1 | /* String length optimization |
2 | Copyright (C) 2011-2024 Free Software Foundation, Inc. |
3 | Contributed by Jakub Jelinek <jakub@redhat.com> |
4 | |
5 | This file is part of GCC. |
6 | |
7 | GCC is free software; you can redistribute it and/or modify |
8 | it under the terms of the GNU General Public License as published by |
9 | the Free Software Foundation; either version 3, or (at your option) |
10 | any later version. |
11 | |
12 | GCC is distributed in the hope that it will be useful, |
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | GNU General Public License for more details. |
16 | |
17 | You should have received a copy of the GNU General Public License |
18 | along with GCC; see the file COPYING3. If not see |
19 | <http://www.gnu.org/licenses/>. */ |
20 | |
21 | #include "config.h" |
22 | #include "system.h" |
23 | #include "coretypes.h" |
24 | #include "backend.h" |
25 | #include "rtl.h" |
26 | #include "tree.h" |
27 | #include "gimple.h" |
28 | #include "alloc-pool.h" |
29 | #include "tree-pass.h" |
30 | #include "ssa.h" |
31 | #include "cgraph.h" |
32 | #include "gimple-pretty-print.h" |
33 | #include "gimple-ssa-warn-access.h" |
34 | #include "gimple-ssa-warn-restrict.h" |
35 | #include "fold-const.h" |
36 | #include "stor-layout.h" |
37 | #include "gimple-iterator.h" |
38 | #include "gimple-fold.h" |
39 | #include "tree-eh.h" |
40 | #include "gimplify.h" |
41 | #include "gimplify-me.h" |
42 | #include "expr.h" |
43 | #include "tree-cfg.h" |
44 | #include "tree-dfa.h" |
45 | #include "domwalk.h" |
46 | #include "tree-ssa-alias.h" |
47 | #include "tree-ssa-propagate.h" |
48 | #include "tree-ssa-strlen.h" |
49 | #include "tree-hash-traits.h" |
50 | #include "builtins.h" |
51 | #include "pointer-query.h" |
52 | #include "target.h" |
53 | #include "diagnostic-core.h" |
54 | #include "diagnostic.h" |
55 | #include "intl.h" |
56 | #include "attribs.h" |
57 | #include "calls.h" |
58 | #include "cfgloop.h" |
59 | #include "tree-ssa-loop.h" |
60 | #include "tree-scalar-evolution.h" |
61 | #include "vr-values.h" |
62 | #include "gimple-range.h" |
63 | #include "tree-ssa.h" |
64 | |
65 | /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value |
66 | is an index into strinfo vector, negative value stands for |
67 | string length of a string literal (~strlen). */ |
68 | static vec<int> ssa_ver_to_stridx; |
69 | |
70 | /* Number of currently active string indexes plus one. */ |
71 | static int max_stridx; |
72 | |
73 | /* Set to true to optimize, false when just checking. */ |
74 | static bool strlen_optimize; |
75 | |
76 | /* String information record. */ |
77 | struct strinfo |
78 | { |
79 | /* Number of leading characters that are known to be nonzero. This is |
80 | also the length of the string if FULL_STRING_P. |
81 | |
82 | The values in a list of related string pointers must be consistent; |
83 | that is, if strinfo B comes X bytes after strinfo A, it must be |
84 | the case that A->nonzero_chars == X + B->nonzero_chars. */ |
85 | tree nonzero_chars; |
86 | /* Any of the corresponding pointers for querying alias oracle. */ |
87 | tree ptr; |
88 | /* STMT is used for two things: |
89 | |
90 | - To record the statement that should be used for delayed length |
91 | computations. We maintain the invariant that all related strinfos |
92 | have delayed lengths or none do. |
93 | |
94 | - To record the malloc or calloc call that produced this result |
95 | to optimize away malloc/memset sequences. STMT is reset after |
96 | a calloc-allocated object has been stored a non-zero value into. */ |
97 | gimple *stmt; |
98 | /* Set to the dynamic allocation statement for the object (alloca, |
99 | calloc, malloc, or VLA). Unlike STMT, once set for a strinfo |
100 | object, ALLOC doesn't change. */ |
101 | gimple *alloc; |
102 | /* Pointer to '\0' if known, if NULL, it can be computed as |
103 | ptr + length. */ |
104 | tree endptr; |
105 | /* Reference count. Any changes to strinfo entry possibly shared |
106 | with dominating basic blocks need unshare_strinfo first, except |
107 | for dont_invalidate which affects only the immediately next |
108 | maybe_invalidate. */ |
109 | int refcount; |
110 | /* Copy of index. get_strinfo (si->idx) should return si; */ |
111 | int idx; |
112 | /* These 3 fields are for chaining related string pointers together. |
113 | E.g. for |
114 | bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl; |
115 | strcpy (c, d); e = c + dl; |
116 | strinfo(a) -> strinfo(c) -> strinfo(e) |
117 | All have ->first field equal to strinfo(a)->idx and are doubly |
118 | chained through prev/next fields. The later strinfos are required |
119 | to point into the same string with zero or more bytes after |
120 | the previous pointer and all bytes in between the two pointers |
121 | must be non-zero. Functions like strcpy or memcpy are supposed |
122 | to adjust all previous strinfo lengths, but not following strinfo |
123 | lengths (those are uncertain, usually invalidated during |
124 | maybe_invalidate, except when the alias oracle knows better). |
125 | Functions like strcat on the other side adjust the whole |
126 | related strinfo chain. |
127 | They are updated lazily, so to use the chain the same first fields |
128 | and si->prev->next == si->idx needs to be verified. */ |
129 | int first; |
130 | int next; |
131 | int prev; |
132 | /* A flag whether the string is known to be written in the current |
133 | function. */ |
134 | bool writable; |
135 | /* A flag for the next maybe_invalidate that this strinfo shouldn't |
136 | be invalidated. Always cleared by maybe_invalidate. */ |
137 | bool dont_invalidate; |
138 | /* True if the string is known to be nul-terminated after NONZERO_CHARS |
139 | characters. False is useful when detecting strings that are built |
140 | up via successive memcpys. */ |
141 | bool full_string_p; |
142 | }; |
143 | |
144 | /* Pool for allocating strinfo_struct entries. */ |
145 | static object_allocator<strinfo> strinfo_pool ("strinfo pool" ); |
146 | |
147 | /* Vector mapping positive string indexes to strinfo, for the |
148 | current basic block. The first pointer in the vector is special, |
149 | it is either NULL, meaning the vector isn't shared, or it is |
150 | a basic block pointer to the owner basic_block if shared. |
151 | If some other bb wants to modify the vector, the vector needs |
152 | to be unshared first, and only the owner bb is supposed to free it. */ |
153 | static vec<strinfo *, va_heap, vl_embed> *stridx_to_strinfo; |
154 | |
155 | /* One OFFSET->IDX mapping. */ |
156 | struct stridxlist |
157 | { |
158 | struct stridxlist *next; |
159 | HOST_WIDE_INT offset; |
160 | int idx; |
161 | }; |
162 | |
163 | /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */ |
164 | struct decl_stridxlist_map |
165 | { |
166 | struct tree_map_base base; |
167 | struct stridxlist list; |
168 | }; |
169 | |
170 | /* Hash table for mapping decls to a chained list of offset -> idx |
171 | mappings. */ |
172 | typedef hash_map<tree_decl_hash, stridxlist> decl_to_stridxlist_htab_t; |
173 | static decl_to_stridxlist_htab_t *decl_to_stridxlist_htab; |
174 | |
175 | /* Hash table mapping strlen (or strnlen with constant bound and return |
176 | smaller than bound) calls to stridx instances describing |
177 | the calls' arguments. Non-null only when warn_stringop_truncation |
178 | is non-zero. */ |
179 | typedef std::pair<int, location_t> stridx_strlenloc; |
180 | static hash_map<tree, stridx_strlenloc> *strlen_to_stridx; |
181 | |
182 | /* Obstack for struct stridxlist and struct decl_stridxlist_map. */ |
183 | static struct obstack stridx_obstack; |
184 | |
185 | /* Last memcpy statement if it could be adjusted if the trailing |
186 | '\0' written is immediately overwritten, or |
187 | *x = '\0' store that could be removed if it is immediately overwritten. */ |
188 | struct laststmt_struct |
189 | { |
190 | gimple *stmt; |
191 | tree len; |
192 | int stridx; |
193 | } laststmt; |
194 | |
195 | static int get_stridx_plus_constant (strinfo *, unsigned HOST_WIDE_INT, tree); |
196 | static bool get_range_strlen_dynamic (tree, gimple *, c_strlen_data *, |
197 | bitmap, pointer_query *, unsigned *); |
198 | |
199 | /* Sets MINMAX to either the constant value or the range VAL is in |
200 | and returns either the constant value or VAL on success or null |
201 | when the range couldn't be determined. Uses RVALS or CFUN for |
202 | range info, whichever is nonnull. */ |
203 | |
204 | tree |
205 | get_range (tree val, gimple *stmt, wide_int minmax[2], |
206 | range_query *rvals /* = NULL */) |
207 | { |
208 | if (!rvals) |
209 | { |
210 | if (!cfun) |
211 | /* When called from front ends for global initializers CFUN |
212 | may be null. */ |
213 | return NULL_TREE; |
214 | |
215 | rvals = get_range_query (cfun); |
216 | } |
217 | |
218 | value_range vr; |
219 | if (!rvals->range_of_expr (r&: vr, expr: val, stmt)) |
220 | return NULL_TREE; |
221 | |
222 | tree vrmin, vrmax; |
223 | value_range_kind rng = get_legacy_range (vr, min&: vrmin, max&: vrmax); |
224 | if (rng == VR_RANGE) |
225 | { |
226 | /* Only handle straight ranges. */ |
227 | minmax[0] = wi::to_wide (t: vrmin); |
228 | minmax[1] = wi::to_wide (t: vrmax); |
229 | return val; |
230 | } |
231 | |
232 | return NULL_TREE; |
233 | } |
234 | |
235 | class strlen_pass : public dom_walker |
236 | { |
237 | public: |
238 | strlen_pass (cdi_direction direction) |
239 | : dom_walker (direction), |
240 | ptr_qry (&m_ranger), |
241 | m_cleanup_cfg (false) |
242 | { |
243 | } |
244 | |
245 | ~strlen_pass (); |
246 | |
247 | edge before_dom_children (basic_block) final override; |
248 | void after_dom_children (basic_block) final override; |
249 | |
250 | bool check_and_optimize_stmt (bool *cleanup_eh); |
251 | bool check_and_optimize_call (bool *zero_write); |
252 | bool handle_assign (tree lhs, bool *zero_write); |
253 | bool handle_store (bool *zero_write); |
254 | void handle_pointer_plus (); |
255 | void handle_builtin_strlen (); |
256 | void handle_builtin_strchr (); |
257 | void handle_builtin_strcpy (built_in_function); |
258 | void handle_integral_assign (bool *cleanup_eh); |
259 | void handle_builtin_stxncpy_strncat (bool append_p); |
260 | void handle_builtin_memcpy (built_in_function bcode); |
261 | void handle_builtin_strcat (built_in_function bcode); |
262 | void handle_builtin_strncat (built_in_function); |
263 | bool handle_builtin_memset (bool *zero_write); |
264 | bool handle_builtin_memcmp (); |
265 | bool handle_builtin_string_cmp (); |
266 | void handle_alloc_call (built_in_function); |
267 | void maybe_warn_overflow (gimple *stmt, bool call_lhs, tree len, |
268 | strinfo *si = NULL, bool plus_one = false, |
269 | bool rawmem = false); |
270 | void maybe_warn_overflow (gimple *stmt, bool call_lhs, |
271 | unsigned HOST_WIDE_INT len, |
272 | strinfo *si = NULL, |
273 | bool plus_one = false, bool rawmem = false); |
274 | void adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat); |
275 | tree strxcmp_eqz_result (gimple *stmt, tree arg1, int idx1, |
276 | tree arg2, int idx2, |
277 | unsigned HOST_WIDE_INT bound, |
278 | unsigned HOST_WIDE_INT len[2], |
279 | unsigned HOST_WIDE_INT *psize); |
280 | bool count_nonzero_bytes (tree expr_or_type, |
281 | gimple *stmt, |
282 | unsigned lenrange[3], bool *nulterm, |
283 | bool *allnul, bool *allnonnul); |
284 | bool count_nonzero_bytes (tree exp, tree vuse, |
285 | gimple *stmt, |
286 | unsigned HOST_WIDE_INT offset, |
287 | unsigned HOST_WIDE_INT nbytes, |
288 | unsigned lenrange[3], bool *nulterm, |
289 | bool *allnul, bool *allnonnul, |
290 | ssa_name_limit_t &snlim); |
291 | bool count_nonzero_bytes_addr (tree exp, tree vuse, |
292 | gimple *stmt, |
293 | unsigned HOST_WIDE_INT offset, |
294 | unsigned HOST_WIDE_INT nbytes, |
295 | unsigned lenrange[3], bool *nulterm, |
296 | bool *allnul, bool *allnonnul, |
297 | ssa_name_limit_t &snlim); |
298 | bool get_len_or_size (gimple *stmt, tree arg, int idx, |
299 | unsigned HOST_WIDE_INT lenrng[2], |
300 | unsigned HOST_WIDE_INT *size, bool *nulterm); |
301 | |
302 | gimple_ranger m_ranger; |
303 | |
304 | /* A pointer_query object to store information about pointers and |
305 | their targets in. */ |
306 | pointer_query ptr_qry; |
307 | |
308 | gimple_stmt_iterator m_gsi; |
309 | |
310 | /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen |
311 | execute function. */ |
312 | bool m_cleanup_cfg; |
313 | }; |
314 | |
315 | /* Return: |
316 | |
317 | * +1 if SI is known to start with more than OFF nonzero characters. |
318 | |
319 | * 0 if SI is known to start with exactly OFF nonzero characters. |
320 | |
321 | * -1 if SI either does not start with OFF nonzero characters |
322 | or the relationship between the number of leading nonzero |
323 | characters in SI and OFF is unknown. */ |
324 | |
325 | static int |
326 | compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off) |
327 | { |
328 | if (si->nonzero_chars |
329 | && TREE_CODE (si->nonzero_chars) == INTEGER_CST) |
330 | return compare_tree_int (si->nonzero_chars, off); |
331 | else |
332 | return -1; |
333 | } |
334 | |
335 | /* Same as above but suitable also for strings with non-constant lengths. |
336 | Uses RVALS to determine length range. */ |
337 | |
338 | static int |
339 | compare_nonzero_chars (strinfo *si, gimple *stmt, |
340 | unsigned HOST_WIDE_INT off, |
341 | range_query *rvals) |
342 | { |
343 | if (!si->nonzero_chars) |
344 | return -1; |
345 | |
346 | if (TREE_CODE (si->nonzero_chars) == INTEGER_CST) |
347 | return compare_tree_int (si->nonzero_chars, off); |
348 | |
349 | if (!rvals || TREE_CODE (si->nonzero_chars) != SSA_NAME) |
350 | return -1; |
351 | |
352 | value_range vr; |
353 | if (!rvals->range_of_expr (r&: vr, expr: si->nonzero_chars, stmt) |
354 | || vr.varying_p () |
355 | || vr.undefined_p ()) |
356 | return -1; |
357 | |
358 | /* If the offset is less than the minimum length or if the bounds |
359 | of the length range are equal return the result of the comparison |
360 | same as in the constant case. Otherwise return a conservative |
361 | result. */ |
362 | signop sign = TYPE_SIGN (vr.type ()); |
363 | unsigned prec = TYPE_PRECISION (vr.type ()); |
364 | int cmpmin = wi::cmp (x: vr.lower_bound (), y: wi::uhwi (val: off, precision: prec), sgn: sign); |
365 | if (cmpmin > 0 || vr.singleton_p ()) |
366 | return cmpmin; |
367 | |
368 | return -1; |
369 | } |
370 | |
371 | /* Return true if SI is known to be a zero-length string. */ |
372 | |
373 | static inline bool |
374 | zero_length_string_p (strinfo *si) |
375 | { |
376 | return si->full_string_p && integer_zerop (si->nonzero_chars); |
377 | } |
378 | |
379 | /* Return strinfo vector entry IDX. */ |
380 | |
381 | static inline strinfo * |
382 | get_strinfo (int idx) |
383 | { |
384 | if (vec_safe_length (v: stridx_to_strinfo) <= (unsigned int) idx) |
385 | return NULL; |
386 | return (*stridx_to_strinfo)[idx]; |
387 | } |
388 | |
389 | /* Get the next strinfo in the chain after SI, or null if none. */ |
390 | |
391 | static inline strinfo * |
392 | get_next_strinfo (strinfo *si) |
393 | { |
394 | if (si->next == 0) |
395 | return NULL; |
396 | strinfo *nextsi = get_strinfo (idx: si->next); |
397 | if (nextsi == NULL || nextsi->first != si->first || nextsi->prev != si->idx) |
398 | return NULL; |
399 | return nextsi; |
400 | } |
401 | |
402 | /* Helper function for get_stridx. Return the strinfo index of the address |
403 | of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is |
404 | OK to return the index for some X <= &EXP and store &EXP - X in |
405 | *OFFSET_OUT. When RVALS is nonnull uses it to determine range |
406 | information. */ |
407 | |
408 | static int |
409 | get_addr_stridx (tree exp, gimple *stmt, |
410 | tree ptr, unsigned HOST_WIDE_INT *offset_out, |
411 | range_query *rvals = NULL) |
412 | { |
413 | HOST_WIDE_INT off; |
414 | struct stridxlist *list, *last = NULL; |
415 | tree base; |
416 | |
417 | if (!decl_to_stridxlist_htab) |
418 | return 0; |
419 | |
420 | poly_int64 poff; |
421 | base = get_addr_base_and_unit_offset (exp, &poff); |
422 | if (base == NULL || !DECL_P (base) || !poff.is_constant (const_value: &off)) |
423 | return 0; |
424 | |
425 | list = decl_to_stridxlist_htab->get (k: base); |
426 | if (list == NULL) |
427 | return 0; |
428 | |
429 | do |
430 | { |
431 | if (list->offset == off) |
432 | { |
433 | if (offset_out) |
434 | *offset_out = 0; |
435 | return list->idx; |
436 | } |
437 | if (list->offset > off) |
438 | return 0; |
439 | last = list; |
440 | list = list->next; |
441 | } |
442 | while (list); |
443 | |
444 | if ((offset_out || ptr) && last && last->idx > 0) |
445 | { |
446 | unsigned HOST_WIDE_INT rel_off |
447 | = (unsigned HOST_WIDE_INT) off - last->offset; |
448 | strinfo *si = get_strinfo (idx: last->idx); |
449 | if (si && compare_nonzero_chars (si, stmt, off: rel_off, rvals) >= 0) |
450 | { |
451 | if (offset_out) |
452 | { |
453 | *offset_out = rel_off; |
454 | return last->idx; |
455 | } |
456 | else |
457 | return get_stridx_plus_constant (si, rel_off, ptr); |
458 | } |
459 | } |
460 | return 0; |
461 | } |
462 | |
463 | /* Returns string index for EXP. When EXP is an SSA_NAME that refers |
464 | to a known strinfo with an offset and OFFRNG is non-null, sets |
465 | both elements of the OFFRNG array to the range of the offset and |
466 | returns the index of the known strinfo. In this case the result |
467 | must not be used in for functions that modify the string. |
468 | When nonnull, uses RVALS to determine range information. */ |
469 | |
470 | static int |
471 | get_stridx (tree exp, gimple *stmt, |
472 | wide_int offrng[2] = NULL, range_query *rvals = NULL) |
473 | { |
474 | if (offrng) |
475 | offrng[0] = offrng[1] = wi::zero (TYPE_PRECISION (ptrdiff_type_node)); |
476 | |
477 | if (TREE_CODE (exp) == SSA_NAME) |
478 | { |
479 | if (ssa_ver_to_stridx[SSA_NAME_VERSION (exp)]) |
480 | return ssa_ver_to_stridx[SSA_NAME_VERSION (exp)]; |
481 | |
482 | tree e = exp; |
483 | int last_idx = 0; |
484 | HOST_WIDE_INT offset = 0; |
485 | /* Follow a chain of at most 5 assignments. */ |
486 | for (int i = 0; i < 5; i++) |
487 | { |
488 | gimple *def_stmt = SSA_NAME_DEF_STMT (e); |
489 | if (!is_gimple_assign (gs: def_stmt)) |
490 | return last_idx; |
491 | |
492 | tree_code rhs_code = gimple_assign_rhs_code (gs: def_stmt); |
493 | tree ptr, off; |
494 | |
495 | if (rhs_code == ADDR_EXPR) |
496 | { |
497 | /* Handle indices/offsets into VLAs which are implemented |
498 | as pointers to arrays. */ |
499 | ptr = gimple_assign_rhs1 (gs: def_stmt); |
500 | ptr = TREE_OPERAND (ptr, 0); |
501 | |
502 | /* Handle also VLAs of types larger than char. */ |
503 | if (tree eltsize = TYPE_SIZE_UNIT (TREE_TYPE (ptr))) |
504 | { |
505 | if (TREE_CODE (ptr) == ARRAY_REF) |
506 | { |
507 | off = TREE_OPERAND (ptr, 1); |
508 | ptr = TREE_OPERAND (ptr, 0); |
509 | if (!integer_onep (eltsize)) |
510 | { |
511 | /* Scale the array index by the size of the element |
512 | type in the rare case that it's greater than |
513 | the typical 1 for char, making sure both operands |
514 | have the same type. */ |
515 | eltsize = fold_convert (ssizetype, eltsize); |
516 | off = fold_convert (ssizetype, off); |
517 | off = fold_build2 (MULT_EXPR, ssizetype, off, eltsize); |
518 | } |
519 | } |
520 | else |
521 | off = integer_zero_node; |
522 | } |
523 | else |
524 | return 0; |
525 | |
526 | if (TREE_CODE (ptr) != MEM_REF) |
527 | return 0; |
528 | |
529 | /* Add the MEM_REF byte offset. */ |
530 | tree mem_off = TREE_OPERAND (ptr, 1); |
531 | off = fold_build2 (PLUS_EXPR, TREE_TYPE (off), off, mem_off); |
532 | ptr = TREE_OPERAND (ptr, 0); |
533 | } |
534 | else if (rhs_code == POINTER_PLUS_EXPR) |
535 | { |
536 | ptr = gimple_assign_rhs1 (gs: def_stmt); |
537 | off = gimple_assign_rhs2 (gs: def_stmt); |
538 | } |
539 | else |
540 | return 0; |
541 | |
542 | if (TREE_CODE (ptr) != SSA_NAME) |
543 | return 0; |
544 | |
545 | if (!tree_fits_shwi_p (off)) |
546 | { |
547 | if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)]) |
548 | if (offrng) |
549 | { |
550 | /* Only when requested by setting OFFRNG to non-null, |
551 | return the index corresponding to the SSA_NAME. |
552 | Do this irrespective of the whether the offset |
553 | is known. */ |
554 | if (get_range (val: off, stmt: def_stmt, minmax: offrng, rvals)) |
555 | { |
556 | /* When the offset range is known, increment it |
557 | it by the constant offset computed in prior |
558 | iterations and store it in the OFFRNG array. */ |
559 | offrng[0] += offset; |
560 | offrng[1] += offset; |
561 | } |
562 | else |
563 | { |
564 | /* When the offset range cannot be determined |
565 | store [0, SIZE_MAX] and let the caller decide |
566 | if the offset matters. */ |
567 | offrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype)); |
568 | offrng[0] = wi::zero (precision: offrng[1].get_precision ()); |
569 | } |
570 | return idx; |
571 | } |
572 | return 0; |
573 | } |
574 | |
575 | HOST_WIDE_INT this_off = tree_to_shwi (off); |
576 | if (offrng) |
577 | { |
578 | offrng[0] += wi::shwi (val: this_off, precision: offrng->get_precision ()); |
579 | offrng[1] += offrng[0]; |
580 | } |
581 | |
582 | if (this_off < 0) |
583 | return last_idx; |
584 | |
585 | offset = (unsigned HOST_WIDE_INT) offset + this_off; |
586 | if (offset < 0) |
587 | return last_idx; |
588 | |
589 | if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)]) |
590 | { |
591 | strinfo *si = get_strinfo (idx); |
592 | if (si) |
593 | { |
594 | if (compare_nonzero_chars (si, off: offset) >= 0) |
595 | return get_stridx_plus_constant (si, offset, exp); |
596 | |
597 | if (offrng) |
598 | last_idx = idx; |
599 | } |
600 | } |
601 | e = ptr; |
602 | } |
603 | |
604 | return last_idx; |
605 | } |
606 | |
607 | if (TREE_CODE (exp) == ADDR_EXPR) |
608 | { |
609 | int idx = get_addr_stridx (TREE_OPERAND (exp, 0), stmt, ptr: exp, NULL); |
610 | if (idx != 0) |
611 | return idx; |
612 | } |
613 | |
614 | const char *p = c_getstr (exp); |
615 | if (p) |
616 | return ~(int) strlen (s: p); |
617 | |
618 | return 0; |
619 | } |
620 | |
621 | /* Return true if strinfo vector is shared with the immediate dominator. */ |
622 | |
623 | static inline bool |
624 | strinfo_shared (void) |
625 | { |
626 | return vec_safe_length (v: stridx_to_strinfo) |
627 | && (*stridx_to_strinfo)[0] != NULL; |
628 | } |
629 | |
630 | /* Unshare strinfo vector that is shared with the immediate dominator. */ |
631 | |
632 | static void |
633 | unshare_strinfo_vec (void) |
634 | { |
635 | strinfo *si; |
636 | unsigned int i = 0; |
637 | |
638 | gcc_assert (strinfo_shared ()); |
639 | stridx_to_strinfo = vec_safe_copy (src: stridx_to_strinfo); |
640 | for (i = 1; vec_safe_iterate (v: stridx_to_strinfo, ix: i, ptr: &si); ++i) |
641 | if (si != NULL) |
642 | si->refcount++; |
643 | (*stridx_to_strinfo)[0] = NULL; |
644 | } |
645 | |
646 | /* Attempt to create a string index for exp, ADDR_EXPR's operand. |
647 | Return a pointer to the location where the string index can |
648 | be stored (if 0) or is stored, or NULL if this can't be tracked. */ |
649 | |
650 | static int * |
651 | addr_stridxptr (tree exp) |
652 | { |
653 | HOST_WIDE_INT off; |
654 | |
655 | poly_int64 poff; |
656 | tree base = get_addr_base_and_unit_offset (exp, &poff); |
657 | if (base == NULL_TREE || !DECL_P (base) || !poff.is_constant (const_value: &off)) |
658 | return NULL; |
659 | |
660 | if (!decl_to_stridxlist_htab) |
661 | { |
662 | decl_to_stridxlist_htab |
663 | = new hash_map<tree_decl_hash, stridxlist> (64); |
664 | gcc_obstack_init (&stridx_obstack); |
665 | } |
666 | |
667 | bool existed; |
668 | stridxlist *list = &decl_to_stridxlist_htab->get_or_insert (k: base, existed: &existed); |
669 | if (existed) |
670 | { |
671 | int i; |
672 | stridxlist *before = NULL; |
673 | for (i = 0; i < 32; i++) |
674 | { |
675 | if (list->offset == off) |
676 | return &list->idx; |
677 | if (list->offset > off && before == NULL) |
678 | before = list; |
679 | if (list->next == NULL) |
680 | break; |
681 | list = list->next; |
682 | } |
683 | if (i == 32) |
684 | return NULL; |
685 | if (before) |
686 | { |
687 | list = before; |
688 | before = XOBNEW (&stridx_obstack, struct stridxlist); |
689 | *before = *list; |
690 | list->next = before; |
691 | list->offset = off; |
692 | list->idx = 0; |
693 | return &list->idx; |
694 | } |
695 | list->next = XOBNEW (&stridx_obstack, struct stridxlist); |
696 | list = list->next; |
697 | } |
698 | |
699 | list->next = NULL; |
700 | list->offset = off; |
701 | list->idx = 0; |
702 | return &list->idx; |
703 | } |
704 | |
705 | /* Create a new string index, or return 0 if reached limit. */ |
706 | |
707 | static int |
708 | new_stridx (tree exp) |
709 | { |
710 | int idx; |
711 | if (max_stridx >= param_max_tracked_strlens) |
712 | return 0; |
713 | if (TREE_CODE (exp) == SSA_NAME) |
714 | { |
715 | if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp)) |
716 | return 0; |
717 | idx = max_stridx++; |
718 | ssa_ver_to_stridx[SSA_NAME_VERSION (exp)] = idx; |
719 | return idx; |
720 | } |
721 | if (TREE_CODE (exp) == ADDR_EXPR) |
722 | { |
723 | int *pidx = addr_stridxptr (TREE_OPERAND (exp, 0)); |
724 | if (pidx != NULL) |
725 | { |
726 | gcc_assert (*pidx == 0); |
727 | *pidx = max_stridx++; |
728 | return *pidx; |
729 | } |
730 | } |
731 | return 0; |
732 | } |
733 | |
734 | /* Like new_stridx, but for ADDR_EXPR's operand instead. */ |
735 | |
736 | static int |
737 | new_addr_stridx (tree exp) |
738 | { |
739 | int *pidx; |
740 | if (max_stridx >= param_max_tracked_strlens) |
741 | return 0; |
742 | pidx = addr_stridxptr (exp); |
743 | if (pidx != NULL) |
744 | { |
745 | gcc_assert (*pidx == 0); |
746 | *pidx = max_stridx++; |
747 | return *pidx; |
748 | } |
749 | return 0; |
750 | } |
751 | |
752 | /* Create a new strinfo. */ |
753 | |
754 | static strinfo * |
755 | new_strinfo (tree ptr, int idx, tree nonzero_chars, bool full_string_p) |
756 | { |
757 | strinfo *si = strinfo_pool.allocate (); |
758 | si->nonzero_chars = nonzero_chars; |
