
1642 case BUILT_IN_STRLEN:
1643 case BUILT_IN_STRNLEN:
1644 /* The above functions should be pure. Punt if they aren't. */
1645 if (gimple_vdef (stmt) || gimple_vuse (stmt) == NULL_TREE)
1646 return false;
1647 break;
1648
1649 case BUILT_IN_ALLOCA:
1650 case BUILT_IN_ALLOCA_WITH_ALIGN:
1651 case BUILT_IN_CALLOC:
1652 case BUILT_IN_MALLOC:
1653 case BUILT_IN_MEMCPY:
1654 case BUILT_IN_MEMCPY_CHK:
1655 case BUILT_IN_MEMPCPY:
1656 case BUILT_IN_MEMPCPY_CHK:
1657 case BUILT_IN_MEMSET:
1658 case BUILT_IN_STPCPY:
1659 case BUILT_IN_STPCPY_CHK:
1660 case BUILT_IN_STPNCPY:
1661 case BUILT_IN_STPNCPY_CHK:
1662 case BUILT_IN_STRCAT:
1663 case BUILT_IN_STRCAT_CHK:
1664 case BUILT_IN_STRCPY:
1665 case BUILT_IN_STRCPY_CHK:
1666 case BUILT_IN_STRNCAT:
1667 case BUILT_IN_STRNCAT_CHK:
1668 case BUILT_IN_STRNCPY:
1669 case BUILT_IN_STRNCPY_CHK:
1670 /* The above functions should be neither const nor pure. Punt if they
1671 aren't. */
1672 if (gimple_vdef (stmt) == NULL_TREE || gimple_vuse (stmt) == NULL_TREE)
1673 return false;
1674 break;
1675
1676 default:
1677 break;
1678 }
1679
1680 return true;
1681 }
1682
1683 /* If the last .MEM setter statement before STMT is
1684 memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1685 and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1686 just memcpy (x, y, strlen (y)). SI must be the zero length
1687 strinfo. */
1688
1689 static void
1690 adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat,
1691 pointer_query &ptr_qry)
1692 {
1693 tree vuse, callee, len;
1694 struct laststmt_struct last = laststmt;
1695 strinfo *lastsi, *firstsi;
1696 unsigned len_arg_no = 2;
1697
1698 laststmt.stmt = NULL;
1699 laststmt.len = NULL_TREE;
1700 laststmt.stridx = 0;
1701
1702 if (last.stmt == NULL)
1703 return;
1704
1705 vuse = gimple_vuse (stmt);
1706 if (vuse == NULL_TREE
1707 || SSA_NAME_DEF_STMT (vuse) != last.stmt
1708 || !has_single_use (vuse))
1709 return;
1710
1711 gcc_assert (last.stridx > 0);
1712 lastsi = get_strinfo (last.stridx);
1713 if (lastsi == NULL)
1714 return;
1715
1716 if (lastsi != si)
1717 {
1718 if (lastsi->first == 0 || lastsi->first != si->first)
1719 return;
1720
1721 firstsi = verify_related_strinfos (si);
1722 if (firstsi == NULL)
1723 return;
1724 while (firstsi != lastsi)
1725 {
1726 firstsi = get_next_strinfo (firstsi);
1727 if (firstsi == NULL)
1728 return;
1729 }
1730 }
1731
1732 if (!is_strcat && !zero_length_string_p (si))
1733 return;
1734
1735 if (is_gimple_assign (last.stmt))
1736 {
1737 gimple_stmt_iterator gsi;
1738
1739 if (!integer_zerop (gimple_assign_rhs1 (last.stmt)))
1740 return;
1741 if (stmt_could_throw_p (cfun, last.stmt))
1742 return;
1743 gsi = gsi_for_stmt (last.stmt);
1744 unlink_stmt_vdef (last.stmt);
1745 release_defs (last.stmt);
1746 gsi_remove (&gsi, true);
1747 return;
1748 }
1749
1750 if (!valid_builtin_call (last.stmt))
1751 return;
1752
1753 callee = gimple_call_fndecl (last.stmt);
1754 switch (DECL_FUNCTION_CODE (callee))
1755 {
1756 case BUILT_IN_MEMCPY:
1757 case BUILT_IN_MEMCPY_CHK:
1758 break;
1759 default:
1760 return;
1761 }
1762
1763 len = gimple_call_arg (last.stmt, len_arg_no);
1764 if (tree_fits_uhwi_p (len))
1765 {
1766 if (!tree_fits_uhwi_p (last.len)
1767 || integer_zerop (len)
1768 || tree_to_uhwi (len) != tree_to_uhwi (last.len) + 1)
1769 return;
1770 /* Don't adjust the length if it is divisible by 4, it is more efficient
1771 to store the extra '\0' in that case. */
1772 if ((tree_to_uhwi (len) & 3) == 0)
1773 return;
1774
1775 /* Don't fold away an out of bounds access, as this defeats proper
1776 warnings. */
1777 tree dst = gimple_call_arg (last.stmt, 0);
1778
1779 access_ref aref;
1780 tree size = compute_objsize (dst, 1, &aref, &ptr_qry);
1781 if (size && tree_int_cst_lt (size, len))
1782 return;
1783 }
1784 else if (TREE_CODE (len) == SSA_NAME)
1785 {
1786 gimple *def_stmt = SSA_NAME_DEF_STMT (len);
1787 if (!is_gimple_assign (def_stmt)
1788 || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
1789 || gimple_assign_rhs1 (def_stmt) != last.len
1790 || !integer_onep (gimple_assign_rhs2 (def_stmt)))
1791 return;
1792 }
1793 else
1794 return;
1795
1796 gimple_call_set_arg (last.stmt, len_arg_no, last.len);
1797 update_stmt (last.stmt);
1798 }
1799
1800 /* For an LHS that is an SSA_NAME that is the result of a strlen()
1801 call, or when BOUND is non-null, of a strnlen() call, set LHS
1802 range info to [0, min (MAX, BOUND)] when the range includes more
1803 than one value and return LHS. Otherwise, when the range
1804 [MIN, MAX] is such that MIN == MAX, return the tree representation
1805 of (MIN). The latter allows callers to fold suitable strnlen() calls
1806 to constants. */
1807
1808 tree
1809 set_strlen_range (tree lhs, wide_int min, wide_int max,
1810 tree bound /* = NULL_TREE */)
1811 {
1812 if (TREE_CODE (lhs) != SSA_NAME
1813 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1814 return NULL_TREE;
1815
1816 if (bound)
1817 {
1818 /* For strnlen, adjust MIN and MAX as necessary. If the bound
1819 is less than the size of the array set MAX to it. It it's
1820 greater than MAX and MAX is non-zero bump MAX down to account
1821 for the necessary terminating nul. Otherwise leave it alone. */
1822 if (TREE_CODE (bound) == INTEGER_CST)
1823 {
1824 wide_int wibnd = wi::to_wide (bound);
1825 int cmp = wi::cmpu (wibnd, max);
1826 if (cmp < 0)
1827 max = wibnd;
1828 else if (cmp && wi::ne_p (max, min))
1829 --max;
1830 }
1831 else if (TREE_CODE (bound) == SSA_NAME)
1832 {
1833 value_range r;
1834 get_range_query (cfun)->range_of_expr (r, bound);
1835 if (!r.undefined_p ())
1836 {
1837 /* For a bound in a known range, adjust the range determined
1838 above as necessary. For a bound in some anti-range or
1839 in an unknown range, use the range determined by callers. */
1840 if (wi::ltu_p (r.lower_bound (), min))
1841 min = r.lower_bound ();
1842 if (wi::ltu_p (r.upper_bound (), max))
1843 max = r.upper_bound ();
1844 }
1845 }
1846 }
1847
1848 if (min == max)
1849 return wide_int_to_tree (size_type_node, min);
1850
1851 set_range_info (lhs, VR_RANGE, min, max);
1852 return lhs;
1853 }
1854
1855 /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1856 SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1857 a character array A[N] with unknown length bounded by N, and for
1858 strnlen(), by min (N, BOUND). */
1859
1860 static tree
1861 maybe_set_strlen_range (tree lhs, tree src, tree bound)
1862 {
1863 if (TREE_CODE (lhs) != SSA_NAME
1864 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1865 return NULL_TREE;
1866
1867 if (TREE_CODE (src) == SSA_NAME)
1868 {
1869 gimple *def = SSA_NAME_DEF_STMT (src);
1870 if (is_gimple_assign (def)
1871 && gimple_assign_rhs_code (def) == ADDR_EXPR)
1872 src = gimple_assign_rhs1 (def);
1873 }
1874
1875 /* The longest string is PTRDIFF_MAX - 1 bytes including the final
1876 NUL so that the difference between a pointer to just past it and
1877 one to its beginning is positive. */
1878 wide_int max = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
1879
1880 if (TREE_CODE (src) == ADDR_EXPR)
1881 {
1882 /* The last array member of a struct can be bigger than its size
1883 suggests if it's treated as a poor-man's flexible array member. */
1884 src = TREE_OPERAND (src, 0);
1885 if (TREE_CODE (src) != MEM_REF
1886 && !array_at_struct_end_p (src))
1887 {
1888 tree type = TREE_TYPE (src);
1889 tree size = TYPE_SIZE_UNIT (type);
1890 if (size
1891 && TREE_CODE (size) == INTEGER_CST
1892 && !integer_zerop (size))
1893 {
1894 /* Even though such uses of strlen would be undefined,
1895 avoid relying on arrays of arrays in case some genius
1896 decides to call strlen on an unterminated array element
1897 that's followed by a terminated one. Likewise, avoid
1898 assuming that a struct array member is necessarily
1899 nul-terminated (the nul may be in the member that
1900 follows). In those cases, assume that the length
1901 of the string stored in such an array is bounded
1902 by the size of the enclosing object if one can be
1903 determined. */
1904 tree base = get_base_address (src);
1905 if (VAR_P (base))
1906 {
1907 if (tree size = DECL_SIZE_UNIT (base))
1908 if (size
1909 && TREE_CODE (size) == INTEGER_CST
1910 && TREE_CODE (TREE_TYPE (base)) != POINTER_TYPE)
1911 max = wi::to_wide (size);
1912 }
1913 }
1914
1915 /* For strlen() the upper bound above is equal to
1916 the longest string that can be stored in the array
1917 (i.e., it accounts for the terminating nul. For
1918 strnlen() bump up the maximum by one since the array
1919 need not be nul-terminated. */
1920 if (!bound && max != 0)
1921 --max;
1922 }
1923 }
1924
1925 wide_int min = wi::zero (max.get_precision ());
1926 return set_strlen_range (lhs, min, max, bound);
1927 }
1928
1929 /* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes,
1930 either into a region allocated for the object SI when non-null,
1931 or into an object designated by the LHS of STMT otherwise.
1932 When nonnull uses RVALS to determine range information.
1933 RAWMEM may be set by memcpy and other raw memory functions
1934 to allow accesses across subobject boundaries. */
1935
1936 static void
1937 maybe_warn_overflow (gimple *stmt, tree len, pointer_query &ptr_qry,
1938 strinfo *si = NULL, bool plus_one = false,
1939 bool rawmem = false)
1940 {
1941 if (!len || gimple_no_warning_p (stmt))
1942 return;
1943
1944 /* The DECL of the function performing the write if it is done
1945 by one. */
1946 tree writefn = NULL_TREE;
1947 /* The destination expression involved in the store STMT. */
1948 tree dest = NULL_TREE;
1949
1950 if (is_gimple_assign (stmt))
1951 dest = gimple_assign_lhs (stmt);
1952 else if (is_gimple_call (stmt))
1953 {
1954 dest = gimple_call_arg (stmt, 0);
1955 writefn = gimple_call_fndecl (stmt);
1956 }
1957 else
1958 return;
1959
1960 if (TREE_NO_WARNING (dest))
1961 return;
1962
1963 const int ostype = rawmem ? 0 : 1;
1964
1965 /* Use maximum precision to avoid overflow in the addition below.
1966 Make sure all operands have the same precision to keep wide_int
1967 from ICE'ing. */
1968
1969 access_ref aref;
1970 /* The size of the destination region (which is smaller than
1971 the destination object for stores at a non-zero offset). */
1972 tree destsize = compute_objsize (dest, ostype, &aref, &ptr_qry);
1973
1974 if (!destsize)
1975 {
1976 aref.sizrng[0] = 0;
1977 aref.sizrng[1] = wi::to_offset (max_object_size ());
1978 }
1979
1980 /* Return early if the DESTSIZE size expression is the same as LEN
1981 and the offset into the destination is zero. This might happen
1982 in the case of a pair of malloc and memset calls to allocate
1983 an object and clear it as if by calloc. */
1984 if (destsize == len && !plus_one
1985 && aref.offrng[0] == 0 && aref.offrng[0] == aref.offrng[1])
1986 return;
1987
1988 wide_int rng[2];
1989 if (!get_range (len, stmt, rng, ptr_qry.rvals))
1990 return;
1991
1992 widest_int lenrng[2] =
1993 { widest_int::from (rng[0], SIGNED), widest_int::from (rng[1], SIGNED) };
1994
1995 if (plus_one)
1996 {
1997 lenrng[0] += 1;
1998 lenrng[1] += 1;
1999 }
2000
2001 /* The size of the remaining space in the destination computed
2002 as the size of the latter minus the offset into it. */
2003 widest_int spcrng[2];
2004 {
2005 offset_int remrng[2];
2006 remrng[1] = aref.size_remaining (remrng);
2007 spcrng[0] = remrng[0] == -1 ? 0 : widest_int::from (remrng[0], UNSIGNED);
2008 spcrng[1] = widest_int::from (remrng[1], UNSIGNED);
2009 }
2010
2011 if (wi::leu_p (lenrng[0], spcrng[0])
2012 && wi::leu_p (lenrng[1], spcrng[1]))
2013 return;
2014
2015 location_t loc = gimple_or_expr_nonartificial_location (stmt, dest);
2016 bool warned = false;
2017 if (wi::leu_p (lenrng[0], spcrng[1]))
2018 {
2019 if (len != destsize
2020 && (!si || rawmem || !is_strlen_related_p (si->ptr, len)))
2021 return;
2022
2023 warned = (writefn
2024 ? warning_at (loc, OPT_Wstringop_overflow_,
2025 "%G%qD writing one too many bytes into a region "
2026 "of a size that depends on %<strlen%>",
2027 stmt, writefn)
2028 : warning_at (loc, OPT_Wstringop_overflow_,
2029 "%Gwriting one too many bytes into a region "
2030 "of a size that depends on %<strlen%>",
2031 stmt));
2032 }
2033 else if (lenrng[0] == lenrng[1])
2034 {
2035 if (spcrng[0] == spcrng[1])
2036 warned = (writefn
2037 ? warning_n (loc, OPT_Wstringop_overflow_,
2038 lenrng[0].to_uhwi (),
2039 "%G%qD writing %wu byte into a region "
2040 "of size %wu",
2041 "%G%qD writing %wu bytes into a region "
2042 "of size %wu",
2043 stmt, writefn, lenrng[0].to_uhwi (),
2044 spcrng[0].to_uhwi ())
2045 : warning_n (loc, OPT_Wstringop_overflow_,
2046 lenrng[0].to_uhwi (),
2047 "%Gwriting %wu byte into a region "
2048 "of size %wu",
2049 "%Gwriting %wu bytes into a region "
2050 "of size %wu",
2051 stmt, lenrng[0].to_uhwi (),
2052 spcrng[0].to_uhwi ()));
2053 else
2054 warned = (writefn
2055 ? warning_n (loc, OPT_Wstringop_overflow_,
2056 lenrng[0].to_uhwi (),
2057 "%G%qD writing %wu byte into a region "
2058 "of size between %wu and %wu",
2059 "%G%qD writing %wu bytes into a region "
2060 "of size between %wu and %wu",
2061 stmt, writefn, lenrng[0].to_uhwi (),
2062 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2063 : warning_n (loc, OPT_Wstringop_overflow_,
2064 lenrng[0].to_uhwi (),
2065 "%Gwriting %wu byte into a region "
2066 "of size between %wu and %wu",
2067 "%Gwriting %wu bytes into a region "
2068 "of size between %wu and %wu",
2069 stmt, lenrng[0].to_uhwi (),
2070 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2071 }
2072 else if (spcrng[0] == spcrng[1])
2073 warned = (writefn
2074 ? warning_at (loc, OPT_Wstringop_overflow_,
2075 "%G%qD writing between %wu and %wu bytes "
2076 "into a region of size %wu",
2077 stmt, writefn, lenrng[0].to_uhwi (),
2078 lenrng[1].to_uhwi (),
2079 spcrng[0].to_uhwi ())
2080 : warning_at (loc, OPT_Wstringop_overflow_,
2081 "%Gwriting between %wu and %wu bytes "
2082 "into a region of size %wu",
2083 stmt, lenrng[0].to_uhwi (),
2084 lenrng[1].to_uhwi (),
2085 spcrng[0].to_uhwi ()));
2086 else
2087 warned = (writefn
2088 ? warning_at (loc, OPT_Wstringop_overflow_,
2089 "%G%qD writing between %wu and %wu bytes "
2090 "into a region of size between %wu and %wu",
2091 stmt, writefn, lenrng[0].to_uhwi (),
2092 lenrng[1].to_uhwi (),
2093 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2094 : warning_at (loc, OPT_Wstringop_overflow_,
2095 "%Gwriting between %wu and %wu bytes "
2096 "into a region of size between %wu and %wu",
2097 stmt, lenrng[0].to_uhwi (),
2098 lenrng[1].to_uhwi (),
2099 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2100
2101 if (!warned)
2102 return;
2103
2104 gimple_set_no_warning (stmt, true);
2105
2106 aref.inform_access (access_write_only);
2107 }
2108
2109 /* Convenience wrapper for the above. */
2110
2111 static inline void
2112 maybe_warn_overflow (gimple *stmt, unsigned HOST_WIDE_INT len,
2113 pointer_query &ptr_qry, strinfo *si = NULL,
2114 bool plus_one = false, bool rawmem = false)
2115 {
2116 maybe_warn_overflow (stmt, build_int_cst (size_type_node, len), ptr_qry,
2117 si, plus_one, rawmem);
2118 }
2119
2120 /* Handle a strlen call. If strlen of the argument is known, replace
2121 the strlen call with the known value, otherwise remember that strlen
2122 of the argument is stored in the lhs SSA_NAME. */
2123
2124 static void
2125 handle_builtin_strlen (gimple_stmt_iterator *gsi)
2126 {
2127 gimple *stmt = gsi_stmt (*gsi);
2128 tree lhs = gimple_call_lhs (stmt);
2129
2130 if (lhs == NULL_TREE)
2131 return;
2132
2133 location_t loc = gimple_location (stmt);
2134 tree callee = gimple_call_fndecl (stmt);
2135 tree src = gimple_call_arg (stmt, 0);
2136 tree bound = (DECL_FUNCTION_CODE (callee) == BUILT_IN_STRNLEN
2137 ? gimple_call_arg (stmt, 1) : NULL_TREE);
2138 int idx = get_stridx (src);
2139 if (idx || (bound && integer_zerop (bound)))
2140 {
2141 strinfo *si = NULL;
2142 tree rhs;
2143
2144 if (idx < 0)
2145 rhs = build_int_cst (TREE_TYPE (lhs), ~idx);
2146 else if (idx == 0)
2147 rhs = bound;
2148 else
2149 {
2150 rhs = NULL_TREE;
2151 si = get_strinfo (idx);
2152 if (si != NULL)
2153 {
2154 rhs = get_string_length (si);
2155 /* For strnlen, if bound is constant, even if si is not known
2156 to be zero terminated, if we know at least bound bytes are
2157 not zero, the return value will be bound. */
2158 if (rhs == NULL_TREE
2159 && bound != NULL_TREE
2160 && TREE_CODE (bound) == INTEGER_CST
2161 && si->nonzero_chars != NULL_TREE
2162 && TREE_CODE (si->nonzero_chars) == INTEGER_CST
2163 && tree_int_cst_le (bound, si->nonzero_chars))
2164 rhs = bound;
2165 }
2166 }
2167 if (rhs != NULL_TREE)
2168 {
2169 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2170 {
2171 fprintf (dump_file, "Optimizing: ");
2172 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2173 }
2174 rhs = unshare_expr (rhs);
2175 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
2176 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2177
2178 if (bound)
2179 rhs = fold_build2_loc (loc, MIN_EXPR, TREE_TYPE (rhs), rhs, bound);
2180
2181 gimplify_and_update_call_from_tree (gsi, rhs);
2182 stmt = gsi_stmt (*gsi);
2183 update_stmt (stmt);
2184 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2185 {
2186 fprintf (dump_file, "into: ");
2187 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2188 }
2189
2190 if (si != NULL
2191 /* Don't update anything for strnlen. */
2192 && bound == NULL_TREE
2193 && TREE_CODE (si->nonzero_chars) != SSA_NAME
2194 && TREE_CODE (si->nonzero_chars) != INTEGER_CST
2195 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2196 {
2197 si = unshare_strinfo (si);
2198 si->nonzero_chars = lhs;
2199 gcc_assert (si->full_string_p);
2200 }
2201
2202 if (strlen_to_stridx
2203 && (bound == NULL_TREE
2204 /* For strnlen record this only if the call is proven
2205 to return the same value as strlen would. */
2206 || (TREE_CODE (bound) == INTEGER_CST
2207 && TREE_CODE (rhs) == INTEGER_CST
2208 && tree_int_cst_lt (rhs, bound))))
2209 strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2210
2211 return;
2212 }
2213 }
2214 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2215 return;
2216
2217 if (idx == 0)
2218 idx = new_stridx (src);
2219 else
2220 {
2221 strinfo *si = get_strinfo (idx);
2222 if (si != NULL)
2223 {
2224 if (!si->full_string_p && !si->stmt)
2225 {
2226 /* Until now we only had a lower bound on the string length.
