| blob | 669c315dce2390570b95de928ab8fac1d7467eda |
1 /* String length optimization
2 Copyright (C) 2011-2018 Free Software Foundation, Inc.
3 Contributed by Jakub Jelinek <jakub@redhat.com>
5 This file is part of GCC.
7 GCC is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
12 GCC is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
59 /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
60 is an index into strinfo vector, negative value stands for
61 string length of a string literal (~strlen). */
64 /* Number of currently active string indexes plus one. */
67 /* String information record. */
68 struct strinfo
69 {
70 /* Number of leading characters that are known to be nonzero. This is
71 also the length of the string if FULL_STRING_P.
73 The values in a list of related string pointers must be consistent;
74 that is, if strinfo B comes X bytes after strinfo A, it must be
75 the case that A->nonzero_chars == X + B->nonzero_chars. */
76 tree nonzero_chars;
77 /* Any of the corresponding pointers for querying alias oracle. */
78 tree ptr;
79 /* This is used for two things:
81 - To record the statement that should be used for delayed length
82 computations. We maintain the invariant that all related strinfos
83 have delayed lengths or none do.
85 - To record the malloc or calloc call that produced this result. */
87 /* Pointer to '\0' if known, if NULL, it can be computed as
88 ptr + length. */
89 tree endptr;
90 /* Reference count. Any changes to strinfo entry possibly shared
91 with dominating basic blocks need unshare_strinfo first, except
92 for dont_invalidate which affects only the immediately next
93 maybe_invalidate. */
95 /* Copy of index. get_strinfo (si->idx) should return si; */
97 /* These 3 fields are for chaining related string pointers together.
98 E.g. for
99 bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
100 strcpy (c, d); e = c + dl;
101 strinfo(a) -> strinfo(c) -> strinfo(e)
102 All have ->first field equal to strinfo(a)->idx and are doubly
103 chained through prev/next fields. The later strinfos are required
104 to point into the same string with zero or more bytes after
105 the previous pointer and all bytes in between the two pointers
106 must be non-zero. Functions like strcpy or memcpy are supposed
107 to adjust all previous strinfo lengths, but not following strinfo
108 lengths (those are uncertain, usually invalidated during
109 maybe_invalidate, except when the alias oracle knows better).
110 Functions like strcat on the other side adjust the whole
111 related strinfo chain.
112 They are updated lazily, so to use the chain the same first fields
113 and si->prev->next == si->idx needs to be verified. */
117 /* A flag whether the string is known to be written in the current
118 function. */
120 /* A flag for the next maybe_invalidate that this strinfo shouldn't
121 be invalidated. Always cleared by maybe_invalidate. */
123 /* True if the string is known to be nul-terminated after NONZERO_CHARS
124 characters. False is useful when detecting strings that are built
125 up via successive memcpys. */
127 };
129 /* Pool for allocating strinfo_struct entries. */
132 /* Vector mapping positive string indexes to strinfo, for the
133 current basic block. The first pointer in the vector is special,
134 it is either NULL, meaning the vector isn't shared, or it is
135 a basic block pointer to the owner basic_block if shared.
136 If some other bb wants to modify the vector, the vector needs
137 to be unshared first, and only the owner bb is supposed to free it. */
140 /* One OFFSET->IDX mapping. */
141 struct stridxlist
142 {
144 HOST_WIDE_INT offset;
146 };
148 /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
149 struct decl_stridxlist_map
150 {
153 };
155 /* Hash table for mapping decls to a chained list of offset -> idx
156 mappings. */
159 /* Hash table mapping strlen calls to stridx instances describing
160 the calls' arguments. Non-null only when warn_stringop_truncation
161 is non-zero. */
165 /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
168 /* Last memcpy statement if it could be adjusted if the trailing
169 '\0' written is immediately overwritten, or
170 *x = '\0' store that could be removed if it is immediately overwritten. */
171 struct laststmt_struct
172 {
174 tree len;
181 /* Return:
183 - 1 if SI is known to start with more than OFF nonzero characters.
185 - 0 if SI is known to start with OFF nonzero characters,
186 but is not known to start with more.