759 | STRIP_USELESS_TYPE_CONVERSION (ptr); |
760 | si->ptr = ptr; |
761 | si->stmt = NULL; |
762 | si->alloc = NULL; |
763 | si->endptr = NULL_TREE; |
764 | si->refcount = 1; |
765 | si->idx = idx; |
766 | si->first = 0; |
767 | si->prev = 0; |
768 | si->next = 0; |
769 | si->writable = false; |
770 | si->dont_invalidate = false; |
771 | si->full_string_p = full_string_p; |
772 | return si; |
773 | } |
774 | |
775 | /* Decrease strinfo refcount and free it if not referenced anymore. */ |
776 | |
777 | static inline void |
778 | free_strinfo (strinfo *si) |
779 | { |
780 | if (si && --si->refcount == 0) |
781 | strinfo_pool.remove (object: si); |
782 | } |
783 | |
784 | /* Set strinfo in the vector entry IDX to SI. */ |
785 | |
786 | static inline void |
787 | set_strinfo (int idx, strinfo *si) |
788 | { |
789 | if (vec_safe_length (v: stridx_to_strinfo) && (*stridx_to_strinfo)[0]) |
790 | unshare_strinfo_vec (); |
791 | if (vec_safe_length (v: stridx_to_strinfo) <= (unsigned int) idx) |
792 | vec_safe_grow_cleared (v&: stridx_to_strinfo, len: idx + 1, exact: true); |
793 | (*stridx_to_strinfo)[idx] = si; |
794 | } |
795 | |
796 | /* Return the first strinfo in the related strinfo chain |
797 | if all strinfos in between belong to the chain, otherwise NULL. */ |
798 | |
799 | static strinfo * |
800 | verify_related_strinfos (strinfo *origsi) |
801 | { |
802 | strinfo *si = origsi, *psi; |
803 | |
804 | if (origsi->first == 0) |
805 | return NULL; |
806 | for (; si->prev; si = psi) |
807 | { |
808 | if (si->first != origsi->first) |
809 | return NULL; |
810 | psi = get_strinfo (idx: si->prev); |
811 | if (psi == NULL) |
812 | return NULL; |
813 | if (psi->next != si->idx) |
814 | return NULL; |
815 | } |
816 | if (si->idx != si->first) |
817 | return NULL; |
818 | return si; |
819 | } |
820 | |
821 | /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr. |
822 | Use LOC for folding. */ |
823 | |
824 | static void |
825 | set_endptr_and_length (location_t loc, strinfo *si, tree endptr) |
826 | { |
827 | si->endptr = endptr; |
828 | si->stmt = NULL; |
829 | tree start_as_size = fold_convert_loc (loc, size_type_node, si->ptr); |
830 | tree end_as_size = fold_convert_loc (loc, size_type_node, endptr); |
831 | si->nonzero_chars = fold_build2_loc (loc, MINUS_EXPR, size_type_node, |
832 | end_as_size, start_as_size); |
833 | si->full_string_p = true; |
834 | } |
835 | |
836 | /* Return the string length, or NULL if it can't be computed. |
837 | The length may but need not be constant. Instead, it might be |
838 | the result of a strlen() call. */ |
839 | |
840 | static tree |
841 | get_string_length (strinfo *si) |
842 | { |
843 | /* If the length has already been computed return it if it's exact |
844 | (i.e., the string is nul-terminated at NONZERO_CHARS), or return |
845 | null if it isn't. */ |
846 | if (si->nonzero_chars) |
847 | return si->full_string_p ? si->nonzero_chars : NULL; |
848 | |
849 | /* If the string is the result of one of the built-in calls below |
850 | attempt to compute the length from the call statement. */ |
851 | if (si->stmt) |
852 | { |
853 | gimple *stmt = si->stmt, *lenstmt; |
854 | tree callee, lhs, fn, tem; |
855 | location_t loc; |
856 | gimple_stmt_iterator gsi; |
857 | |
858 | gcc_assert (is_gimple_call (stmt)); |
859 | callee = gimple_call_fndecl (gs: stmt); |
860 | gcc_assert (callee && fndecl_built_in_p (callee, BUILT_IN_NORMAL)); |
861 | lhs = gimple_call_lhs (gs: stmt); |
862 | /* unshare_strinfo is intentionally not called here. The (delayed) |
863 | transformation of strcpy or strcat into stpcpy is done at the place |
864 | of the former strcpy/strcat call and so can affect all the strinfos |
865 | with the same stmt. If they were unshared before and transformation |
866 | has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should |
867 | just compute the right length. */ |
868 | switch (DECL_FUNCTION_CODE (decl: callee)) |
869 | { |
870 | case BUILT_IN_STRCAT: |
871 | case BUILT_IN_STRCAT_CHK: |
872 | gsi = gsi_for_stmt (stmt); |
873 | fn = builtin_decl_implicit (fncode: BUILT_IN_STRLEN); |
874 | gcc_assert (lhs == NULL_TREE); |
875 | tem = unshare_expr (gimple_call_arg (gs: stmt, index: 0)); |
876 | lenstmt = gimple_build_call (fn, 1, tem); |
877 | lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt: lenstmt); |
878 | gimple_call_set_lhs (gs: lenstmt, lhs); |
879 | gimple_set_vuse (g: lenstmt, vuse: gimple_vuse (g: stmt)); |
880 | gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT); |
881 | tem = gimple_call_arg (gs: stmt, index: 0); |
882 | if (!ptrofftype_p (TREE_TYPE (lhs))) |
883 | { |
884 | lhs = convert_to_ptrofftype (lhs); |
885 | lhs = force_gimple_operand_gsi (&gsi, lhs, true, NULL_TREE, |
886 | true, GSI_SAME_STMT); |
887 | } |
888 | lenstmt = gimple_build_assign |
889 | (make_ssa_name (TREE_TYPE (gimple_call_arg (stmt, 0))), |
890 | POINTER_PLUS_EXPR,tem, lhs); |
891 | gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT); |
892 | gimple_call_set_arg (gs: stmt, index: 0, arg: gimple_assign_lhs (gs: lenstmt)); |
893 | lhs = NULL_TREE; |
894 | /* FALLTHRU */ |
895 | case BUILT_IN_STRCPY: |
896 | case BUILT_IN_STRCPY_CHK: |
897 | gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY)); |
898 | if (gimple_call_num_args (gs: stmt) == 2) |
899 | fn = builtin_decl_implicit (fncode: BUILT_IN_STPCPY); |
900 | else |
901 | fn = builtin_decl_explicit (fncode: BUILT_IN_STPCPY_CHK); |
902 | gcc_assert (lhs == NULL_TREE); |
903 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
904 | { |
905 | fprintf (stream: dump_file, format: "Optimizing: " ); |
906 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
907 | } |
908 | gimple_call_set_fndecl (gs: stmt, decl: fn); |
909 | lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt); |
910 | gimple_call_set_lhs (gs: stmt, lhs); |
911 | update_stmt (s: stmt); |
912 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
913 | { |
914 | fprintf (stream: dump_file, format: "into: " ); |
915 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
916 | } |
917 | /* FALLTHRU */ |
918 | case BUILT_IN_STPCPY: |
919 | case BUILT_IN_STPCPY_CHK: |
920 | gcc_assert (lhs != NULL_TREE); |
921 | loc = gimple_location (g: stmt); |
922 | set_endptr_and_length (loc, si, endptr: lhs); |
923 | for (strinfo *chainsi = verify_related_strinfos (origsi: si); |
924 | chainsi != NULL; |
925 | chainsi = get_next_strinfo (si: chainsi)) |
926 | if (chainsi->nonzero_chars == NULL) |
927 | set_endptr_and_length (loc, si: chainsi, endptr: lhs); |
928 | break; |
929 | case BUILT_IN_ALLOCA: |
930 | case BUILT_IN_ALLOCA_WITH_ALIGN: |
931 | case BUILT_IN_MALLOC: |
932 | break; |
933 | /* BUILT_IN_CALLOC always has si->nonzero_chars set. */ |
934 | default: |
935 | gcc_unreachable (); |
936 | break; |
937 | } |
938 | } |
939 | |
940 | return si->nonzero_chars; |
941 | } |
942 | |
943 | /* Dump strlen data to FP for statement STMT. When non-null, RVALS |
944 | points to the valuation engine used to calculate ranges, and is |
945 | used to dump strlen range for non-constant results. */ |
946 | |
947 | DEBUG_FUNCTION void |
948 | dump_strlen_info (FILE *fp, gimple *stmt, range_query *rvals) |
949 | { |
950 | if (stmt) |
951 | { |
952 | fprintf (stream: fp, format: "\nDumping strlen pass data after " ); |
953 | print_gimple_expr (fp, stmt, TDF_LINENO); |
954 | fputc (c: '\n', stream: fp); |
955 | } |
956 | else |
957 | fprintf (stream: fp, format: "\nDumping strlen pass data\n" ); |
958 | |
959 | fprintf (stream: fp, format: "max_stridx = %i\n" , max_stridx); |
960 | fprintf (stream: fp, format: "ssa_ver_to_stridx has %u elements\n" , |
961 | ssa_ver_to_stridx.length ()); |
962 | fprintf (stream: fp, format: "stridx_to_strinfo" ); |
963 | if (stridx_to_strinfo) |
964 | { |
965 | fprintf (stream: fp, format: " has %u elements\n" , stridx_to_strinfo->length ()); |
966 | for (unsigned i = 0; i != stridx_to_strinfo->length (); ++i) |
967 | { |
968 | if (strinfo *si = (*stridx_to_strinfo)[i]) |
969 | { |
970 | if (!si->idx) |
971 | continue; |
972 | fprintf (stream: fp, format: " idx = %i" , si->idx); |
973 | if (si->ptr) |
974 | { |
975 | fprintf (stream: fp, format: ", ptr = " ); |
976 | print_generic_expr (fp, si->ptr); |
977 | } |
978 | |
979 | if (si->nonzero_chars) |
980 | { |
981 | fprintf (stream: fp, format: ", nonzero_chars = " ); |
982 | print_generic_expr (fp, si->nonzero_chars); |
983 | if (TREE_CODE (si->nonzero_chars) == SSA_NAME) |
984 | { |
985 | value_range vr; |
986 | if (rvals) |
987 | rvals->range_of_expr (r&: vr, expr: si->nonzero_chars, |
988 | si->stmt); |
989 | else |
990 | get_range_query (cfun)->range_of_expr (r&: vr, |
991 | expr: si->nonzero_chars); |
992 | vr.dump (fp); |
993 | } |
994 | } |
995 | |
996 | fprintf (stream: fp, format: ", refcount = %i" , si->refcount); |
997 | if (si->stmt) |
998 | { |
999 | fprintf (stream: fp, format: ", stmt = " ); |
1000 | print_gimple_expr (fp, si->stmt, 0); |
1001 | } |
1002 | if (si->alloc) |
1003 | { |
1004 | fprintf (stream: fp, format: ", alloc = " ); |
1005 | print_gimple_expr (fp, si->alloc, 0); |
1006 | } |
1007 | if (si->writable) |
1008 | fprintf (stream: fp, format: ", writable" ); |
1009 | if (si->dont_invalidate) |
1010 | fprintf (stream: fp, format: ", dont_invalidate" ); |
1011 | if (si->full_string_p) |
1012 | fprintf (stream: fp, format: ", full_string_p" ); |
1013 | if (strinfo *next = get_next_strinfo (si)) |
1014 | { |
1015 | fprintf (stream: fp, format: ", {" ); |
1016 | do |
1017 | fprintf (stream: fp, format: "%i%s" , next->idx, next->first ? ", " : "" ); |
1018 | while ((next = get_next_strinfo (si: next))); |
1019 | fprintf (stream: fp, format: "}" ); |
1020 | } |
1021 | fputs (s: "\n" , stream: fp); |
1022 | } |
1023 | } |
1024 | } |
1025 | else |
1026 | fprintf (stream: fp, format: " = null\n" ); |
1027 | |
1028 | fprintf (stream: fp, format: "decl_to_stridxlist_htab" ); |
1029 | if (decl_to_stridxlist_htab) |
1030 | { |
1031 | fputs (s: "\n" , stream: fp); |
1032 | typedef decl_to_stridxlist_htab_t::iterator iter_t; |
1033 | for (iter_t it = decl_to_stridxlist_htab->begin (); |
1034 | it != decl_to_stridxlist_htab->end (); ++it) |
1035 | { |
1036 | tree decl = (*it).first; |
1037 | stridxlist *list = &(*it).second; |
1038 | fprintf (stream: fp, format: " decl = " ); |
1039 | print_generic_expr (fp, decl); |
1040 | if (list) |
1041 | { |
1042 | fprintf (stream: fp, format: ", offsets = {" ); |
1043 | for (; list; list = list->next) |
1044 | fprintf (stream: fp, format: "%lli%s" , (long long) list->offset, |
1045 | list->next ? ", " : "" ); |
1046 | fputs (s: "}" , stream: fp); |
1047 | } |
1048 | fputs (s: "\n" , stream: fp); |
1049 | } |
1050 | } |
1051 | else |
1052 | fprintf (stream: fp, format: " = null\n" ); |
1053 | |
1054 | if (laststmt.stmt) |
1055 | { |
1056 | fprintf (stream: fp, format: "laststmt = " ); |
1057 | print_gimple_expr (fp, laststmt.stmt, 0); |
1058 | fprintf (stream: fp, format: ", len = " ); |
1059 | print_generic_expr (fp, laststmt.len); |
1060 | fprintf (stream: fp, format: ", stridx = %i\n" , laststmt.stridx); |
1061 | } |
1062 | } |
1063 | |
1064 | /* Helper of get_range_strlen_dynamic(). See below. */ |
1065 | |
1066 | static bool |
1067 | get_range_strlen_phi (tree src, gphi *phi, |
1068 | c_strlen_data *pdata, bitmap visited, |
1069 | pointer_query *ptr_qry, unsigned *pssa_def_max) |
1070 | { |
1071 | if (!bitmap_set_bit (visited, SSA_NAME_VERSION (src))) |
1072 | return true; |
1073 | |
1074 | if (*pssa_def_max == 0) |
1075 | return false; |
1076 | |
1077 | --*pssa_def_max; |
1078 | |
1079 | /* Iterate over the PHI arguments and determine the minimum and maximum |
1080 | length/size of each and incorporate them into the overall result. */ |
1081 | for (unsigned i = 0; i != gimple_phi_num_args (gs: phi); ++i) |
1082 | { |
1083 | tree arg = gimple_phi_arg_def (gs: phi, index: i); |
1084 | if (arg == gimple_phi_result (gs: phi)) |
1085 | continue; |
1086 | |
1087 | c_strlen_data argdata = { }; |
1088 | if (!get_range_strlen_dynamic (arg, phi, &argdata, visited, ptr_qry, |
1089 | pssa_def_max)) |
1090 | { |
1091 | pdata->maxlen = build_all_ones_cst (size_type_node); |
1092 | continue; |
1093 | } |
1094 | |
1095 | /* Set the DECL of an unterminated array this argument refers to |
1096 | if one hasn't been found yet. */ |
1097 | if (!pdata->decl && argdata.decl) |
1098 | pdata->decl = argdata.decl; |
1099 | |
1100 | if (!argdata.minlen |
1101 | || (integer_zerop (argdata.minlen) |
1102 | && (!argdata.maxbound |
1103 | || integer_all_onesp (argdata.maxbound)) |
1104 | && integer_all_onesp (argdata.maxlen))) |
1105 | { |
1106 | /* Set the upper bound of the length to unbounded. */ |
1107 | pdata->maxlen = build_all_ones_cst (size_type_node); |
1108 | continue; |
1109 | } |
1110 | |
1111 | /* Adjust the minimum and maximum length determined so far and |
1112 | the upper bound on the array size. */ |
1113 | if (TREE_CODE (argdata.minlen) == INTEGER_CST |
1114 | && (!pdata->minlen |
1115 | || tree_int_cst_lt (t1: argdata.minlen, t2: pdata->minlen))) |
1116 | pdata->minlen = argdata.minlen; |
1117 | |
1118 | if (TREE_CODE (argdata.maxlen) == INTEGER_CST |
1119 | && (!pdata->maxlen |
1120 | || (argdata.maxlen |
1121 | && tree_int_cst_lt (t1: pdata->maxlen, t2: argdata.maxlen)))) |
1122 | pdata->maxlen = argdata.maxlen; |
1123 | |
1124 | if (!pdata->maxbound |
1125 | || TREE_CODE (pdata->maxbound) != INTEGER_CST |
1126 | || (argdata.maxbound |
1127 | && tree_int_cst_lt (t1: pdata->maxbound, t2: argdata.maxbound) |
1128 | && !integer_all_onesp (argdata.maxbound))) |
1129 | pdata->maxbound = argdata.maxbound; |
1130 | } |
1131 | |
1132 | return true; |
1133 | } |
1134 | |
1135 | /* Return the maximum possible length of the string PTR that's less |
1136 | than MAXLEN given the size of the object of subobject it points |
1137 | to at the given STMT. MAXLEN is the maximum length of the string |
1138 | determined so far. Return null when no such maximum can be |
1139 | determined. */ |
1140 | |
1141 | static tree |
1142 | get_maxbound (tree ptr, gimple *stmt, offset_int maxlen, |
1143 | pointer_query *ptr_qry) |
1144 | { |
1145 | access_ref aref; |
1146 | if (!ptr_qry->get_ref (ptr, stmt, &aref)) |
1147 | return NULL_TREE; |
1148 | |
1149 | offset_int sizrem = aref.size_remaining (); |
1150 | if (sizrem <= 0) |
1151 | return NULL_TREE; |
1152 | |
1153 | if (sizrem < maxlen) |
1154 | maxlen = sizrem - 1; |
1155 | |
1156 | /* Try to determine the maximum from the subobject at the offset. |
1157 | This handles MEM [&some-struct, member-offset] that's often |
1158 | the result of folding COMPONENT_REF [some-struct, member]. */ |
1159 | tree reftype = TREE_TYPE (aref.ref); |
1160 | if (!RECORD_OR_UNION_TYPE_P (reftype) |
1161 | || aref.offrng[0] != aref.offrng[1] |
1162 | || !wi::fits_shwi_p (x: aref.offrng[0])) |
1163 | return wide_int_to_tree (size_type_node, cst: maxlen); |
1164 | |
1165 | HOST_WIDE_INT off = aref.offrng[0].to_shwi (); |
1166 | tree fld = field_at_offset (reftype, NULL_TREE, off); |
1167 | if (!fld || !DECL_SIZE_UNIT (fld)) |
1168 | return wide_int_to_tree (size_type_node, cst: maxlen); |
1169 | |
1170 | offset_int size = wi::to_offset (DECL_SIZE_UNIT (fld)); |
1171 | if (maxlen < size) |
1172 | return wide_int_to_tree (size_type_node, cst: maxlen); |
1173 | |
1174 | return wide_int_to_tree (size_type_node, cst: size - 1); |
1175 | } |
1176 | |
1177 | /* Attempt to determine the length of the string SRC. On success, store |
1178 | the length in *PDATA and return true. Otherwise, return false. |
1179 | VISITED is a bitmap of visited PHI nodes. RVALS points to the valuation |
1180 | engine used to calculate ranges. PSSA_DEF_MAX to an SSA_NAME |
1181 | assignment limit used to prevent runaway recursion. */ |
1182 | |
1183 | static bool |
1184 | get_range_strlen_dynamic (tree src, gimple *stmt, |
1185 | c_strlen_data *pdata, bitmap visited, |
1186 | pointer_query *ptr_qry, unsigned *pssa_def_max) |
1187 | { |
1188 | int idx = get_stridx (exp: src, stmt); |
1189 | if (!idx) |
1190 | { |
1191 | if (TREE_CODE (src) == SSA_NAME) |
1192 | { |
1193 | gimple *def_stmt = SSA_NAME_DEF_STMT (src); |
1194 | if (gphi *phi = dyn_cast<gphi *>(p: def_stmt)) |
1195 | return get_range_strlen_phi (src, phi, pdata, visited, ptr_qry, |
1196 | pssa_def_max); |
1197 | } |
1198 | |
1199 | /* Return success regardless of the result and handle *PDATA |
1200 | in the caller. */ |
1201 | get_range_strlen (src, pdata, eltsize: 1); |
1202 | return true; |
1203 | } |
1204 | |
1205 | if (idx < 0) |
1206 | { |
1207 | /* SRC is a string of constant length. */ |
1208 | pdata->minlen = build_int_cst (size_type_node, ~idx); |
1209 | pdata->maxlen = pdata->minlen; |
1210 | pdata->maxbound = pdata->maxlen; |
1211 | return true; |
1212 | } |
1213 | |
1214 | if (strinfo *si = get_strinfo (idx)) |
1215 | { |
1216 | pdata->minlen = get_string_length (si); |
1217 | if (!pdata->minlen && si->nonzero_chars) |
1218 | { |
1219 | if (TREE_CODE (si->nonzero_chars) == INTEGER_CST) |
1220 | pdata->minlen = si->nonzero_chars; |
1221 | else if (TREE_CODE (si->nonzero_chars) == SSA_NAME) |
1222 | { |
1223 | value_range vr; |
1224 | ptr_qry->rvals->range_of_expr (r&: vr, expr: si->nonzero_chars, si->stmt); |
1225 | if (vr.undefined_p () || vr.varying_p ()) |
1226 | pdata->minlen = build_zero_cst (size_type_node); |
1227 | else |
1228 | { |
1229 | tree type = vr.type (); |
1230 | pdata->minlen = wide_int_to_tree (type, cst: vr.lower_bound ()); |
1231 | } |
1232 | } |
1233 | else |
1234 | pdata->minlen = build_zero_cst (size_type_node); |
1235 | |
1236 | tree base = si->ptr; |
1237 | if (TREE_CODE (base) == ADDR_EXPR) |
1238 | base = TREE_OPERAND (base, 0); |
1239 | |
1240 | HOST_WIDE_INT off; |
1241 | poly_int64 poff; |
1242 | base = get_addr_base_and_unit_offset (base, &poff); |
1243 | if (base |
1244 | && DECL_P (base) |
1245 | && TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE |
1246 | && TYPE_SIZE_UNIT (TREE_TYPE (base)) |
1247 | && poff.is_constant (const_value: &off)) |
1248 | { |
1249 | tree basetype = TREE_TYPE (base); |
1250 | tree size = TYPE_SIZE_UNIT (basetype); |
1251 | if (TREE_CODE (size) == INTEGER_CST) |
1252 | { |
1253 | ++off; /* Increment for the terminating nul. */ |
1254 | tree toffset = build_int_cst (size_type_node, off); |
1255 | pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node, |
1256 | size, toffset); |
1257 | if (tree_int_cst_lt (t1: pdata->maxlen, t2: pdata->minlen)) |
1258 | /* This can happen when triggering UB, when base is an |
1259 | array which is known to be filled with at least size |
1260 | non-zero bytes. E.g. for |
1261 | char a[2]; memcpy (a, "12", sizeof a); |
1262 | We don't want to create an invalid range [2, 1] |
1263 | where 2 comes from the number of non-zero bytes and |
1264 | 1 from longest valid zero-terminated string that can |
1265 | be stored in such an array, so pick just one of |
1266 | those, pdata->minlen. See PR110603. */ |
1267 | pdata->maxlen = build_all_ones_cst (size_type_node); |
1268 | else |
1269 | pdata->maxbound = pdata->maxlen; |
1270 | } |
1271 | else |
1272 | pdata->maxlen = build_all_ones_cst (size_type_node); |
1273 | } |
1274 | else |
1275 | pdata->maxlen = build_all_ones_cst (size_type_node); |
1276 | } |
1277 | else if (pdata->minlen && TREE_CODE (pdata->minlen) == SSA_NAME) |
1278 | { |
1279 | value_range vr; |
1280 | ptr_qry->rvals->range_of_expr (r&: vr, expr: si->nonzero_chars, stmt); |
1281 | if (vr.varying_p () || vr.undefined_p ()) |
1282 | { |
1283 | pdata->minlen = build_zero_cst (size_type_node); |
1284 | pdata->maxlen = build_all_ones_cst (size_type_node); |
1285 | } |
1286 | else |
1287 | { |
1288 | tree type = vr.type (); |
1289 | pdata->minlen = wide_int_to_tree (type, cst: vr.lower_bound ()); |
1290 | pdata->maxlen = wide_int_to_tree (type, cst: vr.upper_bound ()); |
1291 | offset_int max = offset_int::from (x: vr.upper_bound (pair: 0), sgn: SIGNED); |
1292 | if (tree maxbound = get_maxbound (ptr: si->ptr, stmt, maxlen: max, ptr_qry)) |
1293 | pdata->maxbound = maxbound; |
1294 | else |
1295 | pdata->maxbound = pdata->maxlen; |
1296 | } |
1297 | } |
1298 | else if (pdata->minlen && TREE_CODE (pdata->minlen) == INTEGER_CST) |
1299 | { |
1300 | pdata->maxlen = pdata->minlen; |
1301 | pdata->maxbound = pdata->minlen; |
1302 | } |
1303 | else |
1304 | { |
1305 | /* For PDATA->MINLEN that's a non-constant expression such |
1306 | as PLUS_EXPR whose value range is unknown, set the bounds |
1307 | to zero and SIZE_MAX. */ |
1308 | pdata->minlen = build_zero_cst (size_type_node); |
1309 | pdata->maxlen = build_all_ones_cst (size_type_node); |
1310 | } |
1311 | |
1312 | return true; |
1313 | } |
1314 | |
1315 | return false; |
1316 | } |
1317 | |
1318 | /* Analogous to get_range_strlen but for dynamically created strings, |
1319 | i.e., those created by calls to strcpy as opposed to just string |
1320 | constants. |
1321 | Try to obtain the range of the lengths of the string(s) referenced |
1322 | by SRC, or the size of the largest array SRC refers to if the range |
1323 | of lengths cannot be determined, and store all in *PDATA. RVALS |
1324 | points to the valuation engine used to calculate ranges. */ |
1325 | |
1326 | void |
1327 | get_range_strlen_dynamic (tree src, gimple *stmt, c_strlen_data *pdata, |
1328 | pointer_query &ptr_qry) |
1329 | { |
1330 | auto_bitmap visited; |
1331 | tree maxbound = pdata->maxbound; |
1332 | |
1333 | unsigned limit = param_ssa_name_def_chain_limit; |
1334 | if (!get_range_strlen_dynamic (src, stmt, pdata, visited, ptr_qry: &ptr_qry, pssa_def_max: &limit)) |
1335 | { |
1336 | /* On failure extend the length range to an impossible maximum |
1337 | (a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other |
1338 | members can stay unchanged regardless. */ |
1339 | pdata->minlen = ssize_int (0); |
1340 | pdata->maxlen = build_all_ones_cst (size_type_node); |
1341 | } |
1342 | else if (!pdata->minlen) |
1343 | pdata->minlen = ssize_int (0); |
1344 | |
1345 | /* If it's unchanged from it initial non-null value, set the conservative |
1346 | MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */ |
1347 | if (maxbound && pdata->maxbound == maxbound) |
1348 | pdata->maxbound = build_all_ones_cst (size_type_node); |
1349 | } |
1350 | |
1351 | /* Invalidate string length information for strings whose length might |
1352 | change due to stores in STMT, except those marked DONT_INVALIDATE. |
1353 | For string-modifying statements, ZERO_WRITE is set when the statement |
1354 | wrote only zeros. |
1355 | Returns true if any STRIDX_TO_STRINFO entries were considered |
1356 | for invalidation. */ |
1357 | |
1358 | static bool |
1359 | maybe_invalidate (gimple *stmt, bool zero_write = false) |
1360 | { |
1361 | if (dump_file && (dump_flags & TDF_DETAILS)) |
1362 | { |
1363 | fprintf (stream: dump_file, format: "%s called for " , __func__); |
1364 | print_gimple_stmt (dump_file, stmt, TDF_LINENO); |
1365 | } |
1366 | |
1367 | strinfo *si; |
1368 | bool nonempty = false; |
1369 | |
1370 | for (unsigned i = 1; vec_safe_iterate (v: stridx_to_strinfo, ix: i, ptr: &si); ++i) |
1371 | { |
1372 | if (si == NULL || !POINTER_TYPE_P (TREE_TYPE (si->ptr))) |
1373 | continue; |
1374 | |
1375 | nonempty = true; |
1376 | |
1377 | /* Unconditionally reset DONT_INVALIDATE. */ |
1378 | bool dont_invalidate = si->dont_invalidate; |
1379 | si->dont_invalidate = false; |
1380 | |
1381 | if (dont_invalidate) |
1382 | continue; |
1383 | |
1384 | ao_ref r; |
1385 | tree size = si->nonzero_chars; |
1386 | ao_ref_init_from_ptr_and_size (&r, si->ptr, size); |
1387 | /* Include the terminating nul in the size of the string |
1388 | to consider when determining possible clobber. But do not |
1389 | add it to 'size' since we don't know whether it would |
1390 | actually fit the allocated area. */ |
1391 | if (known_size_p (a: r.size)) |
1392 | { |
1393 | if (known_le (r.size, HOST_WIDE_INT_MAX - BITS_PER_UNIT)) |
1394 | r.max_size += BITS_PER_UNIT; |
1395 | else |
1396 | r.max_size = -1; |
1397 | } |
1398 | if (stmt_may_clobber_ref_p_1 (stmt, &r)) |
1399 | { |
1400 | if (dump_file && (dump_flags & TDF_DETAILS)) |
1401 | { |
1402 | fputs (s: " statement may clobber object " , stream: dump_file); |
1403 | print_generic_expr (dump_file, si->ptr); |
1404 | if (size && tree_fits_uhwi_p (size)) |
1405 | fprintf (stream: dump_file, format: " " HOST_WIDE_INT_PRINT_UNSIGNED |
1406 | " bytes in size" , tree_to_uhwi (size)); |
1407 | fputc (c: '\n', stream: dump_file); |
1408 | } |
1409 | |
1410 | set_strinfo (idx: i, NULL); |
1411 | free_strinfo (si); |
1412 | continue; |
1413 | } |
1414 | |
1415 | if (size |
1416 | && !zero_write |
1417 | && si->stmt |
1418 | && is_gimple_call (gs: si->stmt) |
1419 | && (DECL_FUNCTION_CODE (decl: gimple_call_fndecl (gs: si->stmt)) |
1420 | == BUILT_IN_CALLOC)) |
1421 | { |
1422 | /* If the clobber test above considered the length of |
1423 | the string (including the nul), then for (potentially) |
1424 | non-zero writes that might modify storage allocated by |
1425 | calloc consider the whole object and if it might be |
1426 | clobbered by the statement reset the statement. */ |
1427 | ao_ref_init_from_ptr_and_size (&r, si->ptr, NULL_TREE); |
1428 | if (stmt_may_clobber_ref_p_1 (stmt, &r)) |
1429 | si->stmt = NULL; |
1430 | } |
1431 | } |
1432 | |
1433 | if (dump_file && (dump_flags & TDF_DETAILS)) |
1434 | fprintf (stream: dump_file, format: "%s returns %i\n" , __func__, nonempty); |
1435 | |
1436 | return nonempty; |
1437 | } |
1438 | |
1439 | /* Unshare strinfo record SI, if it has refcount > 1 or |
1440 | if stridx_to_strinfo vector is shared with some other |
1441 | bbs. */ |
1442 | |
1443 | static strinfo * |
1444 | unshare_strinfo (strinfo *si) |
1445 | { |
1446 | strinfo *nsi; |
1447 | |
1448 | if (si->refcount == 1 && !strinfo_shared ()) |
1449 | return si; |
1450 | |
1451 | nsi = new_strinfo (ptr: si->ptr, idx: si->idx, nonzero_chars: si->nonzero_chars, full_string_p: si->full_string_p); |
1452 | nsi->stmt = si->stmt; |
1453 | nsi->alloc = si->alloc; |