2227 Install LHS as the actual length. */
2228 si = unshare_strinfo (si);
2229 tree old = si->nonzero_chars;
2230 si->nonzero_chars = lhs;
2231 si->full_string_p = true;
2232 if (old && TREE_CODE (old) == INTEGER_CST)
2233 {
2234 old = fold_convert_loc (loc, TREE_TYPE (lhs), old);
2235 tree adj = fold_build2_loc (loc, MINUS_EXPR,
2236 TREE_TYPE (lhs), lhs, old);
2237 adjust_related_strinfos (loc, si, adj);
2238 /* Use the constant minimum length as the lower bound
2239 of the non-constant length. */
2240 wide_int min = wi::to_wide (old);
2241 wide_int max
2242 = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
2243 set_strlen_range (lhs, min, max);
2244 }
2245 else
2246 {
2247 si->first = 0;
2248 si->prev = 0;
2249 si->next = 0;
2250 }
2251 }
2252 return;
2253 }
2254 }
2255 if (idx)
2256 {
2257 if (!bound)
2258 {
2259 /* Only store the new length information for calls to strlen(),
2260 not for those to strnlen(). */
2261 strinfo *si = new_strinfo (src, idx, lhs, true);
2262 set_strinfo (idx, si);
2263 find_equal_ptrs (src, idx);
2264 }
2265
2266 /* For SRC that is an array of N elements, set LHS's range
2267 to [0, min (N, BOUND)]. A constant return value means
2268 the range would have consisted of a single value. In
2269 that case, fold the result into the returned constant. */
2270 if (tree ret = maybe_set_strlen_range (lhs, src, bound))
2271 if (TREE_CODE (ret) == INTEGER_CST)
2272 {
2273 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2274 {
2275 fprintf (dump_file, "Optimizing: ");
2276 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2277 }
2278 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (ret)))
2279 ret = fold_convert_loc (loc, TREE_TYPE (lhs), ret);
2280 gimplify_and_update_call_from_tree (gsi, ret);
2281 stmt = gsi_stmt (*gsi);
2282 update_stmt (stmt);
2283 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2284 {
2285 fprintf (dump_file, "into: ");
2286 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2287 }
2288 }
2289
2290 if (strlen_to_stridx && !bound)
2291 strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2292 }
2293 }
2294
2295 /* Handle a strchr call. If strlen of the first argument is known, replace
2296 the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
2297 that lhs of the call is endptr and strlen of the argument is endptr - x. */
2298
2299 static void
2300 handle_builtin_strchr (gimple_stmt_iterator *gsi)
2301 {
2302 gimple *stmt = gsi_stmt (*gsi);
2303 tree lhs = gimple_call_lhs (stmt);
2304
2305 if (lhs == NULL_TREE)
2306 return;
2307
2308 if (!integer_zerop (gimple_call_arg (stmt, 1)))
2309 return;
2310
2311 tree src = gimple_call_arg (stmt, 0);
2312
2313 /* Avoid folding if the first argument is not a nul-terminated array.
2314 Defer warning until later. */
2315 if (!check_nul_terminated_array (NULL_TREE, src))
2316 return;
2317
2318 int idx = get_stridx (src);
2319 if (idx)
2320 {
2321 strinfo *si = NULL;
2322 tree rhs;
2323
2324 if (idx < 0)
2325 rhs = build_int_cst (size_type_node, ~idx);
2326 else
2327 {
2328 rhs = NULL_TREE;
2329 si = get_strinfo (idx);
2330 if (si != NULL)
2331 rhs = get_string_length (si);
2332 }
2333 if (rhs != NULL_TREE)
2334 {
2335 location_t loc = gimple_location (stmt);
2336
2337 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2338 {
2339 fprintf (dump_file, "Optimizing: ");
2340 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2341 }
2342 if (si != NULL && si->endptr != NULL_TREE)
2343 {
2344 rhs = unshare_expr (si->endptr);
2345 if (!useless_type_conversion_p (TREE_TYPE (lhs),
2346 TREE_TYPE (rhs)))
2347 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2348 }
2349 else
2350 {
2351 rhs = fold_convert_loc (loc, sizetype, unshare_expr (rhs));
2352 rhs = fold_build2_loc (loc, POINTER_PLUS_EXPR,
2353 TREE_TYPE (src), src, rhs);
2354 if (!useless_type_conversion_p (TREE_TYPE (lhs),
2355 TREE_TYPE (rhs)))
2356 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2357 }
2358 gimplify_and_update_call_from_tree (gsi, rhs);
2359 stmt = gsi_stmt (*gsi);
2360 update_stmt (stmt);
2361 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2362 {
2363 fprintf (dump_file, "into: ");
2364 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2365 }
2366 if (si != NULL
2367 && si->endptr == NULL_TREE
2368 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2369 {
2370 si = unshare_strinfo (si);
2371 si->endptr = lhs;
2372 }
2373 zero_length_string (lhs, si);
2374 return;
2375 }
2376 }
2377 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2378 return;
2379 if (TREE_CODE (src) != SSA_NAME || !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src))
2380 {
2381 if (idx == 0)
2382 idx = new_stridx (src);
2383 else if (get_strinfo (idx) != NULL)
2384 {
2385 zero_length_string (lhs, NULL);
2386 return;
2387 }
2388 if (idx)
2389 {
2390 location_t loc = gimple_location (stmt);
2391 tree lhsu = fold_convert_loc (loc, size_type_node, lhs);
2392 tree srcu = fold_convert_loc (loc, size_type_node, src);
2393 tree length = fold_build2_loc (loc, MINUS_EXPR,
2394 size_type_node, lhsu, srcu);
2395 strinfo *si = new_strinfo (src, idx, length, true);
2396 si->endptr = lhs;
2397 set_strinfo (idx, si);
2398 find_equal_ptrs (src, idx);
2399 zero_length_string (lhs, si);
2400 }
2401 }
2402 else
2403 zero_length_string (lhs, NULL);
2404 }
2405
2406 /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
2407 If strlen of the second argument is known, strlen of the first argument
2408 is the same after this call. Furthermore, attempt to convert it to
2409 memcpy. Uses RVALS to determine range information. */
2410
2411 static void
2412 handle_builtin_strcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi,
2413 pointer_query &ptr_qry)
2414 {
2415 int idx, didx;
2416 tree src, dst, srclen, len, lhs, type, fn, oldlen;
2417 bool success;
2418 gimple *stmt = gsi_stmt (*gsi);
2419 strinfo *si, *dsi, *olddsi, *zsi;
2420 location_t loc;
2421
2422 src = gimple_call_arg (stmt, 1);
2423 dst = gimple_call_arg (stmt, 0);
2424 lhs = gimple_call_lhs (stmt);
2425 idx = get_stridx (src);
2426 si = NULL;
2427 if (idx > 0)
2428 si = get_strinfo (idx);
2429
2430 didx = get_stridx (dst);
2431 olddsi = NULL;
2432 oldlen = NULL_TREE;
2433 if (didx > 0)
2434 olddsi = get_strinfo (didx);
2435 else if (didx < 0)
2436 return;
2437
2438 if (olddsi != NULL)
2439 adjust_last_stmt (olddsi, stmt, false, ptr_qry);
2440
2441 srclen = NULL_TREE;
2442 if (si != NULL)
2443 srclen = get_string_length (si);
2444 else if (idx < 0)
2445 srclen = build_int_cst (size_type_node, ~idx);
2446
2447 maybe_warn_overflow (stmt, srclen, ptr_qry, olddsi, true);
2448
2449 if (olddsi != NULL)
2450 adjust_last_stmt (olddsi, stmt, false, ptr_qry);
2451
2452 loc = gimple_location (stmt);
2453 if (srclen == NULL_TREE)
2454 switch (bcode)
2455 {
2456 case BUILT_IN_STRCPY:
2457 case BUILT_IN_STRCPY_CHK:
2458 if (lhs != NULL_TREE || !builtin_decl_implicit_p (BUILT_IN_STPCPY))
2459 return;
2460 break;
2461 case BUILT_IN_STPCPY:
2462 case BUILT_IN_STPCPY_CHK:
2463 if (lhs == NULL_TREE)
2464 return;
2465 else
2466 {
2467 tree lhsuint = fold_convert_loc (loc, size_type_node, lhs);
2468 srclen = fold_convert_loc (loc, size_type_node, dst);
2469 srclen = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
2470 lhsuint, srclen);
2471 }
2472 break;
2473 default:
2474 gcc_unreachable ();
2475 }
2476
2477 if (didx == 0)
2478 {
2479 didx = new_stridx (dst);
2480 if (didx == 0)
2481 return;
2482 }
2483 if (olddsi != NULL)
2484 {
2485 oldlen = olddsi->nonzero_chars;
2486 dsi = unshare_strinfo (olddsi);
2487 dsi->nonzero_chars = srclen;
2488 dsi->full_string_p = (srclen != NULL_TREE);
2489 /* Break the chain, so adjust_related_strinfo on later pointers in
2490 the chain won't adjust this one anymore. */
2491 dsi->next = 0;
2492 dsi->stmt = NULL;
2493 dsi->endptr = NULL_TREE;
2494 }
2495 else
2496 {
2497 dsi = new_strinfo (dst, didx, srclen, srclen != NULL_TREE);
2498 set_strinfo (didx, dsi);
2499 find_equal_ptrs (dst, didx);
2500 }
2501 dsi->writable = true;
2502 dsi->dont_invalidate = true;
2503
2504 if (dsi->nonzero_chars == NULL_TREE)
2505 {
2506 strinfo *chainsi;
2507
2508 /* If string length of src is unknown, use delayed length
2509 computation. If string length of dst will be needed, it
2510 can be computed by transforming this strcpy call into
2511 stpcpy and subtracting dst from the return value. */
2512
2513 /* Look for earlier strings whose length could be determined if
2514 this strcpy is turned into an stpcpy. */
2515
2516 if (dsi->prev != 0 && (chainsi = verify_related_strinfos (dsi)) != NULL)
2517 {
2518 for (; chainsi && chainsi != dsi; chainsi = get_strinfo (chainsi->next))
2519 {
2520 /* When setting a stmt for delayed length computation
2521 prevent all strinfos through dsi from being
2522 invalidated. */
2523 chainsi = unshare_strinfo (chainsi);
2524 chainsi->stmt = stmt;
2525 chainsi->nonzero_chars = NULL_TREE;
2526 chainsi->full_string_p = false;
2527 chainsi->endptr = NULL_TREE;
2528 chainsi->dont_invalidate = true;
2529 }
2530 }
2531 dsi->stmt = stmt;
2532
2533 /* Try to detect overlap before returning. This catches cases
2534 like strcpy (d, d + n) where n is non-constant whose range
2535 is such that (n <= strlen (d) holds).
2536
2537 OLDDSI->NONZERO_chars may have been reset by this point with
2538 oldlen holding it original value. */
2539 if (olddsi && oldlen)
2540 {
2541 /* Add 1 for the terminating NUL. */
2542 tree type = TREE_TYPE (oldlen);
2543 oldlen = fold_build2 (PLUS_EXPR, type, oldlen,
2544 build_int_cst (type, 1));
2545 check_bounds_or_overlap (stmt, olddsi->ptr, src, oldlen, NULL_TREE);
2546 }
2547
2548 return;
2549 }
2550
2551 if (olddsi != NULL)
2552 {
2553 tree adj = NULL_TREE;
2554 if (oldlen == NULL_TREE)
2555 ;
2556 else if (integer_zerop (oldlen))
2557 adj = srclen;
2558 else if (TREE_CODE (oldlen) == INTEGER_CST
2559 || TREE_CODE (srclen) == INTEGER_CST)
2560 adj = fold_build2_loc (loc, MINUS_EXPR,
2561 TREE_TYPE (srclen), srclen,
2562 fold_convert_loc (loc, TREE_TYPE (srclen),
2563 oldlen));
2564 if (adj != NULL_TREE)
2565 adjust_related_strinfos (loc, dsi, adj);
2566 else
2567 dsi->prev = 0;
2568 }
2569 /* strcpy src may not overlap dst, so src doesn't need to be
2570 invalidated either. */
2571 if (si != NULL)
2572 si->dont_invalidate = true;
2573
2574 fn = NULL_TREE;
2575 zsi = NULL;
2576 switch (bcode)
2577 {
2578 case BUILT_IN_STRCPY:
2579 fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
2580 if (lhs)
2581 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2582 break;
2583 case BUILT_IN_STRCPY_CHK:
2584 fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
2585 if (lhs)
2586 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2587 break;
2588 case BUILT_IN_STPCPY:
2589 /* This would need adjustment of the lhs (subtract one),
2590 or detection that the trailing '\0' doesn't need to be
2591 written, if it will be immediately overwritten.
2592 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
2593 if (lhs)
2594 {
2595 dsi->endptr = lhs;
2596 zsi = zero_length_string (lhs, dsi);
2597 }
2598 break;
2599 case BUILT_IN_STPCPY_CHK:
2600 /* This would need adjustment of the lhs (subtract one),
2601 or detection that the trailing '\0' doesn't need to be
2602 written, if it will be immediately overwritten.
2603 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
2604 if (lhs)
2605 {
2606 dsi->endptr = lhs;
2607 zsi = zero_length_string (lhs, dsi);
2608 }
2609 break;
2610 default:
2611 gcc_unreachable ();
2612 }
2613 if (zsi != NULL)
2614 zsi->dont_invalidate = true;
2615
2616 if (fn)
2617 {
2618 tree args = TYPE_ARG_TYPES (TREE_TYPE (fn));
2619 type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
2620 }
2621 else
2622 type = size_type_node;
2623
2624 len = fold_convert_loc (loc, type, unshare_expr (srclen));
2625 len = fold_build2_loc (loc, PLUS_EXPR, type, len, build_int_cst (type, 1));
2626
2627 /* Set the no-warning bit on the transformed statement? */
2628 bool set_no_warning = false;
2629
2630 if (const strinfo *chksi = olddsi ? olddsi : dsi)
2631 if (si
2632 && check_bounds_or_overlap (stmt, chksi->ptr, si->ptr, NULL_TREE, len))
2633 {
2634 gimple_set_no_warning (stmt, true);
2635 set_no_warning = true;
2636 }
2637
2638 if (fn == NULL_TREE)
2639 return;
2640
2641 len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
2642 GSI_SAME_STMT);
2643 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2644 {
2645 fprintf (dump_file, "Optimizing: ");
2646 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2647 }
2648 if (gimple_call_num_args (stmt) == 2)
2649 success = update_gimple_call (gsi, fn, 3, dst, src, len);
2650 else
2651 success = update_gimple_call (gsi, fn, 4, dst, src, len,
2652 gimple_call_arg (stmt, 2));
2653 if (success)
2654 {
2655 stmt = gsi_stmt (*gsi);
2656 update_stmt (stmt);
2657 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2658 {
2659 fprintf (dump_file, "into: ");
2660 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2661 }
2662 /* Allow adjust_last_stmt to decrease this memcpy's size. */
2663 laststmt.stmt = stmt;
2664 laststmt.len = srclen;
2665 laststmt.stridx = dsi->idx;
2666 }
2667 else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2668 fprintf (dump_file, "not possible.\n");
2669
2670 if (set_no_warning)
2671 gimple_set_no_warning (stmt, true);
2672 }
2673
2674 /* Check the size argument to the built-in forms of stpncpy and strncpy
2675 for out-of-bounds offsets or overlapping access, and to see if the
2676 size argument is derived from a call to strlen() on the source argument,
2677 and if so, issue an appropriate warning. */
2678
2679 static void
2680 handle_builtin_strncat (built_in_function, gimple_stmt_iterator *gsi)
2681 {
2682 /* Same as stxncpy(). */
2683 handle_builtin_stxncpy_strncat (true, gsi);
2684 }
2685
2686 /* Return true if LEN depends on a call to strlen(SRC) in an interesting
2687 way. LEN can either be an integer expression, or a pointer (to char).
2688 When it is the latter (such as in recursive calls to self) it is
2689 assumed to be the argument in some call to strlen() whose relationship
2690 to SRC is being ascertained. */
2691
2692 bool
2693 is_strlen_related_p (tree src, tree len)
2694 {
2695 if (TREE_CODE (TREE_TYPE (len)) == POINTER_TYPE
2696 && operand_equal_p (src, len, 0))
2697 return true;
2698
2699 if (TREE_CODE (len) != SSA_NAME)
2700 return false;
2701
2702 if (TREE_CODE (src) == SSA_NAME)
2703 {
2704 gimple *srcdef = SSA_NAME_DEF_STMT (src);
2705 if (is_gimple_assign (srcdef))
2706 {
2707 /* Handle bitwise AND used in conversions from wider size_t
2708 to narrower unsigned types. */
2709 tree_code code = gimple_assign_rhs_code (srcdef);
2710 if (code == BIT_AND_EXPR
2711 || code == NOP_EXPR)
2712 return is_strlen_related_p (gimple_assign_rhs1 (srcdef), len);
2713
2714 return false;
2715 }
2716
2717 if (gimple_call_builtin_p (srcdef, BUILT_IN_NORMAL))
2718 {
2719 /* If SRC is the result of a call to an allocation function
2720 or strlen, use the function's argument instead. */
2721 tree func = gimple_call_fndecl (srcdef);
2722 built_in_function code = DECL_FUNCTION_CODE (func);
2723 if (code == BUILT_IN_ALLOCA
2724 || code == BUILT_IN_ALLOCA_WITH_ALIGN
2725 || code == BUILT_IN_MALLOC
2726 || code == BUILT_IN_STRLEN)
2727 return is_strlen_related_p (gimple_call_arg (srcdef, 0), len);
2728
2729 /* FIXME: Handle other functions with attribute alloc_size. */
2730 return false;
2731 }
2732 }
2733
2734 gimple *lendef = SSA_NAME_DEF_STMT (len);
2735 if (!lendef)
2736 return false;
2737
2738 if (is_gimple_call (lendef))
2739 {
2740 tree func = gimple_call_fndecl (lendef);
2741 if (!valid_builtin_call (lendef)
2742 || DECL_FUNCTION_CODE (func) != BUILT_IN_STRLEN)
2743 return false;
2744
2745 tree arg = gimple_call_arg (lendef, 0);
2746 return is_strlen_related_p (src, arg);
2747 }
2748
2749 if (!is_gimple_assign (lendef))
2750 return false;
2751
2752 tree_code code = gimple_assign_rhs_code (lendef);
2753 tree rhs1 = gimple_assign_rhs1 (lendef);
2754 tree rhstype = TREE_TYPE (rhs1);
2755
2756 if ((TREE_CODE (rhstype) == POINTER_TYPE && code == POINTER_PLUS_EXPR)
2757 || (INTEGRAL_TYPE_P (rhstype)
2758 && (code == BIT_AND_EXPR
2759 || code == NOP_EXPR)))
2760 {
2761 /* Pointer plus (an integer), and truncation are considered among
2762 the (potentially) related expressions to strlen. */
2763 return is_strlen_related_p (src, rhs1);
2764 }
2765
2766 if (tree rhs2 = gimple_assign_rhs2 (lendef))
2767 {
2768 /* Integer subtraction is considered strlen-related when both
2769 arguments are integers and second one is strlen-related. */
2770 rhstype = TREE_TYPE (rhs2);
2771 if (INTEGRAL_TYPE_P (rhstype) && code == MINUS_EXPR)
2772 return is_strlen_related_p (src, rhs2);
2773 }
2774
2775 return false;
2776 }
2777
2778 /* Called by handle_builtin_stxncpy_strncat and by
2779 gimple_fold_builtin_strncpy in gimple-fold.c.