188 - -1 if SI might not start with OFF nonzero characters. */
192 {
196 else
198 }
200 /* Return true if SI is known to be a zero-length string. */
204 {
206 }
208 /* Return strinfo vector entry IDX. */
212 {
216 }
218 /* Get the next strinfo in the chain after SI, or null if none. */
222 {
229 }
231 /* Helper function for get_stridx. Return the strinfo index of the address
232 of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
233 OK to return the index for some X <= &EXP and store &EXP - X in
234 *OFFSET_OUT. */
236 static int
238 {
239 HOST_WIDE_INT off;
241 tree base;
246 poly_int64 poff;
255 do
256 {
258 {
262 }
267 }
271 {
272 unsigned HOST_WIDE_INT rel_off
276 {
278 {
281 }
282 else
284 }
285 }
287 }
289 /* Return string index for EXP. */
291 static int
293 {
295 {
302 {
319 {
320 strinfo *si
324 }
326 }
328 }
331 {
335 }
342 }
344 /* Return true if strinfo vector is shared with the immediate dominator. */
348 {
351 }
353 /* Unshare strinfo vector that is shared with the immediate dominator. */
355 static void
357 {
367 }
369 /* Attempt to create a string index for exp, ADDR_EXPR's operand.
370 Return a pointer to the location where the string index can
371 be stored (if 0) or is stored, or NULL if this can't be tracked. */
375 {
376 HOST_WIDE_INT off;
378 poly_int64 poff;
384 {
385 decl_to_stridxlist_htab
388 }
393 {
397 {
405 }
409 {
417 }
420 }
426 }
428 /* Create a new string index, or return 0 if reached limit. */
430 static int
432 {
437 {
443 }
445 {
448 {
452 }
453 }
455 }
457 /* Like new_stridx, but for ADDR_EXPR's operand instead. */
459 static int
461 {
467 {
471 }
473 }
475 /* Create a new strinfo. */
479 {
494 }
496 /* Decrease strinfo refcount and free it if not referenced anymore. */
500 {
503 }
505 /* Set strinfo in the vector entry IDX to SI. */
509 {
515 }
517 /* Return the first strinfo in the related strinfo chain
518 if all strinfos in between belong to the chain, otherwise NULL. */
522 {
528 {
536 }
540 }
542 /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
543 Use LOC for folding. */
545 static void
547 {
555 }
557 /* Return string length, or NULL if it can't be computed. */
559 static tree
561 {
566 {
569 location_t loc;
570 gimple_stmt_iterator gsi;
576 /* unshare_strinfo is intentionally not called here. The (delayed)
577 transformation of strcpy or strcat into stpcpy is done at the place
578 of the former strcpy/strcat call and so can affect all the strinfos
579 with the same stmt. If they were unshared before and transformation
580 has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
581 just compute the right length. */
583 {
597 {
601 }
602 lenstmt = gimple_build_assign
608 /* FALLTHRU */
614 else
618 {
621 }
627 {
630 }
631 /* FALLTHRU */
645 /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
649 }
650 }
653 }
655 /* Invalidate string length information for strings whose length
656 might change due to stores in stmt. */
658 static bool
660 {
667 {
669 {
670 ao_ref r;
671 /* Do not use si->nonzero_chars. */
674 {
678 }
679 }
682 }
684 }
686 /* Unshare strinfo record SI, if it has refcount > 1 or
687 if stridx_to_strinfo vector is shared with some other
688 bbs. */
692 {
708 }
710 /* Attempt to create a new strinfo for BASESI + OFF, or find existing
711 strinfo if there is any. Return it's idx, or 0 if no strinfo has
712 been created. */
714 static int
716 tree ptr)
717 {
725 unsigned HOST_WIDE_INT nonzero_chars
741 {
749 {
751 {
754 else
755 {
759 }
761 }
763 }
764 }
773 {
777 }
789 }
791 /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
792 to a zero-length string and if possible chain it to a related strinfo
793 chain whose part is or might be CHAINSI. */
797 {
808 {
811 {
812 do
813 {
814 /* We shouldn't mix delayed and non-delayed lengths. */
817 {
820 }
823 }
826 {
828 {
831 }
834 }
835 }
836 else
837 {
838 /* We shouldn't mix delayed and non-delayed lengths. */
841 {
846 }
847 }
848 }
856 {
866 }
868 }
870 /* For strinfo ORIGSI whose length has been just updated, adjust other
871 related strinfos so that they match the new ORIGSI. This involves:
873 - adding ADJ to the nonzero_chars fields
874 - copying full_string_p from the new ORIGSI. */
876 static void
878 {
885 {
889 {
890 tree tem;
893 /* We shouldn't see delayed lengths here; the caller must have
894 calculated the old length in order to calculate the
895 adjustment. */
905 }
910 }
911 }
913 /* Find if there are other SSA_NAME pointers equal to PTR
914 for which we don't track their string lengths yet. If so, use
915 IDX for them. */
917 static void
919 {
923 {
929 {
932 CASE_CONVERT:
939 /* FALLTHRU */
941 {
946 }
949 }
951 /* We might find an endptr created in this pass. Grow the
952 vector in that case. */
959 }
960 }
962 /* Return true if STMT is a call to a builtin function with the right
963 arguments and attributes that should be considered for optimization
964 by this pass. */
966 static bool
968 {