1454 | nsi->endptr = si->endptr; |
1455 | nsi->first = si->first; |
1456 | nsi->prev = si->prev; |
1457 | nsi->next = si->next; |
1458 | nsi->writable = si->writable; |
1459 | set_strinfo (idx: si->idx, si: nsi); |
1460 | free_strinfo (si); |
1461 | return nsi; |
1462 | } |
1463 | |
1464 | /* Attempt to create a new strinfo for BASESI + OFF, or find existing |
1465 | strinfo if there is any. Return it's idx, or 0 if no strinfo has |
1466 | been created. */ |
1467 | |
1468 | static int |
1469 | get_stridx_plus_constant (strinfo *basesi, unsigned HOST_WIDE_INT off, |
1470 | tree ptr) |
1471 | { |
1472 | if (TREE_CODE (ptr) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr)) |
1473 | return 0; |
1474 | |
1475 | if (compare_nonzero_chars (si: basesi, off) < 0 |
1476 | || !tree_fits_uhwi_p (basesi->nonzero_chars)) |
1477 | return 0; |
1478 | |
1479 | unsigned HOST_WIDE_INT nonzero_chars |
1480 | = tree_to_uhwi (basesi->nonzero_chars) - off; |
1481 | strinfo *si = basesi, *chainsi; |
1482 | if (si->first || si->prev || si->next) |
1483 | si = verify_related_strinfos (origsi: basesi); |
1484 | if (si == NULL |
1485 | || si->nonzero_chars == NULL_TREE |
1486 | || TREE_CODE (si->nonzero_chars) != INTEGER_CST) |
1487 | return 0; |
1488 | |
1489 | if (TREE_CODE (ptr) == SSA_NAME |
1490 | && ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr)) |
1491 | ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, exact: true); |
1492 | |
1493 | gcc_checking_assert (compare_tree_int (si->nonzero_chars, off) != -1); |
1494 | for (chainsi = si; chainsi->next; chainsi = si) |
1495 | { |
1496 | si = get_next_strinfo (si: chainsi); |
1497 | if (si == NULL |
1498 | || si->nonzero_chars == NULL_TREE |
1499 | || TREE_CODE (si->nonzero_chars) != INTEGER_CST) |
1500 | break; |
1501 | int r = compare_tree_int (si->nonzero_chars, nonzero_chars); |
1502 | if (r != 1) |
1503 | { |
1504 | if (r == 0) |
1505 | { |
1506 | if (TREE_CODE (ptr) == SSA_NAME) |
1507 | ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = si->idx; |
1508 | else |
1509 | { |
1510 | int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0)); |
1511 | if (pidx != NULL && *pidx == 0) |
1512 | *pidx = si->idx; |
1513 | } |
1514 | return si->idx; |
1515 | } |
1516 | break; |
1517 | } |
1518 | } |
1519 | |
1520 | int idx = new_stridx (exp: ptr); |
1521 | if (idx == 0) |
1522 | return 0; |
1523 | si = new_strinfo (ptr, idx, nonzero_chars: build_int_cst (size_type_node, nonzero_chars), |
1524 | full_string_p: basesi->full_string_p); |
1525 | set_strinfo (idx, si); |
1526 | if (strinfo *nextsi = get_strinfo (idx: chainsi->next)) |
1527 | { |
1528 | nextsi = unshare_strinfo (si: nextsi); |
1529 | si->next = nextsi->idx; |
1530 | nextsi->prev = idx; |
1531 | } |
1532 | chainsi = unshare_strinfo (si: chainsi); |
1533 | if (chainsi->first == 0) |
1534 | chainsi->first = chainsi->idx; |
1535 | chainsi->next = idx; |
1536 | if (chainsi->endptr == NULL_TREE && zero_length_string_p (si)) |
1537 | chainsi->endptr = ptr; |
1538 | si->endptr = chainsi->endptr; |
1539 | si->prev = chainsi->idx; |
1540 | si->first = chainsi->first; |
1541 | si->writable = chainsi->writable; |
1542 | return si->idx; |
1543 | } |
1544 | |
1545 | /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points |
1546 | to a zero-length string and if possible chain it to a related strinfo |
1547 | chain whose part is or might be CHAINSI. */ |
1548 | |
1549 | static strinfo * |
1550 | zero_length_string (tree ptr, strinfo *chainsi) |
1551 | { |
1552 | strinfo *si; |
1553 | int idx; |
1554 | if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr)) |
1555 | ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, exact: true); |
1556 | gcc_checking_assert (TREE_CODE (ptr) == SSA_NAME |
1557 | && ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] == 0); |
1558 | |
1559 | if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr)) |
1560 | return NULL; |
1561 | if (chainsi != NULL) |
1562 | { |
1563 | si = verify_related_strinfos (origsi: chainsi); |
1564 | if (si) |
1565 | { |
1566 | do |
1567 | { |
1568 | /* We shouldn't mix delayed and non-delayed lengths. */ |
1569 | gcc_assert (si->full_string_p); |
1570 | if (si->endptr == NULL_TREE) |
1571 | { |
1572 | si = unshare_strinfo (si); |
1573 | si->endptr = ptr; |
1574 | } |
1575 | chainsi = si; |
1576 | si = get_next_strinfo (si); |
1577 | } |
1578 | while (si != NULL); |
1579 | if (zero_length_string_p (si: chainsi)) |
1580 | { |
1581 | if (chainsi->next) |
1582 | { |
1583 | chainsi = unshare_strinfo (si: chainsi); |
1584 | chainsi->next = 0; |
1585 | } |
1586 | ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = chainsi->idx; |
1587 | return chainsi; |
1588 | } |
1589 | } |
1590 | else |
1591 | { |
1592 | /* We shouldn't mix delayed and non-delayed lengths. */ |
1593 | gcc_assert (chainsi->full_string_p); |
1594 | if (chainsi->first || chainsi->prev || chainsi->next) |
1595 | { |
1596 | chainsi = unshare_strinfo (si: chainsi); |
1597 | chainsi->first = 0; |
1598 | chainsi->prev = 0; |
1599 | chainsi->next = 0; |
1600 | } |
1601 | } |
1602 | } |
1603 | idx = new_stridx (exp: ptr); |
1604 | if (idx == 0) |
1605 | return NULL; |
1606 | si = new_strinfo (ptr, idx, nonzero_chars: build_int_cst (size_type_node, 0), full_string_p: true); |
1607 | set_strinfo (idx, si); |
1608 | si->endptr = ptr; |
1609 | if (chainsi != NULL) |
1610 | { |
1611 | chainsi = unshare_strinfo (si: chainsi); |
1612 | if (chainsi->first == 0) |
1613 | chainsi->first = chainsi->idx; |
1614 | chainsi->next = idx; |
1615 | if (chainsi->endptr == NULL_TREE) |
1616 | chainsi->endptr = ptr; |
1617 | si->prev = chainsi->idx; |
1618 | si->first = chainsi->first; |
1619 | si->writable = chainsi->writable; |
1620 | } |
1621 | return si; |
1622 | } |
1623 | |
1624 | /* For strinfo ORIGSI whose length has been just updated, adjust other |
1625 | related strinfos so that they match the new ORIGSI. This involves: |
1626 | |
1627 | - adding ADJ to the nonzero_chars fields |
1628 | - copying full_string_p from the new ORIGSI. */ |
1629 | |
1630 | static void |
1631 | adjust_related_strinfos (location_t loc, strinfo *origsi, tree adj) |
1632 | { |
1633 | strinfo *si = verify_related_strinfos (origsi); |
1634 | |
1635 | if (si == NULL) |
1636 | return; |
1637 | |
1638 | while (1) |
1639 | { |
1640 | strinfo *nsi; |
1641 | |
1642 | if (si != origsi) |
1643 | { |
1644 | tree tem; |
1645 | |
1646 | si = unshare_strinfo (si); |
1647 | /* We shouldn't see delayed lengths here; the caller must |
1648 | have calculated the old length in order to calculate |
1649 | the adjustment. */ |
1650 | gcc_assert (si->nonzero_chars); |
1651 | tem = fold_convert_loc (loc, TREE_TYPE (si->nonzero_chars), adj); |
1652 | si->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR, |
1653 | TREE_TYPE (si->nonzero_chars), |
1654 | si->nonzero_chars, tem); |
1655 | si->full_string_p = origsi->full_string_p; |
1656 | |
1657 | si->endptr = NULL_TREE; |
1658 | si->dont_invalidate = true; |
1659 | } |
1660 | nsi = get_next_strinfo (si); |
1661 | if (nsi == NULL) |
1662 | return; |
1663 | si = nsi; |
1664 | } |
1665 | } |
1666 | |
1667 | /* Find if there are other SSA_NAME pointers equal to PTR |
1668 | for which we don't track their string lengths yet. If so, use |
1669 | IDX for them. */ |
1670 | |
1671 | static void |
1672 | find_equal_ptrs (tree ptr, int idx) |
1673 | { |
1674 | if (TREE_CODE (ptr) != SSA_NAME) |
1675 | return; |
1676 | while (1) |
1677 | { |
1678 | gimple *stmt = SSA_NAME_DEF_STMT (ptr); |
1679 | if (!is_gimple_assign (gs: stmt)) |
1680 | return; |
1681 | ptr = gimple_assign_rhs1 (gs: stmt); |
1682 | switch (gimple_assign_rhs_code (gs: stmt)) |
1683 | { |
1684 | case SSA_NAME: |
1685 | break; |
1686 | CASE_CONVERT: |
1687 | if (!POINTER_TYPE_P (TREE_TYPE (ptr))) |
1688 | return; |
1689 | if (TREE_CODE (ptr) == SSA_NAME) |
1690 | break; |
1691 | if (TREE_CODE (ptr) != ADDR_EXPR) |
1692 | return; |
1693 | /* FALLTHRU */ |
1694 | case ADDR_EXPR: |
1695 | { |
1696 | int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0)); |
1697 | if (pidx != NULL && *pidx == 0) |
1698 | *pidx = idx; |
1699 | return; |
1700 | } |
1701 | default: |
1702 | return; |
1703 | } |
1704 | |
1705 | /* We might find an endptr created in this pass. Grow the |
1706 | vector in that case. */ |
1707 | if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr)) |
1708 | ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, exact: true); |
1709 | |
1710 | if (ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] != 0) |
1711 | return; |
1712 | ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = idx; |
1713 | } |
1714 | } |
1715 | |
1716 | /* Return true if STMT is a call to a builtin function with the right |
1717 | arguments and attributes that should be considered for optimization |
1718 | by this pass. */ |
1719 | |
1720 | static bool |
1721 | valid_builtin_call (gimple *stmt) |
1722 | { |
1723 | if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) |
1724 | return false; |
1725 | |
1726 | tree callee = gimple_call_fndecl (gs: stmt); |
1727 | switch (DECL_FUNCTION_CODE (decl: callee)) |
1728 | { |
1729 | case BUILT_IN_MEMCMP: |
1730 | case BUILT_IN_MEMCMP_EQ: |
1731 | case BUILT_IN_STRCMP: |
1732 | case BUILT_IN_STRNCMP: |
1733 | case BUILT_IN_STRCHR: |
1734 | case BUILT_IN_STRLEN: |
1735 | case BUILT_IN_STRNLEN: |
1736 | /* The above functions should be pure. Punt if they aren't. */ |
1737 | if (gimple_vdef (g: stmt) || gimple_vuse (g: stmt) == NULL_TREE) |
1738 | return false; |
1739 | break; |
1740 | |
1741 | case BUILT_IN_ALLOCA: |
1742 | case BUILT_IN_ALLOCA_WITH_ALIGN: |
1743 | case BUILT_IN_CALLOC: |
1744 | case BUILT_IN_MALLOC: |
1745 | case BUILT_IN_MEMCPY: |
1746 | case BUILT_IN_MEMCPY_CHK: |
1747 | case BUILT_IN_MEMPCPY: |
1748 | case BUILT_IN_MEMPCPY_CHK: |
1749 | case BUILT_IN_MEMSET: |
1750 | case BUILT_IN_STPCPY: |
1751 | case BUILT_IN_STPCPY_CHK: |
1752 | case BUILT_IN_STPNCPY: |
1753 | case BUILT_IN_STPNCPY_CHK: |
1754 | case BUILT_IN_STRCAT: |
1755 | case BUILT_IN_STRCAT_CHK: |
1756 | case BUILT_IN_STRCPY: |
1757 | case BUILT_IN_STRCPY_CHK: |
1758 | case BUILT_IN_STRNCAT: |
1759 | case BUILT_IN_STRNCAT_CHK: |
1760 | case BUILT_IN_STRNCPY: |
1761 | case BUILT_IN_STRNCPY_CHK: |
1762 | /* The above functions should be neither const nor pure. Punt if they |
1763 | aren't. */ |
1764 | if (gimple_vdef (g: stmt) == NULL_TREE || gimple_vuse (g: stmt) == NULL_TREE) |
1765 | return false; |
1766 | break; |
1767 | |
1768 | default: |
1769 | break; |
1770 | } |
1771 | |
1772 | return true; |
1773 | } |
1774 | |
1775 | /* If the last .MEM setter statement before STMT is |
1776 | memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT |
1777 | and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to |
1778 | just memcpy (x, y, strlen (y)). SI must be the zero length |
1779 | strinfo. */ |
1780 | |
1781 | void |
1782 | strlen_pass::adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat) |
1783 | { |
1784 | tree vuse, callee, len; |
1785 | struct laststmt_struct last = laststmt; |
1786 | strinfo *lastsi, *firstsi; |
1787 | unsigned len_arg_no = 2; |
1788 | |
1789 | laststmt.stmt = NULL; |
1790 | laststmt.len = NULL_TREE; |
1791 | laststmt.stridx = 0; |
1792 | |
1793 | if (last.stmt == NULL) |
1794 | return; |
1795 | |
1796 | vuse = gimple_vuse (g: stmt); |
1797 | if (vuse == NULL_TREE |
1798 | || SSA_NAME_DEF_STMT (vuse) != last.stmt |
1799 | || !has_single_use (var: vuse)) |
1800 | return; |
1801 | |
1802 | gcc_assert (last.stridx > 0); |
1803 | lastsi = get_strinfo (idx: last.stridx); |
1804 | if (lastsi == NULL) |
1805 | return; |
1806 | |
1807 | if (lastsi != si) |
1808 | { |
1809 | if (lastsi->first == 0 || lastsi->first != si->first) |
1810 | return; |
1811 | |
1812 | firstsi = verify_related_strinfos (origsi: si); |
1813 | if (firstsi == NULL) |
1814 | return; |
1815 | while (firstsi != lastsi) |
1816 | { |
1817 | firstsi = get_next_strinfo (si: firstsi); |
1818 | if (firstsi == NULL) |
1819 | return; |
1820 | } |
1821 | } |
1822 | |
1823 | if (!is_strcat && !zero_length_string_p (si)) |
1824 | return; |
1825 | |
1826 | if (is_gimple_assign (gs: last.stmt)) |
1827 | { |
1828 | gimple_stmt_iterator gsi; |
1829 | |
1830 | if (!integer_zerop (gimple_assign_rhs1 (gs: last.stmt))) |
1831 | return; |
1832 | if (stmt_could_throw_p (cfun, last.stmt)) |
1833 | return; |
1834 | gsi = gsi_for_stmt (last.stmt); |
1835 | unlink_stmt_vdef (last.stmt); |
1836 | release_defs (last.stmt); |
1837 | gsi_remove (&gsi, true); |
1838 | return; |
1839 | } |
1840 | |
1841 | if (!valid_builtin_call (stmt: last.stmt)) |
1842 | return; |
1843 | |
1844 | callee = gimple_call_fndecl (gs: last.stmt); |
1845 | switch (DECL_FUNCTION_CODE (decl: callee)) |
1846 | { |
1847 | case BUILT_IN_MEMCPY: |
1848 | case BUILT_IN_MEMCPY_CHK: |
1849 | break; |
1850 | default: |
1851 | return; |
1852 | } |
1853 | |
1854 | len = gimple_call_arg (gs: last.stmt, index: len_arg_no); |
1855 | if (tree_fits_uhwi_p (len)) |
1856 | { |
1857 | if (!tree_fits_uhwi_p (last.len) |
1858 | || integer_zerop (len) |
1859 | || tree_to_uhwi (len) != tree_to_uhwi (last.len) + 1) |
1860 | return; |
1861 | /* Don't adjust the length if it is divisible by 4, it is more efficient |
1862 | to store the extra '\0' in that case. */ |
1863 | if ((tree_to_uhwi (len) & 3) == 0) |
1864 | return; |
1865 | |
1866 | /* Don't fold away an out of bounds access, as this defeats proper |
1867 | warnings. */ |
1868 | tree dst = gimple_call_arg (gs: last.stmt, index: 0); |
1869 | |
1870 | access_ref aref; |
1871 | tree size = compute_objsize (dst, stmt, 1, &aref, &ptr_qry); |
1872 | if (size && tree_int_cst_lt (t1: size, t2: len)) |
1873 | return; |
1874 | } |
1875 | else if (TREE_CODE (len) == SSA_NAME) |
1876 | { |
1877 | gimple *def_stmt = SSA_NAME_DEF_STMT (len); |
1878 | if (!is_gimple_assign (gs: def_stmt) |
1879 | || gimple_assign_rhs_code (gs: def_stmt) != PLUS_EXPR |
1880 | || gimple_assign_rhs1 (gs: def_stmt) != last.len |
1881 | || !integer_onep (gimple_assign_rhs2 (gs: def_stmt))) |
1882 | return; |
1883 | } |
1884 | else |
1885 | return; |
1886 | |
1887 | gimple_call_set_arg (gs: last.stmt, index: len_arg_no, arg: last.len); |
1888 | update_stmt (s: last.stmt); |
1889 | } |
1890 | |
1891 | /* For an LHS that is an SSA_NAME that is the result of a strlen() |
1892 | call, or when BOUND is non-null, of a strnlen() call, set LHS |
1893 | range info to [0, min (MAX, BOUND)] when the range includes more |
1894 | than one value and return LHS. Otherwise, when the range |
1895 | [MIN, MAX] is such that MIN == MAX, return the tree representation |
1896 | of (MIN). The latter allows callers to fold suitable strnlen() calls |
1897 | to constants. */ |
1898 | |
1899 | tree |
1900 | set_strlen_range (tree lhs, wide_int min, wide_int max, |
1901 | tree bound /* = NULL_TREE */) |
1902 | { |
1903 | if (TREE_CODE (lhs) != SSA_NAME |
1904 | || !INTEGRAL_TYPE_P (TREE_TYPE (lhs))) |
1905 | return NULL_TREE; |
1906 | |
1907 | if (bound) |
1908 | { |
1909 | /* For strnlen, adjust MIN and MAX as necessary. If the bound |
1910 | is less than the size of the array set MAX to it. It it's |
1911 | greater than MAX and MAX is non-zero bump MAX down to account |
1912 | for the necessary terminating nul. Otherwise leave it alone. */ |
1913 | if (TREE_CODE (bound) == INTEGER_CST) |
1914 | { |
1915 | wide_int wibnd = wi::to_wide (t: bound); |
1916 | int cmp = wi::cmpu (x: wibnd, y: max); |
1917 | if (cmp < 0) |
1918 | max = wibnd; |
1919 | else if (cmp && wi::ne_p (x: max, y: min)) |
1920 | --max; |
1921 | } |
1922 | else if (TREE_CODE (bound) == SSA_NAME) |
1923 | { |
1924 | value_range r; |
1925 | get_range_query (cfun)->range_of_expr (r, expr: bound); |
1926 | if (!r.undefined_p ()) |
1927 | { |
1928 | /* For a bound in a known range, adjust the range determined |
1929 | above as necessary. For a bound in some anti-range or |
1930 | in an unknown range, use the range determined by callers. */ |
1931 | if (wi::ltu_p (x: r.lower_bound (), y: min)) |
1932 | min = r.lower_bound (); |
1933 | if (wi::ltu_p (x: r.upper_bound (), y: max)) |
1934 | max = r.upper_bound (); |
1935 | } |
1936 | } |
1937 | } |
1938 | |
1939 | if (min == max) |
1940 | return wide_int_to_tree (size_type_node, cst: min); |
1941 | |
1942 | value_range vr (TREE_TYPE (lhs), min, max); |
1943 | set_range_info (lhs, vr); |
1944 | return lhs; |
1945 | } |
1946 | |
1947 | /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument |
1948 | SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to |
1949 | a character array A[N] with unknown length bounded by N, and for |
1950 | strnlen(), by min (N, BOUND). */ |
1951 | |
1952 | static tree |
1953 | maybe_set_strlen_range (tree lhs, tree src, tree bound) |
1954 | { |
1955 | if (TREE_CODE (lhs) != SSA_NAME |
1956 | || !INTEGRAL_TYPE_P (TREE_TYPE (lhs))) |
1957 | return NULL_TREE; |
1958 | |
1959 | if (TREE_CODE (src) == SSA_NAME) |
1960 | { |
1961 | gimple *def = SSA_NAME_DEF_STMT (src); |
1962 | if (is_gimple_assign (gs: def) |
1963 | && gimple_assign_rhs_code (gs: def) == ADDR_EXPR) |
1964 | src = gimple_assign_rhs1 (gs: def); |
1965 | } |
1966 | |
1967 | /* The longest string is PTRDIFF_MAX - 1 bytes including the final |
1968 | NUL so that the difference between a pointer to just past it and |
1969 | one to its beginning is positive. */ |
1970 | wide_int max = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2; |
1971 | |
1972 | if (TREE_CODE (src) == ADDR_EXPR) |
1973 | { |
1974 | /* The last array member of a struct can be bigger than its size |
1975 | suggests if it's treated as a poor-man's flexible array member. */ |
1976 | src = TREE_OPERAND (src, 0); |
1977 | if (TREE_CODE (src) != MEM_REF |
1978 | && !array_ref_flexible_size_p (src)) |
1979 | { |
1980 | tree type = TREE_TYPE (src); |
1981 | tree size = TYPE_SIZE_UNIT (type); |
1982 | if (size |
1983 | && TREE_CODE (size) == INTEGER_CST |
1984 | && !integer_zerop (size)) |
1985 | { |
1986 | /* Even though such uses of strlen would be undefined, |
1987 | avoid relying on arrays of arrays in case some genius |
1988 | decides to call strlen on an unterminated array element |
1989 | that's followed by a terminated one. Likewise, avoid |
1990 | assuming that a struct array member is necessarily |
1991 | nul-terminated (the nul may be in the member that |
1992 | follows). In those cases, assume that the length |
1993 | of the string stored in such an array is bounded |
1994 | by the size of the enclosing object if one can be |
1995 | determined. */ |
1996 | tree base = get_base_address (t: src); |
1997 | if (VAR_P (base)) |
1998 | { |
1999 | if (tree size = DECL_SIZE_UNIT (base)) |
2000 | if (size |
2001 | && TREE_CODE (size) == INTEGER_CST |
2002 | && TREE_CODE (TREE_TYPE (base)) != POINTER_TYPE) |
2003 | max = wi::to_wide (t: size); |
2004 | } |
2005 | } |
2006 | |
2007 | /* For strlen() the upper bound above is equal to |
2008 | the longest string that can be stored in the array |
2009 | (i.e., it accounts for the terminating nul. For |
2010 | strnlen() bump up the maximum by one since the array |
2011 | need not be nul-terminated. */ |
2012 | if (!bound && max != 0) |
2013 | --max; |
2014 | } |
2015 | } |
2016 | |
2017 | wide_int min = wi::zero (precision: max.get_precision ()); |
2018 | return set_strlen_range (lhs, min, max, bound); |
2019 | } |
2020 | |
2021 | /* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes, |
2022 | either into a region allocated for the object SI when non-null, |
2023 | or into an object designated by the LHS of STMT otherwise. |
2024 | For a call STMT, when CALL_LHS is set use its left hand side |
2025 | as the destination, otherwise use argument zero. |
2026 | When nonnull uses RVALS to determine range information. |
2027 | RAWMEM may be set by memcpy and other raw memory functions |
2028 | to allow accesses across subobject boundaries. */ |
2029 | |
2030 | void |
2031 | strlen_pass::maybe_warn_overflow (gimple *stmt, bool call_lhs, tree len, |
2032 | strinfo *si, bool plus_one, bool rawmem) |
2033 | { |
2034 | if (!len || warning_suppressed_p (stmt, OPT_Wstringop_overflow_)) |
2035 | return; |
2036 | |
2037 | /* The DECL of the function performing the write if it is done |
2038 | by one. */ |
2039 | tree writefn = NULL_TREE; |
2040 | /* The destination expression involved in the store or call STMT. */ |
2041 | tree dest = NULL_TREE; |
2042 | |
2043 | if (is_gimple_assign (gs: stmt)) |
2044 | dest = gimple_assign_lhs (gs: stmt); |
2045 | else if (is_gimple_call (gs: stmt)) |
2046 | { |
2047 | if (call_lhs) |
2048 | dest = gimple_call_lhs (gs: stmt); |
2049 | else |
2050 | { |
2051 | gcc_assert (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)); |
2052 | dest = gimple_call_arg (gs: stmt, index: 0); |
2053 | } |
2054 | |
2055 | if (!dest) |
2056 | return; |
2057 | writefn = gimple_call_fndecl (gs: stmt); |
2058 | } |
2059 | else |
2060 | return; |
2061 | |
2062 | if (warning_suppressed_p (dest, OPT_Wstringop_overflow_)) |
2063 | return; |
2064 | |
2065 | const int ostype = rawmem ? 0 : 1; |
2066 | |
2067 | /* Use maximum precision to avoid overflow in the addition below. |
2068 | Make sure all operands have the same precision to keep wide_int |
2069 | from ICE'ing. */ |
2070 | |
2071 | access_ref aref; |
2072 | /* The size of the destination region (which is smaller than |
2073 | the destination object for stores at a non-zero offset). */ |
2074 | tree destsize = compute_objsize (dest, stmt, ostype, &aref, &ptr_qry); |
2075 | |
2076 | if (!destsize) |
2077 | { |
2078 | aref.sizrng[0] = 0; |
2079 | aref.sizrng[1] = wi::to_offset (t: max_object_size ()); |
2080 | } |
2081 | |
2082 | /* Return early if the DESTSIZE size expression is the same as LEN |
2083 | and the offset into the destination is zero. This might happen |
2084 | in the case of a pair of malloc and memset calls to allocate |
2085 | an object and clear it as if by calloc. */ |
2086 | if (destsize == len && !plus_one |
2087 | && aref.offrng[0] == 0 && aref.offrng[0] == aref.offrng[1]) |
2088 | return; |
2089 | |
2090 | wide_int rng[2]; |
2091 | if (!get_range (val: len, stmt, minmax: rng, rvals: ptr_qry.rvals)) |
2092 | return; |
2093 | |
2094 | widest_int lenrng[2] = |
2095 | { widest_int::from (x: rng[0], sgn: SIGNED), widest_int::from (x: rng[1], sgn: SIGNED) }; |
2096 | |
2097 | if (plus_one) |
2098 | { |
2099 | lenrng[0] += 1; |
2100 | lenrng[1] += 1; |
2101 | } |
2102 | |
2103 | /* The size of the remaining space in the destination computed |
2104 | as the size of the latter minus the offset into it. */ |
2105 | widest_int spcrng[2]; |
2106 | { |
2107 | offset_int remrng[2]; |
2108 | remrng[1] = aref.size_remaining (remrng); |
2109 | spcrng[0] = remrng[0] == -1 ? 0 : widest_int::from (x: remrng[0], sgn: UNSIGNED); |
2110 | spcrng[1] = widest_int::from (x: remrng[1], sgn: UNSIGNED); |
2111 | } |
2112 | |
2113 | if (wi::leu_p (x: lenrng[0], y: spcrng[0]) |
2114 | && wi::leu_p (x: lenrng[1], y: spcrng[1])) |
2115 | return; |
2116 | |
2117 | location_t loc = gimple_or_expr_nonartificial_location (stmt, dest); |
2118 | bool warned = false; |
2119 | if (wi::leu_p (x: lenrng[0], y: spcrng[1])) |
2120 | { |
2121 | if (len != destsize |
2122 | && (!si || rawmem || !is_strlen_related_p (si->ptr, len))) |
2123 | return; |
2124 | |
2125 | warned = (writefn |
2126 | ? warning_at (loc, OPT_Wstringop_overflow_, |
2127 | "%qD writing one too many bytes into a region " |
2128 | "of a size that depends on %<strlen%>" , |
2129 | writefn) |
2130 | : warning_at (loc, OPT_Wstringop_overflow_, |
2131 | "writing one too many bytes into a region " |
2132 | "of a size that depends on %<strlen%>" )); |
2133 | } |
2134 | else if (lenrng[0] == lenrng[1]) |
2135 | { |
2136 | if (spcrng[0] == spcrng[1]) |
2137 | warned = (writefn |
2138 | ? warning_n (loc, OPT_Wstringop_overflow_, |
2139 | lenrng[0].to_uhwi (), |
2140 | "%qD writing %wu byte into a region " |
2141 | "of size %wu" , |
2142 | "%qD writing %wu bytes into a region " |
2143 | "of size %wu" , |
2144 | writefn, lenrng[0].to_uhwi (), |
2145 | spcrng[0].to_uhwi ()) |
2146 | : warning_n (loc, OPT_Wstringop_overflow_, |
2147 | lenrng[0].to_uhwi (), |
2148 | "writing %wu byte into a region " |
2149 | "of size %wu" , |
2150 | "writing %wu bytes into a region " |
2151 | "of size %wu" , |
2152 | lenrng[0].to_uhwi (), |
2153 | spcrng[0].to_uhwi ())); |
2154 | else |
2155 | warned = (writefn |
2156 | ? warning_n (loc, OPT_Wstringop_overflow_, |
2157 | lenrng[0].to_uhwi (), |
2158 | "%qD writing %wu byte into a region " |
2159 | "of size between %wu and %wu" , |
2160 | "%qD writing %wu bytes into a region " |
2161 | "of size between %wu and %wu" , |
2162 | writefn, lenrng[0].to_uhwi (), |
2163 | spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()) |
2164 | : warning_n (loc, OPT_Wstringop_overflow_, |
2165 | lenrng[0].to_uhwi (), |
2166 | "writing %wu byte into a region " |
2167 | "of size between %wu and %wu" , |
2168 | "writing %wu bytes into a region " |
2169 | "of size between %wu and %wu" , |
2170 | lenrng[0].to_uhwi (), |
2171 | spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())); |
2172 | } |
2173 | else if (spcrng[0] == spcrng[1]) |
2174 | warned = (writefn |
2175 | ? warning_at (loc, OPT_Wstringop_overflow_, |
2176 | "%qD writing between %wu and %wu bytes " |
2177 | "into a region of size %wu" , |
2178 | writefn, lenrng[0].to_uhwi (), |
2179 | lenrng[1].to_uhwi (), |
2180 | spcrng[0].to_uhwi ()) |
2181 | : warning_at (loc, OPT_Wstringop_overflow_, |
2182 | "writing between %wu and %wu bytes " |
2183 | "into a region of size %wu" , |
2184 | lenrng[0].to_uhwi (), |
2185 | lenrng[1].to_uhwi (), |
2186 | spcrng[0].to_uhwi ())); |
2187 | else |
2188 | warned = (writefn |
2189 | ? warning_at (loc, OPT_Wstringop_overflow_, |
2190 | "%qD writing between %wu and %wu bytes " |
2191 | "into a region of size between %wu and %wu" , |
2192 | writefn, lenrng[0].to_uhwi (), |
2193 | lenrng[1].to_uhwi (), |
2194 | spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()) |
2195 | : warning_at (loc, OPT_Wstringop_overflow_, |