2780 Check to see if the specified bound is a) equal to the size of
2781 the destination DST and if so, b) if it's immediately followed by
2782 DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
2783 do nothing. Return true if diagnostic has been issued.
2784
2785 The purpose is to diagnose calls to strncpy and stpncpy that do
2786 not nul-terminate the copy while allowing for the idiom where
2787 such a call is immediately followed by setting the last element
2788 to nul, as in:
2789 char a[32];
2790 strncpy (a, s, sizeof a);
2791 a[sizeof a - 1] = '\0';
2792 */
2793
2794 bool
2795 maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi, tree src, tree cnt,
2796 pointer_query *ptr_qry /* = NULL */)
2797 {
2798 gimple *stmt = gsi_stmt (gsi);
2799 if (gimple_no_warning_p (stmt))
2800 return false;
2801
2802 wide_int cntrange[2];
2803 value_range r;
2804 if (!get_range_query (cfun)->range_of_expr (r, cnt)
2805 || r.varying_p ()
2806 || r.undefined_p ())
2807 return false;
2808
2809 cntrange[0] = wi::to_wide (r.min ());
2810 cntrange[1] = wi::to_wide (r.max ());
2811 if (r.kind () == VR_ANTI_RANGE)
2812 {
2813 wide_int maxobjsize = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
2814
2815 if (wi::ltu_p (cntrange[1], maxobjsize))
2816 {
2817 cntrange[0] = cntrange[1] + 1;
2818 cntrange[1] = maxobjsize;
2819 }
2820 else
2821 {
2822 cntrange[1] = cntrange[0] - 1;
2823 cntrange[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt)));
2824 }
2825 }
2826
2827 /* Negative value is the constant string length. If it's less than
2828 the lower bound there is no truncation. Avoid calling get_stridx()
2829 when ssa_ver_to_stridx is empty. That implies the caller isn't
2830 running under the control of this pass and ssa_ver_to_stridx hasn't
2831 been created yet. */
2832 int sidx = ssa_ver_to_stridx.length () ? get_stridx (src) : 0;
2833 if (sidx < 0 && wi::gtu_p (cntrange[0], ~sidx))
2834 return false;
2835
2836 tree dst = gimple_call_arg (stmt, 0);
2837 tree dstdecl = dst;
2838 if (TREE_CODE (dstdecl) == ADDR_EXPR)
2839 dstdecl = TREE_OPERAND (dstdecl, 0);
2840
2841 tree ref = NULL_TREE;
2842
2843 if (!sidx)
2844 {
2845 /* If the source is a non-string return early to avoid warning
2846 for possible truncation (if the truncation is certain SIDX
2847 is non-zero). */
2848 tree srcdecl = gimple_call_arg (stmt, 1);
2849 if (TREE_CODE (srcdecl) == ADDR_EXPR)
2850 srcdecl = TREE_OPERAND (srcdecl, 0);
2851 if (get_attr_nonstring_decl (srcdecl, &ref))
2852 return false;
2853 }
2854
2855 /* Likewise, if the destination refers to an array/pointer declared
2856 nonstring return early. */
2857 if (get_attr_nonstring_decl (dstdecl, &ref))
2858 return false;
2859
2860 /* Look for dst[i] = '\0'; after the stxncpy() call and if found
2861 avoid the truncation warning. */
2862 gsi_next_nondebug (&gsi);
2863 gimple *next_stmt = gsi_stmt (gsi);
2864 if (!next_stmt)
2865 {
2866 /* When there is no statement in the same basic block check
2867 the immediate successor block. */
2868 if (basic_block bb = gimple_bb (stmt))
2869 {
2870 if (single_succ_p (bb))
2871 {
2872 /* For simplicity, ignore blocks with multiple outgoing
2873 edges for now and only consider successor blocks along
2874 normal edges. */
2875 edge e = EDGE_SUCC (bb, 0);
2876 if (!(e->flags & EDGE_ABNORMAL))
2877 {
2878 gsi = gsi_start_bb (e->dest);
2879 next_stmt = gsi_stmt (gsi);
2880 if (next_stmt && is_gimple_debug (next_stmt))
2881 {
2882 gsi_next_nondebug (&gsi);
2883 next_stmt = gsi_stmt (gsi);
2884 }
2885 }
2886 }
2887 }
2888 }
2889
2890 if (next_stmt && is_gimple_assign (next_stmt))
2891 {
2892 tree lhs = gimple_assign_lhs (next_stmt);
2893 tree_code code = TREE_CODE (lhs);
2894 if (code == ARRAY_REF || code == MEM_REF)
2895 lhs = TREE_OPERAND (lhs, 0);
2896
2897 tree func = gimple_call_fndecl (stmt);
2898 if (DECL_FUNCTION_CODE (func) == BUILT_IN_STPNCPY)
2899 {
2900 tree ret = gimple_call_lhs (stmt);
2901 if (ret && operand_equal_p (ret, lhs, 0))
2902 return false;
2903 }
2904
2905 /* Determine the base address and offset of the reference,
2906 ignoring the innermost array index. */
2907 if (TREE_CODE (ref) == ARRAY_REF)
2908 ref = TREE_OPERAND (ref, 0);
2909
2910 poly_int64 dstoff;
2911 tree dstbase = get_addr_base_and_unit_offset (ref, &dstoff);
2912
2913 poly_int64 lhsoff;
2914 tree lhsbase = get_addr_base_and_unit_offset (lhs, &lhsoff);
2915 if (lhsbase
2916 && dstbase
2917 && known_eq (dstoff, lhsoff)
2918 && operand_equal_p (dstbase, lhsbase, 0))
2919 return false;
2920 }
2921
2922 int prec = TYPE_PRECISION (TREE_TYPE (cnt));
2923 wide_int lenrange[2];
2924 if (strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL)
2925 {
2926 lenrange[0] = (sisrc->nonzero_chars
2927 && TREE_CODE (sisrc->nonzero_chars) == INTEGER_CST
2928 ? wi::to_wide (sisrc->nonzero_chars)
2929 : wi::zero (prec));
2930 lenrange[1] = lenrange[0];
2931 }
2932 else if (sidx < 0)
2933 lenrange[0] = lenrange[1] = wi::shwi (~sidx, prec);
2934 else
2935 {
2936 c_strlen_data lendata = { };
2937 /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
2938 to have it set to the length of the longest string in a PHI. */
2939 lendata.maxbound = src;
2940 get_range_strlen (src, &lendata, /* eltsize = */1);
2941 if (TREE_CODE (lendata.minlen) == INTEGER_CST
2942 && TREE_CODE (lendata.maxbound) == INTEGER_CST)
2943 {
2944 /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
2945 which stores the length of the shortest known string. */
2946 if (integer_all_onesp (lendata.maxlen))
2947 lenrange[0] = wi::shwi (0, prec);
2948 else
2949 lenrange[0] = wi::to_wide (lendata.minlen, prec);
2950 lenrange[1] = wi::to_wide (lendata.maxbound, prec);
2951 }
2952 else
2953 {
2954 lenrange[0] = wi::shwi (0, prec);
2955 lenrange[1] = wi::shwi (-1, prec);
2956 }
2957 }
2958
2959 location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
2960 tree func = gimple_call_fndecl (stmt);
2961
2962 if (lenrange[0] != 0 || !wi::neg_p (lenrange[1]))
2963 {
2964 /* If the longest source string is shorter than the lower bound
2965 of the specified count the copy is definitely nul-terminated. */
2966 if (wi::ltu_p (lenrange[1], cntrange[0]))
2967 return false;
2968
2969 if (wi::neg_p (lenrange[1]))
2970 {
2971 /* The length of one of the strings is unknown but at least
2972 one has non-zero length and that length is stored in
2973 LENRANGE[1]. Swap the bounds to force a "may be truncated"
2974 warning below. */
2975 lenrange[1] = lenrange[0];
2976 lenrange[0] = wi::shwi (0, prec);
2977 }
2978
2979 /* Set to true for strncat whose bound is derived from the length
2980 of the destination (the expected usage pattern). */
2981 bool cat_dstlen_bounded = false;
2982 if (DECL_FUNCTION_CODE (func) == BUILT_IN_STRNCAT)
2983 cat_dstlen_bounded = is_strlen_related_p (dst, cnt);
2984
2985 if (lenrange[0] == cntrange[1] && cntrange[0] == cntrange[1])
2986 return warning_n (callloc, OPT_Wstringop_truncation,
2987 cntrange[0].to_uhwi (),
2988 "%G%qD output truncated before terminating "
2989 "nul copying %E byte from a string of the "
2990 "same length",
2991 "%G%qD output truncated before terminating nul "
2992 "copying %E bytes from a string of the same "
2993 "length",
2994 stmt, func, cnt);
2995 else if (!cat_dstlen_bounded)
2996 {
2997 if (wi::geu_p (lenrange[0], cntrange[1]))
2998 {
2999 /* The shortest string is longer than the upper bound of
3000 the count so the truncation is certain. */
3001 if (cntrange[0] == cntrange[1])
3002 return warning_n (callloc, OPT_Wstringop_truncation,
3003 cntrange[0].to_uhwi (),
3004 "%G%qD output truncated copying %E byte "
3005 "from a string of length %wu",
3006 "%G%qD output truncated copying %E bytes "
3007 "from a string of length %wu",
3008 stmt, func, cnt, lenrange[0].to_uhwi ());
3009
3010 return warning_at (callloc, OPT_Wstringop_truncation,
3011 "%G%qD output truncated copying between %wu "
3012 "and %wu bytes from a string of length %wu",
3013 stmt, func, cntrange[0].to_uhwi (),
3014 cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3015 }
3016 else if (wi::geu_p (lenrange[1], cntrange[1]))
3017 {
3018 /* The longest string is longer than the upper bound of
3019 the count so the truncation is possible. */
3020 if (cntrange[0] == cntrange[1])
3021 return warning_n (callloc, OPT_Wstringop_truncation,
3022 cntrange[0].to_uhwi (),
3023 "%G%qD output may be truncated copying %E "
3024 "byte from a string of length %wu",
3025 "%G%qD output may be truncated copying %E "
3026 "bytes from a string of length %wu",
3027 stmt, func, cnt, lenrange[1].to_uhwi ());
3028
3029 return warning_at (callloc, OPT_Wstringop_truncation,
3030 "%G%qD output may be truncated copying between "
3031 "%wu and %wu bytes from a string of length %wu",
3032 stmt, func, cntrange[0].to_uhwi (),
3033 cntrange[1].to_uhwi (), lenrange[1].to_uhwi ());
3034 }
3035 }
3036
3037 if (!cat_dstlen_bounded
3038 && cntrange[0] != cntrange[1]
3039 && wi::leu_p (cntrange[0], lenrange[0])
3040 && wi::leu_p (cntrange[1], lenrange[0] + 1))
3041 {
3042 /* If the source (including the terminating nul) is longer than
3043 the lower bound of the specified count but shorter than the
3044 upper bound the copy may (but need not) be truncated. */
3045 return warning_at (callloc, OPT_Wstringop_truncation,
3046 "%G%qD output may be truncated copying between "
3047 "%wu and %wu bytes from a string of length %wu",
3048 stmt, func, cntrange[0].to_uhwi (),
3049 cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3050 }
3051 }
3052
3053 access_ref aref;
3054 if (tree dstsize = compute_objsize (dst, 1, &aref, ptr_qry))
3055 {
3056 /* The source length is unknown. Try to determine the destination
3057 size and see if it matches the specified bound. If not, bail.
3058 Otherwise go on to see if it should be diagnosed for possible
3059 truncation. */
3060 if (!dstsize)
3061 return false;
3062
3063 if (wi::to_wide (dstsize) != cntrange[1])
3064 return false;
3065
3066 /* Avoid warning for strncpy(a, b, N) calls where the following
3067 equalities hold:
3068 N == sizeof a && N == sizeof b */
3069 if (tree srcsize = compute_objsize (src, 1, &aref, ptr_qry))
3070 if (wi::to_wide (srcsize) == cntrange[1])
3071 return false;
3072
3073 if (cntrange[0] == cntrange[1])
3074 return warning_at (callloc, OPT_Wstringop_truncation,
3075 "%G%qD specified bound %E equals destination size",
3076 stmt, func, cnt);
3077 }
3078
3079 return false;
3080 }
3081
3082 /* Check the arguments to the built-in forms of stpncpy, strncpy, and
3083 strncat, for out-of-bounds offsets or overlapping access, and to see
3084 if the size is derived from calling strlen() on the source argument,
3085 and if so, issue the appropriate warning.
3086 APPEND_P is true for strncat. */
3087
3088 static void
3089 handle_builtin_stxncpy_strncat (bool append_p, gimple_stmt_iterator *gsi)
3090 {
3091 if (!strlen_to_stridx)
3092 return;
3093
3094 gimple *stmt = gsi_stmt (*gsi);
3095
3096 tree dst = gimple_call_arg (stmt, 0);
3097 tree src = gimple_call_arg (stmt, 1);
3098 tree len = gimple_call_arg (stmt, 2);
3099 /* An upper bound of the size of the destination. */
3100 tree dstsize = NULL_TREE;
3101 /* The length of the destination and source strings (plus 1 for those
3102 whose FULL_STRING_P is set, i.e., whose length is exact rather than
3103 a lower bound). */
3104 tree dstlenp1 = NULL_TREE, srclenp1 = NULL_TREE;;
3105
3106 int didx = get_stridx (dst);
3107 if (strinfo *sidst = didx > 0 ? get_strinfo (didx) : NULL)
3108 {
3109 /* Compute the size of the destination string including the nul
3110 if it is known to be nul-terminated. */
3111 if (sidst->nonzero_chars)
3112 {
3113 if (sidst->full_string_p)
3114 {
3115 /* String is known to be nul-terminated. */
3116 tree type = TREE_TYPE (sidst->nonzero_chars);
3117 dstlenp1 = fold_build2 (PLUS_EXPR, type, sidst->nonzero_chars,
3118 build_int_cst (type, 1));
3119 }
3120 else
3121 dstlenp1 = sidst->nonzero_chars;
3122 }
3123 else if (TREE_CODE (sidst->ptr) == SSA_NAME)
3124 {
3125 gimple *def_stmt = SSA_NAME_DEF_STMT (sidst->ptr);
3126 dstsize = gimple_call_alloc_size (def_stmt);
3127 }
3128
3129 dst = sidst->ptr;
3130 }
3131
3132 int sidx = get_stridx (src);
3133 strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL;
3134 if (sisrc)
3135 {
3136 /* strncat() and strncpy() can modify the source string by writing
3137 over the terminating nul so SISRC->DONT_INVALIDATE must be left
3138 clear. */
3139
3140 /* Compute the size of the source string including the terminating
3141 nul if its known to be nul-terminated. */
3142 if (sisrc->nonzero_chars)
3143 {
3144 if (sisrc->full_string_p)
3145 {
3146 tree type = TREE_TYPE (sisrc->nonzero_chars);
3147 srclenp1 = fold_build2 (PLUS_EXPR, type, sisrc->nonzero_chars,
3148 build_int_cst (type, 1));
3149 }
3150 else
3151 srclenp1 = sisrc->nonzero_chars;
3152 }
3153
3154 src = sisrc->ptr;
3155 }
3156 else
3157 srclenp1 = NULL_TREE;
3158
3159 if (check_bounds_or_overlap (stmt, dst, src, dstlenp1, srclenp1))
3160 {
3161 gimple_set_no_warning (stmt, true);
3162 return;
3163 }
3164
3165 /* If the length argument was computed from strlen(S) for some string
3166 S retrieve the strinfo index for the string (PSS->FIRST) along with
3167 the location of the strlen() call (PSS->SECOND). */
3168 stridx_strlenloc *pss = strlen_to_stridx->get (len);
3169 if (!pss || pss->first <= 0)
3170 {
3171 if (maybe_diag_stxncpy_trunc (*gsi, src, len))
3172 gimple_set_no_warning (stmt, true);
3173
3174 return;
3175 }
3176
3177 /* Retrieve the strinfo data for the string S that LEN was computed
3178 from as some function F of strlen (S) (i.e., LEN need not be equal
3179 to strlen(S)). */
3180 strinfo *silen = get_strinfo (pss->first);
3181
3182 location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
3183
3184 tree func = gimple_call_fndecl (stmt);
3185
3186 bool warned = false;
3187
3188 /* When -Wstringop-truncation is set, try to determine truncation
3189 before diagnosing possible overflow. Truncation is implied by
3190 the LEN argument being equal to strlen(SRC), regardless of
3191 whether its value is known. Otherwise, when appending, or
3192 when copying into a destination of known size, issue the more
3193 generic -Wstringop-overflow which triggers for LEN arguments
3194 that in any meaningful way depend on strlen(SRC). */
3195 if (!append_p
3196 && sisrc == silen
3197 && is_strlen_related_p (src, len)
3198 && warning_at (callloc, OPT_Wstringop_truncation,
3199 "%G%qD output truncated before terminating nul "
3200 "copying as many bytes from a string as its length",
3201 stmt, func))
3202 warned = true;
3203 else if ((append_p || !dstsize || len == dstlenp1)
3204 && silen && is_strlen_related_p (src, silen->ptr))
3205 {
3206 /* Issue -Wstringop-overflow when appending or when writing into
3207 a destination of a known size. Otherwise, when copying into
3208 a destination of an unknown size, it's truncation. */
3209 int opt = (append_p || dstsize
3210 ? OPT_Wstringop_overflow_ : OPT_Wstringop_truncation);
3211 warned = warning_at (callloc, opt,
3212 "%G%qD specified bound depends on the length "
3213 "of the source argument",
3214 stmt, func);
3215 }
3216 if (warned)
3217 {
3218 location_t strlenloc = pss->second;
3219 if (strlenloc != UNKNOWN_LOCATION && strlenloc != callloc)
3220 inform (strlenloc, "length computed here");
3221 }
3222 }
3223
3224 /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
3225 If strlen of the second argument is known and length of the third argument
3226 is that plus one, strlen of the first argument is the same after this
3227 call. Uses RVALS to determine range information. */
3228
3229 static void
3230 handle_builtin_memcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi,
3231 pointer_query &ptr_qry)
3232 {
3233 tree lhs, oldlen, newlen;
3234 gimple *stmt = gsi_stmt (*gsi);
3235 strinfo *si, *dsi;
3236
3237 tree len = gimple_call_arg (stmt, 2);
3238 tree src = gimple_call_arg (stmt, 1);
3239 tree dst = gimple_call_arg (stmt, 0);
3240
3241 int didx = get_stridx (dst);
3242 strinfo *olddsi = NULL;
3243 if (didx > 0)
3244 olddsi = get_strinfo (didx);
3245 else if (didx < 0)
3246 return;
3247
3248 if (olddsi != NULL
3249 && !integer_zerop (len))
3250 {
3251 maybe_warn_overflow (stmt, len, ptr_qry, olddsi, false, true);
3252 adjust_last_stmt (olddsi, stmt, false, ptr_qry);
3253 }
3254
3255 int idx = get_stridx (src);
3256 if (idx == 0)
3257 return;
3258
3259 bool full_string_p;
3260 if (idx > 0)
3261 {
3262 gimple *def_stmt;
3263
3264 /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
3265 is known. */
3266 si = get_strinfo (idx);
3267 if (si == NULL || si->nonzero_chars == NULL_TREE)
3268 return;
3269 if (TREE_CODE (len) == INTEGER_CST
3270 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
3271 {
3272 if (tree_int_cst_le (len, si->nonzero_chars))
3273 {
3274 /* Copying LEN nonzero characters, where LEN is constant. */
3275 newlen = len;
3276 full_string_p = false;
3277 }
3278 else
3279 {
3280 /* Copying the whole of the analyzed part of SI. */
3281 newlen = si->nonzero_chars;
3282 full_string_p = si->full_string_p;
3283 }
3284 }
3285 else
3286 {
3287 if (!si->full_string_p)
3288 return;
3289 if (TREE_CODE (len) != SSA_NAME)
3290 return;
3291 def_stmt = SSA_NAME_DEF_STMT (len);
3292 if (!is_gimple_assign (def_stmt)
3293 || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
3294 || gimple_assign_rhs1 (def_stmt) != si->nonzero_chars
3295 || !integer_onep (gimple_assign_rhs2 (def_stmt)))
3296 return;
3297 /* Copying variable-length string SI (and no more). */
3298 newlen = si->nonzero_chars;
3299 full_string_p = true;
3300 }
3301 }
3302 else
3303 {
3304 si = NULL;
3305 /* Handle memcpy (x, "abcd", 5) or
3306 memcpy (x, "abc\0uvw", 7). */
3307 if (!tree_fits_uhwi_p (len))
3308 return;
3309
3310 unsigned HOST_WIDE_INT clen = tree_to_uhwi (len);
3311 unsigned HOST_WIDE_INT nonzero_chars = ~idx;
3312 newlen = build_int_cst (size_type_node, MIN (nonzero_chars, clen));
3313 full_string_p = clen > nonzero_chars;
3314 }
3315
3316 if (!full_string_p
3317 && olddsi
3318 && olddsi->nonzero_chars
3319 && TREE_CODE (olddsi->nonzero_chars) == INTEGER_CST
3320 && tree_int_cst_le (newlen, olddsi->nonzero_chars))
3321 {
3322 /* The SRC substring being written strictly overlaps
3323 a subsequence of the existing string OLDDSI. */
3324 newlen = olddsi->nonzero_chars;
3325 full_string_p = olddsi->full_string_p;
3326 }
3327
3328 if (olddsi != NULL && TREE_CODE (len) == SSA_NAME)
3329 adjust_last_stmt (olddsi, stmt, false, ptr_qry);
3330
3331 if (didx == 0)
3332 {
3333 didx = new_stridx (dst);
3334 if (didx == 0)
3335 return;
3336 }
3337 oldlen = NULL_TREE;
3338 if (olddsi != NULL)
3339 {
3340 dsi = unshare_strinfo (olddsi);
3341 oldlen = olddsi->nonzero_chars;
3342 dsi->nonzero_chars = newlen;
3343 dsi->full_string_p = full_string_p;
3344 /* Break the chain, so adjust_related_strinfo on later pointers in
3345 the chain won't adjust this one anymore. */
3346 dsi->next = 0;
3347 dsi->stmt = NULL;
3348 dsi->endptr = NULL_TREE;
3349 }
3350 else
3351 {
3352 dsi = new_strinfo (dst, didx, newlen, full_string_p);
3353 set_strinfo (didx, dsi);
3354 find_equal_ptrs (dst, didx);
3355 }
3356 dsi->writable = true;
3357 dsi->dont_invalidate = true;
3358 if (olddsi != NULL)
3359 {
3360 tree adj = NULL_TREE;
3361 location_t loc = gimple_location (stmt);
3362 if (oldlen == NULL_TREE)
3363 ;
3364 else if (integer_zerop (oldlen))
3365 adj = newlen;
3366 else if (TREE_CODE (oldlen) == INTEGER_CST
3367 || TREE_CODE (newlen) == INTEGER_CST)
3368 adj = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (newlen), newlen,
3369 fold_convert_loc (loc, TREE_TYPE (newlen),
3370 oldlen));
3371 if (adj != NULL_TREE)
3372 adjust_related_strinfos (loc, dsi, adj);
3373 else
3374 dsi->prev = 0;
3375 }
3376 /* memcpy src may not overlap dst, so src doesn't need to be
3377 invalidated either. */
3378 if (si != NULL)
3379 si->dont_invalidate = true;
3380
3381 if (full_string_p)
3382 {
3383 lhs = gimple_call_lhs (stmt);
3384 switch (bcode)
3385 {
3386 case BUILT_IN_MEMCPY:
3387 case BUILT_IN_MEMCPY_CHK:
3388 /* Allow adjust_last_stmt to decrease this memcpy's size. */
3389 laststmt.stmt = stmt;
3390 laststmt.len = dsi->nonzero_chars;
3391 laststmt.stridx = dsi->idx;
3392 if (lhs)
3393 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
3394 break;
3395 case BUILT_IN_MEMPCPY:
3396 case BUILT_IN_MEMPCPY_CHK:
3397 break;
3398 default:
3399 gcc_unreachable ();
3400 }
3401 }
3402 }
3403
3404 /* Handle a strcat-like ({strcat,__strcat_chk}) call.