974 {
979 /* The above functions should be pure. Punt if they aren't. */
997 /* The above functions should be neither const nor pure. Punt if they
998 aren't. */
1005 }
1008 }
1010 /* If the last .MEM setter statement before STMT is
1011 memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1012 and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1013 just memcpy (x, y, strlen (y)). SI must be the zero length
1014 strinfo. */
1016 static void
1018 {
1043 {
1051 {
1055 }
1056 }
1062 {
1063 gimple_stmt_iterator gsi;
1074 }
1081 {
1087 }
1091 {
1096 /* Don't adjust the length if it is divisible by 4, it is more efficient
1097 to store the extra '\0' in that case. */
1101 /* Don't fold away an out of bounds access, as this defeats proper
1102 warnings. */
1107 }
1109 {
1116 }
1117 else
1122 }
1124 /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1125 SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1126 a character array A[N] with unknown length bounded by N, and for
1127 strnlen(), by min (N, BOUND). */
1129 static tree
1131 {
1137 {
1142 }
1148 {
1149 /* The last array member of a struct can be bigger than its size
1150 suggests if it's treated as a poor-man's flexible array member. */
1156 {
1162 /* For strlen() the upper bound above is equal to
1163 the longest string that can be stored in the array
1164 (i.e., it accounts for the terminating nul. For
1165 strnlen() bump up the maximum by one since the array
1166 need not be nul-terminated. */
1169 }
1170 else
1171 {
1175 {
1176 /* Handle the unlikely case of strlen (&c) where c is some
1177 variable. */
1181 }
1182 }
1183 }
1186 {
1187 /* For strnlen, adjust MIN and MAX as necessary. If the bound
1188 is less than the size of the array set MAX to it. It it's
1189 greater than MAX and MAX is non-zero bump MAX down to account
1190 for the necessary terminating nul. Otherwise leave it alone. */
1192 {
1199 }
1201 {
1205 {
1206 /* For a bound in a known range, adjust the range determined
1207 above as necessary. For a bound in some anti-range or
1208 in an unknown range, use the range determined above. */
1213 }
1214 }
1215 }
1222 }
1224 /* Handle a strlen call. If strlen of the argument is known, replace
1225 the strlen call with the known value, otherwise remember that strlen
1226 of the argument is stored in the lhs SSA_NAME. */
1228 static void
1230 {
1244 {
1246 tree rhs;
1250 else
1251 {
1256 }
1258 {
1260 {
1263 }
1268 /* Set for strnlen() calls with a non-constant bound. */
1271 {
1272 tree new_rhs
1279 }
1286 {
1289 }
1291 /* Avoid storing the length for calls to strnlen() with
1292 a non-constant bound. */
1300 {
1304 }
1310 }
1311 }
1317 else
1318 {
1321 {
1323 {
1324 /* Until now we only had a lower bound on the string length.
1325 Install LHS as the actual length. */
1331 {
1336 }
1337 else
1338 {
1342 }
1343 }
1345 }
1346 }
1348 {
1350 {
1351 /* Only store the new length information for calls to strlen(),
1352 not for those to strnlen(). */
1356 }
1358 /* For SRC that is an array of N elements, set LHS's range
1359 to [0, min (N, BOUND)]. A constant return value means
1360 the range would have consisted of a single value. In
1361 that case, fold the result into the returned constant. */
1364 {
1366 {
1369 }
1377 {
1380 }
1381 }
1385 }
1386 }
1388 /* Handle a strchr call. If strlen of the first argument is known, replace
1389 the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
1390 that lhs of the call is endptr and strlen of the argument is endptr - x. */
1392 static void
1394 {
1396 tree src;
1409 {
1411 tree rhs;
1415 else
1416 {
1421 }
1423 {
1427 {
1430 }
1432 {
1437 }
1438 else
1439 {
1446 }
1452 {
1455 }
1459 {
1462 }
1465 }
1466 }
1470 {
1474 {
1477 }
1479 {
1490 }
1491 }
1492 else
1494 }
1496 /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
1497 If strlen of the second argument is known, strlen of the first argument
1498 is the same after this call. Furthermore, attempt to convert it to
1499 memcpy. */
1501 static void
1503 {
1509 location_t loc;
1539 {
1549 else
1550 {
1555 }
1559 }
1562 {
1566 }
1568 {
1573 /* Break the chain, so adjust_related_strinfo on later pointers in
1574 the chain won't adjust this one anymore. */
1578 }
1579 else
1580 {
1584 }
1589 {
1592 /* If string length of src is unknown, use delayed length
1593 computation. If string lenth of dst will be needed, it
1594 can be computed by transforming this strcpy call into
1595 stpcpy and subtracting dst from the return value. */
1597 /* Look for earlier strings whose length could be determined if
1598 this strcpy is turned into an stpcpy. */
1601 {
1603 {
1604 /* When setting a stmt for delayed length computation
1605 prevent all strinfos through dsi from being
1606 invalidated. */
1613 }
1614 }
1617 /* Try to detect overlap before returning. This catches cases
1618 like strcpy (d, d + n) where n is non-constant whose range
1619 is such that (n <= strlen (d) holds).