2196 | "writing between %wu and %wu bytes " |
2197 | "into a region of size between %wu and %wu" , |
2198 | lenrng[0].to_uhwi (), |
2199 | lenrng[1].to_uhwi (), |
2200 | spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())); |
2201 | |
2202 | if (!warned) |
2203 | return; |
2204 | |
2205 | suppress_warning (stmt, OPT_Wstringop_overflow_); |
2206 | |
2207 | aref.inform_access (access_write_only); |
2208 | } |
2209 | |
2210 | /* Convenience wrapper for the above. */ |
2211 | |
2212 | void |
2213 | strlen_pass::maybe_warn_overflow (gimple *stmt, bool call_lhs, |
2214 | unsigned HOST_WIDE_INT len, |
2215 | strinfo *si, bool plus_one, bool rawmem) |
2216 | { |
2217 | tree tlen = build_int_cst (size_type_node, len); |
2218 | maybe_warn_overflow (stmt, call_lhs, len: tlen, si, plus_one, rawmem); |
2219 | } |
2220 | |
2221 | /* Handle a strlen call. If strlen of the argument is known, replace |
2222 | the strlen call with the known value, otherwise remember that strlen |
2223 | of the argument is stored in the lhs SSA_NAME. */ |
2224 | |
2225 | void |
2226 | strlen_pass::handle_builtin_strlen () |
2227 | { |
2228 | gimple *stmt = gsi_stmt (i: m_gsi); |
2229 | tree lhs = gimple_call_lhs (gs: stmt); |
2230 | |
2231 | if (lhs == NULL_TREE) |
2232 | return; |
2233 | |
2234 | location_t loc = gimple_location (g: stmt); |
2235 | tree callee = gimple_call_fndecl (gs: stmt); |
2236 | tree src = gimple_call_arg (gs: stmt, index: 0); |
2237 | tree bound = (DECL_FUNCTION_CODE (decl: callee) == BUILT_IN_STRNLEN |
2238 | ? gimple_call_arg (gs: stmt, index: 1) : NULL_TREE); |
2239 | int idx = get_stridx (exp: src, stmt); |
2240 | if (idx || (bound && integer_zerop (bound))) |
2241 | { |
2242 | strinfo *si = NULL; |
2243 | tree rhs; |
2244 | |
2245 | if (idx < 0) |
2246 | rhs = build_int_cst (TREE_TYPE (lhs), ~idx); |
2247 | else if (idx == 0) |
2248 | rhs = bound; |
2249 | else |
2250 | { |
2251 | rhs = NULL_TREE; |
2252 | si = get_strinfo (idx); |
2253 | if (si != NULL) |
2254 | { |
2255 | rhs = get_string_length (si); |
2256 | /* For strnlen, if bound is constant, even if si is not known |
2257 | to be zero terminated, if we know at least bound bytes are |
2258 | not zero, the return value will be bound. */ |
2259 | if (rhs == NULL_TREE |
2260 | && bound != NULL_TREE |
2261 | && TREE_CODE (bound) == INTEGER_CST |
2262 | && si->nonzero_chars != NULL_TREE |
2263 | && TREE_CODE (si->nonzero_chars) == INTEGER_CST |
2264 | && tree_int_cst_le (t1: bound, t2: si->nonzero_chars)) |
2265 | rhs = bound; |
2266 | } |
2267 | } |
2268 | if (rhs != NULL_TREE) |
2269 | { |
2270 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2271 | { |
2272 | fprintf (stream: dump_file, format: "Optimizing: " ); |
2273 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
2274 | } |
2275 | rhs = unshare_expr (rhs); |
2276 | if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs))) |
2277 | rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs); |
2278 | |
2279 | if (bound) |
2280 | rhs = fold_build2_loc (loc, MIN_EXPR, TREE_TYPE (rhs), rhs, bound); |
2281 | |
2282 | gimplify_and_update_call_from_tree (&m_gsi, rhs); |
2283 | stmt = gsi_stmt (i: m_gsi); |
2284 | update_stmt (s: stmt); |
2285 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2286 | { |
2287 | fprintf (stream: dump_file, format: "into: " ); |
2288 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
2289 | } |
2290 | |
2291 | if (si != NULL |
2292 | /* Don't update anything for strnlen. */ |
2293 | && bound == NULL_TREE |
2294 | && TREE_CODE (si->nonzero_chars) != SSA_NAME |
2295 | && TREE_CODE (si->nonzero_chars) != INTEGER_CST |
2296 | && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs)) |
2297 | { |
2298 | si = unshare_strinfo (si); |
2299 | si->nonzero_chars = lhs; |
2300 | gcc_assert (si->full_string_p); |
2301 | } |
2302 | |
2303 | if (strlen_to_stridx |
2304 | && (bound == NULL_TREE |
2305 | /* For strnlen record this only if the call is proven |
2306 | to return the same value as strlen would. */ |
2307 | || (TREE_CODE (bound) == INTEGER_CST |
2308 | && TREE_CODE (rhs) == INTEGER_CST |
2309 | && tree_int_cst_lt (t1: rhs, t2: bound)))) |
2310 | strlen_to_stridx->put (k: lhs, v: stridx_strlenloc (idx, loc)); |
2311 | |
2312 | return; |
2313 | } |
2314 | } |
2315 | if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs)) |
2316 | return; |
2317 | |
2318 | if (idx == 0) |
2319 | idx = new_stridx (exp: src); |
2320 | else |
2321 | { |
2322 | strinfo *si = get_strinfo (idx); |
2323 | if (si != NULL) |
2324 | { |
2325 | if (!si->full_string_p && !si->stmt) |
2326 | { |
2327 | /* Until now we only had a lower bound on the string length. |
2328 | Install LHS as the actual length. */ |
2329 | si = unshare_strinfo (si); |
2330 | tree old = si->nonzero_chars; |
2331 | si->nonzero_chars = lhs; |
2332 | si->full_string_p = true; |
2333 | if (old && TREE_CODE (old) == INTEGER_CST) |
2334 | { |
2335 | old = fold_convert_loc (loc, TREE_TYPE (lhs), old); |
2336 | tree adj = fold_build2_loc (loc, MINUS_EXPR, |
2337 | TREE_TYPE (lhs), lhs, old); |
2338 | adjust_related_strinfos (loc, origsi: si, adj); |
2339 | /* Use the constant minimum length as the lower bound |
2340 | of the non-constant length. */ |
2341 | wide_int min = wi::to_wide (t: old); |
2342 | wide_int max |
2343 | = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2; |
2344 | if (wi::gtu_p (x: min, y: max)) |
2345 | max = wi::to_wide (TYPE_MAX_VALUE (TREE_TYPE (lhs))); |
2346 | set_strlen_range (lhs, min, max); |
2347 | } |
2348 | else |
2349 | { |
2350 | si->first = 0; |
2351 | si->prev = 0; |
2352 | si->next = 0; |
2353 | } |
2354 | } |
2355 | return; |
2356 | } |
2357 | } |
2358 | if (idx) |
2359 | { |
2360 | if (!bound) |
2361 | { |
2362 | /* Only store the new length information for calls to strlen(), |
2363 | not for those to strnlen(). */ |
2364 | strinfo *si = new_strinfo (ptr: src, idx, nonzero_chars: lhs, full_string_p: true); |
2365 | set_strinfo (idx, si); |
2366 | find_equal_ptrs (ptr: src, idx); |
2367 | } |
2368 | |
2369 | /* For SRC that is an array of N elements, set LHS's range |
2370 | to [0, min (N, BOUND)]. A constant return value means |
2371 | the range would have consisted of a single value. In |
2372 | that case, fold the result into the returned constant. */ |
2373 | if (tree ret = maybe_set_strlen_range (lhs, src, bound)) |
2374 | if (TREE_CODE (ret) == INTEGER_CST) |
2375 | { |
2376 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2377 | { |
2378 | fprintf (stream: dump_file, format: "Optimizing: " ); |
2379 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
2380 | } |
2381 | if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (ret))) |
2382 | ret = fold_convert_loc (loc, TREE_TYPE (lhs), ret); |
2383 | gimplify_and_update_call_from_tree (&m_gsi, ret); |
2384 | stmt = gsi_stmt (i: m_gsi); |
2385 | update_stmt (s: stmt); |
2386 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2387 | { |
2388 | fprintf (stream: dump_file, format: "into: " ); |
2389 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
2390 | } |
2391 | } |
2392 | |
2393 | if (strlen_to_stridx && !bound) |
2394 | strlen_to_stridx->put (k: lhs, v: stridx_strlenloc (idx, loc)); |
2395 | } |
2396 | } |
2397 | |
2398 | /* Handle a strchr call. If strlen of the first argument is known, replace |
2399 | the strchr (x, 0) call with the endptr or x + strlen, otherwise remember |
2400 | that lhs of the call is endptr and strlen of the argument is endptr - x. */ |
2401 | |
2402 | void |
2403 | strlen_pass::handle_builtin_strchr () |
2404 | { |
2405 | gimple *stmt = gsi_stmt (i: m_gsi); |
2406 | tree lhs = gimple_call_lhs (gs: stmt); |
2407 | |
2408 | if (lhs == NULL_TREE) |
2409 | return; |
2410 | |
2411 | if (!integer_zerop (gimple_call_arg (gs: stmt, index: 1))) |
2412 | return; |
2413 | |
2414 | tree src = gimple_call_arg (gs: stmt, index: 0); |
2415 | |
2416 | /* Avoid folding if the first argument is not a nul-terminated array. |
2417 | Defer warning until later. */ |
2418 | if (!check_nul_terminated_array (NULL_TREE, src)) |
2419 | return; |
2420 | |
2421 | int idx = get_stridx (exp: src, stmt); |
2422 | if (idx) |
2423 | { |
2424 | strinfo *si = NULL; |
2425 | tree rhs; |
2426 | |
2427 | if (idx < 0) |
2428 | rhs = build_int_cst (size_type_node, ~idx); |
2429 | else |
2430 | { |
2431 | rhs = NULL_TREE; |
2432 | si = get_strinfo (idx); |
2433 | if (si != NULL) |
2434 | rhs = get_string_length (si); |
2435 | } |
2436 | if (rhs != NULL_TREE) |
2437 | { |
2438 | location_t loc = gimple_location (g: stmt); |
2439 | |
2440 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2441 | { |
2442 | fprintf (stream: dump_file, format: "Optimizing: " ); |
2443 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
2444 | } |
2445 | if (si != NULL && si->endptr != NULL_TREE) |
2446 | { |
2447 | rhs = unshare_expr (si->endptr); |
2448 | if (!useless_type_conversion_p (TREE_TYPE (lhs), |
2449 | TREE_TYPE (rhs))) |
2450 | rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs); |
2451 | } |
2452 | else |
2453 | { |
2454 | rhs = fold_convert_loc (loc, sizetype, unshare_expr (rhs)); |
2455 | rhs = fold_build2_loc (loc, POINTER_PLUS_EXPR, |
2456 | TREE_TYPE (src), src, rhs); |
2457 | if (!useless_type_conversion_p (TREE_TYPE (lhs), |
2458 | TREE_TYPE (rhs))) |
2459 | rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs); |
2460 | } |
2461 | gimplify_and_update_call_from_tree (&m_gsi, rhs); |
2462 | stmt = gsi_stmt (i: m_gsi); |
2463 | update_stmt (s: stmt); |
2464 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2465 | { |
2466 | fprintf (stream: dump_file, format: "into: " ); |
2467 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
2468 | } |
2469 | if (si != NULL |
2470 | && si->endptr == NULL_TREE |
2471 | && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs)) |
2472 | { |
2473 | si = unshare_strinfo (si); |
2474 | si->endptr = lhs; |
2475 | } |
2476 | zero_length_string (ptr: lhs, chainsi: si); |
2477 | return; |
2478 | } |
2479 | } |
2480 | if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs)) |
2481 | return; |
2482 | if (TREE_CODE (src) != SSA_NAME || !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src)) |
2483 | { |
2484 | if (idx == 0) |
2485 | idx = new_stridx (exp: src); |
2486 | else if (get_strinfo (idx) != NULL) |
2487 | { |
2488 | zero_length_string (ptr: lhs, NULL); |
2489 | return; |
2490 | } |
2491 | if (idx) |
2492 | { |
2493 | location_t loc = gimple_location (g: stmt); |
2494 | tree lhsu = fold_convert_loc (loc, size_type_node, lhs); |
2495 | tree srcu = fold_convert_loc (loc, size_type_node, src); |
2496 | tree length = fold_build2_loc (loc, MINUS_EXPR, |
2497 | size_type_node, lhsu, srcu); |
2498 | strinfo *si = new_strinfo (ptr: src, idx, nonzero_chars: length, full_string_p: true); |
2499 | si->endptr = lhs; |
2500 | set_strinfo (idx, si); |
2501 | find_equal_ptrs (ptr: src, idx); |
2502 | zero_length_string (ptr: lhs, chainsi: si); |
2503 | } |
2504 | } |
2505 | else |
2506 | zero_length_string (ptr: lhs, NULL); |
2507 | } |
2508 | |
2509 | /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call. |
2510 | If strlen of the second argument is known, strlen of the first argument |
2511 | is the same after this call. Furthermore, attempt to convert it to |
2512 | memcpy. Uses RVALS to determine range information. */ |
2513 | |
2514 | void |
2515 | strlen_pass::handle_builtin_strcpy (built_in_function bcode) |
2516 | { |
2517 | int idx, didx; |
2518 | tree src, dst, srclen, len, lhs, type, fn, oldlen; |
2519 | bool success; |
2520 | gimple *stmt = gsi_stmt (i: m_gsi); |
2521 | strinfo *si, *dsi, *olddsi, *zsi; |
2522 | location_t loc; |
2523 | |
2524 | src = gimple_call_arg (gs: stmt, index: 1); |
2525 | dst = gimple_call_arg (gs: stmt, index: 0); |
2526 | lhs = gimple_call_lhs (gs: stmt); |
2527 | idx = get_stridx (exp: src, stmt); |
2528 | si = NULL; |
2529 | if (idx > 0) |
2530 | si = get_strinfo (idx); |
2531 | |
2532 | didx = get_stridx (exp: dst, stmt); |
2533 | olddsi = NULL; |
2534 | oldlen = NULL_TREE; |
2535 | if (didx > 0) |
2536 | olddsi = get_strinfo (idx: didx); |
2537 | else if (didx < 0) |
2538 | return; |
2539 | |
2540 | if (olddsi != NULL) |
2541 | adjust_last_stmt (si: olddsi, stmt, is_strcat: false); |
2542 | |
2543 | srclen = NULL_TREE; |
2544 | if (si != NULL) |
2545 | srclen = get_string_length (si); |
2546 | else if (idx < 0) |
2547 | srclen = build_int_cst (size_type_node, ~idx); |
2548 | |
2549 | maybe_warn_overflow (stmt, call_lhs: false, len: srclen, si: olddsi, plus_one: true); |
2550 | |
2551 | if (olddsi != NULL) |
2552 | adjust_last_stmt (si: olddsi, stmt, is_strcat: false); |
2553 | |
2554 | loc = gimple_location (g: stmt); |
2555 | if (srclen == NULL_TREE) |
2556 | switch (bcode) |
2557 | { |
2558 | case BUILT_IN_STRCPY: |
2559 | case BUILT_IN_STRCPY_CHK: |
2560 | if (lhs != NULL_TREE || !builtin_decl_implicit_p (fncode: BUILT_IN_STPCPY)) |
2561 | return; |
2562 | break; |
2563 | case BUILT_IN_STPCPY: |
2564 | case BUILT_IN_STPCPY_CHK: |
2565 | if (lhs == NULL_TREE) |
2566 | return; |
2567 | else |
2568 | { |
2569 | tree lhsuint = fold_convert_loc (loc, size_type_node, lhs); |
2570 | srclen = fold_convert_loc (loc, size_type_node, dst); |
2571 | srclen = fold_build2_loc (loc, MINUS_EXPR, size_type_node, |
2572 | lhsuint, srclen); |
2573 | } |
2574 | break; |
2575 | default: |
2576 | gcc_unreachable (); |
2577 | } |
2578 | |
2579 | if (didx == 0) |
2580 | { |
2581 | didx = new_stridx (exp: dst); |
2582 | if (didx == 0) |
2583 | return; |
2584 | } |
2585 | if (olddsi != NULL) |
2586 | { |
2587 | oldlen = olddsi->nonzero_chars; |
2588 | dsi = unshare_strinfo (si: olddsi); |
2589 | dsi->nonzero_chars = srclen; |
2590 | dsi->full_string_p = (srclen != NULL_TREE); |
2591 | /* Break the chain, so adjust_related_strinfo on later pointers in |
2592 | the chain won't adjust this one anymore. */ |
2593 | dsi->next = 0; |
2594 | dsi->stmt = NULL; |
2595 | dsi->endptr = NULL_TREE; |
2596 | } |
2597 | else |
2598 | { |
2599 | dsi = new_strinfo (ptr: dst, idx: didx, nonzero_chars: srclen, full_string_p: srclen != NULL_TREE); |
2600 | set_strinfo (idx: didx, si: dsi); |
2601 | find_equal_ptrs (ptr: dst, idx: didx); |
2602 | } |
2603 | dsi->writable = true; |
2604 | dsi->dont_invalidate = true; |
2605 | |
2606 | if (dsi->nonzero_chars == NULL_TREE) |
2607 | { |
2608 | strinfo *chainsi; |
2609 | |
2610 | /* If string length of src is unknown, use delayed length |
2611 | computation. If string length of dst will be needed, it |
2612 | can be computed by transforming this strcpy call into |
2613 | stpcpy and subtracting dst from the return value. */ |
2614 | |
2615 | /* Look for earlier strings whose length could be determined if |
2616 | this strcpy is turned into an stpcpy. */ |
2617 | |
2618 | if (dsi->prev != 0 && (chainsi = verify_related_strinfos (origsi: dsi)) != NULL) |
2619 | { |
2620 | for (; chainsi && chainsi != dsi; chainsi = get_strinfo (idx: chainsi->next)) |
2621 | { |
2622 | /* When setting a stmt for delayed length computation |
2623 | prevent all strinfos through dsi from being |
2624 | invalidated. */ |
2625 | chainsi = unshare_strinfo (si: chainsi); |
2626 | chainsi->stmt = stmt; |
2627 | chainsi->nonzero_chars = NULL_TREE; |
2628 | chainsi->full_string_p = false; |
2629 | chainsi->endptr = NULL_TREE; |
2630 | chainsi->dont_invalidate = true; |
2631 | } |
2632 | } |
2633 | dsi->stmt = stmt; |
2634 | |
2635 | /* Try to detect overlap before returning. This catches cases |
2636 | like strcpy (d, d + n) where n is non-constant whose range |
2637 | is such that (n <= strlen (d) holds). |
2638 | |
2639 | OLDDSI->NONZERO_chars may have been reset by this point with |
2640 | oldlen holding it original value. */ |
2641 | if (olddsi && oldlen) |
2642 | { |
2643 | /* Add 1 for the terminating NUL. */ |
2644 | tree type = TREE_TYPE (oldlen); |
2645 | oldlen = fold_build2 (PLUS_EXPR, type, oldlen, |
2646 | build_int_cst (type, 1)); |
2647 | check_bounds_or_overlap (stmt, olddsi->ptr, src, oldlen, NULL_TREE); |
2648 | } |
2649 | |
2650 | return; |
2651 | } |
2652 | |
2653 | if (olddsi != NULL) |
2654 | { |
2655 | tree adj = NULL_TREE; |
2656 | if (oldlen == NULL_TREE) |
2657 | ; |
2658 | else if (integer_zerop (oldlen)) |
2659 | adj = srclen; |
2660 | else if (TREE_CODE (oldlen) == INTEGER_CST |
2661 | || TREE_CODE (srclen) == INTEGER_CST) |
2662 | adj = fold_build2_loc (loc, MINUS_EXPR, |
2663 | TREE_TYPE (srclen), srclen, |
2664 | fold_convert_loc (loc, TREE_TYPE (srclen), |
2665 | oldlen)); |
2666 | if (adj != NULL_TREE) |
2667 | adjust_related_strinfos (loc, origsi: dsi, adj); |
2668 | else |
2669 | dsi->prev = 0; |
2670 | } |
2671 | /* strcpy src may not overlap dst, so src doesn't need to be |
2672 | invalidated either. */ |
2673 | if (si != NULL) |
2674 | si->dont_invalidate = true; |
2675 | |
2676 | fn = NULL_TREE; |
2677 | zsi = NULL; |
2678 | switch (bcode) |
2679 | { |
2680 | case BUILT_IN_STRCPY: |
2681 | fn = builtin_decl_implicit (fncode: BUILT_IN_MEMCPY); |
2682 | if (lhs) |
2683 | ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx; |
2684 | break; |
2685 | case BUILT_IN_STRCPY_CHK: |
2686 | fn = builtin_decl_explicit (fncode: BUILT_IN_MEMCPY_CHK); |
2687 | if (lhs) |
2688 | ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx; |
2689 | break; |
2690 | case BUILT_IN_STPCPY: |
2691 | /* This would need adjustment of the lhs (subtract one), |
2692 | or detection that the trailing '\0' doesn't need to be |
2693 | written, if it will be immediately overwritten. |
2694 | fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */ |
2695 | if (lhs) |
2696 | { |
2697 | dsi->endptr = lhs; |
2698 | zsi = zero_length_string (ptr: lhs, chainsi: dsi); |
2699 | } |
2700 | break; |
2701 | case BUILT_IN_STPCPY_CHK: |
2702 | /* This would need adjustment of the lhs (subtract one), |
2703 | or detection that the trailing '\0' doesn't need to be |
2704 | written, if it will be immediately overwritten. |
2705 | fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */ |
2706 | if (lhs) |
2707 | { |
2708 | dsi->endptr = lhs; |
2709 | zsi = zero_length_string (ptr: lhs, chainsi: dsi); |
2710 | } |
2711 | break; |
2712 | default: |
2713 | gcc_unreachable (); |
2714 | } |
2715 | if (zsi != NULL) |
2716 | zsi->dont_invalidate = true; |
2717 | |
2718 | if (fn) |
2719 | { |
2720 | tree args = TYPE_ARG_TYPES (TREE_TYPE (fn)); |
2721 | type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args))); |
2722 | } |
2723 | else |
2724 | type = size_type_node; |
2725 | |
2726 | len = fold_convert_loc (loc, type, unshare_expr (srclen)); |
2727 | len = fold_build2_loc (loc, PLUS_EXPR, type, len, build_int_cst (type, 1)); |
2728 | |
2729 | /* Disable warning for the transformed statement? */ |
2730 | opt_code no_warning_opt = no_warning; |
2731 | |
2732 | if (const strinfo *chksi = si ? olddsi ? olddsi : dsi : NULL) |
2733 | { |
2734 | no_warning_opt = check_bounds_or_overlap (stmt, chksi->ptr, si->ptr, |
2735 | NULL_TREE, len); |
2736 | if (no_warning_opt) |
2737 | suppress_warning (stmt, no_warning_opt); |
2738 | } |
2739 | |
2740 | if (fn == NULL_TREE) |
2741 | return; |
2742 | |
2743 | len = force_gimple_operand_gsi (&m_gsi, len, true, NULL_TREE, true, |
2744 | GSI_SAME_STMT); |
2745 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2746 | { |
2747 | fprintf (stream: dump_file, format: "Optimizing: " ); |
2748 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
2749 | } |
2750 | if (gimple_call_num_args (gs: stmt) == 2) |
2751 | success = update_gimple_call (&m_gsi, fn, 3, dst, src, len); |
2752 | else |
2753 | success = update_gimple_call (&m_gsi, fn, 4, dst, src, len, |
2754 | gimple_call_arg (gs: stmt, index: 2)); |
2755 | if (success) |
2756 | { |
2757 | stmt = gsi_stmt (i: m_gsi); |
2758 | update_stmt (s: stmt); |
2759 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2760 | { |
2761 | fprintf (stream: dump_file, format: "into: " ); |
2762 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
2763 | } |
2764 | /* Allow adjust_last_stmt to decrease this memcpy's size. */ |
2765 | laststmt.stmt = stmt; |
2766 | laststmt.len = srclen; |
2767 | laststmt.stridx = dsi->idx; |
2768 | } |
2769 | else if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
2770 | fprintf (stream: dump_file, format: "not possible.\n" ); |
2771 | |
2772 | if (no_warning_opt) |
2773 | suppress_warning (stmt, no_warning_opt); |
2774 | } |
2775 | |
2776 | /* Check the size argument to the built-in forms of stpncpy and strncpy |
2777 | for out-of-bounds offsets or overlapping access, and to see if the |
2778 | size argument is derived from a call to strlen() on the source argument, |
2779 | and if so, issue an appropriate warning. */ |
2780 | |
2781 | void |
2782 | strlen_pass::handle_builtin_strncat (built_in_function) |
2783 | { |
2784 | /* Same as stxncpy(). */ |
2785 | handle_builtin_stxncpy_strncat (append_p: true); |
2786 | } |
2787 | |
2788 | /* Return true if LEN depends on a call to strlen(SRC) in an interesting |
2789 | way. LEN can either be an integer expression, or a pointer (to char). |
2790 | When it is the latter (such as in recursive calls to self) it is |
2791 | assumed to be the argument in some call to strlen() whose relationship |
2792 | to SRC is being ascertained. */ |
2793 | |
2794 | bool |
2795 | is_strlen_related_p (tree src, tree len) |
2796 | { |
2797 | if (TREE_CODE (TREE_TYPE (len)) == POINTER_TYPE |
2798 | && operand_equal_p (src, len, flags: 0)) |
2799 | return true; |
2800 | |
2801 | if (TREE_CODE (len) != SSA_NAME) |
2802 | return false; |
2803 | |
2804 | if (TREE_CODE (src) == SSA_NAME) |
2805 | { |
2806 | gimple *srcdef = SSA_NAME_DEF_STMT (src); |
2807 | if (is_gimple_assign (gs: srcdef)) |
2808 | { |
2809 | /* Handle bitwise AND used in conversions from wider size_t |
2810 | to narrower unsigned types. */ |
2811 | tree_code code = gimple_assign_rhs_code (gs: srcdef); |
2812 | if (code == BIT_AND_EXPR |
2813 | || code == NOP_EXPR) |
2814 | return is_strlen_related_p (src: gimple_assign_rhs1 (gs: srcdef), len); |
2815 | |
2816 | return false; |
2817 | } |
2818 | |
2819 | if (gimple_call_builtin_p (srcdef, BUILT_IN_NORMAL)) |
2820 | { |
2821 | /* If SRC is the result of a call to an allocation function |
2822 | or strlen, use the function's argument instead. */ |
2823 | tree func = gimple_call_fndecl (gs: srcdef); |
2824 | built_in_function code = DECL_FUNCTION_CODE (decl: func); |
2825 | if (code == BUILT_IN_ALLOCA |
2826 | || code == BUILT_IN_ALLOCA_WITH_ALIGN |
2827 | || code == BUILT_IN_MALLOC |
2828 | || code == BUILT_IN_STRLEN) |
2829 | return is_strlen_related_p (src: gimple_call_arg (gs: srcdef, index: 0), len); |
2830 | |
2831 | /* FIXME: Handle other functions with attribute alloc_size. */ |
2832 | return false; |
2833 | } |
2834 | } |
2835 | |
2836 | gimple *lendef = SSA_NAME_DEF_STMT (len); |
2837 | if (!lendef) |
2838 | return false; |
2839 | |
2840 | if (is_gimple_call (gs: lendef)) |
2841 | { |
2842 | tree func = gimple_call_fndecl (gs: lendef); |
2843 | if (!valid_builtin_call (stmt: lendef) |
2844 | || DECL_FUNCTION_CODE (decl: func) != BUILT_IN_STRLEN) |
2845 | return false; |
2846 | |
2847 | tree arg = gimple_call_arg (gs: lendef, index: 0); |
2848 | return is_strlen_related_p (src, len: arg); |
2849 | } |
2850 | |
2851 | if (!is_gimple_assign (gs: lendef)) |
2852 | return false; |
2853 | |
2854 | tree_code code = gimple_assign_rhs_code (gs: lendef); |
2855 | tree rhs1 = gimple_assign_rhs1 (gs: lendef); |
2856 | tree rhstype = TREE_TYPE (rhs1); |
2857 | |
2858 | if ((TREE_CODE (rhstype) == POINTER_TYPE && code == POINTER_PLUS_EXPR) |
2859 | || (INTEGRAL_TYPE_P (rhstype) |
2860 | && (code == BIT_AND_EXPR |
2861 | || code == NOP_EXPR))) |
2862 | { |
2863 | /* Pointer plus (an integer), and truncation are considered among |
2864 | the (potentially) related expressions to strlen. */ |
2865 | return is_strlen_related_p (src, len: rhs1); |
2866 | } |
2867 | |
2868 | if (tree rhs2 = gimple_assign_rhs2 (gs: lendef)) |
2869 | { |
2870 | /* Integer subtraction is considered strlen-related when both |
2871 | arguments are integers and second one is strlen-related. */ |
2872 | rhstype = TREE_TYPE (rhs2); |
2873 | if (INTEGRAL_TYPE_P (rhstype) && code == MINUS_EXPR) |
2874 | return is_strlen_related_p (src, len: rhs2); |
2875 | } |
2876 | |
2877 | return false; |
2878 | } |
2879 | |
2880 | /* Called by handle_builtin_stxncpy_strncat and by |
2881 | gimple_fold_builtin_strncpy in gimple-fold.cc. |
2882 | Check to see if the specified bound is a) equal to the size of |
2883 | the destination DST and if so, b) if it's immediately followed by |
2884 | DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise, |
2885 | do nothing. Return true if diagnostic has been issued. |
2886 | |
2887 | The purpose is to diagnose calls to strncpy and stpncpy that do |
2888 | not nul-terminate the copy while allowing for the idiom where |
2889 | such a call is immediately followed by setting the last element |
2890 | to nul, as in: |
2891 | char a[32]; |
2892 | strncpy (a, s, sizeof a); |
2893 | a[sizeof a - 1] = '\0'; |
2894 | */ |
2895 | |
2896 | bool |
2897 | maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi, tree src, tree cnt, |
2898 | pointer_query *ptr_qry /* = NULL */) |
2899 | { |
2900 | gimple *stmt = gsi_stmt (i: gsi); |
2901 | if (warning_suppressed_p (stmt, OPT_Wstringop_truncation)) |
2902 | return false; |
2903 | |
2904 | wide_int cntrange[2]; |
2905 | value_range r; |
2906 | if (!get_range_query (cfun)->range_of_expr (r, expr: cnt) |
2907 | || r.varying_p () |
2908 | || r.undefined_p ()) |
2909 | return false; |
2910 | |
2911 | tree min, max; |
2912 | value_range_kind kind = get_legacy_range (r, min, max); |
2913 | cntrange[0] = wi::to_wide (t: min); |
2914 | cntrange[1] = wi::to_wide (t: max); |
2915 | if (kind == VR_ANTI_RANGE) |
2916 | { |
2917 | wide_int maxobjsize = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)); |
2918 | |
2919 | if (wi::ltu_p (x: cntrange[1], y: maxobjsize)) |
2920 | { |
2921 | cntrange[0] = cntrange[1] + 1; |
2922 | cntrange[1] = maxobjsize; |