3405 If strlen of the second argument is known, strlen of the first argument
3406 is increased by the length of the second argument. Furthermore, attempt
3407 to convert it to memcpy/strcpy if the length of the first argument
3408 is known. */
3409
3410 static void
3411 handle_builtin_strcat (enum built_in_function bcode, gimple_stmt_iterator *gsi,
3412 pointer_query &ptr_qry)
3413 {
3414 int idx, didx;
3415 tree srclen, args, type, fn, objsz, endptr;
3416 bool success;
3417 gimple *stmt = gsi_stmt (*gsi);
3418 strinfo *si, *dsi;
3419 location_t loc = gimple_location (stmt);
3420
3421 tree src = gimple_call_arg (stmt, 1);
3422 tree dst = gimple_call_arg (stmt, 0);
3423
3424 /* Bail if the source is the same as destination. It will be diagnosed
3425 elsewhere. */
3426 if (operand_equal_p (src, dst, 0))
3427 return;
3428
3429 tree lhs = gimple_call_lhs (stmt);
3430
3431 didx = get_stridx (dst);
3432 if (didx < 0)
3433 return;
3434
3435 dsi = NULL;
3436 if (didx > 0)
3437 dsi = get_strinfo (didx);
3438
3439 srclen = NULL_TREE;
3440 si = NULL;
3441 idx = get_stridx (src);
3442 if (idx < 0)
3443 srclen = build_int_cst (size_type_node, ~idx);
3444 else if (idx > 0)
3445 {
3446 si = get_strinfo (idx);
3447 if (si != NULL)
3448 srclen = get_string_length (si);
3449 }
3450
3451 /* Set the no-warning bit on the transformed statement? */
3452 bool set_no_warning = false;
3453
3454 if (dsi == NULL || get_string_length (dsi) == NULL_TREE)
3455 {
3456 {
3457 /* The concatenation always involves copying at least one byte
3458 (the terminating nul), even if the source string is empty.
3459 If the source is unknown assume it's one character long and
3460 used that as both sizes. */
3461 tree slen = srclen;
3462 if (slen)
3463 {
3464 tree type = TREE_TYPE (slen);
3465 slen = fold_build2 (PLUS_EXPR, type, slen, build_int_cst (type, 1));
3466 }
3467
3468 tree sptr = si && si->ptr ? si->ptr : src;
3469
3470 if (check_bounds_or_overlap (stmt, dst, sptr, NULL_TREE, slen))
3471 {
3472 gimple_set_no_warning (stmt, true);
3473 set_no_warning = true;
3474 }
3475 }
3476
3477 /* strcat (p, q) can be transformed into
3478 tmp = p + strlen (p); endptr = stpcpy (tmp, q);
3479 with length endptr - p if we need to compute the length
3480 later on. Don't do this transformation if we don't need
3481 it. */
3482 if (builtin_decl_implicit_p (BUILT_IN_STPCPY) && lhs == NULL_TREE)
3483 {
3484 if (didx == 0)
3485 {
3486 didx = new_stridx (dst);
3487 if (didx == 0)
3488 return;
3489 }
3490 if (dsi == NULL)
3491 {
3492 dsi = new_strinfo (dst, didx, NULL_TREE, false);
3493 set_strinfo (didx, dsi);
3494 find_equal_ptrs (dst, didx);
3495 }
3496 else
3497 {
3498 dsi = unshare_strinfo (dsi);
3499 dsi->nonzero_chars = NULL_TREE;
3500 dsi->full_string_p = false;
3501 dsi->next = 0;
3502 dsi->endptr = NULL_TREE;
3503 }
3504 dsi->writable = true;
3505 dsi->stmt = stmt;
3506 dsi->dont_invalidate = true;
3507 }
3508 return;
3509 }
3510
3511 tree dstlen = dsi->nonzero_chars;
3512 endptr = dsi->endptr;
3513
3514 dsi = unshare_strinfo (dsi);
3515 dsi->endptr = NULL_TREE;
3516 dsi->stmt = NULL;
3517 dsi->writable = true;
3518
3519 if (srclen != NULL_TREE)
3520 {
3521 dsi->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
3522 TREE_TYPE (dsi->nonzero_chars),
3523 dsi->nonzero_chars, srclen);
3524 gcc_assert (dsi->full_string_p);
3525 adjust_related_strinfos (loc, dsi, srclen);
3526 dsi->dont_invalidate = true;
3527 }
3528 else
3529 {
3530 dsi->nonzero_chars = NULL;
3531 dsi->full_string_p = false;
3532 if (lhs == NULL_TREE && builtin_decl_implicit_p (BUILT_IN_STPCPY))
3533 dsi->dont_invalidate = true;
3534 }
3535
3536 if (si != NULL)
3537 /* strcat src may not overlap dst, so src doesn't need to be
3538 invalidated either. */
3539 si->dont_invalidate = true;
3540
3541 /* For now. Could remove the lhs from the call and add
3542 lhs = dst; afterwards. */
3543 if (lhs)
3544 return;
3545
3546 fn = NULL_TREE;
3547 objsz = NULL_TREE;
3548 switch (bcode)
3549 {
3550 case BUILT_IN_STRCAT:
3551 if (srclen != NULL_TREE)
3552 fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
3553 else
3554 fn = builtin_decl_implicit (BUILT_IN_STRCPY);
3555 break;
3556 case BUILT_IN_STRCAT_CHK:
3557 if (srclen != NULL_TREE)
3558 fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
3559 else
3560 fn = builtin_decl_explicit (BUILT_IN_STRCPY_CHK);
3561 objsz = gimple_call_arg (stmt, 2);
3562 break;
3563 default:
3564 gcc_unreachable ();
3565 }
3566
3567 if (fn == NULL_TREE)
3568 return;
3569
3570 if (dsi && dstlen)
3571 {
3572 tree type = TREE_TYPE (dstlen);
3573
3574 /* Compute the size of the source sequence, including the nul. */
3575 tree srcsize = srclen ? srclen : size_zero_node;
3576 tree one = build_int_cst (type, 1);
3577 srcsize = fold_build2 (PLUS_EXPR, type, srcsize, one);
3578 tree dstsize = fold_build2 (PLUS_EXPR, type, dstlen, one);
3579 tree sptr = si && si->ptr ? si->ptr : src;
3580
3581 if (check_bounds_or_overlap (stmt, dst, sptr, dstsize, srcsize))
3582 {
3583 gimple_set_no_warning (stmt, true);
3584 set_no_warning = true;
3585 }
3586 }
3587
3588 tree len = NULL_TREE;
3589 if (srclen != NULL_TREE)
3590 {
3591 args = TYPE_ARG_TYPES (TREE_TYPE (fn));
3592 type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
3593
3594 len = fold_convert_loc (loc, type, unshare_expr (srclen));
3595 len = fold_build2_loc (loc, PLUS_EXPR, type, len,
3596 build_int_cst (type, 1));
3597 len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
3598 GSI_SAME_STMT);
3599 }
3600 if (endptr)
3601 dst = fold_convert_loc (loc, TREE_TYPE (dst), unshare_expr (endptr));
3602 else
3603 dst = fold_build2_loc (loc, POINTER_PLUS_EXPR, TREE_TYPE (dst), dst,
3604 fold_convert_loc (loc, sizetype,
3605 unshare_expr (dstlen)));
3606 dst = force_gimple_operand_gsi (gsi, dst, true, NULL_TREE, true,
3607 GSI_SAME_STMT);
3608 if (objsz)
3609 {
3610 objsz = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (objsz), objsz,
3611 fold_convert_loc (loc, TREE_TYPE (objsz),
3612 unshare_expr (dstlen)));
3613 objsz = force_gimple_operand_gsi (gsi, objsz, true, NULL_TREE, true,
3614 GSI_SAME_STMT);
3615 }
3616 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3617 {
3618 fprintf (dump_file, "Optimizing: ");
3619 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3620 }
3621 if (srclen != NULL_TREE)
3622 success = update_gimple_call (gsi, fn, 3 + (objsz != NULL_TREE),
3623 dst, src, len, objsz);
3624 else
3625 success = update_gimple_call (gsi, fn, 2 + (objsz != NULL_TREE),
3626 dst, src, objsz);
3627 if (success)
3628 {
3629 stmt = gsi_stmt (*gsi);
3630 update_stmt (stmt);
3631 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3632 {
3633 fprintf (dump_file, "into: ");
3634 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3635 }
3636 /* If srclen == NULL, note that current string length can be
3637 computed by transforming this strcpy into stpcpy. */
3638 if (srclen == NULL_TREE && dsi->dont_invalidate)
3639 dsi->stmt = stmt;
3640 adjust_last_stmt (dsi, stmt, true, ptr_qry);
3641 if (srclen != NULL_TREE)
3642 {
3643 laststmt.stmt = stmt;
3644 laststmt.len = srclen;
3645 laststmt.stridx = dsi->idx;
3646 }
3647 }
3648 else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3649 fprintf (dump_file, "not possible.\n");
3650
3651 if (set_no_warning)
3652 gimple_set_no_warning (stmt, true);
3653 }
3654
3655 /* Handle a call to an allocation function like alloca, malloc or calloc,
3656 or an ordinary allocation function declared with attribute alloc_size. */
3657
3658 static void
3659 handle_alloc_call (enum built_in_function bcode, gimple_stmt_iterator *gsi)
3660 {
3661 gimple *stmt = gsi_stmt (*gsi);
3662 tree lhs = gimple_call_lhs (stmt);
3663 if (lhs == NULL_TREE)
3664 return;
3665
3666 gcc_assert (get_stridx (lhs) == 0);
3667 int idx = new_stridx (lhs);
3668 tree length = NULL_TREE;
3669 if (bcode == BUILT_IN_CALLOC)
3670 length = build_int_cst (size_type_node, 0);
3671 strinfo *si = new_strinfo (lhs, idx, length, length != NULL_TREE);
3672 if (bcode == BUILT_IN_CALLOC)
3673 {
3674 /* Only set STMT for calloc and malloc. */
3675 si->stmt = stmt;
3676 /* Only set ENDPTR for calloc. */
3677 si->endptr = lhs;
3678 }
3679 else if (bcode == BUILT_IN_MALLOC)
3680 si->stmt = stmt;
3681
3682 /* Set ALLOC is set for all allocation functions. */
3683 si->alloc = stmt;
3684 set_strinfo (idx, si);
3685 si->writable = true;
3686 si->dont_invalidate = true;
3687 }
3688
3689 /* Handle a call to memset.
3690 After a call to calloc, memset(,0,) is unnecessary.
3691 memset(malloc(n),0,n) is calloc(n,1).
3692 return true when the call is transformed, false otherwise.
3693 When nonnull uses RVALS to determine range information. */
3694
3695 static bool
3696 handle_builtin_memset (gimple_stmt_iterator *gsi, bool *zero_write,
3697 pointer_query &ptr_qry)
3698 {
3699 gimple *memset_stmt = gsi_stmt (*gsi);
3700 tree ptr = gimple_call_arg (memset_stmt, 0);
3701 /* Set to the non-constant offset added to PTR. */
3702 wide_int offrng[2];
3703 int idx1 = get_stridx (ptr, offrng, ptr_qry.rvals);
3704 if (idx1 <= 0)
3705 return false;
3706 strinfo *si1 = get_strinfo (idx1);
3707 if (!si1)
3708 return false;
3709 gimple *alloc_stmt = si1->alloc;
3710 if (!alloc_stmt || !is_gimple_call (alloc_stmt))
3711 return false;
3712 tree callee1 = gimple_call_fndecl (alloc_stmt);
3713 if (!valid_builtin_call (alloc_stmt))
3714 return false;
3715 tree alloc_size = gimple_call_arg (alloc_stmt, 0);
3716 tree memset_size = gimple_call_arg (memset_stmt, 2);
3717
3718 /* Check for overflow. */
3719 maybe_warn_overflow (memset_stmt, memset_size, ptr_qry, NULL, false, true);
3720
3721 /* Bail when there is no statement associated with the destination
3722 (the statement may be null even when SI1->ALLOC is not). */
3723 if (!si1->stmt)
3724 return false;
3725
3726 /* Avoid optimizing if store is at a variable offset from the beginning
3727 of the allocated object. */
3728 if (offrng[0] != 0 || offrng[0] != offrng[1])
3729 return false;
3730
3731 /* Bail when the call writes a non-zero value. */
3732 if (!integer_zerop (gimple_call_arg (memset_stmt, 1)))
3733 return false;
3734
3735 /* Let the caller know the memset call cleared the destination. */
3736 *zero_write = true;
3737
3738 enum built_in_function code1 = DECL_FUNCTION_CODE (callee1);
3739 if (code1 == BUILT_IN_CALLOC)
3740 /* Not touching alloc_stmt */ ;
3741 else if (code1 == BUILT_IN_MALLOC
3742 && operand_equal_p (memset_size, alloc_size, 0))
3743 {
3744 /* Replace the malloc + memset calls with calloc. */
3745 gimple_stmt_iterator gsi1 = gsi_for_stmt (si1->stmt);
3746 update_gimple_call (&gsi1, builtin_decl_implicit (BUILT_IN_CALLOC), 2,
3747 alloc_size, build_one_cst (size_type_node));
3748 si1->nonzero_chars = build_int_cst (size_type_node, 0);
3749 si1->full_string_p = true;
3750 si1->stmt = gsi_stmt (gsi1);
3751 }
3752 else
3753 return false;
3754 tree lhs = gimple_call_lhs (memset_stmt);
3755 unlink_stmt_vdef (memset_stmt);
3756 if (lhs)
3757 {
3758 gimple *assign = gimple_build_assign (lhs, ptr);
3759 gsi_replace (gsi, assign, false);
3760 }
3761 else
3762 {
3763 gsi_remove (gsi, true);
3764 release_defs (memset_stmt);
3765 }
3766
3767 return true;
3768 }
3769
3770 /* Return first such statement if RES is used in statements testing its
3771 equality to zero, and null otherwise. If EXCLUSIVE is true, return
3772 nonnull if and only RES is used in such expressions exclusively and
3773 in none other. */
3774
3775 static gimple *
3776 use_in_zero_equality (tree res, bool exclusive = true)
3777 {
3778 gimple *first_use = NULL;
3779
3780 use_operand_p use_p;
3781 imm_use_iterator iter;
3782
3783 FOR_EACH_IMM_USE_FAST (use_p, iter, res)
3784 {
3785 gimple *use_stmt = USE_STMT (use_p);
3786
3787 if (is_gimple_debug (use_stmt))
3788 continue;
3789
3790 if (gimple_code (use_stmt) == GIMPLE_ASSIGN)
3791 {
3792 tree_code code = gimple_assign_rhs_code (use_stmt);
3793 if (code == COND_EXPR)
3794 {
3795 tree cond_expr = gimple_assign_rhs1 (use_stmt);
3796 if ((TREE_CODE (cond_expr) != EQ_EXPR
3797 && (TREE_CODE (cond_expr) != NE_EXPR))
3798 || !integer_zerop (TREE_OPERAND (cond_expr, 1)))
3799 {
3800 if (exclusive)
3801 return NULL;
3802 continue;
3803 }
3804 }
3805 else if (code == EQ_EXPR || code == NE_EXPR)
3806 {
3807 if (!integer_zerop (gimple_assign_rhs2 (use_stmt)))
3808 {
3809 if (exclusive)
3810 return NULL;
3811 continue;
3812 }
3813 }
3814 else if (exclusive)
3815 return NULL;
3816 else
3817 continue;
3818 }
3819 else if (gimple_code (use_stmt) == GIMPLE_COND)
3820 {
3821 tree_code code = gimple_cond_code (use_stmt);
3822 if ((code != EQ_EXPR && code != NE_EXPR)
3823 || !integer_zerop (gimple_cond_rhs (use_stmt)))
3824 {
3825 if (exclusive)
3826 return NULL;
3827 continue;
3828 }
3829 }
3830 else if (exclusive)
3831 return NULL;
3832 else
3833 continue;
3834
3835 if (!first_use)
3836 first_use = use_stmt;
3837 }
3838
3839 return first_use;
3840 }
3841
3842 /* Handle a call to memcmp. We try to handle small comparisons by
3843 converting them to load and compare, and replacing the call to memcmp
3844 with a __builtin_memcmp_eq call where possible.