1621 OLDDSI->NONZERO_chars may have been reset by this point with
1622 oldlen holding it original value. */
1624 {
1625 /* Add 1 for the terminating NUL. */
1630 }
1633 }
1636 {
1639 ;
1647 oldlen));
1650 else
1652 }
1653 /* strcpy src may not overlap dst, so src doesn't need to be
1654 invalidated either. */
1661 {
1673 /* This would need adjustment of the lhs (subtract one),
1674 or detection that the trailing '\0' doesn't need to be
1675 written, if it will be immediately overwritten.
1676 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
1678 {
1681 }
1684 /* This would need adjustment of the lhs (subtract one),
1685 or detection that the trailing '\0' doesn't need to be
1686 written, if it will be immediately overwritten.
1687 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
1689 {
1692 }
1696 }
1701 {
1704 }
1705 else
1711 /* Set the no-warning bit on the transformed statement? */
1717 {
1720 }
1726 GSI_SAME_STMT);
1728 {
1731 }
1734 else
1738 {
1742 {
1745 }
1746 /* Allow adjust_last_stmt to decrease this memcpy's size. */
1750 }
1756 }
1758 /* Check the size argument to the built-in forms of stpncpy and strncpy
1759 for out-of-bounds offsets or overlapping access, and to see if the
1760 size argument is derived from a call to strlen() on the source argument,
1761 and if so, issue an appropriate warning. */
1763 static void
1765 {
1766 /* Same as stxncpy(). */
1768 }
1770 /* Return true if LEN depends on a call to strlen(SRC) in an interesting
1771 way. LEN can either be an integer expression, or a pointer (to char).
1772 When it is the latter (such as in recursive calls to self) is is
1773 assumed to be the argument in some call to strlen() whose relationship
1774 to SRC is being ascertained. */
1776 bool
1778 {
1791 {
1799 }
1812 {
1813 /* Pointer plus (an integer), and truncation are considered among
1814 the (potentially) related expressions to strlen. */
1816 }
1819 {
1820 /* Integer subtraction is considered strlen-related when both
1821 arguments are integers and second one is strlen-related. */
1825 }
1828 }
1830 /* Called by handle_builtin_stxncpy and by gimple_fold_builtin_strncpy
1831 in gimple-fold.c.
1832 Check to see if the specified bound is a) equal to the size of
1833 the destination DST and if so, b) if it's immediately followed by
1834 DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
1835 do nothing. Return true if diagnostic has been issued.
1837 The purpose is to diagnose calls to strncpy and stpncpy that do
1838 not nul-terminate the copy while allowing for the idiom where
1839 such a call is immediately followed by setting the last element
1840 to nul, as in:
1841 char a[32];
1842 strncpy (a, s, sizeof a);
1843 a[sizeof a - 1] = '\0';
1844 */
1846 bool
1848 {
1858 {
1861 ;
1863 {
1867 {
1870 }
1871 else
1872 {
1875 }
1876 }
1877 else
1879 }
1880 else
1883 /* Negative value is the constant string length. If it's less than
1884 the lower bound there is no truncation. Avoid calling get_stridx()
1885 when ssa_ver_to_stridx is empty. That implies the caller isn't
1886 running under the control of this pass and ssa_ver_to_stridx hasn't
1887 been created yet. */
1900 {
1901 /* If the source is a non-string return early to avoid warning
1902 for possible truncation (if the truncation is certain SIDX
1903 is non-zero). */
1909 }
1911 /* Likewise, if the destination refers to a an array/pointer declared
1912 nonstring return early. */
1916 /* Look for dst[i] = '\0'; after the stxncpy() call and if found
1917 avoid the truncation warning. */
1921 {
1922 /* When there is no statement in the same basic block check
1923 the immediate successor block. */
1925 {
1927 {
1928 /* For simplicity, ignore blocks with multiple outgoing
1929 edges for now and only consider successor blocks along
1930 normal edges. */
1933 {
1937 {
1940 }
1941 }
1942 }
1943 }
1944 }
1947 {
1955 {
1959 }
1961 /* Determine the base address and offset of the reference,
1962 ignoring the innermost array index. */
1966 poly_int64 dstoff;
1969 poly_int64 lhsoff;
1972 && dstbase
1976 }
1981 {
1987 }
1990 else
1991 {
1998 {
2001 }
2002 else
2003 {
2006 }
2007 }
2015 {
2016 /* If the longest source string is shorter than the lower bound
2017 of the specified count the copy is definitely nul-terminated. */
2022 {
2023 /* The length of one of the strings is unknown but at least
2024 one has non-zero length and that length is stored in