2923 | } |
2924 | else |
2925 | { |
2926 | cntrange[1] = cntrange[0] - 1; |
2927 | cntrange[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt))); |
2928 | } |
2929 | } |
2930 | |
2931 | /* Negative value is the constant string length. If it's less than |
2932 | the lower bound there is no truncation. Avoid calling get_stridx() |
2933 | when ssa_ver_to_stridx is empty. That implies the caller isn't |
2934 | running under the control of this pass and ssa_ver_to_stridx hasn't |
2935 | been created yet. */ |
2936 | int sidx = ssa_ver_to_stridx.length () ? get_stridx (exp: src, stmt) : 0; |
2937 | if (sidx < 0 && wi::gtu_p (x: cntrange[0], y: ~sidx)) |
2938 | return false; |
2939 | |
2940 | tree dst = gimple_call_arg (gs: stmt, index: 0); |
2941 | tree dstdecl = dst; |
2942 | if (TREE_CODE (dstdecl) == ADDR_EXPR) |
2943 | dstdecl = TREE_OPERAND (dstdecl, 0); |
2944 | |
2945 | tree ref = NULL_TREE; |
2946 | |
2947 | if (!sidx) |
2948 | { |
2949 | /* If the source is a non-string return early to avoid warning |
2950 | for possible truncation (if the truncation is certain SIDX |
2951 | is non-zero). */ |
2952 | tree srcdecl = gimple_call_arg (gs: stmt, index: 1); |
2953 | if (TREE_CODE (srcdecl) == ADDR_EXPR) |
2954 | srcdecl = TREE_OPERAND (srcdecl, 0); |
2955 | if (get_attr_nonstring_decl (srcdecl, &ref)) |
2956 | return false; |
2957 | } |
2958 | |
2959 | /* Likewise, if the destination refers to an array/pointer declared |
2960 | nonstring return early. */ |
2961 | if (get_attr_nonstring_decl (dstdecl, &ref)) |
2962 | return false; |
2963 | |
2964 | /* Look for dst[i] = '\0'; after the stxncpy() call and if found |
2965 | avoid the truncation warning. */ |
2966 | gsi_next_nondebug (i: &gsi); |
2967 | gimple *next_stmt = gsi_stmt (i: gsi); |
2968 | if (!next_stmt) |
2969 | { |
2970 | /* When there is no statement in the same basic block check |
2971 | the immediate successor block. */ |
2972 | if (basic_block bb = gimple_bb (g: stmt)) |
2973 | { |
2974 | if (single_succ_p (bb)) |
2975 | { |
2976 | /* For simplicity, ignore blocks with multiple outgoing |
2977 | edges for now and only consider successor blocks along |
2978 | normal edges. */ |
2979 | edge e = EDGE_SUCC (bb, 0); |
2980 | if (!(e->flags & EDGE_ABNORMAL)) |
2981 | { |
2982 | gsi = gsi_start_bb (bb: e->dest); |
2983 | next_stmt = gsi_stmt (i: gsi); |
2984 | if (next_stmt && is_gimple_debug (gs: next_stmt)) |
2985 | { |
2986 | gsi_next_nondebug (i: &gsi); |
2987 | next_stmt = gsi_stmt (i: gsi); |
2988 | } |
2989 | } |
2990 | } |
2991 | } |
2992 | } |
2993 | |
2994 | if (next_stmt && is_gimple_assign (gs: next_stmt)) |
2995 | { |
2996 | tree lhs = gimple_assign_lhs (gs: next_stmt); |
2997 | tree_code code = TREE_CODE (lhs); |
2998 | if (code == ARRAY_REF || code == MEM_REF) |
2999 | lhs = TREE_OPERAND (lhs, 0); |
3000 | |
3001 | tree func = gimple_call_fndecl (gs: stmt); |
3002 | if (DECL_FUNCTION_CODE (decl: func) == BUILT_IN_STPNCPY) |
3003 | { |
3004 | tree ret = gimple_call_lhs (gs: stmt); |
3005 | if (ret && operand_equal_p (ret, lhs, flags: 0)) |
3006 | return false; |
3007 | } |
3008 | |
3009 | /* Determine the base address and offset of the reference, |
3010 | ignoring the innermost array index. */ |
3011 | if (TREE_CODE (ref) == ARRAY_REF) |
3012 | ref = TREE_OPERAND (ref, 0); |
3013 | |
3014 | poly_int64 dstoff; |
3015 | tree dstbase = get_addr_base_and_unit_offset (ref, &dstoff); |
3016 | |
3017 | poly_int64 lhsoff; |
3018 | tree lhsbase = get_addr_base_and_unit_offset (lhs, &lhsoff); |
3019 | if (lhsbase |
3020 | && dstbase |
3021 | && known_eq (dstoff, lhsoff) |
3022 | && operand_equal_p (dstbase, lhsbase, flags: 0)) |
3023 | return false; |
3024 | } |
3025 | |
3026 | int prec = TYPE_PRECISION (TREE_TYPE (cnt)); |
3027 | wide_int lenrange[2]; |
3028 | if (strinfo *sisrc = sidx > 0 ? get_strinfo (idx: sidx) : NULL) |
3029 | { |
3030 | lenrange[0] = (sisrc->nonzero_chars |
3031 | && TREE_CODE (sisrc->nonzero_chars) == INTEGER_CST |
3032 | ? wi::to_wide (t: sisrc->nonzero_chars) |
3033 | : wi::zero (precision: prec)); |
3034 | lenrange[1] = lenrange[0]; |
3035 | } |
3036 | else if (sidx < 0) |
3037 | lenrange[0] = lenrange[1] = wi::shwi (val: ~sidx, precision: prec); |
3038 | else |
3039 | { |
3040 | c_strlen_data lendata = { }; |
3041 | /* Set MAXBOUND to an arbitrary non-null non-integer node as a request |
3042 | to have it set to the length of the longest string in a PHI. */ |
3043 | lendata.maxbound = src; |
3044 | get_range_strlen (src, &lendata, /* eltsize = */1); |
3045 | if (TREE_CODE (lendata.minlen) == INTEGER_CST |
3046 | && TREE_CODE (lendata.maxbound) == INTEGER_CST) |
3047 | { |
3048 | /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN |
3049 | which stores the length of the shortest known string. */ |
3050 | if (integer_all_onesp (lendata.maxlen)) |
3051 | lenrange[0] = wi::shwi (val: 0, precision: prec); |
3052 | else |
3053 | lenrange[0] = wi::to_wide (t: lendata.minlen, prec); |
3054 | lenrange[1] = wi::to_wide (t: lendata.maxbound, prec); |
3055 | } |
3056 | else |
3057 | { |
3058 | lenrange[0] = wi::shwi (val: 0, precision: prec); |
3059 | lenrange[1] = wi::shwi (val: -1, precision: prec); |
3060 | } |
3061 | } |
3062 | |
3063 | location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst); |
3064 | tree func = gimple_call_fndecl (gs: stmt); |
3065 | |
3066 | if (lenrange[0] != 0 || !wi::neg_p (x: lenrange[1])) |
3067 | { |
3068 | /* If the longest source string is shorter than the lower bound |
3069 | of the specified count the copy is definitely nul-terminated. */ |
3070 | if (wi::ltu_p (x: lenrange[1], y: cntrange[0])) |
3071 | return false; |
3072 | |
3073 | if (wi::neg_p (x: lenrange[1])) |
3074 | { |
3075 | /* The length of one of the strings is unknown but at least |
3076 | one has non-zero length and that length is stored in |
3077 | LENRANGE[1]. Swap the bounds to force a "may be truncated" |
3078 | warning below. */ |
3079 | lenrange[1] = lenrange[0]; |
3080 | lenrange[0] = wi::shwi (val: 0, precision: prec); |
3081 | } |
3082 | |
3083 | /* Set to true for strncat whose bound is derived from the length |
3084 | of the destination (the expected usage pattern). */ |
3085 | bool cat_dstlen_bounded = false; |
3086 | if (DECL_FUNCTION_CODE (decl: func) == BUILT_IN_STRNCAT) |
3087 | cat_dstlen_bounded = is_strlen_related_p (src: dst, len: cnt); |
3088 | |
3089 | if (lenrange[0] == cntrange[1] && cntrange[0] == cntrange[1]) |
3090 | return warning_n (callloc, OPT_Wstringop_truncation, |
3091 | cntrange[0].to_uhwi (), |
3092 | "%qD output truncated before terminating " |
3093 | "nul copying %E byte from a string of the " |
3094 | "same length" , |
3095 | "%qD output truncated before terminating nul " |
3096 | "copying %E bytes from a string of the same " |
3097 | "length" , |
3098 | func, cnt); |
3099 | else if (!cat_dstlen_bounded) |
3100 | { |
3101 | if (wi::geu_p (x: lenrange[0], y: cntrange[1])) |
3102 | { |
3103 | /* The shortest string is longer than the upper bound of |
3104 | the count so the truncation is certain. */ |
3105 | if (cntrange[0] == cntrange[1]) |
3106 | return warning_n (callloc, OPT_Wstringop_truncation, |
3107 | cntrange[0].to_uhwi (), |
3108 | "%qD output truncated copying %E byte " |
3109 | "from a string of length %wu" , |
3110 | "%qD output truncated copying %E bytes " |
3111 | "from a string of length %wu" , |
3112 | func, cnt, lenrange[0].to_uhwi ()); |
3113 | |
3114 | return warning_at (callloc, OPT_Wstringop_truncation, |
3115 | "%qD output truncated copying between %wu " |
3116 | "and %wu bytes from a string of length %wu" , |
3117 | func, cntrange[0].to_uhwi (), |
3118 | cntrange[1].to_uhwi (), lenrange[0].to_uhwi ()); |
3119 | } |
3120 | else if (wi::geu_p (x: lenrange[1], y: cntrange[1])) |
3121 | { |
3122 | /* The longest string is longer than the upper bound of |
3123 | the count so the truncation is possible. */ |
3124 | if (cntrange[0] == cntrange[1]) |
3125 | return warning_n (callloc, OPT_Wstringop_truncation, |
3126 | cntrange[0].to_uhwi (), |
3127 | "%qD output may be truncated copying %E " |
3128 | "byte from a string of length %wu" , |
3129 | "%qD output may be truncated copying %E " |
3130 | "bytes from a string of length %wu" , |
3131 | func, cnt, lenrange[1].to_uhwi ()); |
3132 | |
3133 | return warning_at (callloc, OPT_Wstringop_truncation, |
3134 | "%qD output may be truncated copying between " |
3135 | "%wu and %wu bytes from a string of length %wu" , |
3136 | func, cntrange[0].to_uhwi (), |
3137 | cntrange[1].to_uhwi (), lenrange[1].to_uhwi ()); |
3138 | } |
3139 | } |
3140 | |
3141 | if (!cat_dstlen_bounded |
3142 | && cntrange[0] != cntrange[1] |
3143 | && wi::leu_p (x: cntrange[0], y: lenrange[0]) |
3144 | && wi::leu_p (x: cntrange[1], y: lenrange[0] + 1)) |
3145 | { |
3146 | /* If the source (including the terminating nul) is longer than |
3147 | the lower bound of the specified count but shorter than the |
3148 | upper bound the copy may (but need not) be truncated. */ |
3149 | return warning_at (callloc, OPT_Wstringop_truncation, |
3150 | "%qD output may be truncated copying between " |
3151 | "%wu and %wu bytes from a string of length %wu" , |
3152 | func, cntrange[0].to_uhwi (), |
3153 | cntrange[1].to_uhwi (), lenrange[0].to_uhwi ()); |
3154 | } |
3155 | } |
3156 | |
3157 | access_ref aref; |
3158 | if (tree dstsize = compute_objsize (dst, stmt, 1, &aref, ptr_qry)) |
3159 | { |
3160 | /* The source length is unknown. Try to determine the destination |
3161 | size and see if it matches the specified bound. If not, bail. |
3162 | Otherwise go on to see if it should be diagnosed for possible |
3163 | truncation. */ |
3164 | if (!dstsize) |
3165 | return false; |
3166 | |
3167 | if (wi::to_wide (t: dstsize) != cntrange[1]) |
3168 | return false; |
3169 | |
3170 | /* Avoid warning for strncpy(a, b, N) calls where the following |
3171 | equalities hold: |
3172 | N == sizeof a && N == sizeof b */ |
3173 | if (tree srcsize = compute_objsize (src, stmt, 1, &aref, ptr_qry)) |
3174 | if (wi::to_wide (t: srcsize) == cntrange[1]) |
3175 | return false; |
3176 | |
3177 | if (cntrange[0] == cntrange[1]) |
3178 | return warning_at (callloc, OPT_Wstringop_truncation, |
3179 | "%qD specified bound %E equals destination size" , |
3180 | func, cnt); |
3181 | } |
3182 | |
3183 | return false; |
3184 | } |
3185 | |
3186 | /* Check the arguments to the built-in forms of stpncpy, strncpy, and |
3187 | strncat, for out-of-bounds offsets or overlapping access, and to see |
3188 | if the size is derived from calling strlen() on the source argument, |
3189 | and if so, issue the appropriate warning. |
3190 | APPEND_P is true for strncat. */ |
3191 | |
3192 | void |
3193 | strlen_pass::handle_builtin_stxncpy_strncat (bool append_p) |
3194 | { |
3195 | if (!strlen_to_stridx) |
3196 | return; |
3197 | |
3198 | gimple *stmt = gsi_stmt (i: m_gsi); |
3199 | |
3200 | tree dst = gimple_call_arg (gs: stmt, index: 0); |
3201 | tree src = gimple_call_arg (gs: stmt, index: 1); |
3202 | tree len = gimple_call_arg (gs: stmt, index: 2); |
3203 | /* An upper bound of the size of the destination. */ |
3204 | tree dstsize = NULL_TREE; |
3205 | /* The length of the destination and source strings (plus 1 for those |
3206 | whose FULL_STRING_P is set, i.e., whose length is exact rather than |
3207 | a lower bound). */ |
3208 | tree dstlenp1 = NULL_TREE, srclenp1 = NULL_TREE;; |
3209 | |
3210 | int didx = get_stridx (exp: dst, stmt); |
3211 | if (strinfo *sidst = didx > 0 ? get_strinfo (idx: didx) : NULL) |
3212 | { |
3213 | /* Compute the size of the destination string including the nul |
3214 | if it is known to be nul-terminated. */ |
3215 | if (sidst->nonzero_chars) |
3216 | { |
3217 | if (sidst->full_string_p) |
3218 | { |
3219 | /* String is known to be nul-terminated. */ |
3220 | tree type = TREE_TYPE (sidst->nonzero_chars); |
3221 | dstlenp1 = fold_build2 (PLUS_EXPR, type, sidst->nonzero_chars, |
3222 | build_int_cst (type, 1)); |
3223 | } |
3224 | else |
3225 | dstlenp1 = sidst->nonzero_chars; |
3226 | } |
3227 | else if (TREE_CODE (sidst->ptr) == SSA_NAME) |
3228 | { |
3229 | gimple *def_stmt = SSA_NAME_DEF_STMT (sidst->ptr); |
3230 | dstsize = gimple_call_alloc_size (def_stmt); |
3231 | } |
3232 | |
3233 | dst = sidst->ptr; |
3234 | } |
3235 | |
3236 | int sidx = get_stridx (exp: src, stmt); |
3237 | strinfo *sisrc = sidx > 0 ? get_strinfo (idx: sidx) : NULL; |
3238 | if (sisrc) |
3239 | { |
3240 | /* strncat() and strncpy() can modify the source string by writing |
3241 | over the terminating nul so SISRC->DONT_INVALIDATE must be left |
3242 | clear. */ |
3243 | |
3244 | /* Compute the size of the source string including the terminating |
3245 | nul if its known to be nul-terminated. */ |
3246 | if (sisrc->nonzero_chars) |
3247 | { |
3248 | if (sisrc->full_string_p) |
3249 | { |
3250 | tree type = TREE_TYPE (sisrc->nonzero_chars); |
3251 | srclenp1 = fold_build2 (PLUS_EXPR, type, sisrc->nonzero_chars, |
3252 | build_int_cst (type, 1)); |
3253 | } |
3254 | else |
3255 | srclenp1 = sisrc->nonzero_chars; |
3256 | } |
3257 | |
3258 | src = sisrc->ptr; |
3259 | } |
3260 | else |
3261 | srclenp1 = NULL_TREE; |
3262 | |
3263 | opt_code opt = check_bounds_or_overlap (stmt, dst, src, dstlenp1, srclenp1); |
3264 | if (opt != no_warning) |
3265 | { |
3266 | suppress_warning (stmt, opt); |
3267 | return; |
3268 | } |
3269 | |
3270 | /* If the length argument was computed from strlen(S) for some string |
3271 | S retrieve the strinfo index for the string (PSS->FIRST) along with |
3272 | the location of the strlen() call (PSS->SECOND). */ |
3273 | stridx_strlenloc *pss = strlen_to_stridx->get (k: len); |
3274 | if (!pss || pss->first <= 0) |
3275 | { |
3276 | if (maybe_diag_stxncpy_trunc (gsi: m_gsi, src, cnt: len)) |
3277 | suppress_warning (stmt, OPT_Wstringop_truncation); |
3278 | |
3279 | return; |
3280 | } |
3281 | |
3282 | /* Retrieve the strinfo data for the string S that LEN was computed |
3283 | from as some function F of strlen (S) (i.e., LEN need not be equal |
3284 | to strlen(S)). */ |
3285 | strinfo *silen = get_strinfo (idx: pss->first); |
3286 | |
3287 | location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst); |
3288 | |
3289 | tree func = gimple_call_fndecl (gs: stmt); |
3290 | |
3291 | bool warned = false; |
3292 | |
3293 | /* When -Wstringop-truncation is set, try to determine truncation |
3294 | before diagnosing possible overflow. Truncation is implied by |
3295 | the LEN argument being equal to strlen(SRC), regardless of |
3296 | whether its value is known. Otherwise, when appending, or |
3297 | when copying into a destination of known size, issue the more |
3298 | generic -Wstringop-overflow which triggers for LEN arguments |
3299 | that in any meaningful way depend on strlen(SRC). */ |
3300 | if (!append_p |
3301 | && sisrc == silen |
3302 | && is_strlen_related_p (src, len) |
3303 | && warning_at (callloc, OPT_Wstringop_truncation, |
3304 | "%qD output truncated before terminating nul " |
3305 | "copying as many bytes from a string as its length" , |
3306 | func)) |
3307 | warned = true; |
3308 | else if ((append_p || !dstsize || len == dstlenp1) |
3309 | && silen && is_strlen_related_p (src, len: silen->ptr)) |
3310 | { |
3311 | /* Issue -Wstringop-overflow when appending or when writing into |
3312 | a destination of a known size. Otherwise, when copying into |
3313 | a destination of an unknown size, it's truncation. */ |
3314 | opt_code opt = (append_p || dstsize |
3315 | ? OPT_Wstringop_overflow_ : OPT_Wstringop_truncation); |
3316 | warned = warning_at (callloc, opt, |
3317 | "%qD specified bound depends on the length " |
3318 | "of the source argument" , |
3319 | func); |
3320 | } |
3321 | if (warned) |
3322 | { |
3323 | location_t strlenloc = pss->second; |
3324 | if (strlenloc != UNKNOWN_LOCATION && strlenloc != callloc) |
3325 | inform (strlenloc, "length computed here" ); |
3326 | } |
3327 | } |
3328 | |
3329 | /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call. |
3330 | If strlen of the second argument is known and length of the third argument |
3331 | is that plus one, strlen of the first argument is the same after this |
3332 | call. Uses RVALS to determine range information. */ |
3333 | |
3334 | void |
3335 | strlen_pass::handle_builtin_memcpy (built_in_function bcode) |
3336 | { |
3337 | tree lhs, oldlen, newlen; |
3338 | gimple *stmt = gsi_stmt (i: m_gsi); |
3339 | strinfo *si, *dsi; |
3340 | |
3341 | tree len = gimple_call_arg (gs: stmt, index: 2); |
3342 | tree src = gimple_call_arg (gs: stmt, index: 1); |
3343 | tree dst = gimple_call_arg (gs: stmt, index: 0); |
3344 | |
3345 | int didx = get_stridx (exp: dst, stmt); |
3346 | strinfo *olddsi = NULL; |
3347 | if (didx > 0) |
3348 | olddsi = get_strinfo (idx: didx); |
3349 | else if (didx < 0) |
3350 | return; |
3351 | |
3352 | if (olddsi != NULL |
3353 | && !integer_zerop (len)) |
3354 | { |
3355 | maybe_warn_overflow (stmt, call_lhs: false, len, si: olddsi, plus_one: false, rawmem: true); |
3356 | if (tree_fits_uhwi_p (len)) |
3357 | adjust_last_stmt (si: olddsi, stmt, is_strcat: false); |
3358 | } |
3359 | |
3360 | int idx = get_stridx (exp: src, stmt); |
3361 | if (idx == 0) |
3362 | return; |
3363 | |
3364 | bool full_string_p; |
3365 | if (idx > 0) |
3366 | { |
3367 | gimple *def_stmt; |
3368 | |
3369 | /* Handle memcpy (x, y, l) where l's relationship with strlen (y) |
3370 | is known. */ |
3371 | si = get_strinfo (idx); |
3372 | if (si == NULL || si->nonzero_chars == NULL_TREE) |
3373 | return; |
3374 | if (TREE_CODE (len) == INTEGER_CST |
3375 | && TREE_CODE (si->nonzero_chars) == INTEGER_CST) |
3376 | { |
3377 | if (tree_int_cst_le (t1: len, t2: si->nonzero_chars)) |
3378 | { |
3379 | /* Copying LEN nonzero characters, where LEN is constant. */ |
3380 | newlen = len; |
3381 | full_string_p = false; |
3382 | } |
3383 | else |
3384 | { |
3385 | /* Copying the whole of the analyzed part of SI. */ |
3386 | newlen = si->nonzero_chars; |
3387 | full_string_p = si->full_string_p; |
3388 | } |
3389 | } |
3390 | else |
3391 | { |
3392 | if (!si->full_string_p) |
3393 | return; |
3394 | if (TREE_CODE (len) != SSA_NAME) |
3395 | return; |
3396 | def_stmt = SSA_NAME_DEF_STMT (len); |
3397 | if (!is_gimple_assign (gs: def_stmt) |
3398 | || gimple_assign_rhs_code (gs: def_stmt) != PLUS_EXPR |
3399 | || gimple_assign_rhs1 (gs: def_stmt) != si->nonzero_chars |
3400 | || !integer_onep (gimple_assign_rhs2 (gs: def_stmt))) |
3401 | return; |
3402 | /* Copying variable-length string SI (and no more). */ |
3403 | newlen = si->nonzero_chars; |
3404 | full_string_p = true; |
3405 | } |
3406 | } |
3407 | else |
3408 | { |
3409 | si = NULL; |
3410 | /* Handle memcpy (x, "abcd", 5) or |
3411 | memcpy (x, "abc\0uvw", 7). */ |
3412 | if (!tree_fits_uhwi_p (len)) |
3413 | return; |
3414 | |
3415 | unsigned HOST_WIDE_INT clen = tree_to_uhwi (len); |
3416 | unsigned HOST_WIDE_INT nonzero_chars = ~idx; |
3417 | newlen = build_int_cst (size_type_node, MIN (nonzero_chars, clen)); |
3418 | full_string_p = clen > nonzero_chars; |
3419 | } |
3420 | |
3421 | if (!full_string_p |
3422 | && olddsi |
3423 | && olddsi->nonzero_chars |
3424 | && TREE_CODE (olddsi->nonzero_chars) == INTEGER_CST |
3425 | && tree_int_cst_le (t1: newlen, t2: olddsi->nonzero_chars)) |
3426 | { |
3427 | /* The SRC substring being written strictly overlaps |
3428 | a subsequence of the existing string OLDDSI. */ |
3429 | newlen = olddsi->nonzero_chars; |
3430 | full_string_p = olddsi->full_string_p; |
3431 | } |
3432 | |
3433 | if (olddsi != NULL && TREE_CODE (len) == SSA_NAME) |
3434 | adjust_last_stmt (si: olddsi, stmt, is_strcat: false); |
3435 | |
3436 | if (didx == 0) |
3437 | { |
3438 | didx = new_stridx (exp: dst); |
3439 | if (didx == 0) |
3440 | return; |
3441 | } |
3442 | oldlen = NULL_TREE; |
3443 | if (olddsi != NULL) |
3444 | { |
3445 | dsi = unshare_strinfo (si: olddsi); |
3446 | oldlen = olddsi->nonzero_chars; |
3447 | dsi->nonzero_chars = newlen; |
3448 | dsi->full_string_p = full_string_p; |
3449 | /* Break the chain, so adjust_related_strinfo on later pointers in |
3450 | the chain won't adjust this one anymore. */ |
3451 | dsi->next = 0; |
3452 | dsi->stmt = NULL; |
3453 | dsi->endptr = NULL_TREE; |
3454 | } |
3455 | else |
3456 | { |
3457 | dsi = new_strinfo (ptr: dst, idx: didx, nonzero_chars: newlen, full_string_p); |
3458 | set_strinfo (idx: didx, si: dsi); |
3459 | find_equal_ptrs (ptr: dst, idx: didx); |
3460 | } |
3461 | dsi->writable = true; |
3462 | dsi->dont_invalidate = true; |
3463 | if (olddsi != NULL) |
3464 | { |
3465 | tree adj = NULL_TREE; |
3466 | location_t loc = gimple_location (g: stmt); |
3467 | if (oldlen == NULL_TREE) |
3468 | ; |
3469 | else if (integer_zerop (oldlen)) |
3470 | adj = newlen; |
3471 | else if (TREE_CODE (oldlen) == INTEGER_CST |
3472 | || TREE_CODE (newlen) == INTEGER_CST) |
3473 | adj = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (newlen), newlen, |
3474 | fold_convert_loc (loc, TREE_TYPE (newlen), |
3475 | oldlen)); |
3476 | if (adj != NULL_TREE) |
3477 | adjust_related_strinfos (loc, origsi: dsi, adj); |
3478 | else |
3479 | dsi->prev = 0; |
3480 | } |
3481 | /* memcpy src may not overlap dst, so src doesn't need to be |
3482 | invalidated either. */ |
3483 | if (si != NULL) |
3484 | si->dont_invalidate = true; |
3485 | |
3486 | if (full_string_p) |
3487 | { |
3488 | lhs = gimple_call_lhs (gs: stmt); |
3489 | switch (bcode) |
3490 | { |
3491 | case BUILT_IN_MEMCPY: |
3492 | case BUILT_IN_MEMCPY_CHK: |
3493 | /* Allow adjust_last_stmt to decrease this memcpy's size. */ |
3494 | laststmt.stmt = stmt; |
3495 | laststmt.len = dsi->nonzero_chars; |
3496 | laststmt.stridx = dsi->idx; |
3497 | if (lhs) |
3498 | ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx; |
3499 | break; |
3500 | case BUILT_IN_MEMPCPY: |
3501 | case BUILT_IN_MEMPCPY_CHK: |
3502 | break; |
3503 | default: |
3504 | gcc_unreachable (); |
3505 | } |
3506 | } |
3507 | } |
3508 | |
3509 | /* Handle a strcat-like ({strcat,__strcat_chk}) call. |
3510 | If strlen of the second argument is known, strlen of the first argument |
3511 | is increased by the length of the second argument. Furthermore, attempt |
3512 | to convert it to memcpy/strcpy if the length of the first argument |
3513 | is known. */ |
3514 | |
3515 | void |
3516 | strlen_pass::handle_builtin_strcat (built_in_function bcode) |
3517 | { |
3518 | int idx, didx; |
3519 | tree srclen, args, type, fn, objsz, endptr; |
3520 | bool success; |
3521 | gimple *stmt = gsi_stmt (i: m_gsi); |
3522 | strinfo *si, *dsi; |
3523 | location_t loc = gimple_location (g: stmt); |
3524 | |
3525 | tree src = gimple_call_arg (gs: stmt, index: 1); |
3526 | tree dst = gimple_call_arg (gs: stmt, index: 0); |
3527 | |
3528 | /* Bail if the source is the same as destination. It will be diagnosed |
3529 | elsewhere. */ |
3530 | if (operand_equal_p (src, dst, flags: 0)) |
3531 | return; |
3532 | |
3533 | tree lhs = gimple_call_lhs (gs: stmt); |
3534 | |
3535 | didx = get_stridx (exp: dst, stmt); |
3536 | if (didx < 0) |
3537 | return; |
3538 | |
3539 | dsi = NULL; |
3540 | if (didx > 0) |
3541 | dsi = get_strinfo (idx: didx); |
3542 | |
3543 | srclen = NULL_TREE; |
3544 | si = NULL; |
3545 | idx = get_stridx (exp: src, stmt); |
3546 | if (idx < 0) |
3547 | srclen = build_int_cst (size_type_node, ~idx); |
3548 | else if (idx > 0) |
3549 | { |
3550 | si = get_strinfo (idx); |
3551 | if (si != NULL) |
3552 | srclen = get_string_length (si); |
3553 | } |
3554 | |
3555 | /* Disable warning for the transformed statement? */ |
3556 | opt_code no_warning_opt = no_warning; |
3557 | |
3558 | if (dsi == NULL || get_string_length (si: dsi) == NULL_TREE) |
3559 | { |
3560 | { |
3561 | /* The concatenation always involves copying at least one byte |
3562 | (the terminating nul), even if the source string is empty. |
3563 | If the source is unknown assume it's one character long and |
3564 | used that as both sizes. */ |
3565 | tree slen = srclen; |
3566 | if (slen) |
3567 | { |
3568 | tree type = TREE_TYPE (slen); |
3569 | slen = fold_build2 (PLUS_EXPR, type, slen, build_int_cst (type, 1)); |
3570 | } |
3571 | |
3572 | tree sptr = si && si->ptr ? si->ptr : src; |
3573 | no_warning_opt = check_bounds_or_overlap (stmt, dst, sptr, NULL_TREE, |
3574 | slen); |
3575 | if (no_warning_opt) |
3576 | suppress_warning (stmt, no_warning_opt); |
3577 | } |
3578 | |
3579 | /* strcat (p, q) can be transformed into |
3580 | tmp = p + strlen (p); endptr = stpcpy (tmp, q); |
3581 | with length endptr - p if we need to compute the length |
3582 | later on. Don't do this transformation if we don't need |
3583 | it. */ |
3584 | if (builtin_decl_implicit_p (fncode: BUILT_IN_STPCPY) && lhs == NULL_TREE) |
3585 | { |
3586 | if (didx == 0) |
3587 | { |
3588 | didx = new_stridx (exp: dst); |
3589 | if (didx == 0) |
3590 | return; |
3591 | } |
3592 | if (dsi == NULL) |
3593 | { |
3594 | dsi = new_strinfo (ptr: dst, idx: didx, NULL_TREE, full_string_p: false); |
3595 | set_strinfo (idx: didx, si: dsi); |
3596 | find_equal_ptrs (ptr: dst, idx: didx); |
3597 | } |
3598 | else |
3599 | { |
3600 | dsi = unshare_strinfo (si: dsi); |
3601 | dsi->nonzero_chars = NULL_TREE; |
3602 | dsi->full_string_p = false; |
3603 | dsi->next = 0; |
3604 | dsi->endptr = NULL_TREE; |
3605 | } |
3606 | dsi->writable = true; |
3607 | dsi->stmt = stmt; |
3608 | dsi->dont_invalidate = true; |
3609 | } |
3610 | return; |
3611 | } |
3612 | |
3613 | tree dstlen = dsi->nonzero_chars; |
3614 | endptr = dsi->endptr; |
3615 | |
3616 | dsi = unshare_strinfo (si: dsi); |
3617 | dsi->endptr = NULL_TREE; |
3618 | dsi->stmt = NULL; |
3619 | dsi->writable = true; |
3620 | |
3621 | if (srclen != NULL_TREE) |
3622 | { |
3623 | dsi->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR, |
3624 | TREE_TYPE (dsi->nonzero_chars), |
3625 | dsi->nonzero_chars, srclen); |
3626 | gcc_assert (dsi->full_string_p); |
3627 | adjust_related_strinfos (loc, origsi: dsi, adj: srclen); |
3628 | dsi->dont_invalidate = true; |
3629 | } |
3630 | else |
3631 | { |