3845 return true when call is transformed, return false otherwise. */
3846
3847 static bool
3848 handle_builtin_memcmp (gimple_stmt_iterator *gsi)
3849 {
3850 gcall *stmt = as_a <gcall *> (gsi_stmt (*gsi));
3851 tree res = gimple_call_lhs (stmt);
3852
3853 if (!res || !use_in_zero_equality (res))
3854 return false;
3855
3856 tree arg1 = gimple_call_arg (stmt, 0);
3857 tree arg2 = gimple_call_arg (stmt, 1);
3858 tree len = gimple_call_arg (stmt, 2);
3859 unsigned HOST_WIDE_INT leni;
3860
3861 if (tree_fits_uhwi_p (len)
3862 && (leni = tree_to_uhwi (len)) <= GET_MODE_SIZE (word_mode)
3863 && pow2p_hwi (leni))
3864 {
3865 leni *= CHAR_TYPE_SIZE;
3866 unsigned align1 = get_pointer_alignment (arg1);
3867 unsigned align2 = get_pointer_alignment (arg2);
3868 unsigned align = MIN (align1, align2);
3869 scalar_int_mode mode;
3870 if (int_mode_for_size (leni, 1).exists (&mode)
3871 && (align >= leni || !targetm.slow_unaligned_access (mode, align)))
3872 {
3873 location_t loc = gimple_location (stmt);
3874 tree type, off;
3875 type = build_nonstandard_integer_type (leni, 1);
3876 gcc_assert (known_eq (GET_MODE_BITSIZE (TYPE_MODE (type)), leni));
3877 tree ptrtype = build_pointer_type_for_mode (char_type_node,
3878 ptr_mode, true);
3879 off = build_int_cst (ptrtype, 0);
3880 arg1 = build2_loc (loc, MEM_REF, type, arg1, off);
3881 arg2 = build2_loc (loc, MEM_REF, type, arg2, off);
3882 tree tem1 = fold_const_aggregate_ref (arg1);
3883 if (tem1)
3884 arg1 = tem1;
3885 tree tem2 = fold_const_aggregate_ref (arg2);
3886 if (tem2)
3887 arg2 = tem2;
3888 res = fold_convert_loc (loc, TREE_TYPE (res),
3889 fold_build2_loc (loc, NE_EXPR,
3890 boolean_type_node,
3891 arg1, arg2));
3892 gimplify_and_update_call_from_tree (gsi, res);
3893 return true;
3894 }
3895 }
3896
3897 gimple_call_set_fndecl (stmt, builtin_decl_explicit (BUILT_IN_MEMCMP_EQ));
3898 return true;
3899 }
3900
3901 /* Given strinfo IDX for ARG, sets LENRNG[] to the range of lengths
3902 of the string(s) referenced by ARG if it can be determined.
3903 If the length cannot be determined, sets *SIZE to the size of
3904 the array the string is stored in, if any. If no such array is
3905 known, sets *SIZE to -1. When the strings are nul-terminated sets
3906 *NULTERM to true, otherwise to false. When nonnull uses RVALS to
3907 determine range information. Returns true on success. */
3908
3909 static bool
3910 get_len_or_size (gimple *stmt, tree arg, int idx,
3911 unsigned HOST_WIDE_INT lenrng[2],
3912 unsigned HOST_WIDE_INT *size, bool *nulterm,
3913 range_query *rvals)
3914 {
3915 /* Invalidate. */
3916 *size = HOST_WIDE_INT_M1U;
3917
3918 if (idx < 0)
3919 {
3920 /* IDX is the inverted constant string length. */
3921 lenrng[0] = ~idx;
3922 lenrng[1] = lenrng[0];
3923 *nulterm = true;
3924 return true;
3925 }
3926
3927 /* Set so that both LEN and ~LEN are invalid lengths, i.e., maximum
3928 possible length + 1. */
3929 lenrng[0] = lenrng[1] = HOST_WIDE_INT_MAX;
3930
3931 if (strinfo *si = idx ? get_strinfo (idx) : NULL)
3932 {
3933 /* FIXME: Handle all this in_range_strlen_dynamic. */
3934 if (!si->nonzero_chars)
3935 ;
3936 else if (tree_fits_uhwi_p (si->nonzero_chars))
3937 {
3938 lenrng[0] = tree_to_uhwi (si->nonzero_chars);
3939 *nulterm = si->full_string_p;
3940 /* Set the upper bound only if the string is known to be
3941 nul-terminated, otherwise leave it at maximum + 1. */
3942 if (*nulterm)
3943 lenrng[1] = lenrng[0];
3944 }
3945 else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
3946 {
3947 value_range r;
3948 get_range_query (cfun)->range_of_expr (r, si->nonzero_chars);
3949 if (r.kind () == VR_RANGE)
3950 {
3951 lenrng[0] = r.lower_bound ().to_uhwi ();
3952 lenrng[1] = r.upper_bound ().to_uhwi ();
3953 *nulterm = si->full_string_p;
3954 }
3955 }
3956 }
3957
3958 if (lenrng[0] != HOST_WIDE_INT_MAX)
3959 return true;
3960
3961 /* Compute the minimum and maximum real or possible lengths. */
3962 c_strlen_data lendata = { };
3963 /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
3964 to have it set to the length of the longest string in a PHI. */
3965 lendata.maxbound = arg;
3966 get_range_strlen_dynamic (arg, stmt, &lendata, rvals);
3967
3968 unsigned HOST_WIDE_INT maxbound = HOST_WIDE_INT_M1U;
3969 if (tree_fits_uhwi_p (lendata.maxbound)
3970 && !integer_all_onesp (lendata.maxbound))
3971 maxbound = tree_to_uhwi (lendata.maxbound);
3972
3973 if (tree_fits_uhwi_p (lendata.minlen) && tree_fits_uhwi_p (lendata.maxlen))
3974 {
3975 unsigned HOST_WIDE_INT minlen = tree_to_uhwi (lendata.minlen);
3976 unsigned HOST_WIDE_INT maxlen = tree_to_uhwi (lendata.maxlen);
3977
3978 /* The longest string in this data model. */
3979 const unsigned HOST_WIDE_INT lenmax
3980 = tree_to_uhwi (max_object_size ()) - 2;
3981
3982 if (maxbound == HOST_WIDE_INT_M1U)
3983 {
3984 lenrng[0] = minlen;
3985 lenrng[1] = maxlen;
3986 *nulterm = minlen == maxlen;
3987 }
3988 else if (maxlen < lenmax)
3989 {
3990 *size = maxbound + 1;
3991 *nulterm = false;
3992 }
3993 else
3994 return false;
3995
3996 return true;
3997 }
3998
3999 if (maxbound != HOST_WIDE_INT_M1U
4000 && lendata.maxlen
4001 && !integer_all_onesp (lendata.maxlen))
4002 {
4003 /* Set *SIZE to LENDATA.MAXBOUND which is a conservative estimate
4004 of the longest string based on the sizes of the arrays referenced
4005 by ARG. */
4006 *size = maxbound + 1;
4007 *nulterm = false;
4008 return true;
4009 }
4010
4011 return false;
4012 }
4013
4014 /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return
4015 the result of 0 == strncmp (A, B, BOUND) (which is the same as strcmp
4016 for a sufficiently large BOUND). If the result is based on the length
4017 of one string being greater than the longest string that would fit in
4018 the array pointer to by the argument, set *PLEN and *PSIZE to
4019 the corresponding length (or its complement when the string is known
4020 to be at least as long and need not be nul-terminated) and size.
4021 Otherwise return null. */
4022
4023 static tree
4024 strxcmp_eqz_result (gimple *stmt, tree arg1, int idx1, tree arg2, int idx2,
4025 unsigned HOST_WIDE_INT bound, unsigned HOST_WIDE_INT len[2],
4026 unsigned HOST_WIDE_INT *psize, range_query *rvals)
4027 {
4028 /* Determine the range the length of each string is in and whether it's
4029 known to be nul-terminated, or the size of the array it's stored in. */
4030 bool nul1, nul2;
4031 unsigned HOST_WIDE_INT siz1, siz2;
4032 unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4033 if (!get_len_or_size (stmt, arg1, idx1, len1rng, &siz1, &nul1, rvals)
4034 || !get_len_or_size (stmt, arg2, idx2, len2rng, &siz2, &nul2, rvals))
4035 return NULL_TREE;
4036
4037 /* BOUND is set to HWI_M1U for strcmp and less to strncmp, and LENiRNG
4038 to HWI_MAX when invalid. Adjust the length of each string to consider
4039 to be no more than BOUND. */
4040 if (len1rng[0] < HOST_WIDE_INT_MAX && len1rng[0] > bound)
4041 len1rng[0] = bound;
4042 if (len1rng[1] < HOST_WIDE_INT_MAX && len1rng[1] > bound)
4043 len1rng[1] = bound;
4044 if (len2rng[0] < HOST_WIDE_INT_MAX && len2rng[0] > bound)
4045 len2rng[0] = bound;
4046 if (len2rng[1] < HOST_WIDE_INT_MAX && len2rng[1] > bound)
4047 len2rng[1] = bound;
4048
4049 /* Two empty strings are equal. */
4050 if (len1rng[1] == 0 && len2rng[1] == 0)
4051 return integer_one_node;
4052
4053 /* The strings are definitely unequal when the lower bound of the length
4054 of one of them is greater than the length of the longest string that
4055 would fit into the other array. */
4056 if (len1rng[0] == HOST_WIDE_INT_MAX
4057 && len2rng[0] != HOST_WIDE_INT_MAX
4058 && ((len2rng[0] < bound && len2rng[0] >= siz1)
4059 || len2rng[0] > siz1))
4060 {
4061 *psize = siz1;
4062 len[0] = len1rng[0];
4063 /* Set LEN[0] to the lower bound of ARG1's length when it's
4064 nul-terminated or to the complement of its minimum length
4065 otherwise, */
4066 len[1] = nul2 ? len2rng[0] : ~len2rng[0];
4067 return integer_zero_node;
4068 }
4069
4070 if (len2rng[0] == HOST_WIDE_INT_MAX
4071 && len1rng[0] != HOST_WIDE_INT_MAX
4072 && ((len1rng[0] < bound && len1rng[0] >= siz2)
4073 || len1rng[0] > siz2))
4074 {
4075 *psize = siz2;
4076 len[0] = nul1 ? len1rng[0] : ~len1rng[0];
4077 len[1] = len2rng[0];
4078 return integer_zero_node;
4079 }
4080
4081 /* The strings are also definitely unequal when their lengths are unequal
4082 and at least one is nul-terminated. */
4083 if (len1rng[0] != HOST_WIDE_INT_MAX
4084 && len2rng[0] != HOST_WIDE_INT_MAX
4085 && ((len1rng[1] < len2rng[0] && nul1)
4086 || (len2rng[1] < len1rng[0] && nul2)))
4087 {
4088 if (bound <= len1rng[0] || bound <= len2rng[0])
4089 *psize = bound;
4090 else
4091 *psize = HOST_WIDE_INT_M1U;
4092
4093 len[0] = len1rng[0];
4094 len[1] = len2rng[0];
4095 return integer_zero_node;
4096 }
4097
4098 /* The string lengths may be equal or unequal. Even when equal and
4099 both strings nul-terminated, without the string contents there's
4100 no way to determine whether they are equal. */
4101 return NULL_TREE;
4102 }
4103
4104 /* Diagnose pointless calls to strcmp or strncmp STMT with string
4105 arguments of lengths LEN or size SIZ and (for strncmp) BOUND,
4106 whose result is used in equality expressions that evaluate to
4107 a constant due to one argument being longer than the size of
4108 the other. */
4109
4110 static void
4111 maybe_warn_pointless_strcmp (gimple *stmt, HOST_WIDE_INT bound,
4112 unsigned HOST_WIDE_INT len[2],
4113 unsigned HOST_WIDE_INT siz)
4114 {
4115 tree lhs = gimple_call_lhs (stmt);
4116 gimple *use = use_in_zero_equality (lhs, /* exclusive = */ false);
4117 if (!use)
4118 return;
4119
4120 bool at_least = false;
4121
4122 /* Excessive LEN[i] indicates a lower bound. */
4123 if (len[0] > HOST_WIDE_INT_MAX)
4124 {
4125 at_least = true;
4126 len[0] = ~len[0];
4127 }
4128
4129 if (len[1] > HOST_WIDE_INT_MAX)
4130 {
4131 at_least = true;
4132 len[1] = ~len[1];
4133 }
4134
4135 unsigned HOST_WIDE_INT minlen = MIN (len[0], len[1]);
4136
4137 /* FIXME: Include a note pointing to the declaration of the smaller
4138 array. */
4139 location_t stmt_loc = gimple_or_expr_nonartificial_location (stmt, lhs);
4140
4141 tree callee = gimple_call_fndecl (stmt);
4142 bool warned = false;
4143 if (siz <= minlen && bound == -1)
4144 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4145 (at_least
4146 ? G_("%G%qD of a string of length %wu or more and "
4147 "an array of size %wu evaluates to nonzero")
4148 : G_("%G%qD of a string of length %wu and an array "
4149 "of size %wu evaluates to nonzero")),
4150 stmt, callee, minlen, siz);
4151 else if (!at_least && siz <= HOST_WIDE_INT_MAX)
4152 {
4153 if (len[0] != HOST_WIDE_INT_MAX && len[1] != HOST_WIDE_INT_MAX)
4154 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4155 "%G%qD of strings of length %wu and %wu "
4156 "and bound of %wu evaluates to nonzero",
4157 stmt, callee, len[0], len[1], bound);
4158 else
4159 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4160 "%G%qD of a string of length %wu, an array "
4161 "of size %wu and bound of %wu evaluates to "
4162 "nonzero",
4163 stmt, callee, minlen, siz, bound);
4164 }
4165
4166 if (!warned)
4167 return;
4168
4169 location_t use_loc = gimple_location (use);
4170 if (LOCATION_LINE (stmt_loc) != LOCATION_LINE (use_loc))
4171 inform (use_loc, "in this expression");
4172 }
4173
4174
4175 /* Optimize a call to strcmp or strncmp either by folding it to a constant
4176 when possible or by transforming the latter to the former. Warn about
4177 calls where the length of one argument is greater than the size of
4178 the array to which the other argument points if the latter's length
4179 is not known. Return true when the call has been transformed into
4180 another and false otherwise. */
4181
4182 static bool
4183 handle_builtin_string_cmp (gimple_stmt_iterator *gsi, range_query *rvals)
4184 {
4185 gcall *stmt = as_a <gcall *> (gsi_stmt (*gsi));
4186 tree lhs = gimple_call_lhs (stmt);
4187
4188 if (!lhs)
4189 return false;
4190
4191 tree arg1 = gimple_call_arg (stmt, 0);
4192 tree arg2 = gimple_call_arg (stmt, 1);
4193 int idx1 = get_stridx (arg1);
4194 int idx2 = get_stridx (arg2);
4195
4196 /* For strncmp set to the value of the third argument if known. */
4197 HOST_WIDE_INT bound = -1;
4198 tree len = NULL_TREE;
4199 /* Extract the strncmp bound. */
4200 if (gimple_call_num_args (stmt) == 3)
4201 {
4202 len = gimple_call_arg (stmt, 2);
4203 if (tree_fits_shwi_p (len))
4204 bound = tree_to_shwi (len);
4205
4206 /* If the bound argument is NOT known, do nothing. */
4207 if (bound < 0)
4208 return false;
4209 }
4210
4211 /* Avoid folding if either argument is not a nul-terminated array.
4212 Defer warning until later. */
4213 if (!check_nul_terminated_array (NULL_TREE, arg1, len)
4214 || !check_nul_terminated_array (NULL_TREE, arg2, len))
4215 return false;
4216
4217 {
4218 /* Set to the length of one argument (or its complement if it's
4219 the lower bound of a range) and the size of the array storing
4220 the other if the result is based on the former being equal to
4221 or greater than the latter. */
4222 unsigned HOST_WIDE_INT len[2] = { HOST_WIDE_INT_MAX, HOST_WIDE_INT_MAX };
4223 unsigned HOST_WIDE_INT siz = HOST_WIDE_INT_M1U;
4224
4225 /* Try to determine if the two strings are either definitely equal
4226 or definitely unequal and if so, either fold the result to zero
4227 (when equal) or set the range of the result to ~[0, 0] otherwise. */
4228 if (tree eqz = strxcmp_eqz_result (stmt, arg1, idx1, arg2, idx2, bound,
4229 len, &siz, rvals))
4230 {
4231 if (integer_zerop (eqz))
4232 {
4233 maybe_warn_pointless_strcmp (stmt, bound, len, siz);
4234
4235 /* When the lengths of the first two string arguments are
4236 known to be unequal set the range of the result to non-zero.