2025 LENRANGE[1]. Swap the bounds to force a "may be truncated"
2026 warning below. */
2029 }
2031 /* Set to true for strncat whose bound is derived from the length
2032 of the destination (the expected usage pattern). */
2040 "%G%qD output truncated before terminating "
2041 "nul copying %E byte from a string of the "
2043 "%G%qD output truncated before terminating nul "
2044 "copying %E bytes from a string of the same "
2048 {
2050 {
2051 /* The shortest string is longer than the upper bound of
2052 the count so the truncation is certain. */
2056 "%G%qD output truncated copying %E byte "
2058 "%G%qD output truncated copying %E bytes "
2063 "%G%qD output truncated copying between %wu "
2067 }
2069 {
2070 /* The longest string is longer than the upper bound of
2071 the count so the truncation is possible. */
2075 "%G%qD output may be truncated copying %E "
2077 "%G%qD output may be truncated copying %E "
2082 "%G%qD output may be truncated copying between "
2086 }
2087 }
2093 {
2094 /* If the source (including the terminating nul) is longer than
2095 the lower bound of the specified count but shorter than the
2096 upper bound the copy may (but need not) be truncated. */
2098 "%G%qD output may be truncated copying between "
2102 }
2103 }
2106 {
2107 /* The source length is uknown. Try to determine the destination
2108 size and see if it matches the specified bound. If not, bail.
2109 Otherwise go on to see if it should be diagnosed for possible
2110 truncation. */
2121 }
2124 }
2126 /* Check the arguments to the built-in forms of stpncpy and strncpy for
2127 out-of-bounds offsets or overlapping access, and to see if the size
2128 is derived from calling strlen() on the source argument, and if so,
2129 issue the appropriate warning. */
2131 static void
2133 {
2146 {
2147 /* Compute the size of the destination string including the NUL. */
2149 {
2153 }
2155 }
2160 {
2161 /* strncat() and strncpy() can modify the source string by writing
2162 over the terminating nul so SISRC->DONT_INVALIDATE must be left
2163 clear. */
2165 /* Compute the size of the source string including the NUL. */
2167 {
2171 }
2174 }
2175 else
2179 {
2182 }
2184 /* If the length argument was computed from strlen(S) for some string
2185 S retrieve the strinfo index for the string (PSS->FIRST) alonng with
2186 the location of the strlen() call (PSS->SECOND). */
2189 {
2194 }
2196 /* Retrieve the strinfo data for the string S that LEN was computed
2197 from as some function F of strlen (S) (i.e., LEN need not be equal
2198 to strlen(S)). */
2208 /* When -Wstringop-truncation is set, try to determine truncation
2209 before diagnosing possible overflow. Truncation is implied by
2210 the LEN argument being equal to strlen(SRC), regardless of
2211 whether its value is known. Otherwise, issue the more generic
2212 -Wstringop-overflow which triggers for LEN arguments that in
2213 any meaningful way depend on strlen(SRC). */
2217 "%G%qD output truncated before terminating nul "
2223 "%G%qD specified bound depends on the length "
2227 {
2231 }
2232 }
2234 /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
2235 If strlen of the second argument is known and length of the third argument
2236 is that plus one, strlen of the first argument is the same after this
2237 call. */
2239 static void
2241 {
2268 {
2271 /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
2272 is known. */
2278 {
2280 {
2281 /* Copying LEN nonzero characters, where LEN is constant. */
2284 }
2285 else
2286 {
2287 /* Copying the whole of the analyzed part of SI. */
2290 }
2291 }
2292 else
2293 {
2304 /* Copying variable-length string SI (and no more). */
2307 }
2308 }
2309 else
2310 {
2312 /* Handle memcpy (x, "abcd", 5) or
2313 memcpy (x, "abc\0uvw", 7). */
2321 }
2324 && olddsi
2328 {
2329 /* The SRC substring being written strictly overlaps
2330 a subsequence of the existing string OLDDSI. */
2333 }
2339 {
2343 }
2346 {
2351 /* Break the chain, so adjust_related_strinfo on later pointers in
2352 the chain won't adjust this one anymore. */
2356 }
2357 else
2358 {
2362 }
2366 {
2370 ;
2377 oldlen));
2380 else
2382 }
2383 /* memcpy src may not overlap dst, so src doesn't need to be
2384 invalidated either. */
2389 {
2392 {
2395 /* Allow adjust_last_stmt to decrease this memcpy's size. */
2407 }
2408 }
2409 }
2411 /* Handle a strcat-like ({strcat,__strcat_chk}) call.