3632 | dsi->nonzero_chars = NULL; |
3633 | dsi->full_string_p = false; |
3634 | if (lhs == NULL_TREE && builtin_decl_implicit_p (fncode: BUILT_IN_STPCPY)) |
3635 | dsi->dont_invalidate = true; |
3636 | } |
3637 | |
3638 | if (si != NULL) |
3639 | /* strcat src may not overlap dst, so src doesn't need to be |
3640 | invalidated either. */ |
3641 | si->dont_invalidate = true; |
3642 | |
3643 | /* For now. Could remove the lhs from the call and add |
3644 | lhs = dst; afterwards. */ |
3645 | if (lhs) |
3646 | return; |
3647 | |
3648 | fn = NULL_TREE; |
3649 | objsz = NULL_TREE; |
3650 | switch (bcode) |
3651 | { |
3652 | case BUILT_IN_STRCAT: |
3653 | if (srclen != NULL_TREE) |
3654 | fn = builtin_decl_implicit (fncode: BUILT_IN_MEMCPY); |
3655 | else |
3656 | fn = builtin_decl_implicit (fncode: BUILT_IN_STRCPY); |
3657 | break; |
3658 | case BUILT_IN_STRCAT_CHK: |
3659 | if (srclen != NULL_TREE) |
3660 | fn = builtin_decl_explicit (fncode: BUILT_IN_MEMCPY_CHK); |
3661 | else |
3662 | fn = builtin_decl_explicit (fncode: BUILT_IN_STRCPY_CHK); |
3663 | objsz = gimple_call_arg (gs: stmt, index: 2); |
3664 | break; |
3665 | default: |
3666 | gcc_unreachable (); |
3667 | } |
3668 | |
3669 | if (fn == NULL_TREE) |
3670 | return; |
3671 | |
3672 | if (dsi && dstlen) |
3673 | { |
3674 | tree type = TREE_TYPE (dstlen); |
3675 | |
3676 | /* Compute the size of the source sequence, including the nul. */ |
3677 | tree srcsize = srclen ? srclen : size_zero_node; |
3678 | tree one = build_int_cst (type, 1); |
3679 | srcsize = fold_build2 (PLUS_EXPR, type, srcsize, one); |
3680 | tree dstsize = fold_build2 (PLUS_EXPR, type, dstlen, one); |
3681 | tree sptr = si && si->ptr ? si->ptr : src; |
3682 | |
3683 | no_warning_opt = check_bounds_or_overlap (stmt, dst, sptr, dstsize, |
3684 | srcsize); |
3685 | if (no_warning_opt) |
3686 | suppress_warning (stmt, no_warning_opt); |
3687 | } |
3688 | |
3689 | tree len = NULL_TREE; |
3690 | if (srclen != NULL_TREE) |
3691 | { |
3692 | args = TYPE_ARG_TYPES (TREE_TYPE (fn)); |
3693 | type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args))); |
3694 | |
3695 | len = fold_convert_loc (loc, type, unshare_expr (srclen)); |
3696 | len = fold_build2_loc (loc, PLUS_EXPR, type, len, |
3697 | build_int_cst (type, 1)); |
3698 | len = force_gimple_operand_gsi (&m_gsi, len, true, NULL_TREE, true, |
3699 | GSI_SAME_STMT); |
3700 | } |
3701 | if (endptr) |
3702 | dst = fold_convert_loc (loc, TREE_TYPE (dst), unshare_expr (endptr)); |
3703 | else |
3704 | dst = fold_build2_loc (loc, POINTER_PLUS_EXPR, TREE_TYPE (dst), dst, |
3705 | fold_convert_loc (loc, sizetype, |
3706 | unshare_expr (dstlen))); |
3707 | dst = force_gimple_operand_gsi (&m_gsi, dst, true, NULL_TREE, true, |
3708 | GSI_SAME_STMT); |
3709 | if (objsz) |
3710 | { |
3711 | objsz = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (objsz), objsz, |
3712 | fold_convert_loc (loc, TREE_TYPE (objsz), |
3713 | unshare_expr (dstlen))); |
3714 | objsz = force_gimple_operand_gsi (&m_gsi, objsz, true, NULL_TREE, true, |
3715 | GSI_SAME_STMT); |
3716 | } |
3717 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
3718 | { |
3719 | fprintf (stream: dump_file, format: "Optimizing: " ); |
3720 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
3721 | } |
3722 | if (srclen != NULL_TREE) |
3723 | success = update_gimple_call (&m_gsi, fn, 3 + (objsz != NULL_TREE), |
3724 | dst, src, len, objsz); |
3725 | else |
3726 | success = update_gimple_call (&m_gsi, fn, 2 + (objsz != NULL_TREE), |
3727 | dst, src, objsz); |
3728 | if (success) |
3729 | { |
3730 | stmt = gsi_stmt (i: m_gsi); |
3731 | update_stmt (s: stmt); |
3732 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
3733 | { |
3734 | fprintf (stream: dump_file, format: "into: " ); |
3735 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
3736 | } |
3737 | /* If srclen == NULL, note that current string length can be |
3738 | computed by transforming this strcpy into stpcpy. */ |
3739 | if (srclen == NULL_TREE && dsi->dont_invalidate) |
3740 | dsi->stmt = stmt; |
3741 | adjust_last_stmt (si: dsi, stmt, is_strcat: true); |
3742 | if (srclen != NULL_TREE) |
3743 | { |
3744 | laststmt.stmt = stmt; |
3745 | laststmt.len = srclen; |
3746 | laststmt.stridx = dsi->idx; |
3747 | } |
3748 | } |
3749 | else if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
3750 | fprintf (stream: dump_file, format: "not possible.\n" ); |
3751 | |
3752 | if (no_warning_opt) |
3753 | suppress_warning (stmt, no_warning_opt); |
3754 | } |
3755 | |
3756 | /* Handle a call to an allocation function like alloca, malloc or calloc, |
3757 | or an ordinary allocation function declared with attribute alloc_size. */ |
3758 | |
3759 | void |
3760 | strlen_pass::handle_alloc_call (built_in_function bcode) |
3761 | { |
3762 | gimple *stmt = gsi_stmt (i: m_gsi); |
3763 | tree lhs = gimple_call_lhs (gs: stmt); |
3764 | if (lhs == NULL_TREE) |
3765 | return; |
3766 | |
3767 | gcc_assert (get_stridx (lhs, stmt) == 0); |
3768 | int idx = new_stridx (exp: lhs); |
3769 | tree length = NULL_TREE; |
3770 | if (bcode == BUILT_IN_CALLOC) |
3771 | length = build_int_cst (size_type_node, 0); |
3772 | strinfo *si = new_strinfo (ptr: lhs, idx, nonzero_chars: length, full_string_p: length != NULL_TREE); |
3773 | if (bcode == BUILT_IN_CALLOC) |
3774 | { |
3775 | /* Only set STMT for calloc and malloc. */ |
3776 | si->stmt = stmt; |
3777 | /* Only set ENDPTR for calloc. */ |
3778 | si->endptr = lhs; |
3779 | } |
3780 | else if (bcode == BUILT_IN_MALLOC) |
3781 | si->stmt = stmt; |
3782 | |
3783 | /* Set ALLOC is set for all allocation functions. */ |
3784 | si->alloc = stmt; |
3785 | set_strinfo (idx, si); |
3786 | si->writable = true; |
3787 | si->dont_invalidate = true; |
3788 | } |
3789 | |
3790 | /* Handle a call to memset. |
3791 | After a call to calloc, memset(,0,) is unnecessary. |
3792 | memset(malloc(n),0,n) is calloc(n,1). |
3793 | return true when the call is transformed, false otherwise. |
3794 | When nonnull uses RVALS to determine range information. */ |
3795 | |
3796 | bool |
3797 | strlen_pass::handle_builtin_memset (bool *zero_write) |
3798 | { |
3799 | gimple *memset_stmt = gsi_stmt (i: m_gsi); |
3800 | tree ptr = gimple_call_arg (gs: memset_stmt, index: 0); |
3801 | tree memset_val = gimple_call_arg (gs: memset_stmt, index: 1); |
3802 | tree memset_size = gimple_call_arg (gs: memset_stmt, index: 2); |
3803 | |
3804 | /* Set to the non-constant offset added to PTR. */ |
3805 | wide_int offrng[2]; |
3806 | int idx1 = get_stridx (exp: ptr, stmt: memset_stmt, offrng, rvals: ptr_qry.rvals); |
3807 | if (idx1 == 0 |
3808 | && TREE_CODE (memset_val) == INTEGER_CST |
3809 | && ((TREE_CODE (memset_size) == INTEGER_CST |
3810 | && !integer_zerop (memset_size)) |
3811 | || TREE_CODE (memset_size) == SSA_NAME)) |
3812 | { |
3813 | unsigned HOST_WIDE_INT mask = (HOST_WIDE_INT_1U << CHAR_TYPE_SIZE) - 1; |
3814 | bool full_string_p = (wi::to_wide (t: memset_val) & mask) == 0; |
3815 | |
3816 | /* We only handle symbolic lengths when writing non-zero values. */ |
3817 | if (full_string_p && TREE_CODE (memset_size) != INTEGER_CST) |
3818 | return false; |
3819 | |
3820 | idx1 = new_stridx (exp: ptr); |
3821 | if (idx1 == 0) |
3822 | return false; |
3823 | tree newlen; |
3824 | if (full_string_p) |
3825 | newlen = build_int_cst (size_type_node, 0); |
3826 | else if (TREE_CODE (memset_size) == INTEGER_CST) |
3827 | newlen = fold_convert (size_type_node, memset_size); |
3828 | else |
3829 | newlen = memset_size; |
3830 | |
3831 | strinfo *dsi = new_strinfo (ptr, idx: idx1, nonzero_chars: newlen, full_string_p); |
3832 | set_strinfo (idx: idx1, si: dsi); |
3833 | find_equal_ptrs (ptr, idx: idx1); |
3834 | dsi->dont_invalidate = true; |
3835 | dsi->writable = true; |
3836 | return false; |
3837 | } |
3838 | |
3839 | if (idx1 <= 0) |
3840 | return false; |
3841 | strinfo *si1 = get_strinfo (idx: idx1); |
3842 | if (!si1) |
3843 | return false; |
3844 | gimple *alloc_stmt = si1->alloc; |
3845 | if (!alloc_stmt || !is_gimple_call (gs: alloc_stmt)) |
3846 | return false; |
3847 | tree callee1 = gimple_call_fndecl (gs: alloc_stmt); |
3848 | if (!valid_builtin_call (stmt: alloc_stmt)) |
3849 | return false; |
3850 | tree alloc_size = gimple_call_arg (gs: alloc_stmt, index: 0); |
3851 | |
3852 | /* Check for overflow. */ |
3853 | maybe_warn_overflow (stmt: memset_stmt, call_lhs: false, len: memset_size, NULL, plus_one: false, rawmem: true); |
3854 | |
3855 | /* Bail when there is no statement associated with the destination |
3856 | (the statement may be null even when SI1->ALLOC is not). */ |
3857 | if (!si1->stmt) |
3858 | return false; |
3859 | |
3860 | /* Avoid optimizing if store is at a variable offset from the beginning |
3861 | of the allocated object. */ |
3862 | if (offrng[0] != 0 || offrng[0] != offrng[1]) |
3863 | return false; |
3864 | |
3865 | /* Bail when the call writes a non-zero value. */ |
3866 | if (!integer_zerop (memset_val)) |
3867 | return false; |
3868 | |
3869 | /* Let the caller know the memset call cleared the destination. */ |
3870 | *zero_write = true; |
3871 | |
3872 | enum built_in_function code1 = DECL_FUNCTION_CODE (decl: callee1); |
3873 | if (code1 == BUILT_IN_CALLOC) |
3874 | /* Not touching alloc_stmt */ ; |
3875 | else if (code1 == BUILT_IN_MALLOC |
3876 | && operand_equal_p (memset_size, alloc_size, flags: 0)) |
3877 | { |
3878 | /* Replace the malloc + memset calls with calloc. */ |
3879 | gimple_stmt_iterator gsi1 = gsi_for_stmt (si1->stmt); |
3880 | update_gimple_call (&gsi1, builtin_decl_implicit (fncode: BUILT_IN_CALLOC), 2, |
3881 | alloc_size, build_one_cst (size_type_node)); |
3882 | si1->nonzero_chars = build_int_cst (size_type_node, 0); |
3883 | si1->full_string_p = true; |
3884 | si1->stmt = gsi_stmt (i: gsi1); |
3885 | } |
3886 | else |
3887 | return false; |
3888 | tree lhs = gimple_call_lhs (gs: memset_stmt); |
3889 | unlink_stmt_vdef (memset_stmt); |
3890 | if (lhs) |
3891 | { |
3892 | gimple *assign = gimple_build_assign (lhs, ptr); |
3893 | gsi_replace (&m_gsi, assign, false); |
3894 | } |
3895 | else |
3896 | { |
3897 | gsi_remove (&m_gsi, true); |
3898 | release_defs (memset_stmt); |
3899 | } |
3900 | |
3901 | return true; |
3902 | } |
3903 | |
3904 | /* Return first such statement if RES is used in statements testing its |
3905 | equality to zero, and null otherwise. If EXCLUSIVE is true, return |
3906 | nonnull if and only RES is used in such expressions exclusively and |
3907 | in none other. */ |
3908 | |
3909 | gimple * |
3910 | use_in_zero_equality (tree res, bool exclusive) |
3911 | { |
3912 | gimple *first_use = NULL; |
3913 | |
3914 | use_operand_p use_p; |
3915 | imm_use_iterator iter; |
3916 | |
3917 | FOR_EACH_IMM_USE_FAST (use_p, iter, res) |
3918 | { |
3919 | gimple *use_stmt = USE_STMT (use_p); |
3920 | |
3921 | if (is_gimple_debug (gs: use_stmt)) |
3922 | continue; |
3923 | |
3924 | if (gimple_code (g: use_stmt) == GIMPLE_ASSIGN) |
3925 | { |
3926 | tree_code code = gimple_assign_rhs_code (gs: use_stmt); |
3927 | if (code == COND_EXPR) |
3928 | { |
3929 | tree cond_expr = gimple_assign_rhs1 (gs: use_stmt); |
3930 | if ((TREE_CODE (cond_expr) != EQ_EXPR |
3931 | && (TREE_CODE (cond_expr) != NE_EXPR)) |
3932 | || !integer_zerop (TREE_OPERAND (cond_expr, 1))) |
3933 | { |
3934 | if (exclusive) |
3935 | return NULL; |
3936 | continue; |
3937 | } |
3938 | } |
3939 | else if (code == EQ_EXPR || code == NE_EXPR) |
3940 | { |
3941 | if (!integer_zerop (gimple_assign_rhs2 (gs: use_stmt))) |
3942 | { |
3943 | if (exclusive) |
3944 | return NULL; |
3945 | continue; |
3946 | } |
3947 | } |
3948 | else if (exclusive) |
3949 | return NULL; |
3950 | else |
3951 | continue; |
3952 | } |
3953 | else if (gimple_code (g: use_stmt) == GIMPLE_COND) |
3954 | { |
3955 | tree_code code = gimple_cond_code (gs: use_stmt); |
3956 | if ((code != EQ_EXPR && code != NE_EXPR) |
3957 | || !integer_zerop (gimple_cond_rhs (gs: use_stmt))) |
3958 | { |
3959 | if (exclusive) |
3960 | return NULL; |
3961 | continue; |
3962 | } |
3963 | } |
3964 | else if (exclusive) |
3965 | return NULL; |
3966 | else |
3967 | continue; |
3968 | |
3969 | if (!first_use) |
3970 | first_use = use_stmt; |
3971 | } |
3972 | |
3973 | return first_use; |
3974 | } |
3975 | |
3976 | /* Handle a call to memcmp. We try to handle small comparisons by |
3977 | converting them to load and compare, and replacing the call to memcmp |
3978 | with a __builtin_memcmp_eq call where possible. |
3979 | return true when call is transformed, return false otherwise. */ |
3980 | |
3981 | bool |
3982 | strlen_pass::handle_builtin_memcmp () |
3983 | { |
3984 | gcall *stmt = as_a <gcall *> (p: gsi_stmt (i: m_gsi)); |
3985 | tree res = gimple_call_lhs (gs: stmt); |
3986 | |
3987 | if (!res || !use_in_zero_equality (res)) |
3988 | return false; |
3989 | |
3990 | tree arg1 = gimple_call_arg (gs: stmt, index: 0); |
3991 | tree arg2 = gimple_call_arg (gs: stmt, index: 1); |
3992 | tree len = gimple_call_arg (gs: stmt, index: 2); |
3993 | unsigned HOST_WIDE_INT leni; |
3994 | |
3995 | if (tree_fits_uhwi_p (len) |
3996 | && (leni = tree_to_uhwi (len)) <= GET_MODE_SIZE (mode: word_mode) |
3997 | && pow2p_hwi (x: leni)) |
3998 | { |
3999 | leni *= CHAR_TYPE_SIZE; |
4000 | unsigned align1 = get_pointer_alignment (arg1); |
4001 | unsigned align2 = get_pointer_alignment (arg2); |
4002 | unsigned align = MIN (align1, align2); |
4003 | scalar_int_mode mode; |
4004 | if (int_mode_for_size (size: leni, limit: 1).exists (mode: &mode) |
4005 | && (align >= leni || !targetm.slow_unaligned_access (mode, align))) |
4006 | { |
4007 | location_t loc = gimple_location (g: stmt); |
4008 | tree type, off; |
4009 | type = build_nonstandard_integer_type (leni, 1); |
4010 | gcc_assert (known_eq (GET_MODE_BITSIZE (TYPE_MODE (type)), leni)); |
4011 | tree ptrtype = build_pointer_type_for_mode (char_type_node, |
4012 | ptr_mode, true); |
4013 | off = build_int_cst (ptrtype, 0); |
4014 | arg1 = build2_loc (loc, code: MEM_REF, type, arg0: arg1, arg1: off); |
4015 | arg2 = build2_loc (loc, code: MEM_REF, type, arg0: arg2, arg1: off); |
4016 | tree tem1 = fold_const_aggregate_ref (arg1); |
4017 | if (tem1) |
4018 | arg1 = tem1; |
4019 | tree tem2 = fold_const_aggregate_ref (arg2); |
4020 | if (tem2) |
4021 | arg2 = tem2; |
4022 | res = fold_convert_loc (loc, TREE_TYPE (res), |
4023 | fold_build2_loc (loc, NE_EXPR, |
4024 | boolean_type_node, |
4025 | arg1, arg2)); |
4026 | gimplify_and_update_call_from_tree (&m_gsi, res); |
4027 | return true; |
4028 | } |
4029 | } |
4030 | |
4031 | gimple_call_set_fndecl (gs: stmt, decl: builtin_decl_explicit (fncode: BUILT_IN_MEMCMP_EQ)); |
4032 | return true; |
4033 | } |
4034 | |
4035 | /* Given strinfo IDX for ARG, sets LENRNG[] to the range of lengths |
4036 | of the string(s) referenced by ARG if it can be determined. |
4037 | If the length cannot be determined, sets *SIZE to the size of |
4038 | the array the string is stored in, if any. If no such array is |
4039 | known, sets *SIZE to -1. When the strings are nul-terminated sets |
4040 | *NULTERM to true, otherwise to false. When nonnull uses RVALS to |
4041 | determine range information. Returns true on success. */ |
4042 | |
4043 | bool |
4044 | strlen_pass::get_len_or_size (gimple *stmt, tree arg, int idx, |
4045 | unsigned HOST_WIDE_INT lenrng[2], |
4046 | unsigned HOST_WIDE_INT *size, bool *nulterm) |
4047 | { |
4048 | /* Invalidate. */ |
4049 | *size = HOST_WIDE_INT_M1U; |
4050 | |
4051 | if (idx < 0) |
4052 | { |
4053 | /* IDX is the inverted constant string length. */ |
4054 | lenrng[0] = ~idx; |
4055 | lenrng[1] = lenrng[0]; |
4056 | *nulterm = true; |
4057 | return true; |
4058 | } |
4059 | |
4060 | /* Set so that both LEN and ~LEN are invalid lengths, i.e., maximum |
4061 | possible length + 1. */ |
4062 | lenrng[0] = lenrng[1] = HOST_WIDE_INT_MAX; |
4063 | |
4064 | if (strinfo *si = idx ? get_strinfo (idx) : NULL) |
4065 | { |
4066 | /* FIXME: Handle all this in_range_strlen_dynamic. */ |
4067 | if (!si->nonzero_chars) |
4068 | ; |
4069 | else if (tree_fits_uhwi_p (si->nonzero_chars)) |
4070 | { |
4071 | lenrng[0] = tree_to_uhwi (si->nonzero_chars); |
4072 | *nulterm = si->full_string_p; |
4073 | /* Set the upper bound only if the string is known to be |
4074 | nul-terminated, otherwise leave it at maximum + 1. */ |
4075 | if (*nulterm) |
4076 | lenrng[1] = lenrng[0]; |
4077 | } |
4078 | else if (TREE_CODE (si->nonzero_chars) == SSA_NAME) |
4079 | { |
4080 | value_range r; |
4081 | if (get_range_query (cfun)->range_of_expr (r, expr: si->nonzero_chars) |
4082 | && !r.undefined_p () |
4083 | && !r.varying_p ()) |
4084 | { |
4085 | lenrng[0] = r.lower_bound ().to_uhwi (); |
4086 | lenrng[1] = r.upper_bound ().to_uhwi (); |
4087 | *nulterm = si->full_string_p; |
4088 | } |
4089 | } |
4090 | } |
4091 | |
4092 | if (lenrng[0] != HOST_WIDE_INT_MAX) |
4093 | return true; |
4094 | |
4095 | /* Compute the minimum and maximum real or possible lengths. */ |
4096 | c_strlen_data lendata = { }; |
4097 | /* Set MAXBOUND to an arbitrary non-null non-integer node as a request |
4098 | to have it set to the length of the longest string in a PHI. */ |
4099 | lendata.maxbound = arg; |
4100 | get_range_strlen_dynamic (src: arg, stmt, pdata: &lendata, ptr_qry); |
4101 | |
4102 | unsigned HOST_WIDE_INT maxbound = HOST_WIDE_INT_M1U; |
4103 | if (tree_fits_uhwi_p (lendata.maxbound) |
4104 | && !integer_all_onesp (lendata.maxbound)) |
4105 | maxbound = tree_to_uhwi (lendata.maxbound); |
4106 | |
4107 | if (tree_fits_uhwi_p (lendata.minlen) && tree_fits_uhwi_p (lendata.maxlen)) |
4108 | { |
4109 | unsigned HOST_WIDE_INT minlen = tree_to_uhwi (lendata.minlen); |
4110 | unsigned HOST_WIDE_INT maxlen = tree_to_uhwi (lendata.maxlen); |
4111 | |
4112 | /* The longest string in this data model. */ |
4113 | const unsigned HOST_WIDE_INT lenmax |
4114 | = tree_to_uhwi (max_object_size ()) - 2; |
4115 | |
4116 | if (maxbound == HOST_WIDE_INT_M1U) |
4117 | { |
4118 | lenrng[0] = minlen; |
4119 | lenrng[1] = maxlen; |
4120 | *nulterm = minlen == maxlen; |
4121 | } |
4122 | else if (maxlen < lenmax) |
4123 | { |
4124 | *size = maxbound + 1; |
4125 | *nulterm = false; |
4126 | } |
4127 | else |
4128 | return false; |
4129 | |
4130 | return true; |
4131 | } |
4132 | |
4133 | if (maxbound != HOST_WIDE_INT_M1U |
4134 | && lendata.maxlen |
4135 | && !integer_all_onesp (lendata.maxlen)) |
4136 | { |
4137 | /* Set *SIZE to LENDATA.MAXBOUND which is a conservative estimate |
4138 | of the longest string based on the sizes of the arrays referenced |
4139 | by ARG. */ |
4140 | *size = maxbound + 1; |
4141 | *nulterm = false; |
4142 | return true; |
4143 | } |
4144 | |
4145 | return false; |
4146 | } |
4147 | |
4148 | /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return |
4149 | the result of 0 == strncmp (A, B, BOUND) (which is the same as strcmp |
4150 | for a sufficiently large BOUND). If the result is based on the length |
4151 | of one string being greater than the longest string that would fit in |
4152 | the array pointer to by the argument, set *PLEN and *PSIZE to |
4153 | the corresponding length (or its complement when the string is known |
4154 | to be at least as long and need not be nul-terminated) and size. |
4155 | Otherwise return null. */ |
4156 | |
4157 | tree |
4158 | strlen_pass::strxcmp_eqz_result (gimple *stmt, tree arg1, int idx1, |
4159 | tree arg2, int idx2, |
4160 | unsigned HOST_WIDE_INT bound, |
4161 | unsigned HOST_WIDE_INT len[2], |
4162 | unsigned HOST_WIDE_INT *psize) |
4163 | { |
4164 | /* Determine the range the length of each string is in and whether it's |
4165 | known to be nul-terminated, or the size of the array it's stored in. */ |
4166 | bool nul1, nul2; |
4167 | unsigned HOST_WIDE_INT siz1, siz2; |
4168 | unsigned HOST_WIDE_INT len1rng[2], len2rng[2]; |
4169 | if (!get_len_or_size (stmt, arg: arg1, idx: idx1, lenrng: len1rng, size: &siz1, nulterm: &nul1) |
4170 | || !get_len_or_size (stmt, arg: arg2, idx: idx2, lenrng: len2rng, size: &siz2, nulterm: &nul2)) |
4171 | return NULL_TREE; |
4172 | |
4173 | /* BOUND is set to HWI_M1U for strcmp and less to strncmp, and LENiRNG |
4174 | to HWI_MAX when invalid. Adjust the length of each string to consider |
4175 | to be no more than BOUND. */ |
4176 | if (len1rng[0] < HOST_WIDE_INT_MAX && len1rng[0] > bound) |
4177 | len1rng[0] = bound; |
4178 | if (len1rng[1] < HOST_WIDE_INT_MAX && len1rng[1] > bound) |
4179 | len1rng[1] = bound; |
4180 | if (len2rng[0] < HOST_WIDE_INT_MAX && len2rng[0] > bound) |
4181 | len2rng[0] = bound; |
4182 | if (len2rng[1] < HOST_WIDE_INT_MAX && len2rng[1] > bound) |
4183 | len2rng[1] = bound; |
4184 | |
4185 | /* Two empty strings are equal. */ |
4186 | if (len1rng[1] == 0 && len2rng[1] == 0) |
4187 | return integer_one_node; |
4188 | |
4189 | /* The strings are definitely unequal when the lower bound of the length |
4190 | of one of them is greater than the length of the longest string that |
4191 | would fit into the other array. */ |
4192 | if (len1rng[0] == HOST_WIDE_INT_MAX |
4193 | && len2rng[0] != HOST_WIDE_INT_MAX |
4194 | && ((len2rng[0] < bound && len2rng[0] >= siz1) |
4195 | || len2rng[0] > siz1)) |
4196 | { |
4197 | *psize = siz1; |
4198 | len[0] = len1rng[0]; |
4199 | /* Set LEN[0] to the lower bound of ARG1's length when it's |
4200 | nul-terminated or to the complement of its minimum length |
4201 | otherwise, */ |
4202 | len[1] = nul2 ? len2rng[0] : ~len2rng[0]; |
4203 | return integer_zero_node; |
4204 | } |
4205 | |
4206 | if (len2rng[0] == HOST_WIDE_INT_MAX |
4207 | && len1rng[0] != HOST_WIDE_INT_MAX |
4208 | && ((len1rng[0] < bound && len1rng[0] >= siz2) |
4209 | || len1rng[0] > siz2)) |
4210 | { |
4211 | *psize = siz2; |
4212 | len[0] = nul1 ? len1rng[0] : ~len1rng[0]; |
4213 | len[1] = len2rng[0]; |
4214 | return integer_zero_node; |
4215 | } |
4216 | |
4217 | /* The strings are also definitely unequal when their lengths are unequal |
4218 | and at least one is nul-terminated. */ |
4219 | if (len1rng[0] != HOST_WIDE_INT_MAX |
4220 | && len2rng[0] != HOST_WIDE_INT_MAX |
4221 | && ((len1rng[1] < len2rng[0] && nul1) |
4222 | || (len2rng[1] < len1rng[0] && nul2))) |
4223 | { |
4224 | if (bound <= len1rng[0] || bound <= len2rng[0]) |
4225 | *psize = bound; |
4226 | else |
4227 | *psize = HOST_WIDE_INT_M1U; |
4228 | |
4229 | len[0] = len1rng[0]; |
4230 | len[1] = len2rng[0]; |
4231 | return integer_zero_node; |
4232 | } |
4233 | |
4234 | /* The string lengths may be equal or unequal. Even when equal and |
4235 | both strings nul-terminated, without the string contents there's |
4236 | no way to determine whether they are equal. */ |
4237 | return NULL_TREE; |
4238 | } |
4239 | |
4240 | /* Diagnose pointless calls to strcmp or strncmp STMT with string |
4241 | arguments of lengths LEN or size SIZ and (for strncmp) BOUND, |
4242 | whose result is used in equality expressions that evaluate to |
4243 | a constant due to one argument being longer than the size of |
4244 | the other. */ |
4245 | |
4246 | static void |
4247 | maybe_warn_pointless_strcmp (gimple *stmt, HOST_WIDE_INT bound, |
4248 | unsigned HOST_WIDE_INT len[2], |
4249 | unsigned HOST_WIDE_INT siz) |
4250 | { |
4251 | tree lhs = gimple_call_lhs (gs: stmt); |
4252 | gimple *use = use_in_zero_equality (res: lhs, /* exclusive = */ false); |
4253 | if (!use) |
4254 | return; |
4255 | |
4256 | bool at_least = false; |
4257 | |
4258 | /* Excessive LEN[i] indicates a lower bound. */ |
4259 | if (len[0] > HOST_WIDE_INT_MAX) |
4260 | { |
4261 | at_least = true; |
4262 | len[0] = ~len[0]; |
4263 | } |
4264 | |
4265 | if (len[1] > HOST_WIDE_INT_MAX) |
4266 | { |
4267 | at_least = true; |
4268 | len[1] = ~len[1]; |
4269 | } |
4270 | |
4271 | unsigned HOST_WIDE_INT minlen = MIN (len[0], len[1]); |
4272 | |
4273 | /* FIXME: Include a note pointing to the declaration of the smaller |
4274 | array. */ |
4275 | location_t stmt_loc = gimple_or_expr_nonartificial_location (stmt, lhs); |
4276 | |
4277 | tree callee = gimple_call_fndecl (gs: stmt); |
4278 | bool warned = false; |
4279 | if (siz <= minlen && bound == -1) |
4280 | warned = warning_at (stmt_loc, OPT_Wstring_compare, |
4281 | (at_least |
4282 | ? G_("%qD of a string of length %wu or more and " |
4283 | "an array of size %wu evaluates to nonzero" ) |
4284 | : G_("%qD of a string of length %wu and an array " |
4285 | "of size %wu evaluates to nonzero" )), |
4286 | callee, minlen, siz); |
4287 | else if (!at_least && siz <= HOST_WIDE_INT_MAX) |
4288 | { |
4289 | if (len[0] != HOST_WIDE_INT_MAX && len[1] != HOST_WIDE_INT_MAX) |
4290 | warned = warning_at (stmt_loc, OPT_Wstring_compare, |
4291 | "%qD of strings of length %wu and %wu " |
4292 | "and bound of %wu evaluates to nonzero" , |
4293 | callee, len[0], len[1], bound); |
4294 | else |
4295 | warned = warning_at (stmt_loc, OPT_Wstring_compare, |
4296 | "%qD of a string of length %wu, an array " |
4297 | "of size %wu and bound of %wu evaluates to " |
4298 | "nonzero" , |
4299 | callee, minlen, siz, bound); |
4300 | } |
4301 | |
4302 | if (!warned) |
4303 | return; |
4304 | |
4305 | location_t use_loc = gimple_location (g: use); |
4306 | if (LOCATION_LINE (stmt_loc) != LOCATION_LINE (use_loc)) |
4307 | inform (use_loc, "in this expression" ); |
4308 | } |
4309 | |
4310 | |
4311 | /* Optimize a call to strcmp or strncmp either by folding it to a constant |
4312 | when possible or by transforming the latter to the former. Warn about |
4313 | calls where the length of one argument is greater than the size of |
4314 | the array to which the other argument points if the latter's length |
4315 | is not known. Return true when the call has been transformed into |
4316 | another and false otherwise. */ |
4317 | |
4318 | bool |
4319 | strlen_pass::handle_builtin_string_cmp () |
4320 | { |
4321 | gcall *stmt = as_a <gcall *> (p: gsi_stmt (i: m_gsi)); |
4322 | tree lhs = gimple_call_lhs (gs: stmt); |
4323 | |
4324 | if (!lhs) |
4325 | return false; |
4326 | |
4327 | tree arg1 = gimple_call_arg (gs: stmt, index: 0); |
4328 | tree arg2 = gimple_call_arg (gs: stmt, index: 1); |