4237 This allows the call to be eliminated if its result is only
4238 used in tests for equality to zero. */
4239 wide_int zero = wi::zero (TYPE_PRECISION (TREE_TYPE (lhs)));
4240 set_range_info (lhs, VR_ANTI_RANGE, zero, zero);
4241 return false;
4242 }
4243 /* When the two strings are definitely equal (such as when they
4244 are both empty) fold the call to the constant result. */
4245 replace_call_with_value (gsi, integer_zero_node);
4246 return true;
4247 }
4248 }
4249
4250 /* Return if nothing is known about the strings pointed to by ARG1
4251 and ARG2. */
4252 if (idx1 == 0 && idx2 == 0)
4253 return false;
4254
4255 /* Determine either the length or the size of each of the strings,
4256 whichever is available. */
4257 HOST_WIDE_INT cstlen1 = -1, cstlen2 = -1;
4258 HOST_WIDE_INT arysiz1 = -1, arysiz2 = -1;
4259
4260 {
4261 unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4262 unsigned HOST_WIDE_INT arsz1, arsz2;
4263 bool nulterm[2];
4264
4265 if (!get_len_or_size (stmt, arg1, idx1, len1rng, &arsz1, nulterm, rvals)
4266 || !get_len_or_size (stmt, arg2, idx2, len2rng, &arsz2, nulterm + 1,
4267 rvals))
4268 return false;
4269
4270 if (len1rng[0] == len1rng[1] && len1rng[0] < HOST_WIDE_INT_MAX)
4271 cstlen1 = len1rng[0];
4272 else if (arsz1 < HOST_WIDE_INT_M1U)
4273 arysiz1 = arsz1;
4274
4275 if (len2rng[0] == len2rng[1] && len2rng[0] < HOST_WIDE_INT_MAX)
4276 cstlen2 = len2rng[0];
4277 else if (arsz2 < HOST_WIDE_INT_M1U)
4278 arysiz2 = arsz2;
4279 }
4280
4281 /* Bail if neither the string length nor the size of the array
4282 it is stored in can be determined. */
4283 if ((cstlen1 < 0 && arysiz1 < 0)
4284 || (cstlen2 < 0 && arysiz2 < 0)
4285 || (cstlen1 < 0 && cstlen2 < 0))
4286 return false;
4287
4288 if (cstlen1 >= 0)
4289 ++cstlen1;
4290 if (cstlen2 >= 0)
4291 ++cstlen2;
4292
4293 /* The exact number of characters to compare. */
4294 HOST_WIDE_INT cmpsiz;
4295 if (cstlen1 >= 0 && cstlen2 >= 0)
4296 cmpsiz = MIN (cstlen1, cstlen2);
4297 else if (cstlen1 >= 0)
4298 cmpsiz = cstlen1;
4299 else
4300 cmpsiz = cstlen2;
4301 if (bound >= 0)
4302 cmpsiz = MIN (cmpsiz, bound);
4303 /* The size of the array in which the unknown string is stored. */
4304 HOST_WIDE_INT varsiz = arysiz1 < 0 ? arysiz2 : arysiz1;
4305
4306 if ((varsiz < 0 || cmpsiz < varsiz) && use_in_zero_equality (lhs))
4307 {
4308 /* If the known length is less than the size of the other array
4309 and the strcmp result is only used to test equality to zero,
4310 transform the call to the equivalent _eq call. */
4311 if (tree fn = builtin_decl_implicit (bound < 0 ? BUILT_IN_STRCMP_EQ
4312 : BUILT_IN_STRNCMP_EQ))
4313 {
4314 tree n = build_int_cst (size_type_node, cmpsiz);
4315 update_gimple_call (gsi, fn, 3, arg1, arg2, n);
4316 return true;
4317 }
4318 }
4319
4320 return false;
4321 }
4322
4323 /* Handle a POINTER_PLUS_EXPR statement.
4324 For p = "abcd" + 2; compute associated length, or if
4325 p = q + off is pointing to a '\0' character of a string, call
4326 zero_length_string on it. */
4327
4328 static void
4329 handle_pointer_plus (gimple_stmt_iterator *gsi)
4330 {
4331 gimple *stmt = gsi_stmt (*gsi);
4332 tree lhs = gimple_assign_lhs (stmt), off;
4333 int idx = get_stridx (gimple_assign_rhs1 (stmt));
4334 strinfo *si, *zsi;
4335
4336 if (idx == 0)
4337 return;
4338
4339 if (idx < 0)
4340 {
4341 tree off = gimple_assign_rhs2 (stmt);
4342 if (tree_fits_uhwi_p (off)
4343 && tree_to_uhwi (off) <= (unsigned HOST_WIDE_INT) ~idx)
4344 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)]
4345 = ~(~idx - (int) tree_to_uhwi (off));
4346 return;
4347 }
4348
4349 si = get_strinfo (idx);
4350 if (si == NULL || si->nonzero_chars == NULL_TREE)
4351 return;
4352
4353 off = gimple_assign_rhs2 (stmt);
4354 zsi = NULL;
4355 if (si->full_string_p && operand_equal_p (si->nonzero_chars, off, 0))
4356 zsi = zero_length_string (lhs, si);
4357 else if (TREE_CODE (off) == SSA_NAME)
4358 {
4359 gimple *def_stmt = SSA_NAME_DEF_STMT (off);
4360 if (gimple_assign_single_p (def_stmt)
4361 && si->full_string_p
4362 && operand_equal_p (si->nonzero_chars,
4363 gimple_assign_rhs1 (def_stmt), 0))
4364 zsi = zero_length_string (lhs, si);
4365 }
4366 if (zsi != NULL
4367 && si->endptr != NULL_TREE
4368 && si->endptr != lhs
4369 && TREE_CODE (si->endptr) == SSA_NAME)
4370 {
4371 enum tree_code rhs_code
4372 = useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (si->endptr))
4373 ? SSA_NAME : NOP_EXPR;
4374 gimple_assign_set_rhs_with_ops (gsi, rhs_code, si->endptr);
4375 gcc_assert (gsi_stmt (*gsi) == stmt);
4376 update_stmt (stmt);
4377 }
4378 }
4379
4380 static bool
4381 count_nonzero_bytes_addr (tree, unsigned HOST_WIDE_INT, unsigned HOST_WIDE_INT,
4382 unsigned [3], bool *, bool *, bool *,
4383 range_query *, ssa_name_limit_t &);
4384
4385 /* Determines the minimum and maximum number of leading non-zero bytes
4386 in the representation of EXP and set LENRANGE[0] and LENRANGE[1]
4387 to each.
4388 Sets LENRANGE[2] to the total size of the access (which may be less
4389 than LENRANGE[1] when what's being referenced by EXP is a pointer
4390 rather than an array).
4391 Sets *NULTERM if the representation contains a zero byte, and sets
4392 *ALLNUL if all the bytes are zero.
4393 OFFSET and NBYTES are the offset into the representation and
4394 the size of the access to it determined from an ADDR_EXPR (i.e.,
4395 a pointer) or MEM_REF or zero for other expressions.
4396 Uses RVALS to determine range information.
4397 Avoids recursing deeper than the limits in SNLIM allow.
4398 Returns true on success and false otherwise. */
4399
4400 static bool
4401 count_nonzero_bytes (tree exp, unsigned HOST_WIDE_INT offset,
4402 unsigned HOST_WIDE_INT nbytes,
4403 unsigned lenrange[3], bool *nulterm,
4404 bool *allnul, bool *allnonnul, range_query *rvals,
4405 ssa_name_limit_t &snlim)
4406 {
4407 if (TREE_CODE (exp) == SSA_NAME)
4408 {
4409 /* Handle non-zero single-character stores specially. */
4410 tree type = TREE_TYPE (exp);
4411 if (TREE_CODE (type) == INTEGER_TYPE
4412 && TYPE_MODE (type) == TYPE_MODE (char_type_node)
4413 && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node)
4414 && tree_expr_nonzero_p (exp))
4415 {
4416 /* If the character EXP is known to be non-zero (even if its
4417 exact value is not known) recurse once to set the range
4418 for an arbitrary constant. */
4419 exp = build_int_cst (type, 1);
4420 return count_nonzero_bytes (exp, offset, 1, lenrange,
4421 nulterm, allnul, allnonnul, rvals, snlim);
4422 }
4423
4424 gimple *stmt = SSA_NAME_DEF_STMT (exp);
4425 if (gimple_assign_single_p (stmt))
4426 {
4427 exp = gimple_assign_rhs1 (stmt);
4428 if (TREE_CODE (exp) != MEM_REF)
4429 return false;
4430 /* Handle MEM_REF below. */
4431 }
4432 else if (gimple_code (stmt) == GIMPLE_PHI)
4433 {
4434 /* Avoid processing an SSA_NAME that has already been visited
4435 or if an SSA_NAME limit has been reached. Indicate success
4436 if the former and failure if the latter. */
4437 if (int res = snlim.next_phi (exp))
4438 return res > 0;
4439
4440 /* Determine the minimum and maximum from the PHI arguments. */
4441 unsigned int n = gimple_phi_num_args (stmt);
4442 for (unsigned i = 0; i != n; i++)
4443 {
4444 tree def = gimple_phi_arg_def (stmt, i);
4445 if (!count_nonzero_bytes (def, offset, nbytes, lenrange, nulterm,
4446 allnul, allnonnul, rvals, snlim))
4447 return false;
4448 }
4449
4450 return true;
4451 }
4452 }
4453
4454 if (TREE_CODE (exp) == MEM_REF)
4455 {
4456 if (nbytes)
4457 return false;
4458
4459 tree arg = TREE_OPERAND (exp, 0);
4460 tree off = TREE_OPERAND (exp, 1);
4461
4462 if (TREE_CODE (off) != INTEGER_CST || !tree_fits_uhwi_p (off))
4463 return false;
4464
4465 unsigned HOST_WIDE_INT wioff = tree_to_uhwi (off);
4466 if (INT_MAX < wioff)
4467 return false;
4468
4469 offset += wioff;
4470 if (INT_MAX < offset)
4471 return false;
4472
4473 /* The size of the MEM_REF access determines the number of bytes. */
4474 tree type = TREE_TYPE (exp);
4475 tree typesize = TYPE_SIZE_UNIT (type);
4476 if (!typesize || !tree_fits_uhwi_p (typesize))
4477 return false;
4478 nbytes = tree_to_uhwi (typesize);
4479 if (!nbytes)
4480 return false;
4481
4482 /* Handle MEM_REF = SSA_NAME types of assignments. */
4483 return count_nonzero_bytes_addr (arg, offset, nbytes, lenrange, nulterm,
4484 allnul, allnonnul, rvals, snlim);
4485 }
4486
4487 if (VAR_P (exp) || TREE_CODE (exp) == CONST_DECL)
4488 {
4489 exp = ctor_for_folding (exp);
4490 if (!exp)
4491 return false;
4492 }
4493
4494 const char *prep = NULL;
4495 if (TREE_CODE (exp) == STRING_CST)
4496 {
4497 unsigned nchars = TREE_STRING_LENGTH (exp);
4498 if (nchars < offset)
4499 return false;
4500
4501 if (!nbytes)
4502 /* If NBYTES hasn't been determined earlier, either from ADDR_EXPR
4503 (i.e., it's the size of a pointer), or from MEM_REF (as the size
4504 of the access), set it here to the size of the string, including
4505 all internal and trailing nuls if the string has any. */
4506 nbytes = nchars - offset;
4507 else if (nchars - offset < nbytes)
4508 return false;
4509
4510 prep = TREE_STRING_POINTER (exp) + offset;
4511 }
4512
4513 unsigned char buf[256];
4514 if (!prep)
4515 {
4516 if (CHAR_BIT != 8 || BITS_PER_UNIT != 8)
4517 return false;
4518 /* If the pointer to representation hasn't been set above
4519 for STRING_CST point it at the buffer. */
4520 prep = reinterpret_cast <char *>(buf);
4521 /* Try to extract the representation of the constant object
4522 or expression starting from the offset. */
4523 unsigned repsize = native_encode_expr (exp, buf, sizeof buf, offset);
4524 if (repsize < nbytes)
4525 {
4526 /* This should only happen when REPSIZE is zero because EXP
4527 doesn't denote an object with a known initializer, except
4528 perhaps when the reference reads past its end. */
4529 lenrange[0] = 0;
4530 prep = NULL;
4531 }
4532 else if (!nbytes)
4533 nbytes = repsize;
4534 else if (nbytes < repsize)
4535 return false;
4536 }
4537
4538 if (!nbytes)
4539 return false;
4540
4541 /* Compute the number of leading nonzero bytes in the representation
4542 and update the minimum and maximum. */
4543 unsigned n = prep ? strnlen (prep, nbytes) : nbytes;
4544
4545 if (n < lenrange[0])
4546 lenrange[0] = n;
4547 if (lenrange[1] < n)
4548 lenrange[1] = n;
4549
4550 /* Set the size of the representation. */
4551 if (lenrange[2] < nbytes)
4552 lenrange[2] = nbytes;
4553
4554 /* Clear NULTERM if none of the bytes is zero. */
4555 if (n == nbytes)
4556 *nulterm = false;
4557
4558 if (n)
4559 {
4560 /* When the initial number of non-zero bytes N is non-zero, reset
4561 *ALLNUL; if N is less than that the size of the representation
4562 also clear *ALLNONNUL. */
4563 *allnul = false;
4564 if (n < nbytes)
4565 *allnonnul = false;
4566 }
4567 else if (*allnul || *allnonnul)
4568 {
4569 *allnonnul = false;
4570
4571 if (*allnul)
4572 {
4573 /* When either ALLNUL is set and N is zero, also determine
4574 whether all subsequent bytes after the first one (which
4575 is nul) are zero or nonzero and clear ALLNUL if not. */
4576 for (const char *p = prep; p != prep + nbytes; ++p)
4577 if (*p)
4578 {
4579 *allnul = false;
4580 break;
4581 }
4582 }
4583 }
4584
4585 return true;
4586 }
4587
4588 /* Like count_nonzero_bytes, but instead of counting bytes in EXP, count
4589 bytes that are pointed to by EXP, which should be a pointer. */
4590
4591 static bool
4592 count_nonzero_bytes_addr (tree exp, unsigned HOST_WIDE_INT offset,
4593 unsigned HOST_WIDE_INT nbytes,
4594 unsigned lenrange[3], bool *nulterm,
4595 bool *allnul, bool *allnonnul,
4596 range_query *rvals, ssa_name_limit_t &snlim)
4597 {
4598 int idx = get_stridx (exp);
4599 if (idx > 0)
4600 {
4601 strinfo *si = get_strinfo (idx);
4602 if (!si)
4603 return false;
4604
4605 /* Handle both constant lengths as well non-constant lengths
4606 in some range. */
4607 unsigned HOST_WIDE_INT minlen, maxlen;
4608 if (tree_fits_shwi_p (si->nonzero_chars))
4609 minlen = maxlen = tree_to_shwi (si->nonzero_chars);
4610 else if (si->nonzero_chars
4611 && TREE_CODE (si->nonzero_chars) == SSA_NAME)
4612 {
4613 value_range vr;
4614 rvals->range_of_expr (vr, si->nonzero_chars, si->stmt);
4615 if (vr.kind () != VR_RANGE)
4616 return false;
4617
4618 minlen = tree_to_uhwi (vr.min ());
4619 maxlen = tree_to_uhwi (vr.max ());
4620 }
4621 else
4622 return false;
4623
4624 if (maxlen < offset)
4625 return false;
4626
4627 minlen = minlen < offset ? 0 : minlen - offset;
4628 maxlen -= offset;
4629 if (maxlen + 1 < nbytes)
4630 return false;
4631
4632 if (nbytes <= minlen)
4633 *nulterm = false;
4634
4635 if (nbytes < minlen)
4636 {
4637 minlen = nbytes;
4638 if (nbytes < maxlen)
4639 maxlen = nbytes;
4640 }
4641
4642 if (minlen < lenrange[0])
4643 lenrange[0] = minlen;
4644 if (lenrange[1] < maxlen)
4645 lenrange[1] = maxlen;
4646
4647 if (lenrange[2] < nbytes)
4648 lenrange[2] = nbytes;
4649
4650 /* Since only the length of the string are known and not its contents,
4651 clear ALLNUL and ALLNONNUL purely on the basis of the length. */
4652 *allnul = false;
4653 if (minlen < nbytes)
4654 *allnonnul = false;
4655
4656 return true;
4657 }
4658
4659 if (TREE_CODE (exp) == ADDR_EXPR)
4660 return count_nonzero_bytes (TREE_OPERAND (exp, 0), offset, nbytes,
4661 lenrange, nulterm, allnul, allnonnul, rvals,
4662 snlim);
4663
4664 if (TREE_CODE (exp) == SSA_NAME)
4665 {
4666 gimple *stmt = SSA_NAME_DEF_STMT (exp);
4667 if (gimple_code (stmt) == GIMPLE_PHI)
4668 {
4669 /* Avoid processing an SSA_NAME that has already been visited
4670 or if an SSA_NAME limit has been reached. Indicate success
4671 if the former and failure if the latter. */
4672 if (int res = snlim.next_phi (exp))
4673 return res > 0;
4674
4675 /* Determine the minimum and maximum from the PHI arguments. */
4676 unsigned int n = gimple_phi_num_args (stmt);
4677 for (unsigned i = 0; i != n; i++)
4678 {
4679 tree def = gimple_phi_arg_def (stmt, i);
4680 if (!count_nonzero_bytes_addr (def, offset, nbytes, lenrange,
4681 nulterm, allnul, allnonnul, rvals,
4682 snlim))
4683 return false;
4684 }
4685
4686 return true;
4687 }
4688 }
4689
4690 /* Otherwise we don't know anything. */
4691 lenrange[0] = 0;
4692 if (lenrange[1] < nbytes)
4693 lenrange[1] = nbytes;
4694 if (lenrange[2] < nbytes)
4695 lenrange[2] = nbytes;
4696 *nulterm = false;
4697 *allnul = false;
4698 *allnonnul = false;
4699 return true;
4700 }
4701
4702 /* Same as above except with an implicit SSA_NAME limit. RVALS is used
4703 to determine ranges of dynamically computed string lengths (the results
4704 of strlen). */
4705
4706 static bool
4707 count_nonzero_bytes (tree exp, unsigned lenrange[3], bool *nulterm,
4708 bool *allnul, bool *allnonnul, range_query *rvals)
4709 {
4710 /* Set to optimistic values so the caller doesn't have to worry about
4711 initializing these and to what. On success, the function will clear
4712 these if it determines their values are different but being recursive
4713 it never sets either to true. On failure, their values are
4714 unspecified. */
4715 *nulterm = true;
4716 *allnul = true;
4717 *allnonnul = true;
4718
4719 ssa_name_limit_t snlim;
4720 return count_nonzero_bytes (exp, 0, 0, lenrange, nulterm, allnul, allnonnul,
4721 rvals, snlim);
4722 }
4723
4724 /* Handle a single or multibyte store other than by a built-in function,
4725 either via a single character assignment or by multi-byte assignment
4726 either via MEM_REF or via a type other than char (such as in
4727 '*(int*)a = 12345'). Return true to let the caller advance *GSI to
4728 the next statement in the basic block and false otherwise. */
4729
4730 static bool
4731 handle_store (gimple_stmt_iterator *gsi, bool *zero_write,
4732 pointer_query &ptr_qry)
4733 {
4734 int idx = -1;
4735 strinfo *si = NULL;
4736 gimple *stmt = gsi_stmt (*gsi);
4737 tree ssaname = NULL_TREE, lhs = gimple_assign_lhs (stmt);
4738 tree rhs = gimple_assign_rhs1 (stmt);
4739
4740 range_query *const rvals = ptr_qry.rvals;
4741
4742 /* The offset of the first byte in LHS modified by the store. */
4743 unsigned HOST_WIDE_INT offset = 0;
4744
4745 if (TREE_CODE (lhs) == MEM_REF
4746 && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME)
4747 {
4748 tree mem_offset = TREE_OPERAND (lhs, 1);
4749 if (tree_fits_uhwi_p (mem_offset))
4750 {
4751 /* Get the strinfo for the base, and use it if it starts with at
4752 least OFFSET nonzero characters. This is trivially true if
4753 OFFSET is zero. */
4754 offset = tree_to_uhwi (mem_offset);
4755 idx = get_stridx (TREE_OPERAND (lhs, 0));
4756 if (idx > 0)
4757 si = get_strinfo (idx);
4758 if (offset == 0)
4759 ssaname = TREE_OPERAND (lhs, 0);
4760 else if (si == NULL || compare_nonzero_chars (si, offset, rvals) < 0)
4761 {
4762 *zero_write = initializer_zerop (rhs);
4763
4764 bool dummy;
4765 unsigned lenrange[] = { UINT_MAX, 0, 0 };
4766 if (count_nonzero_bytes (rhs, lenrange, &dummy, &dummy, &dummy,
4767 rvals))
4768 maybe_warn_overflow (stmt, lenrange[2], ptr_qry);
4769
4770 return true;
4771 }
4772 }
4773 }
4774 else
4775 {
4776 idx = get_addr_stridx (lhs, NULL_TREE, &offset, rvals);
4777 if (idx > 0)
4778 si = get_strinfo (idx);
4779 }
4780
4781 /* Minimum and maximum leading non-zero bytes and the size of the store. */
4782 unsigned lenrange[] = { UINT_MAX, 0, 0 };
4783
4784 /* Set to the minimum length of the string being assigned if known. */
4785 unsigned HOST_WIDE_INT rhs_minlen;
4786
4787 /* STORING_NONZERO_P is true iff not all stored characters are zero.