2412 If strlen of the second argument is known, strlen of the first argument
2413 is increased by the length of the second argument. Furthermore, attempt
2414 to convert it to memcpy/strcpy if the length of the first argument
2415 is known. */
2417 static void
2419 {
2430 /* Bail if the source is the same as destination. It will be diagnosed
2431 elsewhere. */
2451 {
2455 }
2457 /* Set the no-warning bit on the transformed statement? */
2461 {
2462 {
2463 /* The concatenation always involves copying at least one byte
2464 (the terminating nul), even if the source string is empty.
2465 If the source is unknown assume it's one character long and
2466 used that as both sizes. */
2469 {
2472 }
2477 {
2480 }
2481 }
2483 /* strcat (p, q) can be transformed into
2484 tmp = p + strlen (p); endptr = stpcpy (tmp, q);
2485 with length endptr - p if we need to compute the length
2486 later on. Don't do this transformation if we don't need
2487 it. */
2489 {
2491 {
2495 }
2497 {
2501 }
2502 else
2503 {
2509 }
2513 }
2515 }
2526 {
2533 }
2534 else
2535 {
2540 }
2543 /* strcat src may not overlap dst, so src doesn't need to be
2544 invalidated either. */
2547 /* For now. Could remove the lhs from the call and add
2548 lhs = dst; afterwards. */
2555 {
2559 else
2565 else
2571 }
2577 {
2580 /* Compute the size of the source sequence, including the nul. */
2587 {
2590 }
2591 }
2595 {
2603 GSI_SAME_STMT);
2604 }
2607 else
2612 GSI_SAME_STMT);
2614 {
2619 GSI_SAME_STMT);
2620 }
2622 {
2625 }
2629 else
2633 {
2637 {
2640 }
2641 /* If srclen == NULL, note that current string length can be
2642 computed by transforming this strcpy into stpcpy. */
2647 {
2651 }
2652 }
2658 }
2660 /* Handle a call to malloc or calloc. */
2662 static void
2664 {
2682 }
2684 /* Handle a call to memset.
2685 After a call to calloc, memset(,0,) is unnecessary.
2686 memset(malloc(n),0,n) is calloc(n,1).
2687 return true when the call is transfomred, false otherwise. */
2689 static bool
2691 {
2714 {
2721 }
2722 else
2727 {
2730 }
2731 else
2732 {
2735 }
2738 }
2740 /* Handle a call to memcmp. We try to handle small comparisons by
2741 converting them to load and compare, and replacing the call to memcmp
2742 with a __builtin_memcmp_eq call where possible.
2743 return true when call is transformed, return false otherwise. */
2745 static bool
2747 {
2754 use_operand_p use_p;
2755 imm_use_iterator iter;
2761 {
2767 {
2773 }
2775 {
2780 }
2781 else
2783 }
2788 {
2793 scalar_int_mode mode;
2796 {
2814 boolean_type_node,
2818 }
2819 }
2823 }
2825 /* Given an index to the strinfo vector, compute the string length for the
2826 corresponding string. Return -1 when unknown. */
2828 static HOST_WIDE_INT
2830 {
2839 {
2843 }
2849 }
2851 /* Determine the minimum size of the object referenced by DEST expression which
2852 must have a pointer type.
2853 Return the minimum size of the object if successful or NULL when the size
2854 cannot be determined. */
2855 static tree
2857 {
2863 /* Try to determine the size of the object through the RHS of the
2864 assign statement. */
2866 {
2877 }
2879 /* Try to determine the size of the object from its type. */
2889 /* We cannot determine the size of the array if it's a flexible array,
2890 which is declared at the end of a structure. */
2893 {
2898 }
2901 }
2903 /* Handle a call to strcmp or strncmp. When the result is ONLY used to do
2904 equality test against zero:
2906 A. When the lengths of both arguments are constant and it's a strcmp:
2907 * if the lengths are NOT equal, we can safely fold the call
2908 to a non-zero value.
2909 * otherwise, do nothing now.
2911 B. When the length of one argument is constant, try to replace the call with
2912 a __builtin_str(n)cmp_eq call where possible, i.e:
2914 strncmp (s, STR, C) (!)= 0 in which, s is a pointer to a string, STR is a
2915 string with constant length , C is a constant.