4329 | int idx1 = get_stridx (exp: arg1, stmt); |
4330 | int idx2 = get_stridx (exp: arg2, stmt); |
4331 | |
4332 | /* For strncmp set to the value of the third argument if known. */ |
4333 | HOST_WIDE_INT bound = -1; |
4334 | tree len = NULL_TREE; |
4335 | /* Extract the strncmp bound. */ |
4336 | if (gimple_call_num_args (gs: stmt) == 3) |
4337 | { |
4338 | len = gimple_call_arg (gs: stmt, index: 2); |
4339 | if (tree_fits_shwi_p (len)) |
4340 | bound = tree_to_shwi (len); |
4341 | |
4342 | /* If the bound argument is NOT known, do nothing. */ |
4343 | if (bound < 0) |
4344 | return false; |
4345 | } |
4346 | |
4347 | /* Avoid folding if either argument is not a nul-terminated array. |
4348 | Defer warning until later. */ |
4349 | if (!check_nul_terminated_array (NULL_TREE, arg1, len) |
4350 | || !check_nul_terminated_array (NULL_TREE, arg2, len)) |
4351 | return false; |
4352 | |
4353 | { |
4354 | /* Set to the length of one argument (or its complement if it's |
4355 | the lower bound of a range) and the size of the array storing |
4356 | the other if the result is based on the former being equal to |
4357 | or greater than the latter. */ |
4358 | unsigned HOST_WIDE_INT len[2] = { HOST_WIDE_INT_MAX, HOST_WIDE_INT_MAX }; |
4359 | unsigned HOST_WIDE_INT siz = HOST_WIDE_INT_M1U; |
4360 | |
4361 | /* Try to determine if the two strings are either definitely equal |
4362 | or definitely unequal and if so, either fold the result to zero |
4363 | (when equal) or set the range of the result to ~[0, 0] otherwise. */ |
4364 | if (tree eqz = strxcmp_eqz_result (stmt, arg1, idx1, arg2, idx2, bound, |
4365 | len, psize: &siz)) |
4366 | { |
4367 | if (integer_zerop (eqz)) |
4368 | { |
4369 | maybe_warn_pointless_strcmp (stmt, bound, len, siz); |
4370 | |
4371 | /* When the lengths of the first two string arguments are |
4372 | known to be unequal set the range of the result to non-zero. |
4373 | This allows the call to be eliminated if its result is only |
4374 | used in tests for equality to zero. */ |
4375 | value_range nz; |
4376 | nz.set_nonzero (TREE_TYPE (lhs)); |
4377 | set_range_info (lhs, nz); |
4378 | return false; |
4379 | } |
4380 | /* When the two strings are definitely equal (such as when they |
4381 | are both empty) fold the call to the constant result. */ |
4382 | replace_call_with_value (&m_gsi, integer_zero_node); |
4383 | return true; |
4384 | } |
4385 | } |
4386 | |
4387 | /* Return if nothing is known about the strings pointed to by ARG1 |
4388 | and ARG2. */ |
4389 | if (idx1 == 0 && idx2 == 0) |
4390 | return false; |
4391 | |
4392 | /* Determine either the length or the size of each of the strings, |
4393 | whichever is available. */ |
4394 | HOST_WIDE_INT cstlen1 = -1, cstlen2 = -1; |
4395 | HOST_WIDE_INT arysiz1 = -1, arysiz2 = -1; |
4396 | |
4397 | { |
4398 | unsigned HOST_WIDE_INT len1rng[2], len2rng[2]; |
4399 | unsigned HOST_WIDE_INT arsz1, arsz2; |
4400 | bool nulterm[2]; |
4401 | |
4402 | if (!get_len_or_size (stmt, arg: arg1, idx: idx1, lenrng: len1rng, size: &arsz1, nulterm) |
4403 | || !get_len_or_size (stmt, arg: arg2, idx: idx2, lenrng: len2rng, size: &arsz2, nulterm: nulterm + 1)) |
4404 | return false; |
4405 | |
4406 | if (len1rng[0] == len1rng[1] && len1rng[0] < HOST_WIDE_INT_MAX) |
4407 | cstlen1 = len1rng[0]; |
4408 | else if (arsz1 < HOST_WIDE_INT_M1U) |
4409 | arysiz1 = arsz1; |
4410 | |
4411 | if (len2rng[0] == len2rng[1] && len2rng[0] < HOST_WIDE_INT_MAX) |
4412 | cstlen2 = len2rng[0]; |
4413 | else if (arsz2 < HOST_WIDE_INT_M1U) |
4414 | arysiz2 = arsz2; |
4415 | } |
4416 | |
4417 | /* Bail if neither the string length nor the size of the array |
4418 | it is stored in can be determined. */ |
4419 | if ((cstlen1 < 0 && arysiz1 < 0) |
4420 | || (cstlen2 < 0 && arysiz2 < 0) |
4421 | || (cstlen1 < 0 && cstlen2 < 0)) |
4422 | return false; |
4423 | |
4424 | if (cstlen1 >= 0) |
4425 | ++cstlen1; |
4426 | if (cstlen2 >= 0) |
4427 | ++cstlen2; |
4428 | |
4429 | /* The exact number of characters to compare. */ |
4430 | HOST_WIDE_INT cmpsiz; |
4431 | if (cstlen1 >= 0 && cstlen2 >= 0) |
4432 | cmpsiz = MIN (cstlen1, cstlen2); |
4433 | else if (cstlen1 >= 0) |
4434 | cmpsiz = cstlen1; |
4435 | else |
4436 | cmpsiz = cstlen2; |
4437 | if (bound >= 0) |
4438 | cmpsiz = MIN (cmpsiz, bound); |
4439 | /* The size of the array in which the unknown string is stored. */ |
4440 | HOST_WIDE_INT varsiz = arysiz1 < 0 ? arysiz2 : arysiz1; |
4441 | |
4442 | if ((varsiz < 0 || cmpsiz < varsiz) && use_in_zero_equality (res: lhs)) |
4443 | { |
4444 | /* If the known length is less than the size of the other array |
4445 | and the strcmp result is only used to test equality to zero, |
4446 | transform the call to the equivalent _eq call. */ |
4447 | if (tree fn = builtin_decl_implicit (fncode: bound < 0 ? BUILT_IN_STRCMP_EQ |
4448 | : BUILT_IN_STRNCMP_EQ)) |
4449 | { |
4450 | tree n = build_int_cst (size_type_node, cmpsiz); |
4451 | update_gimple_call (&m_gsi, fn, 3, arg1, arg2, n); |
4452 | return true; |
4453 | } |
4454 | } |
4455 | |
4456 | return false; |
4457 | } |
4458 | |
4459 | /* Handle a POINTER_PLUS_EXPR statement. |
4460 | For p = "abcd" + 2; compute associated length, or if |
4461 | p = q + off is pointing to a '\0' character of a string, call |
4462 | zero_length_string on it. */ |
4463 | |
4464 | void |
4465 | strlen_pass::handle_pointer_plus () |
4466 | { |
4467 | gimple *stmt = gsi_stmt (i: m_gsi); |
4468 | tree lhs = gimple_assign_lhs (gs: stmt), off; |
4469 | int idx = get_stridx (exp: gimple_assign_rhs1 (gs: stmt), stmt); |
4470 | strinfo *si, *zsi; |
4471 | |
4472 | if (idx == 0) |
4473 | return; |
4474 | |
4475 | if (idx < 0) |
4476 | { |
4477 | tree off = gimple_assign_rhs2 (gs: stmt); |
4478 | if (tree_fits_uhwi_p (off) |
4479 | && tree_to_uhwi (off) <= (unsigned HOST_WIDE_INT) ~idx) |
4480 | ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] |
4481 | = ~(~idx - (int) tree_to_uhwi (off)); |
4482 | return; |
4483 | } |
4484 | |
4485 | si = get_strinfo (idx); |
4486 | if (si == NULL || si->nonzero_chars == NULL_TREE) |
4487 | return; |
4488 | |
4489 | off = gimple_assign_rhs2 (gs: stmt); |
4490 | zsi = NULL; |
4491 | if (si->full_string_p && operand_equal_p (si->nonzero_chars, off, flags: 0)) |
4492 | zsi = zero_length_string (ptr: lhs, chainsi: si); |
4493 | else if (TREE_CODE (off) == SSA_NAME) |
4494 | { |
4495 | gimple *def_stmt = SSA_NAME_DEF_STMT (off); |
4496 | if (gimple_assign_single_p (gs: def_stmt) |
4497 | && si->full_string_p |
4498 | && operand_equal_p (si->nonzero_chars, |
4499 | gimple_assign_rhs1 (gs: def_stmt), flags: 0)) |
4500 | zsi = zero_length_string (ptr: lhs, chainsi: si); |
4501 | } |
4502 | if (zsi != NULL |
4503 | && si->endptr != NULL_TREE |
4504 | && si->endptr != lhs |
4505 | && TREE_CODE (si->endptr) == SSA_NAME) |
4506 | { |
4507 | enum tree_code rhs_code |
4508 | = useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (si->endptr)) |
4509 | ? SSA_NAME : NOP_EXPR; |
4510 | gimple_assign_set_rhs_with_ops (gsi: &m_gsi, code: rhs_code, op1: si->endptr); |
4511 | gcc_assert (gsi_stmt (m_gsi) == stmt); |
4512 | update_stmt (s: stmt); |
4513 | } |
4514 | } |
4515 | |
4516 | /* Set LENRANGE to the number of nonzero bytes for a store of TYPE and |
4517 | clear all flags. Return true on success and false on failure. */ |
4518 | |
4519 | static bool |
4520 | nonzero_bytes_for_type (tree type, unsigned lenrange[3], |
4521 | bool *nulterm, bool *allnul, bool *allnonnul) |
4522 | { |
4523 | /* Use the size of the type of the expression as the size of the store, |
4524 | and set the upper bound of the length range to that of the size. |
4525 | Nothing is known about the contents so clear all flags. */ |
4526 | tree typesize = TYPE_SIZE_UNIT (type); |
4527 | if (!type) |
4528 | return false; |
4529 | |
4530 | if (!tree_fits_uhwi_p (typesize)) |
4531 | return false; |
4532 | |
4533 | unsigned HOST_WIDE_INT sz = tree_to_uhwi (typesize); |
4534 | if (sz > UINT_MAX) |
4535 | return false; |
4536 | |
4537 | lenrange[2] = sz; |
4538 | lenrange[1] = lenrange[2] ? lenrange[2] - 1 : 0; |
4539 | lenrange[0] = 0; |
4540 | *nulterm = false; |
4541 | *allnul = false; |
4542 | *allnonnul = false; |
4543 | return true; |
4544 | } |
4545 | |
4546 | /* Recursively determine the minimum and maximum number of leading nonzero |
4547 | bytes in the representation of EXP at memory state VUSE and set |
4548 | LENRANGE[0] and LENRANGE[1] to each. |
4549 | Sets LENRANGE[2] to the total size of the access (which may be less |
4550 | than LENRANGE[1] when what's being referenced by EXP is a pointer |
4551 | rather than an array). |
4552 | Sets *NULTERM if the representation contains a zero byte, sets *ALLNUL |
4553 | if all the bytes are zero, and *ALLNONNUL is all are nonzero. |
4554 | OFFSET and NBYTES are the offset into the representation and |
4555 | the size of the access to it determined from an ADDR_EXPR (i.e., |
4556 | a pointer) or MEM_REF or zero for other expressions. |
4557 | Uses RVALS to determine range information. |
4558 | Avoids recursing deeper than the limits in SNLIM allow. |
4559 | Returns true on success and false otherwise. */ |
4560 | |
4561 | bool |
4562 | strlen_pass::count_nonzero_bytes (tree exp, tree vuse, gimple *stmt, |
4563 | unsigned HOST_WIDE_INT offset, |
4564 | unsigned HOST_WIDE_INT nbytes, |
4565 | unsigned lenrange[3], bool *nulterm, |
4566 | bool *allnul, bool *allnonnul, |
4567 | ssa_name_limit_t &snlim) |
4568 | { |
4569 | if (TREE_CODE (exp) == SSA_NAME) |
4570 | { |
4571 | /* Handle non-zero single-character stores specially. */ |
4572 | tree type = TREE_TYPE (exp); |
4573 | if (TREE_CODE (type) == INTEGER_TYPE |
4574 | && TYPE_MODE (type) == TYPE_MODE (char_type_node) |
4575 | && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node) |
4576 | && tree_expr_nonzero_p (exp)) |
4577 | { |
4578 | /* If the character EXP is known to be non-zero (even if its |
4579 | exact value is not known) recurse once to set the range |
4580 | for an arbitrary constant. */ |
4581 | exp = build_int_cst (type, 1); |
4582 | return count_nonzero_bytes (exp, vuse, stmt, |
4583 | offset, nbytes: 1, lenrange, |
4584 | nulterm, allnul, allnonnul, snlim); |
4585 | } |
4586 | |
4587 | gimple *g = SSA_NAME_DEF_STMT (exp); |
4588 | if (gimple_assign_single_p (gs: g)) |
4589 | { |
4590 | exp = gimple_assign_rhs1 (gs: g); |
4591 | if (!DECL_P (exp) |
4592 | && TREE_CODE (exp) != CONSTRUCTOR |
4593 | && TREE_CODE (exp) != MEM_REF) |
4594 | return false; |
4595 | /* Handle DECLs, CONSTRUCTOR and MEM_REF below. */ |
4596 | stmt = g; |
4597 | } |
4598 | else if (gimple_code (g) == GIMPLE_PHI) |
4599 | { |
4600 | /* Avoid processing an SSA_NAME that has already been visited |
4601 | or if an SSA_NAME limit has been reached. Indicate success |
4602 | if the former and failure if the latter. */ |
4603 | if (int res = snlim.next_phi (exp)) |
4604 | return res > 0; |
4605 | |
4606 | /* Determine the minimum and maximum from the PHI arguments. */ |
4607 | unsigned int n = gimple_phi_num_args (gs: g); |
4608 | for (unsigned i = 0; i != n; i++) |
4609 | { |
4610 | tree def = gimple_phi_arg_def (gs: g, index: i); |
4611 | if (!count_nonzero_bytes (exp: def, vuse, stmt: g, |
4612 | offset, nbytes, lenrange, nulterm, |
4613 | allnul, allnonnul, snlim)) |
4614 | return false; |
4615 | } |
4616 | |
4617 | return true; |
4618 | } |
4619 | } |
4620 | |
4621 | if (TREE_CODE (exp) == CONSTRUCTOR) |
4622 | { |
4623 | if (nbytes) |
4624 | /* If NBYTES has already been determined by an outer MEM_REF |
4625 | fail rather than overwriting it (this shouldn't happen). */ |
4626 | return false; |
4627 | |
4628 | tree type = TREE_TYPE (exp); |
4629 | tree size = TYPE_SIZE_UNIT (type); |
4630 | if (!size || !tree_fits_uhwi_p (size)) |
4631 | return false; |
4632 | |
4633 | unsigned HOST_WIDE_INT byte_size = tree_to_uhwi (size); |
4634 | if (byte_size < offset) |
4635 | return false; |
4636 | |
4637 | nbytes = byte_size - offset; |
4638 | } |
4639 | |
4640 | if (TREE_CODE (exp) == MEM_REF) |
4641 | { |
4642 | if (nbytes) |
4643 | return false; |
4644 | |
4645 | tree arg = TREE_OPERAND (exp, 0); |
4646 | tree off = TREE_OPERAND (exp, 1); |
4647 | |
4648 | if (TREE_CODE (off) != INTEGER_CST || !tree_fits_uhwi_p (off)) |
4649 | return false; |
4650 | |
4651 | unsigned HOST_WIDE_INT wioff = tree_to_uhwi (off); |
4652 | if (INT_MAX < wioff) |
4653 | return false; |
4654 | |
4655 | offset += wioff; |
4656 | if (INT_MAX < offset) |
4657 | return false; |
4658 | |
4659 | /* The size of the MEM_REF access determines the number of bytes. */ |
4660 | tree type = TREE_TYPE (exp); |
4661 | tree typesize = TYPE_SIZE_UNIT (type); |
4662 | if (!typesize || !tree_fits_uhwi_p (typesize)) |
4663 | return false; |
4664 | nbytes = tree_to_uhwi (typesize); |
4665 | if (!nbytes) |
4666 | return false; |
4667 | |
4668 | /* Handle MEM_REF = SSA_NAME types of assignments. */ |
4669 | return count_nonzero_bytes_addr (exp: arg, vuse, stmt, |
4670 | offset, nbytes, lenrange, nulterm, |
4671 | allnul, allnonnul, snlim); |
4672 | } |
4673 | |
4674 | if (VAR_P (exp) || TREE_CODE (exp) == CONST_DECL) |
4675 | { |
4676 | /* If EXP can be folded into a constant use the result. Otherwise |
4677 | proceed to use EXP to determine a range of the result. */ |
4678 | if (tree fold_exp = ctor_for_folding (exp)) |
4679 | if (fold_exp != error_mark_node) |
4680 | exp = fold_exp; |
4681 | } |
4682 | |
4683 | const char *prep = NULL; |
4684 | if (TREE_CODE (exp) == STRING_CST) |
4685 | { |
4686 | unsigned nchars = TREE_STRING_LENGTH (exp); |
4687 | if (nchars < offset) |
4688 | return false; |
4689 | |
4690 | if (!nbytes) |
4691 | /* If NBYTES hasn't been determined earlier, either from ADDR_EXPR |
4692 | (i.e., it's the size of a pointer), or from MEM_REF (as the size |
4693 | of the access), set it here to the size of the string, including |
4694 | all internal and trailing nuls if the string has any. */ |
4695 | nbytes = nchars - offset; |
4696 | else if (nchars - offset < nbytes) |
4697 | return false; |
4698 | |
4699 | prep = TREE_STRING_POINTER (exp) + offset; |
4700 | } |
4701 | |
4702 | unsigned char buf[256]; |
4703 | if (!prep) |
4704 | { |
4705 | if (CHAR_BIT != 8 || BITS_PER_UNIT != 8) |
4706 | return false; |
4707 | /* If the pointer to representation hasn't been set above |
4708 | for STRING_CST point it at the buffer. */ |
4709 | prep = reinterpret_cast <char *>(buf); |
4710 | /* Try to extract the representation of the constant object |
4711 | or expression starting from the offset. */ |
4712 | unsigned repsize = native_encode_expr (exp, buf, sizeof buf, off: offset); |
4713 | if (repsize < nbytes) |
4714 | { |
4715 | /* This should only happen when REPSIZE is zero because EXP |
4716 | doesn't denote an object with a known initializer, except |
4717 | perhaps when the reference reads past its end. */ |
4718 | lenrange[0] = 0; |
4719 | prep = NULL; |
4720 | } |
4721 | else if (!nbytes) |
4722 | nbytes = repsize; |
4723 | else if (nbytes < repsize) |
4724 | return false; |
4725 | } |
4726 | |
4727 | if (!nbytes) |
4728 | return nonzero_bytes_for_type (TREE_TYPE (exp), lenrange, |
4729 | nulterm, allnul, allnonnul); |
4730 | |
4731 | /* Compute the number of leading nonzero bytes in the representation |
4732 | and update the minimum and maximum. */ |
4733 | unsigned HOST_WIDE_INT n = prep ? strnlen (string: prep, maxlen: nbytes) : nbytes; |
4734 | |
4735 | if (n < lenrange[0]) |
4736 | lenrange[0] = n; |
4737 | if (lenrange[1] < n) |
4738 | lenrange[1] = n; |
4739 | |
4740 | /* Set the size of the representation. */ |
4741 | if (lenrange[2] < nbytes) |
4742 | lenrange[2] = nbytes; |
4743 | |
4744 | /* Clear NULTERM if none of the bytes is zero. */ |
4745 | if (n == nbytes) |
4746 | *nulterm = false; |
4747 | |
4748 | if (n) |
4749 | { |
4750 | /* When the initial number of non-zero bytes N is non-zero, reset |
4751 | *ALLNUL; if N is less than that the size of the representation |
4752 | also clear *ALLNONNUL. */ |
4753 | *allnul = false; |
4754 | if (n < nbytes) |
4755 | *allnonnul = false; |
4756 | } |
4757 | else if (*allnul || *allnonnul) |
4758 | { |
4759 | *allnonnul = false; |
4760 | |
4761 | if (*allnul) |
4762 | { |
4763 | /* When either ALLNUL is set and N is zero, also determine |
4764 | whether all subsequent bytes after the first one (which |
4765 | is nul) are zero or nonzero and clear ALLNUL if not. */ |
4766 | for (const char *p = prep; p != prep + nbytes; ++p) |
4767 | if (*p) |
4768 | { |
4769 | *allnul = false; |
4770 | break; |
4771 | } |
4772 | } |
4773 | } |
4774 | |
4775 | return true; |
4776 | } |
4777 | |
4778 | /* Like count_nonzero_bytes, but instead of counting bytes in EXP, count |
4779 | bytes that are pointed to by EXP, which should be a pointer. */ |
4780 | |
4781 | bool |
4782 | strlen_pass::count_nonzero_bytes_addr (tree exp, tree vuse, gimple *stmt, |
4783 | unsigned HOST_WIDE_INT offset, |
4784 | unsigned HOST_WIDE_INT nbytes, |
4785 | unsigned lenrange[3], bool *nulterm, |
4786 | bool *allnul, bool *allnonnul, |
4787 | ssa_name_limit_t &snlim) |
4788 | { |
4789 | int idx = get_stridx (exp, stmt); |
4790 | if (idx > 0) |
4791 | { |
4792 | /* get_strinfo reflects string lengths before the current statement, |
4793 | where the current statement is the outermost count_nonzero_bytes |
4794 | stmt. If there are any stores in between stmt and that |
4795 | current statement, the string length information might describe |
4796 | something significantly different. */ |
4797 | if (gimple_vuse (g: stmt) != vuse) |
4798 | return false; |
4799 | |
4800 | strinfo *si = get_strinfo (idx); |
4801 | if (!si) |
4802 | return false; |
4803 | |
4804 | /* Handle both constant lengths as well non-constant lengths |
4805 | in some range. */ |
4806 | unsigned HOST_WIDE_INT minlen, maxlen; |
4807 | if (tree_fits_shwi_p (si->nonzero_chars)) |
4808 | minlen = maxlen = tree_to_shwi (si->nonzero_chars); |
4809 | else if (si->nonzero_chars |
4810 | && TREE_CODE (si->nonzero_chars) == SSA_NAME) |
4811 | { |
4812 | value_range vr; |
4813 | if (!ptr_qry.rvals->range_of_expr (r&: vr, expr: si->nonzero_chars, stmt) |
4814 | || vr.undefined_p () |
4815 | || vr.varying_p ()) |
4816 | return false; |
4817 | |
4818 | minlen = vr.lower_bound ().to_uhwi (); |
4819 | maxlen = vr.upper_bound ().to_uhwi (); |
4820 | } |
4821 | else |
4822 | return false; |
4823 | |
4824 | if (maxlen < offset) |
4825 | return false; |
4826 | |
4827 | minlen = minlen < offset ? 0 : minlen - offset; |
4828 | maxlen -= offset; |
4829 | if (maxlen + 1 < nbytes) |
4830 | return false; |
4831 | |
4832 | if (nbytes <= minlen) |
4833 | *nulterm = false; |
4834 | |
4835 | if (nbytes < minlen) |
4836 | { |
4837 | minlen = nbytes; |
4838 | if (nbytes < maxlen) |
4839 | maxlen = nbytes; |
4840 | } |
4841 | |
4842 | if (minlen < lenrange[0]) |
4843 | lenrange[0] = minlen; |
4844 | if (lenrange[1] < maxlen) |
4845 | lenrange[1] = maxlen; |
4846 | |
4847 | if (lenrange[2] < nbytes) |
4848 | lenrange[2] = nbytes; |
4849 | |
4850 | /* Since only the length of the string are known and not its contents, |
4851 | clear ALLNUL and ALLNONNUL purely on the basis of the length. */ |
4852 | *allnul = false; |
4853 | if (minlen < nbytes) |
4854 | *allnonnul = false; |
4855 | |
4856 | return true; |
4857 | } |
4858 | |
4859 | if (TREE_CODE (exp) == ADDR_EXPR) |
4860 | return count_nonzero_bytes (TREE_OPERAND (exp, 0), vuse, stmt, |
4861 | offset, nbytes, |
4862 | lenrange, nulterm, allnul, allnonnul, snlim); |
4863 | |
4864 | if (TREE_CODE (exp) == SSA_NAME) |
4865 | { |
4866 | gimple *g = SSA_NAME_DEF_STMT (exp); |
4867 | if (gimple_code (g) == GIMPLE_PHI) |
4868 | { |
4869 | /* Avoid processing an SSA_NAME that has already been visited |
4870 | or if an SSA_NAME limit has been reached. Indicate success |
4871 | if the former and failure if the latter. */ |
4872 | if (int res = snlim.next_phi (exp)) |
4873 | return res > 0; |
4874 | |
4875 | /* Determine the minimum and maximum from the PHI arguments. */ |
4876 | unsigned int n = gimple_phi_num_args (gs: g); |
4877 | for (unsigned i = 0; i != n; i++) |
4878 | { |
4879 | tree def = gimple_phi_arg_def (gs: g, index: i); |
4880 | if (!count_nonzero_bytes_addr (exp: def, vuse, stmt: g, |
4881 | offset, nbytes, lenrange, |
4882 | nulterm, allnul, allnonnul, |
4883 | snlim)) |
4884 | return false; |
4885 | } |
4886 | |
4887 | return true; |
4888 | } |
4889 | } |
4890 | |
4891 | /* Otherwise we don't know anything. */ |
4892 | lenrange[0] = 0; |
4893 | if (lenrange[1] < nbytes) |
4894 | lenrange[1] = nbytes; |
4895 | if (lenrange[2] < nbytes) |
4896 | lenrange[2] = nbytes; |
4897 | *nulterm = false; |
4898 | *allnul = false; |
4899 | *allnonnul = false; |
4900 | return true; |
4901 | } |
4902 | |
4903 | /* Same as above except with an implicit SSA_NAME limit. When EXPR_OR_TYPE |
4904 | is a type rather than an expression use its size to compute the range. |
4905 | RVALS is used to determine ranges of dynamically computed string lengths |
4906 | (the results of strlen). */ |
4907 | |
4908 | bool |
4909 | strlen_pass::count_nonzero_bytes (tree expr_or_type, gimple *stmt, |
4910 | unsigned lenrange[3], bool *nulterm, |
4911 | bool *allnul, bool *allnonnul) |
4912 | { |
4913 | if (TYPE_P (expr_or_type)) |
4914 | return nonzero_bytes_for_type (type: expr_or_type, lenrange, |
4915 | nulterm, allnul, allnonnul); |
4916 | |
4917 | /* Set to optimistic values so the caller doesn't have to worry about |
4918 | initializing these and to what. On success, the function will clear |
4919 | these if it determines their values are different but being recursive |
4920 | it never sets either to true. On failure, their values are |
4921 | unspecified. */ |
4922 | *nulterm = true; |
4923 | *allnul = true; |
4924 | *allnonnul = true; |
4925 | |
4926 | ssa_name_limit_t snlim; |
4927 | tree expr = expr_or_type; |
4928 | return count_nonzero_bytes (exp: expr, vuse: gimple_vuse (g: stmt), stmt, |
4929 | offset: 0, nbytes: 0, lenrange, nulterm, allnul, allnonnul, |
4930 | snlim); |
4931 | } |
4932 | |
4933 | /* Handle a single or multibyte store other than by a built-in function, |
4934 | either via a single character assignment or by multi-byte assignment |
4935 | either via MEM_REF or via a type other than char (such as in |
4936 | '*(int*)a = 12345'). Return true to let the caller advance *GSI to |
4937 | the next statement in the basic block and false otherwise. */ |
4938 | |
4939 | bool |
4940 | strlen_pass::handle_store (bool *zero_write) |
4941 | { |
4942 | gimple *stmt = gsi_stmt (i: m_gsi); |
4943 | /* The LHS and RHS of the store. The RHS is null if STMT is a function |
4944 | call. STORETYPE is the type of the store (determined from either |
4945 | the RHS of the assignment statement or the LHS of a function call. */ |
4946 | tree lhs, rhs, storetype; |
4947 | if (is_gimple_assign (gs: stmt)) |
4948 | { |
4949 | lhs = gimple_assign_lhs (gs: stmt); |
4950 | rhs = gimple_assign_rhs1 (gs: stmt); |
4951 | storetype = TREE_TYPE (rhs); |
4952 | } |
4953 | else if (is_gimple_call (gs: stmt)) |
4954 | { |
4955 | lhs = gimple_call_lhs (gs: stmt); |
4956 | rhs = NULL_TREE; |
4957 | storetype = TREE_TYPE (lhs); |
4958 | } |
4959 | else |
4960 | return true; |
4961 | |
4962 | tree ssaname = NULL_TREE; |
4963 | strinfo *si = NULL; |
4964 | int idx = -1; |
4965 | |
4966 | range_query *const rvals = ptr_qry.rvals; |
4967 | |
4968 | /* The offset of the first byte in LHS modified by the store. */ |
4969 | unsigned HOST_WIDE_INT offset = 0; |
4970 | |
4971 | if (TREE_CODE (lhs) == MEM_REF |
4972 | && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME) |
4973 | { |
4974 | tree mem_offset = TREE_OPERAND (lhs, 1); |
4975 | if (tree_fits_uhwi_p (mem_offset)) |
4976 | { |
4977 | /* Get the strinfo for the base, and use it if it starts with at |
4978 | least OFFSET nonzero characters. This is trivially true if |
4979 | OFFSET is zero. */ |
4980 | offset = tree_to_uhwi (mem_offset); |
4981 | idx = get_stridx (TREE_OPERAND (lhs, 0), stmt); |
4982 | if (idx > 0) |
4983 | si = get_strinfo (idx); |
4984 | if (offset == 0) |
4985 | ssaname = TREE_OPERAND (lhs, 0); |
4986 | else if (si == NULL |
4987 | || compare_nonzero_chars (si, stmt, off: offset, rvals) < 0) |
4988 | { |
4989 | *zero_write = rhs ? initializer_zerop (rhs) : false; |
4990 | |
4991 | bool dummy; |
4992 | unsigned lenrange[] = { UINT_MAX, 0, 0 }; |
4993 | if (count_nonzero_bytes (expr_or_type: rhs ? rhs : storetype, stmt, lenrange, |
4994 | nulterm: &dummy, allnul: &dummy, allnonnul: &dummy)) |
4995 | maybe_warn_overflow (stmt, call_lhs: true, len: lenrange[2]); |
4996 | |
4997 | return true; |
4998 | } |
4999 | } |
5000 | } |
5001 | else |
5002 | { |
5003 | idx = get_addr_stridx (exp: lhs, stmt, NULL_TREE, offset_out: &offset, rvals); |
5004 | if (idx > 0) |
5005 | si = get_strinfo (idx); |
5006 | } |
5007 | |
5008 | /* Minimum and maximum leading non-zero bytes and the size of the store. */ |
5009 | unsigned lenrange[] = { UINT_MAX, 0, 0 }; |
5010 | |
5011 | /* Set to the minimum length of the string being assigned if known. */ |
5012 | unsigned HOST_WIDE_INT rhs_minlen; |
5013 | |
5014 | /* STORING_NONZERO_P is true iff not all stored characters are zero. |
5015 | STORING_ALL_NONZERO_P is true if all stored characters are zero. |
5016 | STORING_ALL_ZEROS_P is true iff all stored characters are zero. |
5017 | Both are false when it's impossible to determine which is true. */ |
5018 | bool storing_nonzero_p; |
5019 | bool storing_all_nonzero_p; |
5020 | bool storing_all_zeros_p; |
5021 | /* FULL_STRING_P is set when the stored sequence of characters form |
5022 | a nul-terminated string. */ |
5023 | bool full_string_p; |
5024 | |
5025 | const bool ranges_valid |
5026 | = count_nonzero_bytes (expr_or_type: rhs ? rhs : storetype, stmt, |
5027 | lenrange, nulterm: &full_string_p, |
5028 | allnul: &storing_all_zeros_p, allnonnul: &storing_all_nonzero_p); |
5029 | |
5030 | if (ranges_valid) |
5031 | { |
5032 | rhs_minlen = lenrange[0]; |
5033 | storing_nonzero_p = lenrange[1] > 0; |
5034 | *zero_write = storing_all_zeros_p; |