4788 STORING_ALL_NONZERO_P is true if all stored characters are zero.
4789 STORING_ALL_ZEROS_P is true iff all stored characters are zero.
4790 Both are false when it's impossible to determine which is true. */
4791 bool storing_nonzero_p;
4792 bool storing_all_nonzero_p;
4793 bool storing_all_zeros_p;
4794 /* FULL_STRING_P is set when the stored sequence of characters form
4795 a nul-terminated string. */
4796 bool full_string_p;
4797
4798 const bool ranges_valid
4799 = count_nonzero_bytes (rhs, lenrange, &full_string_p,
4800 &storing_all_zeros_p, &storing_all_nonzero_p,
4801 rvals);
4802 if (ranges_valid)
4803 {
4804 rhs_minlen = lenrange[0];
4805 storing_nonzero_p = lenrange[1] > 0;
4806 *zero_write = storing_all_zeros_p;
4807
4808 maybe_warn_overflow (stmt, lenrange[2], ptr_qry);
4809 }
4810 else
4811 {
4812 rhs_minlen = HOST_WIDE_INT_M1U;
4813 full_string_p = false;
4814 storing_nonzero_p = false;
4815 storing_all_zeros_p = false;
4816 storing_all_nonzero_p = false;
4817 }
4818
4819 if (si != NULL)
4820 {
4821 /* The corresponding element is set to 1 if the first and last
4822 element, respectively, of the sequence of characters being
4823 written over the string described by SI ends before
4824 the terminating nul (if it has one), to zero if the nul is
4825 being overwritten but not beyond, or negative otherwise. */
4826 int store_before_nul[2];
4827 if (ranges_valid)
4828 {
4829 /* The offset of the last stored byte. */
4830 unsigned HOST_WIDE_INT endoff = offset + lenrange[2] - 1;
4831 store_before_nul[0] = compare_nonzero_chars (si, offset, rvals);
4832 if (endoff == offset)
4833 store_before_nul[1] = store_before_nul[0];
4834 else
4835 store_before_nul[1] = compare_nonzero_chars (si, endoff, rvals);
4836 }
4837 else
4838 {
4839 store_before_nul[0] = compare_nonzero_chars (si, offset, rvals);
4840 store_before_nul[1] = store_before_nul[0];
4841 gcc_assert (offset == 0 || store_before_nul[0] >= 0);
4842 }
4843
4844 if (storing_all_zeros_p
4845 && store_before_nul[0] == 0
4846 && store_before_nul[1] == 0
4847 && si->full_string_p)
4848 {
4849 /* When overwriting a '\0' with a '\0', the store can be removed
4850 if we know it has been stored in the current function. */
4851 if (!stmt_could_throw_p (cfun, stmt) && si->writable)
4852 {
4853 unlink_stmt_vdef (stmt);
4854 release_defs (stmt);
4855 gsi_remove (gsi, true);
4856 return false;
4857 }
4858 else
4859 {
4860 si->writable = true;
4861 gsi_next (gsi);
4862 return false;
4863 }
4864 }
4865
4866 if (store_before_nul[1] > 0
4867 && storing_nonzero_p
4868 && lenrange[0] == lenrange[1]
4869 && lenrange[0] == lenrange[2]
4870 && TREE_CODE (TREE_TYPE (rhs)) == INTEGER_TYPE)
4871 {
4872 /* Handle a store of one or more non-nul characters that ends
4873 before the terminating nul of the destination and so does
4874 not affect its length
4875 If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
4876 and if we aren't storing '\0', we know that the length of
4877 the string and any other zero terminated string in memory
4878 remains the same. In that case we move to the next gimple
4879 statement and return to signal the caller that it shouldn't
4880 invalidate anything.
4881
4882 This is beneficial for cases like:
4883
4884 char p[20];
4885 void foo (char *q)
4886 {
4887 strcpy (p, "foobar");
4888 size_t len = strlen (p); // can be folded to 6
4889 size_t len2 = strlen (q); // has to be computed
4890 p[0] = 'X';
4891 size_t len3 = strlen (p); // can be folded to 6
4892 size_t len4 = strlen (q); // can be folded to len2
4893 bar (len, len2, len3, len4);
4894 } */
4895 gsi_next (gsi);
4896 return false;
4897 }
4898
4899 if (storing_all_zeros_p
4900 || storing_nonzero_p
4901 || (offset != 0 && store_before_nul[1] > 0))
4902 {
4903 /* When STORING_NONZERO_P, we know that the string will start
4904 with at least OFFSET + 1 nonzero characters. If storing
4905 a single character, set si->NONZERO_CHARS to the result.
4906 If storing multiple characters, try to determine the number
4907 of leading non-zero characters and set si->NONZERO_CHARS to
4908 the result instead.
4909
4910 When STORING_ALL_ZEROS_P, we know that the string is now
4911 OFFSET characters long.
4912
4913 Otherwise, we're storing an unknown value at offset OFFSET,
4914 so need to clip the nonzero_chars to OFFSET.
4915 Use the minimum length of the string (or individual character)
4916 being stored if it's known. Otherwise, STORING_NONZERO_P
4917 guarantees it's at least 1. */
4918 HOST_WIDE_INT len
4919 = storing_nonzero_p && ranges_valid ? lenrange[0] : 1;
4920 location_t loc = gimple_location (stmt);
4921 tree oldlen = si->nonzero_chars;
4922 if (store_before_nul[1] == 0 && si->full_string_p)
4923 /* We're overwriting the nul terminator with a nonzero or
4924 unknown character. If the previous stmt was a memcpy,
4925 its length may be decreased. */
4926 adjust_last_stmt (si, stmt, false, ptr_qry);
4927 si = unshare_strinfo (si);
4928 if (storing_nonzero_p)
4929 {
4930 gcc_assert (len >= 0);
4931 si->nonzero_chars = build_int_cst (size_type_node, offset + len);
4932 }
4933 else
4934 si->nonzero_chars = build_int_cst (size_type_node, offset);
4935
4936 /* Set FULL_STRING_P only if the length of the strings being
4937 written is the same, and clear it if the strings have
4938 different lengths. In the latter case the length stored
4939 in si->NONZERO_CHARS becomes the lower bound.
4940 FIXME: Handle the upper bound of the length if possible. */
4941 si->full_string_p = full_string_p && lenrange[0] == lenrange[1];
4942
4943 if (storing_all_zeros_p
4944 && ssaname
4945 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
4946 si->endptr = ssaname;
4947 else
4948 si->endptr = NULL;
4949 si->next = 0;
4950 si->stmt = NULL;
4951 si->writable = true;
4952 si->dont_invalidate = true;
4953 if (oldlen)
4954 {
4955 tree adj = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
4956 si->nonzero_chars, oldlen);
4957 adjust_related_strinfos (loc, si, adj);
4958 }
4959 else
4960 si->prev = 0;
4961 }
4962 }
4963 else if (idx == 0 && (storing_all_zeros_p || storing_nonzero_p))
4964 {
4965 if (ssaname)
4966 idx = new_stridx (ssaname);
4967 else
4968 idx = new_addr_stridx (lhs);
4969 if (idx != 0)
4970 {
4971 tree ptr = (ssaname ? ssaname : build_fold_addr_expr (lhs));
4972
4973 HOST_WIDE_INT slen;
4974 if (storing_all_zeros_p)
4975 slen = 0;
4976 else if (storing_nonzero_p && ranges_valid)
4977 {
4978 /* FIXME: Handle the upper bound of the length when
4979 LENRANGE[0] != LENRANGE[1]. */
4980 slen = lenrange[0];
4981 if (lenrange[0] != lenrange[1])
4982 /* Set the minimum length but ignore the maximum
4983 for now. */
4984 full_string_p = false;
4985 }
4986 else
4987 slen = -1;
4988
4989 tree len = (slen <= 0
4990 ? size_zero_node
4991 : build_int_cst (size_type_node, slen));
4992 si = new_strinfo (ptr, idx, len, slen >= 0 && full_string_p);
4993 set_strinfo (idx, si);
4994 if (storing_all_zeros_p
4995 && ssaname
4996 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
4997 si->endptr = ssaname;
4998 si->dont_invalidate = true;
4999 si->writable = true;
5000 }
5001 }
5002 else if (idx == 0
5003 && rhs_minlen < HOST_WIDE_INT_M1U
5004 && ssaname == NULL_TREE
5005 && TREE_CODE (TREE_TYPE (lhs)) == ARRAY_TYPE)
5006 {
5007 HOST_WIDE_INT a = int_size_in_bytes (TREE_TYPE (lhs));
5008 if (a > 0 && (unsigned HOST_WIDE_INT) a > rhs_minlen)
5009 {
5010 int idx = new_addr_stridx (lhs);
5011 if (idx != 0)
5012 {
5013 si = new_strinfo (build_fold_addr_expr (lhs), idx,
5014 build_int_cst (size_type_node, rhs_minlen),
5015 full_string_p);
5016 set_strinfo (idx, si);
5017 si->dont_invalidate = true;
5018 }
5019 }
5020 }
5021
5022 if (si != NULL && offset == 0 && storing_all_zeros_p && lenrange[2] == 1)
5023 {
5024 /* For single-byte stores only, allow adjust_last_stmt to remove
5025 the statement if the stored '\0' is immediately overwritten. */
5026 laststmt.stmt = stmt;
5027 laststmt.len = build_int_cst (size_type_node, 1);
5028 laststmt.stridx = si->idx;
5029 }
5030 return true;
5031 }
5032
5033 /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
5034
5035 static void
5036 fold_strstr_to_strncmp (tree rhs1, tree rhs2, gimple *stmt)
5037 {
5038 if (TREE_CODE (rhs1) != SSA_NAME
5039 || TREE_CODE (rhs2) != SSA_NAME)
5040 return;
5041
5042 gimple *call_stmt = NULL;
5043 for (int pass = 0; pass < 2; pass++)
5044 {
5045 gimple *g = SSA_NAME_DEF_STMT (rhs1);
5046 if (gimple_call_builtin_p (g, BUILT_IN_STRSTR)
5047 && has_single_use (rhs1)
5048 && gimple_call_arg (g, 0) == rhs2)
5049 {
5050 call_stmt = g;
5051 break;
5052 }
5053 std::swap (rhs1, rhs2);
5054 }
5055
5056 if (call_stmt)
5057 {
5058 tree arg0 = gimple_call_arg (call_stmt, 0);
5059
5060 if (arg0 == rhs2)
5061 {
5062 tree arg1 = gimple_call_arg (call_stmt, 1);
5063 tree arg1_len = NULL_TREE;
5064 int idx = get_stridx (arg1);
5065
5066 if (idx)
5067 {
5068 if (idx < 0)
5069 arg1_len = build_int_cst (size_type_node, ~idx);
5070 else
5071 {
5072 strinfo *si = get_strinfo (idx);
5073 if (si)
5074 arg1_len = get_string_length (si);
5075 }
5076 }
5077
5078 if (arg1_len != NULL_TREE)
5079 {
5080 gimple_stmt_iterator gsi = gsi_for_stmt (call_stmt);
5081 tree strncmp_decl = builtin_decl_explicit (BUILT_IN_STRNCMP);
5082
5083 if (!is_gimple_val (arg1_len))
5084 {
5085 tree arg1_len_tmp = make_ssa_name (TREE_TYPE (arg1_len));
5086 gassign *arg1_stmt = gimple_build_assign (arg1_len_tmp,
5087 arg1_len);
5088 gsi_insert_before (&gsi, arg1_stmt, GSI_SAME_STMT);
5089 arg1_len = arg1_len_tmp;
5090 }
5091
5092 gcall *strncmp_call = gimple_build_call (strncmp_decl, 3,
5093 arg0, arg1, arg1_len);
5094 tree strncmp_lhs = make_ssa_name (integer_type_node);
5095 gimple_set_vuse (strncmp_call, gimple_vuse (call_stmt));
5096 gimple_call_set_lhs (strncmp_call, strncmp_lhs);
5097 gsi_remove (&gsi, true);
5098 gsi_insert_before (&gsi, strncmp_call, GSI_SAME_STMT);
5099 tree zero = build_zero_cst (TREE_TYPE (strncmp_lhs));
5100
5101 if (is_gimple_assign (stmt))
5102 {
5103 if (gimple_assign_rhs_code (stmt) == COND_EXPR)
5104 {
5105 tree cond = gimple_assign_rhs1 (stmt);
5106 TREE_OPERAND (cond, 0) = strncmp_lhs;
5107 TREE_OPERAND (cond, 1) = zero;
5108 }
5109 else
5110 {
5111 gimple_assign_set_rhs1 (stmt, strncmp_lhs);
5112 gimple_assign_set_rhs2 (stmt, zero);
5113 }
5114 }
5115 else
5116 {
5117 gcond *cond = as_a<gcond *> (stmt);
5118 gimple_cond_set_lhs (cond, strncmp_lhs);
5119 gimple_cond_set_rhs (cond, zero);
5120 }
5121 update_stmt (stmt);
5122 }
5123 }
5124 }
5125 }
5126
5127 /* Return true if TYPE corresponds to a narrow character type. */
5128
5129 static bool
5130 is_char_type (tree type)
5131 {
5132 return (TREE_CODE (type) == INTEGER_TYPE
5133 && TYPE_MODE (type) == TYPE_MODE (char_type_node)
5134 && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node));
5135 }
5136
5137 /* Check the built-in call at GSI for validity and optimize it.
5138 Uses RVALS to determine range information.
5139 Return true to let the caller advance *GSI to the next statement
5140 in the basic block and false otherwise. */
5141
5142 static bool
5143 strlen_check_and_optimize_call (gimple_stmt_iterator *gsi, bool *zero_write,
5144 pointer_query &ptr_qry)
5145 {
5146 gimple *stmt = gsi_stmt (*gsi);
5147
5148 if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
5149 {
5150 tree fntype = gimple_call_fntype (stmt);
5151 if (fntype && lookup_attribute ("alloc_size", TYPE_ATTRIBUTES (fntype)))
5152 handle_alloc_call (BUILT_IN_NONE, gsi);
5153 }
5154
5155 /* When not optimizing we must be checking printf calls which
5156 we do even for user-defined functions when they are declared
5157 with attribute format. */
5158 if (!flag_optimize_strlen
5159 || !strlen_optimize
5160 || !valid_builtin_call (stmt))
5161 return !handle_printf_call (gsi, ptr_qry);
5162
5163 tree callee = gimple_call_fndecl (stmt);
5164 switch (DECL_FUNCTION_CODE (callee))
5165 {
5166 case BUILT_IN_STRLEN:
5167 case BUILT_IN_STRNLEN:
5168 handle_builtin_strlen (gsi);
5169 break;
5170 case BUILT_IN_STRCHR:
5171 handle_builtin_strchr (gsi);
5172 break;
5173 case BUILT_IN_STRCPY:
5174 case BUILT_IN_STRCPY_CHK:
5175 case BUILT_IN_STPCPY:
5176 case BUILT_IN_STPCPY_CHK:
5177 handle_builtin_strcpy (DECL_FUNCTION_CODE (callee), gsi, ptr_qry);
5178 break;
5179
5180 case BUILT_IN_STRNCAT:
5181 case BUILT_IN_STRNCAT_CHK:
5182 handle_builtin_strncat (DECL_FUNCTION_CODE (callee), gsi);
5183 break;
5184
5185 case BUILT_IN_STPNCPY:
5186 case BUILT_IN_STPNCPY_CHK:
5187 case BUILT_IN_STRNCPY:
5188 case BUILT_IN_STRNCPY_CHK:
5189 handle_builtin_stxncpy_strncat (false, gsi);
5190 break;
5191
5192 case BUILT_IN_MEMCPY:
5193 case BUILT_IN_MEMCPY_CHK:
5194 case BUILT_IN_MEMPCPY:
5195 case BUILT_IN_MEMPCPY_CHK:
5196 handle_builtin_memcpy (DECL_FUNCTION_CODE (callee), gsi, ptr_qry);
5197 break;
5198 case BUILT_IN_STRCAT:
5199 case BUILT_IN_STRCAT_CHK:
5200 handle_builtin_strcat (DECL_FUNCTION_CODE (callee), gsi, ptr_qry);
5201 break;
5202 case BUILT_IN_ALLOCA:
5203 case BUILT_IN_ALLOCA_WITH_ALIGN:
5204 case BUILT_IN_MALLOC:
5205 case BUILT_IN_CALLOC:
5206 handle_alloc_call (DECL_FUNCTION_CODE (callee), gsi);
5207 break;
5208 case BUILT_IN_MEMSET:
5209 if (handle_builtin_memset (gsi, zero_write, ptr_qry))
5210 return false;
5211 break;
5212 case BUILT_IN_MEMCMP:
5213 if (handle_builtin_memcmp (gsi))
5214 return false;
5215 break;
5216 case BUILT_IN_STRCMP:
5217 case BUILT_IN_STRNCMP:
5218 if (handle_builtin_string_cmp (gsi, ptr_qry.rvals))
5219 return false;
5220 break;
5221 default:
5222 if (handle_printf_call (gsi, ptr_qry))
5223 return false;
5224 break;
5225 }
5226
5227 return true;
5228 }
5229
5230 /* Handle an assignment statement at *GSI to a LHS of integral type.