2916 if (C <= strlen(STR) && sizeof_array(s) > C)
2917 {
2918 replace this call with
2919 strncmp_eq (s, STR, C) (!)= 0
2920 }
2921 if (C > strlen(STR)
2922 {
2923 it can be safely treated as a call to strcmp (s, STR) (!)= 0
2924 can handled by the following strcmp.
2925 }
2927 strcmp (s, STR) (!)= 0 in which, s is a pointer to a string, STR is a
2928 string with constant length.
2929 if (sizeof_array(s) > strlen(STR))
2930 {
2931 replace this call with
2932 strcmp_eq (s, STR, strlen(STR)+1) (!)= 0
2933 }
2935 Return true when the call is transformed, return false otherwise.
2936 */
2938 static bool
2940 {
2943 use_operand_p use_p;
2944 imm_use_iterator iter;
2955 /* When both arguments are unknown, do nothing. */
2959 /* Handle strncmp function. */
2961 {
2967 }
2969 /* For strncmp, if the length argument is NOT known, do nothing. */
2973 /* When the result is ONLY used to do equality test against zero. */
2975 {
2981 {
2984 {
2990 }
2992 {
2995 }
2996 else
2998 }
3000 {
3005 }
3006 else
3008 }
3010 /* When the lengths of both arguments are known, and they are unequal, we can
3011 safely fold the call to a non-zero value for strcmp;
3012 othewise, do nothing now. */
3014 {
3022 {
3025 }
3027 }
3029 /* When the length of one argument is constant. */
3034 {
3037 }
3038 else
3039 {
3043 }
3049 /* try to determine the minimum size of the object pointed by var_string. */
3061 /* For strncmp, if length > const_string_leni , this call can be safely
3062 transformed to a strcmp. */
3066 unsigned HOST_WIDE_INT final_length
3069 /* Replace strcmp or strncmp with the corresponding str(n)cmp_eq. */
3071 {
3072 tree fn
3073 = (is_ncmp
3080 }
3081 else
3085 }
3087 /* Handle a POINTER_PLUS_EXPR statement.
3088 For p = "abcd" + 2; compute associated length, or if
3089 p = q + off is pointing to a '\0' character of a string, call
3090 zero_length_string on it. */
3092 static void
3094 {
3104 {
3111 }
3122 {
3129 }
3134 {
3135 enum tree_code rhs_code
3141 }
3142 }
3144 /* If RHS, either directly or indirectly, refers to a string of constant
3145 length, return the length. Otherwise, if it refers to a character
3146 constant, return 1 if the constant is non-zero and 0 if it is nul.
3147 Otherwise, return a negative value. */
3149 static HOST_WIDE_INT
3151 {
3153 {
3155 {
3158 }
3162 }
3166 {
3169 {
3174 {
3177 {
3181 {
3184 }
3185 }
3186 }
3187 }
3188 }
3195 {
3198 }
3201 }
3203 /* Handle a single or multiple character store either by single
3204 character assignment or by multi-character assignment from
3205 MEM_REF. */
3207 static bool
3209 {
3219 {
3222 {
3223 /* Get the strinfo for the base, and use it if it starts with at
3224 least OFFSET nonzero characters. This is trivially true if
3225 OFFSET is zero. */
3234 }
3235 }
3236 else
3237 {
3241 }
3243 /* STORING_NONZERO_P is true iff not all stored characters are zero.
3244 STORING_ALL_ZEROS_P is true iff all stored characters are zero.
3245 Both are false when it's impossible to determine which is true. */
3252 /* Set to the length of the string being assigned if known. */
3253 HOST_WIDE_INT rhslen;
3256 {
3260 {
3261 /* When overwriting a '\0' with a '\0', the store can be removed
3262 if we know it has been stored in the current function. */
3264 {
3269 }
3270 else
3271 {
3275 }
3276 }
3277 /* If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
3278 and if we aren't storing '\0', we know that the length of the
3279 string and any other zero terminated string in memory remains
3280 the same. In that case we move to the next gimple statement and
3281 return to signal the caller that it shouldn't invalidate anything.
3283 This is benefical for cases like:
3285 char p[20];
3286 void foo (char *q)
3287 {
3288 strcpy (p, "foobar");
3289 size_t len = strlen (p); // This can be optimized into 6
3290 size_t len2 = strlen (q); // This has to be computed
3291 p[0] = 'X';
3292 size_t len3 = strlen (p); // This can be optimized into 6
3293 size_t len4 = strlen (q); // This can be optimized into len2
3294 bar (len, len2, len3, len4);
3295 }
3296 */
3298 {
3301 }
3303 {
3304 /* When STORING_NONZERO_P, we know that the string will start
3305 with at least OFFSET + 1 nonzero characters. If storing
3306 a single character, set si->NONZERO_CHARS to the result.