5231 If GSI's basic block needs clean-up of EH, set *CLEANUP_EH to true. */
5232
5233 static void
5234 handle_integral_assign (gimple_stmt_iterator *gsi, bool *cleanup_eh,
5235 range_query *rvals)
5236 {
5237 gimple *stmt = gsi_stmt (*gsi);
5238 tree lhs = gimple_assign_lhs (stmt);
5239 tree lhs_type = TREE_TYPE (lhs);
5240
5241 enum tree_code code = gimple_assign_rhs_code (stmt);
5242 if (code == COND_EXPR)
5243 {
5244 tree cond = gimple_assign_rhs1 (stmt);
5245 enum tree_code cond_code = TREE_CODE (cond);
5246
5247 if (cond_code == EQ_EXPR || cond_code == NE_EXPR)
5248 fold_strstr_to_strncmp (TREE_OPERAND (cond, 0),
5249 TREE_OPERAND (cond, 1), stmt);
5250 }
5251 else if (code == EQ_EXPR || code == NE_EXPR)
5252 fold_strstr_to_strncmp (gimple_assign_rhs1 (stmt),
5253 gimple_assign_rhs2 (stmt), stmt);
5254 else if (gimple_assign_load_p (stmt)
5255 && TREE_CODE (lhs_type) == INTEGER_TYPE
5256 && TYPE_MODE (lhs_type) == TYPE_MODE (char_type_node)
5257 && (TYPE_PRECISION (lhs_type)
5258 == TYPE_PRECISION (char_type_node))
5259 && !gimple_has_volatile_ops (stmt))
5260 {
5261 tree off = integer_zero_node;
5262 unsigned HOST_WIDE_INT coff = 0;
5263 int idx = 0;
5264 tree rhs1 = gimple_assign_rhs1 (stmt);
5265 if (code == MEM_REF)
5266 {
5267 idx = get_stridx (TREE_OPERAND (rhs1, 0));
5268 if (idx > 0)
5269 {
5270 strinfo *si = get_strinfo (idx);
5271 if (si
5272 && si->nonzero_chars
5273 && TREE_CODE (si->nonzero_chars) == INTEGER_CST
5274 && (wi::to_widest (si->nonzero_chars)
5275 >= wi::to_widest (off)))
5276 off = TREE_OPERAND (rhs1, 1);
5277 else
5278 /* This case is not useful. See if get_addr_stridx
5279 returns something usable. */
5280 idx = 0;
5281 }
5282 }
5283 if (idx <= 0)
5284 idx = get_addr_stridx (rhs1, NULL_TREE, &coff);
5285 if (idx > 0)
5286 {
5287 strinfo *si = get_strinfo (idx);
5288 if (si
5289 && si->nonzero_chars
5290 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
5291 {
5292 widest_int w1 = wi::to_widest (si->nonzero_chars);
5293 widest_int w2 = wi::to_widest (off) + coff;
5294 if (w1 == w2
5295 && si->full_string_p)
5296 {
5297 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5298 {
5299 fprintf (dump_file, "Optimizing: ");
5300 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5301 }
5302
5303 /* Reading the final '\0' character. */
5304 tree zero = build_int_cst (lhs_type, 0);
5305 gimple_set_vuse (stmt, NULL_TREE);
5306 gimple_assign_set_rhs_from_tree (gsi, zero);
5307 *cleanup_eh
5308 |= maybe_clean_or_replace_eh_stmt (stmt,
5309 gsi_stmt (*gsi));
5310 stmt = gsi_stmt (*gsi);
5311 update_stmt (stmt);
5312
5313 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5314 {
5315 fprintf (dump_file, "into: ");
5316 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5317 }
5318 }
5319 else if (w1 > w2)
5320 {
5321 /* Reading a character before the final '\0'
5322 character. Just set the value range to ~[0, 0]
5323 if we don't have anything better. */
5324 value_range r;
5325 if (!get_range_query (cfun)->range_of_expr (r, lhs)
5326 || r.varying_p ())
5327 {
5328 r.set_nonzero (lhs_type);
5329 set_range_info (lhs, r);
5330 }
5331 }
5332 }
5333 }
5334 }
5335 else if (code == MEM_REF && TREE_CODE (lhs) == SSA_NAME)
5336 {
5337 if (int idx = new_stridx (lhs))
5338 {
5339 /* Record multi-byte assignments from MEM_REFs. */
5340 bool storing_all_nonzero_p;
5341 bool storing_all_zeros_p;
5342 bool full_string_p;
5343 unsigned lenrange[] = { UINT_MAX, 0, 0 };
5344 tree rhs = gimple_assign_rhs1 (stmt);
5345 const bool ranges_valid
5346 = count_nonzero_bytes (rhs, lenrange, &full_string_p,
5347 &storing_all_zeros_p, &storing_all_nonzero_p,
5348 rvals);
5349 if (ranges_valid)
5350 {
5351 tree length = build_int_cst (sizetype, lenrange[0]);
5352 strinfo *si = new_strinfo (lhs, idx, length, full_string_p);
5353 set_strinfo (idx, si);
5354 si->writable = true;
5355 si->dont_invalidate = true;
5356 }
5357 }
5358 }
5359
5360 if (strlen_to_stridx)
5361 {
5362 tree rhs1 = gimple_assign_rhs1 (stmt);
5363 if (stridx_strlenloc *ps = strlen_to_stridx->get (rhs1))
5364 strlen_to_stridx->put (lhs, stridx_strlenloc (*ps));
5365 }
5366 }
5367
5368 /* Attempt to check for validity of the performed access a single statement
5369 at *GSI using string length knowledge, and to optimize it.
5370 If the given basic block needs clean-up of EH, CLEANUP_EH is set to
5371 true. Return true to let the caller advance *GSI to the next statement
5372 in the basic block and false otherwise. */
5373
5374 static bool
5375 check_and_optimize_stmt (gimple_stmt_iterator *gsi, bool *cleanup_eh,
5376 pointer_query &ptr_qry)
5377 {
5378 gimple *stmt = gsi_stmt (*gsi);
5379
5380 /* For statements that modify a string, set to true if the write
5381 is only zeros. */
5382 bool zero_write = false;
5383
5384 if (is_gimple_call (stmt))
5385 {
5386 if (!strlen_check_and_optimize_call (gsi, &zero_write, ptr_qry))
5387 return false;
5388 }
5389 else if (!flag_optimize_strlen || !strlen_optimize)
5390 return true;
5391 else if (is_gimple_assign (stmt) && !gimple_clobber_p (stmt))
5392 {
5393 /* Handle non-clobbering assignment. */
5394 tree lhs = gimple_assign_lhs (stmt);
5395 tree lhs_type = TREE_TYPE (lhs);
5396
5397 if (TREE_CODE (lhs) == SSA_NAME && POINTER_TYPE_P (lhs_type))
5398 {
5399 if (gimple_assign_single_p (stmt)
5400 || (gimple_assign_cast_p (stmt)
5401 && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (stmt)))))
5402 {
5403 int idx = get_stridx (gimple_assign_rhs1 (stmt));
5404 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = idx;
5405 }
5406 else if (gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
5407 handle_pointer_plus (gsi);
5408 }
5409 else if (TREE_CODE (lhs) == SSA_NAME && INTEGRAL_TYPE_P (lhs_type))
5410 /* Handle assignment to a character. */
5411 handle_integral_assign (gsi, cleanup_eh, ptr_qry.rvals);
5412 else if (TREE_CODE (lhs) != SSA_NAME && !TREE_SIDE_EFFECTS (lhs))
5413 {
5414 tree type = TREE_TYPE (lhs);
5415 if (TREE_CODE (type) == ARRAY_TYPE)
5416 type = TREE_TYPE (type);
5417
5418 bool is_char_store = is_char_type (type);
5419 if (!is_char_store && TREE_CODE (lhs) == MEM_REF)
5420 {
5421 /* To consider stores into char objects via integer types
5422 other than char but not those to non-character objects,
5423 determine the type of the destination rather than just
5424 the type of the access. */
5425 for (int i = 0; i != 2; ++i)
5426 {
5427 tree ref = TREE_OPERAND (lhs, i);
5428 type = TREE_TYPE (ref);
5429 if (TREE_CODE (type) == POINTER_TYPE)
5430 type = TREE_TYPE (type);
5431 if (TREE_CODE (type) == ARRAY_TYPE)
5432 type = TREE_TYPE (type);
5433 if (is_char_type (type))
5434 {
5435 is_char_store = true;
5436 break;
5437 }
5438 }
5439 }
5440
5441 /* Handle a single or multibyte assignment. */
5442 if (is_char_store && !handle_store (gsi, &zero_write, ptr_qry))
5443 return false;
5444 }
5445 }
5446 else if (gcond *cond = dyn_cast<gcond *> (stmt))
5447 {
5448 enum tree_code code = gimple_cond_code (cond);
5449 if (code == EQ_EXPR || code == NE_EXPR)
5450 fold_strstr_to_strncmp (gimple_cond_lhs (stmt),
5451 gimple_cond_rhs (stmt), stmt);
5452 }
5453
5454 if (gimple_vdef (stmt))
5455 maybe_invalidate (stmt, zero_write);
5456 return true;
5457 }
5458
5459 /* Recursively call maybe_invalidate on stmts that might be executed
5460 in between dombb and current bb and that contain a vdef. Stop when
5461 *count stmts are inspected, or if the whole strinfo vector has
5462 been invalidated. */
5463
5464 static void
5465 do_invalidate (basic_block dombb, gimple *phi, bitmap visited, int *count)
5466 {
5467 unsigned int i, n = gimple_phi_num_args (phi);
5468
5469 for (i = 0; i < n; i++)
5470 {
5471 tree vuse = gimple_phi_arg_def (phi, i);
5472 gimple *stmt = SSA_NAME_DEF_STMT (vuse);
5473 basic_block bb = gimple_bb (stmt);
5474 if (bb == NULL
5475 || bb == dombb
5476 || !bitmap_set_bit (visited, bb->index)
5477 || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5478 continue;
5479 while (1)
5480 {
5481 if (gimple_code (stmt) == GIMPLE_PHI)
5482 {
5483 do_invalidate (dombb, stmt, visited, count);
5484 if (*count == 0)
5485 return;
5486 break;
5487 }
5488 if (--*count == 0)
5489 return;
5490 if (!maybe_invalidate (stmt))
5491 {
5492 *count = 0;
5493 return;
5494 }
5495 vuse = gimple_vuse (stmt);
5496 stmt = SSA_NAME_DEF_STMT (vuse);
5497 if (gimple_bb (stmt) != bb)
5498 {
5499 bb = gimple_bb (stmt);
5500 if (bb == NULL
5501 || bb == dombb
5502 || !bitmap_set_bit (visited, bb->index)
5503 || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5504 break;
5505 }
5506 }
5507 }
5508 }
5509
5510 class strlen_dom_walker : public dom_walker
5511 {
5512 public:
5513 strlen_dom_walker (cdi_direction direction)
5514 : dom_walker (direction),
5515 evrp (false),
5516 ptr_qry (&evrp, &var_cache),
5517 var_cache (),
5518 m_cleanup_cfg (false)
5519 { }
5520
5521 ~strlen_dom_walker ();
5522
5523 virtual edge before_dom_children (basic_block);
5524 virtual void after_dom_children (basic_block);
5525
5526 /* EVRP analyzer used for printf argument range processing, and
5527 to track strlen results across integer variable assignments. */
5528 evrp_range_analyzer evrp;
5529
5530 /* A pointer_query object and its cache to store information about
5531 pointers and their targets in. */
5532 pointer_query ptr_qry;
5533 pointer_query::cache_type var_cache;
5534
5535 /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
5536 execute function. */
5537 bool m_cleanup_cfg;
5538 };
5539
5540 /* Release pointer_query cache. */
5541
5542 strlen_dom_walker::~strlen_dom_walker ()
5543 {
5544 ptr_qry.flush_cache ();
5545 }
5546
5547 /* Callback for walk_dominator_tree. Attempt to optimize various
5548 string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
5549
5550 edge
5551 strlen_dom_walker::before_dom_children (basic_block bb)
5552 {
5553 evrp.enter (bb);
5554
5555 basic_block dombb = get_immediate_dominator (CDI_DOMINATORS, bb);
5556
5557 if (dombb == NULL)
5558 stridx_to_strinfo = NULL;
5559 else
5560 {
5561 stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) dombb->aux);
5562 if (stridx_to_strinfo)
5563 {
5564 for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5565 gsi_next (&gsi))
5566 {
5567 gphi *phi = gsi.phi ();
5568 if (virtual_operand_p (gimple_phi_result (phi)))
5569 {
5570 bitmap visited = BITMAP_ALLOC (NULL);
5571 int count_vdef = 100;
5572 do_invalidate (dombb, phi, visited, &count_vdef);
5573 BITMAP_FREE (visited);
5574 if (count_vdef == 0)
5575 {
5576 /* If there were too many vdefs in between immediate
5577 dominator and current bb, invalidate everything.
5578 If stridx_to_strinfo has been unshared, we need
5579 to free it, otherwise just set it to NULL. */
5580 if (!strinfo_shared ())
5581 {
5582 unsigned int i;
5583 strinfo *si;
5584
5585 for (i = 1;
5586 vec_safe_iterate (stridx_to_strinfo, i, &si);
5587 ++i)
5588 {
5589 free_strinfo (si);
5590 (*stridx_to_strinfo)[i] = NULL;
5591 }
5592 }
5593 else
5594 stridx_to_strinfo = NULL;
5595 }
5596 break;
5597 }
5598 }
5599 }
5600 }
5601
5602 /* If all PHI arguments have the same string index, the PHI result
5603 has it as well. */
5604 for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5605 gsi_next (&gsi))
5606 {
5607 gphi *phi = gsi.phi ();
5608 tree result = gimple_phi_result (phi);
5609 if (!virtual_operand_p (result) && POINTER_TYPE_P (TREE_TYPE (result)))
5610 {
5611 int idx = get_stridx (gimple_phi_arg_def (phi, 0));
5612 if (idx != 0)
5613 {
5614 unsigned int i, n = gimple_phi_num_args (phi);
5615 for (i = 1; i < n; i++)
5616 if (idx != get_stridx (gimple_phi_arg_def (phi, i)))
5617 break;
5618 if (i == n)
5619 ssa_ver_to_stridx[SSA_NAME_VERSION (result)] = idx;
5620 }
5621 }
5622 }
5623
5624 bool cleanup_eh = false;
5625
5626 /* Attempt to optimize individual statements. */
5627 for (gimple_stmt_iterator gsi = gsi_start_bb (bb); !gsi_end_p (gsi); )
5628 {
5629 gimple *stmt = gsi_stmt (gsi);
5630
5631 /* First record ranges generated by this statement so they
5632 can be used by printf argument processing. */
5633 evrp.record_ranges_from_stmt (stmt, false);
5634
5635 /* Reset search depth preformance counter. */
5636 ptr_qry.depth = 0;
5637
5638 if (check_and_optimize_stmt (&gsi, &cleanup_eh, ptr_qry))
5639 gsi_next (&gsi);
5640 }
5641
5642 if (cleanup_eh && gimple_purge_dead_eh_edges (bb))
5643 m_cleanup_cfg = true;
5644
5645 bb->aux = stridx_to_strinfo;
5646 if (vec_safe_length (stridx_to_strinfo) && !strinfo_shared ())
5647 (*stridx_to_strinfo)[0] = (strinfo *) bb;
5648 return NULL;
5649 }
5650
5651 /* Callback for walk_dominator_tree. Free strinfo vector if it is
5652 owned by the current bb, clear bb->aux. */
5653
5654 void
5655 strlen_dom_walker::after_dom_children (basic_block bb)
5656 {
5657 evrp.leave (bb);
5658
5659 if (bb->aux)
5660 {
5661 stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) bb->aux);
5662 if (vec_safe_length (stridx_to_strinfo)
5663 && (*stridx_to_strinfo)[0] == (strinfo *) bb)
5664 {
5665 unsigned int i;
5666 strinfo *si;
5667
5668 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
5669 free_strinfo (si);
5670 vec_free (stridx_to_strinfo);
5671 }
5672 bb->aux = NULL;
5673 }
5674 }
5675
5676 namespace {
5677
5678 static unsigned int
5679 printf_strlen_execute (function *fun, bool warn_only)
5680 {
5681 strlen_optimize = !warn_only;
5682
5683 calculate_dominance_info (CDI_DOMINATORS);
5684
5685 bool use_scev = optimize > 0 && flag_printf_return_value;
5686 if (use_scev)
5687 {
5688 loop_optimizer_init (LOOPS_NORMAL);
5689 scev_initialize ();
5690 }
5691
5692 gcc_assert (!strlen_to_stridx);
5693 if (warn_stringop_overflow || warn_stringop_truncation)
5694 strlen_to_stridx = new hash_map<tree, stridx_strlenloc> ();
5695
5696 /* This has to happen after initializing the loop optimizer
5697 and initializing SCEV as they create new SSA_NAMEs. */
5698 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
5699 max_stridx = 1;
5700
5701 /* String length optimization is implemented as a walk of the dominator
5702 tree and a forward walk of statements within each block. */
5703 strlen_dom_walker walker (CDI_DOMINATORS);
5704 walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun));
5705
5706 if (dump_file && (dump_flags & TDF_DETAILS))
5707 {
5708 unsigned nused = 0;
5709 unsigned nidxs = walker.ptr_qry.var_cache->indices.length ();
5710 for (unsigned i = 0; i != nidxs; ++i)
5711 if (walker.ptr_qry.var_cache->indices[i])
5712 ++nused;
5713
5714 fprintf (dump_file, "pointer_query counters\n"
5715 " index cache size: %u\n"
5716 " utilization: %u%%\n"
5717 " access cache size: %u\n"
5718 " hits: %u\n"
5719 " misses: %u\n"
5720 " failures: %u\n"
5721 " max_depth: %u\n",
5722 nidxs,
5723 nidxs == 0 ? 0 : (nused * 100) / nidxs,
5724 walker.ptr_qry.var_cache->access_refs.length (),
5725 walker.ptr_qry.hits, walker.ptr_qry.misses,
5726 walker.ptr_qry.failures, walker.ptr_qry.max_depth);
5727 }
5728
5729 ssa_ver_to_stridx.release ();
5730 strinfo_pool.release ();
5731 if (decl_to_stridxlist_htab)
5732 {
5733 obstack_free (&stridx_obstack, NULL);
5734 delete decl_to_stridxlist_htab;
5735 decl_to_stridxlist_htab = NULL;
5736 }
5737 laststmt.stmt = NULL;
5738 laststmt.len = NULL_TREE;
5739 laststmt.stridx = 0;
5740
5741 if (strlen_to_stridx)
5742 {
5743 strlen_to_stridx->empty ();
5744 delete strlen_to_stridx;
5745 strlen_to_stridx = NULL;
5746 }
5747
5748 if (use_scev)
5749 {
5750 scev_finalize ();
5751 loop_optimizer_finalize ();
5752 }
5753
5754 return walker.m_cleanup_cfg ? TODO_cleanup_cfg : 0;
5755 }
5756
5757 /* This file defines two passes: one for warnings that runs only when
5758 optimization is disabled, and another that implements optimizations
5759 and also issues warnings. */
5760
5761 const pass_data pass_data_warn_printf =
5762 {
5763 GIMPLE_PASS, /* type */
5764 "warn-printf", /* name */
5765 OPTGROUP_NONE, /* optinfo_flags */
5766 TV_NONE, /* tv_id */
5767 /* Normally an optimization pass would require PROP_ssa but because
5768 this pass runs early, with no optimization, to do sprintf format
5769 checking, it only requires PROP_cfg. */
5770 PROP_cfg, /* properties_required */
5771 0, /* properties_provided */
5772 0, /* properties_destroyed */
5773 0, /* todo_flags_start */
5774 0, /* todo_flags_finish */
5775 };
5776
5777 class pass_warn_printf : public gimple_opt_pass
5778 {
5779 public:
5780 pass_warn_printf (gcc::context *ctxt)
5781 : gimple_opt_pass (pass_data_warn_printf, ctxt)
5782 {}
5783
5784 virtual bool gate (function *);
5785 virtual unsigned int execute (function *fun)
5786 {
5787 return printf_strlen_execute (fun, true);
5788 }
5789 };
5790
5791
5792 /* Return true to run the warning pass only when not optimizing and
5793 iff either -Wformat-overflow or -Wformat-truncation is specified. */
5794
5795 bool
5796 pass_warn_printf::gate (function *)
5797 {
5798 return !optimize && (warn_format_overflow > 0 || warn_format_trunc > 0);
5799 }
5800
5801 const pass_data pass_data_strlen =
5802 {
5803 GIMPLE_PASS, /* type */
5804 "strlen", /* name */
5805 OPTGROUP_NONE, /* optinfo_flags */
5806 TV_TREE_STRLEN, /* tv_id */
5807 PROP_cfg | PROP_ssa, /* properties_required */
5808 0, /* properties_provided */
5809 0, /* properties_destroyed */
5810 0, /* todo_flags_start */
5811 0, /* todo_flags_finish */
5812 };
5813
5814 class pass_strlen : public gimple_opt_pass
5815 {
5816 public:
5817 pass_strlen (gcc::context *ctxt)
5818 : gimple_opt_pass (pass_data_strlen, ctxt)
5819 {}
5820
5821 opt_pass * clone () { return new pass_strlen (m_ctxt); }
5822
5823 virtual bool gate (function *);
5824 virtual unsigned int execute (function *fun)
5825 {
5826 return printf_strlen_execute (fun, false);
5827 }
5828 };
5829
5830 /* Return true to run the pass only when the sprintf and/or strlen
5831 optimizations are enabled and -Wformat-overflow or -Wformat-truncation
5832 are specified. */
5833
5834 bool
5835 pass_strlen::gate (function *)
5836 {
5837 return ((warn_format_overflow > 0
5838 || warn_format_trunc > 0
5839 || warn_restrict > 0
5840 || flag_optimize_strlen > 0
5841 || flag_printf_return_value)
5842 && optimize > 0);
5843 }
5844
5845 } // anon namespace
5846
5847 gimple_opt_pass *
5848 make_pass_warn_printf (gcc::context *ctxt)
5849 {
5850 return new pass_warn_printf (ctxt);
5851 }
5852
5853 gimple_opt_pass *
5854 make_pass_strlen (gcc::context *ctxt)
5855 {
5856 return new pass_strlen (ctxt);
5857 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org