3307 If storing multiple characters, try to determine the number
3308 of leading non-zero characters and set si->NONZERO_CHARS to
3309 the result instead.
3311 When STORING_ALL_ZEROS_P, we know that the string is now
3312 OFFSET characters long.
3314 Otherwise, we're storing an unknown value at offset OFFSET,
3315 so need to clip the nonzero_chars to OFFSET. */
3319 {
3320 /* Try to get the minimum length of the string (or
3321 individual character) being stored. If it fails,
3322 STORING_NONZERO_P guarantees it's at least 1. */
3326 }
3331 /* We're overwriting the nul terminator with a nonzero or
3332 unknown character. If the previous stmt was a memcpy,
3333 its length may be decreased. */
3337 {
3340 }
3341 else
3345 && ssaname
3348 else
3355 {
3359 }
3360 else
3362 }
3363 }
3365 {
3368 else
3371 {
3373 HOST_WIDE_INT slen = (storing_all_zeros_p
3375 : (storing_nonzero_p
3379 ? size_zero_node
3384 && ssaname
3389 }
3390 }
3395 {
3398 {
3401 {
3404 full_string_p);
3407 }
3408 }
3409 }
3412 {
3413 /* Allow adjust_last_stmt to remove it if the stored '\0'
3414 is immediately overwritten. */
3418 }
3420 }
3422 /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
3424 static void
3426 {
3433 {
3438 {
3441 }
3443 }
3446 {
3450 {
3456 {
3459 else
3460 {
3464 }
3465 }
3468 {
3473 {
3476 arg1_len);
3479 }
3491 {
3493 {
3497 }
3498 else
3499 {
3502 }
3503 }
3504 else
3505 {
3509 }
3511 }
3512 }
3513 }
3514 }
3516 /* Attempt to check for validity of the performed access a single statement
3517 at *GSI using string length knowledge, and to optimize it.
3518 If the given basic block needs clean-up of EH, CLEANUP_EH is set to
3519 true. */
3521 static bool
3523 {
3527 {
3531 {
3587 }
3588 }
3590 {
3594 {
3598 {
3601 }
3604 }
3606 {
3609 {
3616 }
3626 {
3632 {
3635 {
3643 else
3644 /* This case is not useful. See if get_addr_stridx
3645 returns something usable. */
3647 }
3648 }
3652 {
3657 {
3662 {
3664 {
3667 }
3669 /* Reading the final '\0' character. */
3673 *cleanup_eh
3680 {
3683 }
3684 }
3686 {
3687 /* Reading a character before the final '\0'
3688 character. Just set the value range to ~[0, 0]
3689 if we don't have anything better. */
3692 enum value_range_kind vr
3703 }
3704 }
3705 }
3706 }
3709 {
3713 }
3714 }
3716 {
3723 {
3726 }
3727 }
3728 }
3730 {
3735 }
3740 }
3742 /* Recursively call maybe_invalidate on stmts that might be executed
3743 in between dombb and current bb and that contain a vdef. Stop when
3744 *count stmts are inspected, or if the whole strinfo vector has
3745 been invalidated. */
3747 static void
3749 {
3753 {
3763 {
3765 {
3770 }
3774 {
3777 }
3781 {
3788 }
3789 }
3790 }
3791 }
3794 {
3798 {}
3803 /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
3804 execute function. */
3806 };
3808 /* Callback for walk_dominator_tree. Attempt to optimize various
3809 string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
3811 edge
3813 {
3818 else
3819 {
3822 {
3825 {
3828 {
3834 {
3835 /* If there were too many vdefs in between immediate
3836 dominator and current bb, invalidate everything.
3837 If stridx_to_strinfo has been unshared, we need
3838 to free it, otherwise just set it to NULL. */
3840 {
3847 {
3850 }
3851 }
3852 else
3854 }
3856 }
3857 }
3858 }
3859 }
3861 /* If all PHI arguments have the same string index, the PHI result
3862 has it as well. */
3865 {
3869 {
3872 {
3879 }
3880 }
3881 }
3885 /* Attempt to optimize individual statements. */
3897 }
3899 /* Callback for walk_dominator_tree. Free strinfo vector if it is
3900 owned by the current bb, clear bb->aux. */
3902 void
3904 {
3906 {
3910 {
3917 }
3919 }
3920 }
3922 /* Main entry point. */
3927 {
3937 };
3940 {
3944 {}
3946 /* opt_pass methods: */
3952 unsigned int
3954 {
3964 /* String length optimization is implemented as a walk of the dominator
3965 tree and a forward walk of statements within each block. */
3972 {
3976 }
3982 {
3986 }
3989 }
3993 gimple_opt_pass *
3995 {
3997 }