5035 | |
5036 | maybe_warn_overflow (stmt, call_lhs: true, len: lenrange[2]); |
5037 | } |
5038 | else |
5039 | { |
5040 | rhs_minlen = HOST_WIDE_INT_M1U; |
5041 | full_string_p = false; |
5042 | storing_nonzero_p = false; |
5043 | storing_all_zeros_p = false; |
5044 | storing_all_nonzero_p = false; |
5045 | } |
5046 | |
5047 | if (si != NULL) |
5048 | { |
5049 | /* The count_nonzero_bytes call above might have unshared si. |
5050 | Fetch it again from the vector. */ |
5051 | si = get_strinfo (idx); |
5052 | /* The corresponding element is set to 1 if the first and last |
5053 | element, respectively, of the sequence of characters being |
5054 | written over the string described by SI ends before |
5055 | the terminating nul (if it has one), to zero if the nul is |
5056 | being overwritten but not beyond, or negative otherwise. */ |
5057 | int store_before_nul[2]; |
5058 | if (ranges_valid) |
5059 | { |
5060 | /* The offset of the last stored byte. */ |
5061 | unsigned HOST_WIDE_INT endoff = offset + lenrange[2] - 1; |
5062 | store_before_nul[0] |
5063 | = compare_nonzero_chars (si, stmt, off: offset, rvals); |
5064 | if (endoff == offset) |
5065 | store_before_nul[1] = store_before_nul[0]; |
5066 | else |
5067 | store_before_nul[1] |
5068 | = compare_nonzero_chars (si, stmt, off: endoff, rvals); |
5069 | } |
5070 | else |
5071 | { |
5072 | store_before_nul[0] |
5073 | = compare_nonzero_chars (si, stmt, off: offset, rvals); |
5074 | store_before_nul[1] = store_before_nul[0]; |
5075 | gcc_assert (offset == 0 || store_before_nul[0] >= 0); |
5076 | } |
5077 | |
5078 | if (storing_all_zeros_p |
5079 | && store_before_nul[0] == 0 |
5080 | && store_before_nul[1] == 0 |
5081 | && si->full_string_p) |
5082 | { |
5083 | /* When overwriting a '\0' with a '\0', the store can be removed |
5084 | if we know it has been stored in the current function. */ |
5085 | if (!stmt_could_throw_p (cfun, stmt) && si->writable) |
5086 | { |
5087 | unlink_stmt_vdef (stmt); |
5088 | release_defs (stmt); |
5089 | gsi_remove (&m_gsi, true); |
5090 | return false; |
5091 | } |
5092 | else |
5093 | { |
5094 | si->writable = true; |
5095 | gsi_next (i: &m_gsi); |
5096 | return false; |
5097 | } |
5098 | } |
5099 | |
5100 | if (store_before_nul[1] > 0 |
5101 | && storing_nonzero_p |
5102 | && lenrange[0] == lenrange[1] |
5103 | && lenrange[0] == lenrange[2] |
5104 | && TREE_CODE (storetype) == INTEGER_TYPE) |
5105 | { |
5106 | /* Handle a store of one or more non-nul characters that ends |
5107 | before the terminating nul of the destination and so does |
5108 | not affect its length |
5109 | If si->nonzero_chars > OFFSET, we aren't overwriting '\0', |
5110 | and if we aren't storing '\0', we know that the length of |
5111 | the string and any other zero terminated string in memory |
5112 | remains the same. In that case we move to the next gimple |
5113 | statement and return to signal the caller that it shouldn't |
5114 | invalidate anything. |
5115 | |
5116 | This is beneficial for cases like: |
5117 | |
5118 | char p[20]; |
5119 | void foo (char *q) |
5120 | { |
5121 | strcpy (p, "foobar"); |
5122 | size_t len = strlen (p); // can be folded to 6 |
5123 | size_t len2 = strlen (q); // has to be computed |
5124 | p[0] = 'X'; |
5125 | size_t len3 = strlen (p); // can be folded to 6 |
5126 | size_t len4 = strlen (q); // can be folded to len2 |
5127 | bar (len, len2, len3, len4); |
5128 | } */ |
5129 | gsi_next (i: &m_gsi); |
5130 | return false; |
5131 | } |
5132 | |
5133 | if (storing_nonzero_p |
5134 | || storing_all_zeros_p |
5135 | || (full_string_p && lenrange[1] == 0) |
5136 | || (offset != 0 && store_before_nul[1] > 0)) |
5137 | { |
5138 | /* When STORING_NONZERO_P, we know that the string will start |
5139 | with at least OFFSET + 1 nonzero characters. If storing |
5140 | a single character, set si->NONZERO_CHARS to the result. |
5141 | If storing multiple characters, try to determine the number |
5142 | of leading non-zero characters and set si->NONZERO_CHARS to |
5143 | the result instead. |
5144 | |
5145 | When STORING_ALL_ZEROS_P, or the first byte written is zero, |
5146 | i.e. FULL_STRING_P && LENRANGE[1] == 0, we know that the |
5147 | string is now OFFSET characters long. |
5148 | |
5149 | Otherwise, we're storing an unknown value at offset OFFSET, |
5150 | so need to clip the nonzero_chars to OFFSET. |
5151 | Use the minimum length of the string (or individual character) |
5152 | being stored if it's known. Otherwise, STORING_NONZERO_P |
5153 | guarantees it's at least 1. */ |
5154 | HOST_WIDE_INT len |
5155 | = storing_nonzero_p && ranges_valid ? lenrange[0] : 1; |
5156 | location_t loc = gimple_location (g: stmt); |
5157 | tree oldlen = si->nonzero_chars; |
5158 | if (store_before_nul[1] == 0 && si->full_string_p) |
5159 | /* We're overwriting the nul terminator with a nonzero or |
5160 | unknown character. If the previous stmt was a memcpy, |
5161 | its length may be decreased. */ |
5162 | adjust_last_stmt (si, stmt, is_strcat: false); |
5163 | si = unshare_strinfo (si); |
5164 | if (storing_nonzero_p) |
5165 | { |
5166 | gcc_assert (len >= 0); |
5167 | si->nonzero_chars = build_int_cst (size_type_node, offset + len); |
5168 | } |
5169 | else |
5170 | si->nonzero_chars = build_int_cst (size_type_node, offset); |
5171 | |
5172 | /* Set FULL_STRING_P only if the length of the strings being |
5173 | written is the same, and clear it if the strings have |
5174 | different lengths. In the latter case the length stored |
5175 | in si->NONZERO_CHARS becomes the lower bound. |
5176 | FIXME: Handle the upper bound of the length if possible. */ |
5177 | si->full_string_p = full_string_p && lenrange[0] == lenrange[1]; |
5178 | |
5179 | if (storing_all_zeros_p |
5180 | && ssaname |
5181 | && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname)) |
5182 | si->endptr = ssaname; |
5183 | else |
5184 | si->endptr = NULL; |
5185 | si->next = 0; |
5186 | si->stmt = NULL; |
5187 | si->writable = true; |
5188 | si->dont_invalidate = true; |
5189 | if (oldlen) |
5190 | { |
5191 | tree adj = fold_build2_loc (loc, MINUS_EXPR, size_type_node, |
5192 | si->nonzero_chars, oldlen); |
5193 | adjust_related_strinfos (loc, origsi: si, adj); |
5194 | } |
5195 | else |
5196 | si->prev = 0; |
5197 | } |
5198 | } |
5199 | else if (idx == 0 && (storing_all_zeros_p || storing_nonzero_p)) |
5200 | { |
5201 | if (ssaname) |
5202 | idx = new_stridx (exp: ssaname); |
5203 | else |
5204 | idx = new_addr_stridx (exp: lhs); |
5205 | if (idx != 0) |
5206 | { |
5207 | tree ptr = (ssaname ? ssaname : build_fold_addr_expr (lhs)); |
5208 | |
5209 | HOST_WIDE_INT slen; |
5210 | if (storing_all_zeros_p) |
5211 | slen = 0; |
5212 | else if (storing_nonzero_p && ranges_valid) |
5213 | { |
5214 | /* FIXME: Handle the upper bound of the length when |
5215 | LENRANGE[0] != LENRANGE[1]. */ |
5216 | slen = lenrange[0]; |
5217 | if (lenrange[0] != lenrange[1]) |
5218 | /* Set the minimum length but ignore the maximum |
5219 | for now. */ |
5220 | full_string_p = false; |
5221 | } |
5222 | else |
5223 | slen = -1; |
5224 | |
5225 | tree len = (slen <= 0 |
5226 | ? size_zero_node |
5227 | : build_int_cst (size_type_node, slen)); |
5228 | si = new_strinfo (ptr, idx, nonzero_chars: len, full_string_p: slen >= 0 && full_string_p); |
5229 | set_strinfo (idx, si); |
5230 | if (storing_all_zeros_p |
5231 | && ssaname |
5232 | && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname)) |
5233 | si->endptr = ssaname; |
5234 | si->dont_invalidate = true; |
5235 | si->writable = true; |
5236 | } |
5237 | } |
5238 | else if (idx == 0 |
5239 | && rhs_minlen < HOST_WIDE_INT_M1U |
5240 | && ssaname == NULL_TREE |
5241 | && TREE_CODE (TREE_TYPE (lhs)) == ARRAY_TYPE) |
5242 | { |
5243 | HOST_WIDE_INT a = int_size_in_bytes (TREE_TYPE (lhs)); |
5244 | if (a > 0 && (unsigned HOST_WIDE_INT) a > rhs_minlen) |
5245 | { |
5246 | int idx = new_addr_stridx (exp: lhs); |
5247 | if (idx != 0) |
5248 | { |
5249 | si = new_strinfo (build_fold_addr_expr (lhs), idx, |
5250 | nonzero_chars: build_int_cst (size_type_node, rhs_minlen), |
5251 | full_string_p); |
5252 | set_strinfo (idx, si); |
5253 | si->dont_invalidate = true; |
5254 | } |
5255 | } |
5256 | } |
5257 | |
5258 | if (si != NULL && offset == 0 && storing_all_zeros_p && lenrange[2] == 1) |
5259 | { |
5260 | /* For single-byte stores only, allow adjust_last_stmt to remove |
5261 | the statement if the stored '\0' is immediately overwritten. */ |
5262 | laststmt.stmt = stmt; |
5263 | laststmt.len = build_int_cst (size_type_node, 1); |
5264 | laststmt.stridx = si->idx; |
5265 | } |
5266 | return true; |
5267 | } |
5268 | |
5269 | /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */ |
5270 | |
5271 | static void |
5272 | fold_strstr_to_strncmp (tree rhs1, tree rhs2, gimple *stmt) |
5273 | { |
5274 | if (TREE_CODE (rhs1) != SSA_NAME |
5275 | || TREE_CODE (rhs2) != SSA_NAME) |
5276 | return; |
5277 | |
5278 | gimple *call_stmt = NULL; |
5279 | for (int pass = 0; pass < 2; pass++) |
5280 | { |
5281 | gimple *g = SSA_NAME_DEF_STMT (rhs1); |
5282 | if (gimple_call_builtin_p (g, BUILT_IN_STRSTR) |
5283 | && has_single_use (var: rhs1) |
5284 | && gimple_call_arg (gs: g, index: 0) == rhs2) |
5285 | { |
5286 | call_stmt = g; |
5287 | break; |
5288 | } |
5289 | std::swap (a&: rhs1, b&: rhs2); |
5290 | } |
5291 | |
5292 | if (call_stmt) |
5293 | { |
5294 | tree arg0 = gimple_call_arg (gs: call_stmt, index: 0); |
5295 | |
5296 | if (arg0 == rhs2) |
5297 | { |
5298 | tree arg1 = gimple_call_arg (gs: call_stmt, index: 1); |
5299 | tree arg1_len = NULL_TREE; |
5300 | int idx = get_stridx (exp: arg1, stmt: call_stmt); |
5301 | |
5302 | if (idx) |
5303 | { |
5304 | if (idx < 0) |
5305 | arg1_len = build_int_cst (size_type_node, ~idx); |
5306 | else |
5307 | { |
5308 | strinfo *si = get_strinfo (idx); |
5309 | if (si) |
5310 | arg1_len = get_string_length (si); |
5311 | } |
5312 | } |
5313 | |
5314 | if (arg1_len != NULL_TREE) |
5315 | { |
5316 | gimple_stmt_iterator gsi = gsi_for_stmt (call_stmt); |
5317 | tree strncmp_decl = builtin_decl_explicit (fncode: BUILT_IN_STRNCMP); |
5318 | |
5319 | if (!is_gimple_val (arg1_len)) |
5320 | { |
5321 | tree arg1_len_tmp = make_ssa_name (TREE_TYPE (arg1_len)); |
5322 | gassign *arg1_stmt = gimple_build_assign (arg1_len_tmp, |
5323 | arg1_len); |
5324 | gsi_insert_before (&gsi, arg1_stmt, GSI_SAME_STMT); |
5325 | arg1_len = arg1_len_tmp; |
5326 | } |
5327 | |
5328 | gcall *strncmp_call = gimple_build_call (strncmp_decl, 3, |
5329 | arg0, arg1, arg1_len); |
5330 | tree strncmp_lhs = make_ssa_name (integer_type_node); |
5331 | gimple_set_vuse (g: strncmp_call, vuse: gimple_vuse (g: call_stmt)); |
5332 | gimple_call_set_lhs (gs: strncmp_call, lhs: strncmp_lhs); |
5333 | gsi_remove (&gsi, true); |
5334 | gsi_insert_before (&gsi, strncmp_call, GSI_SAME_STMT); |
5335 | tree zero = build_zero_cst (TREE_TYPE (strncmp_lhs)); |
5336 | |
5337 | if (is_gimple_assign (gs: stmt)) |
5338 | { |
5339 | if (gimple_assign_rhs_code (gs: stmt) == COND_EXPR) |
5340 | { |
5341 | tree cond = gimple_assign_rhs1 (gs: stmt); |
5342 | TREE_OPERAND (cond, 0) = strncmp_lhs; |
5343 | TREE_OPERAND (cond, 1) = zero; |
5344 | } |
5345 | else |
5346 | { |
5347 | gimple_assign_set_rhs1 (gs: stmt, rhs: strncmp_lhs); |
5348 | gimple_assign_set_rhs2 (gs: stmt, rhs: zero); |
5349 | } |
5350 | } |
5351 | else |
5352 | { |
5353 | gcond *cond = as_a<gcond *> (p: stmt); |
5354 | gimple_cond_set_lhs (gs: cond, lhs: strncmp_lhs); |
5355 | gimple_cond_set_rhs (gs: cond, rhs: zero); |
5356 | } |
5357 | update_stmt (s: stmt); |
5358 | } |
5359 | } |
5360 | } |
5361 | } |
5362 | |
5363 | /* Return true if TYPE corresponds to a narrow character type. */ |
5364 | |
5365 | static bool |
5366 | is_char_type (tree type) |
5367 | { |
5368 | return (TREE_CODE (type) == INTEGER_TYPE |
5369 | && TYPE_MODE (type) == TYPE_MODE (char_type_node) |
5370 | && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node)); |
5371 | } |
5372 | |
5373 | /* Check the built-in call at GSI for validity and optimize it. |
5374 | Uses RVALS to determine range information. |
5375 | Return true to let the caller advance *GSI to the next statement |
5376 | in the basic block and false otherwise. */ |
5377 | |
5378 | bool |
5379 | strlen_pass::check_and_optimize_call (bool *zero_write) |
5380 | { |
5381 | gimple *stmt = gsi_stmt (i: m_gsi); |
5382 | |
5383 | if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) |
5384 | { |
5385 | tree fntype = gimple_call_fntype (gs: stmt); |
5386 | if (!fntype) |
5387 | return true; |
5388 | |
5389 | if (lookup_attribute (attr_name: "alloc_size" , TYPE_ATTRIBUTES (fntype))) |
5390 | { |
5391 | handle_alloc_call (bcode: BUILT_IN_NONE); |
5392 | return true; |
5393 | } |
5394 | |
5395 | if (tree lhs = gimple_call_lhs (gs: stmt)) |
5396 | handle_assign (lhs, zero_write); |
5397 | |
5398 | /* Proceed to handle user-defined formatting functions. */ |
5399 | } |
5400 | |
5401 | /* When not optimizing we must be checking printf calls which |
5402 | we do even for user-defined functions when they are declared |
5403 | with attribute format. */ |
5404 | if (!flag_optimize_strlen |
5405 | || !strlen_optimize |
5406 | || !valid_builtin_call (stmt)) |
5407 | return !handle_printf_call (&m_gsi, ptr_qry); |
5408 | |
5409 | tree callee = gimple_call_fndecl (gs: stmt); |
5410 | switch (DECL_FUNCTION_CODE (decl: callee)) |
5411 | { |
5412 | case BUILT_IN_STRLEN: |
5413 | case BUILT_IN_STRNLEN: |
5414 | handle_builtin_strlen (); |
5415 | break; |
5416 | case BUILT_IN_STRCHR: |
5417 | handle_builtin_strchr (); |
5418 | break; |
5419 | case BUILT_IN_STRCPY: |
5420 | case BUILT_IN_STRCPY_CHK: |
5421 | case BUILT_IN_STPCPY: |
5422 | case BUILT_IN_STPCPY_CHK: |
5423 | handle_builtin_strcpy (bcode: DECL_FUNCTION_CODE (decl: callee)); |
5424 | break; |
5425 | |
5426 | case BUILT_IN_STRNCAT: |
5427 | case BUILT_IN_STRNCAT_CHK: |
5428 | handle_builtin_strncat (DECL_FUNCTION_CODE (decl: callee)); |
5429 | break; |
5430 | |
5431 | case BUILT_IN_STPNCPY: |
5432 | case BUILT_IN_STPNCPY_CHK: |
5433 | case BUILT_IN_STRNCPY: |
5434 | case BUILT_IN_STRNCPY_CHK: |
5435 | handle_builtin_stxncpy_strncat (append_p: false); |
5436 | break; |
5437 | |
5438 | case BUILT_IN_MEMCPY: |
5439 | case BUILT_IN_MEMCPY_CHK: |
5440 | case BUILT_IN_MEMPCPY: |
5441 | case BUILT_IN_MEMPCPY_CHK: |
5442 | handle_builtin_memcpy (bcode: DECL_FUNCTION_CODE (decl: callee)); |
5443 | break; |
5444 | case BUILT_IN_STRCAT: |
5445 | case BUILT_IN_STRCAT_CHK: |
5446 | handle_builtin_strcat (bcode: DECL_FUNCTION_CODE (decl: callee)); |
5447 | break; |
5448 | case BUILT_IN_ALLOCA: |
5449 | case BUILT_IN_ALLOCA_WITH_ALIGN: |
5450 | case BUILT_IN_MALLOC: |
5451 | case BUILT_IN_CALLOC: |
5452 | handle_alloc_call (bcode: DECL_FUNCTION_CODE (decl: callee)); |
5453 | break; |
5454 | case BUILT_IN_MEMSET: |
5455 | if (handle_builtin_memset (zero_write)) |
5456 | return false; |
5457 | break; |
5458 | case BUILT_IN_MEMCMP: |
5459 | if (handle_builtin_memcmp ()) |
5460 | return false; |
5461 | break; |
5462 | case BUILT_IN_STRCMP: |
5463 | case BUILT_IN_STRNCMP: |
5464 | if (handle_builtin_string_cmp ()) |
5465 | return false; |
5466 | break; |
5467 | default: |
5468 | if (handle_printf_call (&m_gsi, ptr_qry)) |
5469 | return false; |
5470 | break; |
5471 | } |
5472 | |
5473 | return true; |
5474 | } |
5475 | |
5476 | /* Handle an assignment statement at *GSI to a LHS of integral type. |
5477 | If GSI's basic block needs clean-up of EH, set *CLEANUP_EH to true. */ |
5478 | |
5479 | void |
5480 | strlen_pass::handle_integral_assign (bool *cleanup_eh) |
5481 | { |
5482 | gimple *stmt = gsi_stmt (i: m_gsi); |
5483 | tree lhs = gimple_assign_lhs (gs: stmt); |
5484 | tree lhs_type = TREE_TYPE (lhs); |
5485 | |
5486 | enum tree_code code = gimple_assign_rhs_code (gs: stmt); |
5487 | if (code == COND_EXPR) |
5488 | { |
5489 | tree cond = gimple_assign_rhs1 (gs: stmt); |
5490 | enum tree_code cond_code = TREE_CODE (cond); |
5491 | |
5492 | if (cond_code == EQ_EXPR || cond_code == NE_EXPR) |
5493 | fold_strstr_to_strncmp (TREE_OPERAND (cond, 0), |
5494 | TREE_OPERAND (cond, 1), stmt); |
5495 | } |
5496 | else if (code == EQ_EXPR || code == NE_EXPR) |
5497 | fold_strstr_to_strncmp (rhs1: gimple_assign_rhs1 (gs: stmt), |
5498 | rhs2: gimple_assign_rhs2 (gs: stmt), stmt); |
5499 | else if (gimple_assign_load_p (stmt) |
5500 | && TREE_CODE (lhs_type) == INTEGER_TYPE |
5501 | && TYPE_MODE (lhs_type) == TYPE_MODE (char_type_node) |
5502 | && (TYPE_PRECISION (lhs_type) |
5503 | == TYPE_PRECISION (char_type_node)) |
5504 | && !gimple_has_volatile_ops (stmt)) |
5505 | { |
5506 | tree off = integer_zero_node; |
5507 | unsigned HOST_WIDE_INT coff = 0; |
5508 | int idx = 0; |
5509 | tree rhs1 = gimple_assign_rhs1 (gs: stmt); |
5510 | if (code == MEM_REF) |
5511 | { |
5512 | idx = get_stridx (TREE_OPERAND (rhs1, 0), stmt); |
5513 | if (idx > 0) |
5514 | { |
5515 | strinfo *si = get_strinfo (idx); |
5516 | if (si |
5517 | && si->nonzero_chars |
5518 | && TREE_CODE (si->nonzero_chars) == INTEGER_CST |
5519 | && (wi::to_widest (t: si->nonzero_chars) |
5520 | >= wi::to_widest (t: off))) |
5521 | off = TREE_OPERAND (rhs1, 1); |
5522 | else |
5523 | /* This case is not useful. See if get_addr_stridx |
5524 | returns something usable. */ |
5525 | idx = 0; |
5526 | } |
5527 | } |
5528 | if (idx <= 0) |
5529 | idx = get_addr_stridx (exp: rhs1, stmt, NULL_TREE, offset_out: &coff); |
5530 | if (idx > 0) |
5531 | { |
5532 | strinfo *si = get_strinfo (idx); |
5533 | if (si |
5534 | && si->nonzero_chars |
5535 | && TREE_CODE (si->nonzero_chars) == INTEGER_CST) |
5536 | { |
5537 | widest_int w1 = wi::to_widest (t: si->nonzero_chars); |
5538 | widest_int w2 = wi::to_widest (t: off) + coff; |
5539 | if (w1 == w2 |
5540 | && si->full_string_p) |
5541 | { |
5542 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
5543 | { |
5544 | fprintf (stream: dump_file, format: "Optimizing: " ); |
5545 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
5546 | } |
5547 | |
5548 | /* Reading the final '\0' character. */ |
5549 | tree zero = build_int_cst (lhs_type, 0); |
5550 | gimple_set_vuse (g: stmt, NULL_TREE); |
5551 | gimple_assign_set_rhs_from_tree (&m_gsi, zero); |
5552 | *cleanup_eh |
5553 | |= maybe_clean_or_replace_eh_stmt (stmt, |
5554 | gsi_stmt (i: m_gsi)); |
5555 | stmt = gsi_stmt (i: m_gsi); |
5556 | update_stmt (s: stmt); |
5557 | |
5558 | if (dump_file && (dump_flags & TDF_DETAILS) != 0) |
5559 | { |
5560 | fprintf (stream: dump_file, format: "into: " ); |
5561 | print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM); |
5562 | } |
5563 | } |
5564 | else if (w1 > w2) |
5565 | { |
5566 | /* Reading a character before the final '\0' |
5567 | character. Just set the value range to ~[0, 0] |
5568 | if we don't have anything better. */ |
5569 | value_range r; |
5570 | if (!get_range_query (cfun)->range_of_expr (r, expr: lhs) |
5571 | || r.varying_p ()) |
5572 | { |
5573 | r.set_nonzero (lhs_type); |
5574 | set_range_info (lhs, r); |
5575 | } |
5576 | } |
5577 | } |
5578 | } |
5579 | } |
5580 | else if (code == MEM_REF && TREE_CODE (lhs) == SSA_NAME) |
5581 | { |
5582 | if (int idx = new_stridx (exp: lhs)) |
5583 | { |
5584 | /* Record multi-byte assignments from MEM_REFs. */ |
5585 | bool storing_all_nonzero_p; |
5586 | bool storing_all_zeros_p; |
5587 | bool full_string_p; |
5588 | unsigned lenrange[] = { UINT_MAX, 0, 0 }; |
5589 | tree rhs = gimple_assign_rhs1 (gs: stmt); |
5590 | const bool ranges_valid |
5591 | = count_nonzero_bytes (expr_or_type: rhs, stmt, |
5592 | lenrange, nulterm: &full_string_p, |
5593 | allnul: &storing_all_zeros_p, |
5594 | allnonnul: &storing_all_nonzero_p); |
5595 | if (ranges_valid) |
5596 | { |
5597 | tree length = build_int_cst (sizetype, lenrange[0]); |
5598 | strinfo *si = new_strinfo (ptr: lhs, idx, nonzero_chars: length, full_string_p); |
5599 | set_strinfo (idx, si); |
5600 | si->writable = true; |
5601 | si->dont_invalidate = true; |
5602 | } |
5603 | } |
5604 | } |
5605 | |
5606 | if (strlen_to_stridx) |
5607 | { |
5608 | tree rhs1 = gimple_assign_rhs1 (gs: stmt); |
5609 | if (stridx_strlenloc *ps = strlen_to_stridx->get (k: rhs1)) |
5610 | strlen_to_stridx->put (k: lhs, v: stridx_strlenloc (*ps)); |
5611 | } |
5612 | } |
5613 | |
5614 | /* Handle assignment statement at *GSI to LHS. Set *ZERO_WRITE if |
5615 | the assignment stores all zero bytes. */ |
5616 | |
5617 | bool |
5618 | strlen_pass::handle_assign (tree lhs, bool *zero_write) |
5619 | { |
5620 | tree type = TREE_TYPE (lhs); |
5621 | if (TREE_CODE (type) == ARRAY_TYPE) |
5622 | type = TREE_TYPE (type); |
5623 | |
5624 | bool is_char_store = is_char_type (type); |
5625 | if (!is_char_store && TREE_CODE (lhs) == MEM_REF) |
5626 | { |
5627 | /* To consider stores into char objects via integer types other |
5628 | than char but not those to non-character objects, determine |
5629 | the type of the destination rather than just the type of |
5630 | the access. */ |
5631 | for (int i = 0; i != 2; ++i) |
5632 | { |
5633 | tree ref = TREE_OPERAND (lhs, i); |
5634 | type = TREE_TYPE (ref); |
5635 | if (TREE_CODE (type) == POINTER_TYPE) |
5636 | type = TREE_TYPE (type); |
5637 | if (TREE_CODE (type) == ARRAY_TYPE) |
5638 | type = TREE_TYPE (type); |
5639 | if (is_char_type (type)) |
5640 | { |
5641 | is_char_store = true; |
5642 | break; |
5643 | } |
5644 | } |
5645 | } |
5646 | |
5647 | /* Handle a single or multibyte assignment. */ |
5648 | if (is_char_store && !handle_store (zero_write)) |
5649 | return false; |
5650 | |
5651 | return true; |
5652 | } |
5653 | |
5654 | |
5655 | /* Attempt to check for validity of the performed access a single statement |
5656 | at *GSI using string length knowledge, and to optimize it. |
5657 | If the given basic block needs clean-up of EH, CLEANUP_EH is set to |
5658 | true. Return true to let the caller advance *GSI to the next statement |
5659 | in the basic block and false otherwise. */ |
5660 | |
5661 | bool |
5662 | strlen_pass::check_and_optimize_stmt (bool *cleanup_eh) |
5663 | { |
5664 | gimple *stmt = gsi_stmt (i: m_gsi); |
5665 | |
5666 | /* For statements that modify a string, set to true if the write |
5667 | is only zeros. */ |
5668 | bool zero_write = false; |
5669 | |
5670 | if (is_gimple_call (gs: stmt)) |
5671 | { |
5672 | if (!check_and_optimize_call (zero_write: &zero_write)) |
5673 | return false; |
5674 | } |
5675 | else if (!flag_optimize_strlen || !strlen_optimize) |
5676 | return true; |
5677 | else if (is_gimple_assign (gs: stmt) && !gimple_clobber_p (s: stmt)) |
5678 | { |
5679 | /* Handle non-clobbering assignment. */ |
5680 | tree lhs = gimple_assign_lhs (gs: stmt); |
5681 | tree lhs_type = TREE_TYPE (lhs); |
5682 | |
5683 | if (TREE_CODE (lhs) == SSA_NAME && POINTER_TYPE_P (lhs_type)) |
5684 | { |
5685 | if (gimple_assign_single_p (gs: stmt) |
5686 | || (gimple_assign_cast_p (s: stmt) |
5687 | && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (stmt))))) |
5688 | { |
5689 | int idx = get_stridx (exp: gimple_assign_rhs1 (gs: stmt), stmt); |
5690 | ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = idx; |
5691 | } |
5692 | else if (gimple_assign_rhs_code (gs: stmt) == POINTER_PLUS_EXPR) |
5693 | handle_pointer_plus (); |
5694 | } |
5695 | else if (TREE_CODE (lhs) == SSA_NAME && INTEGRAL_TYPE_P (lhs_type)) |
5696 | /* Handle assignment to a character. */ |
5697 | handle_integral_assign (cleanup_eh); |
5698 | else if (TREE_CODE (lhs) != SSA_NAME && !TREE_SIDE_EFFECTS (lhs)) |
5699 | if (!handle_assign (lhs, zero_write: &zero_write)) |
5700 | return false; |
5701 | } |
5702 | else if (gcond *cond = dyn_cast<gcond *> (p: stmt)) |
5703 | { |
5704 | enum tree_code code = gimple_cond_code (gs: cond); |
5705 | if (code == EQ_EXPR || code == NE_EXPR) |
5706 | fold_strstr_to_strncmp (rhs1: gimple_cond_lhs (gs: stmt), |
5707 | rhs2: gimple_cond_rhs (gs: stmt), stmt); |
5708 | } |
5709 | |
5710 | if (gimple_vdef (g: stmt)) |
5711 | maybe_invalidate (stmt, zero_write); |
5712 | return true; |
5713 | } |
5714 | |
5715 | /* Recursively call maybe_invalidate on stmts that might be executed |
5716 | in between dombb and current bb and that contain a vdef. Stop when |
5717 | *count stmts are inspected, or if the whole strinfo vector has |
5718 | been invalidated. */ |
5719 | |
5720 | static void |
5721 | do_invalidate (basic_block dombb, gimple *phi, bitmap visited, int *count) |
5722 | { |
5723 | unsigned int i, n = gimple_phi_num_args (gs: phi); |
5724 | |
5725 | for (i = 0; i < n; i++) |
5726 | { |
5727 | tree vuse = gimple_phi_arg_def (gs: phi, index: i); |
5728 | gimple *stmt = SSA_NAME_DEF_STMT (vuse); |
5729 | basic_block bb = gimple_bb (g: stmt); |
5730 | if (bb == NULL |
5731 | || bb == dombb |
5732 | || !bitmap_set_bit (visited, bb->index) |
5733 | || !dominated_by_p (CDI_DOMINATORS, bb, dombb)) |
5734 | continue; |
5735 | while (1) |
5736 | { |
5737 | if (gimple_code (g: stmt) == GIMPLE_PHI) |
5738 | { |
5739 | do_invalidate (dombb, phi: stmt, visited, count); |
5740 | if (*count == 0) |
5741 | return; |
5742 | break; |
5743 | } |
5744 | if (--*count == 0) |
5745 | return; |
5746 | if (!maybe_invalidate (stmt)) |
5747 | { |
5748 | *count = 0; |
5749 | return; |
5750 | } |
5751 | vuse = gimple_vuse (g: stmt); |
5752 | stmt = SSA_NAME_DEF_STMT (vuse); |
5753 | if (gimple_bb (g: stmt) != bb) |
5754 | { |
5755 | bb = gimple_bb (g: stmt); |
5756 | if (bb == NULL |
5757 | || bb == dombb |
5758 | || !bitmap_set_bit (visited, bb->index) |
5759 | || !dominated_by_p (CDI_DOMINATORS, bb, dombb)) |
5760 | break; |
5761 | } |
5762 | } |
5763 | } |
5764 | } |
5765 | |
5766 | /* Release pointer_query cache. */ |
5767 | |
5768 | strlen_pass::~strlen_pass () |
5769 | { |
5770 | ptr_qry.flush_cache (); |
5771 | } |
5772 | |
5773 | /* Callback for walk_dominator_tree. Attempt to optimize various |
5774 | string ops by remembering string lengths pointed by pointer SSA_NAMEs. */ |
5775 | |
5776 | edge |
5777 | strlen_pass::before_dom_children (basic_block bb) |
5778 | { |
5779 | basic_block dombb = get_immediate_dominator (CDI_DOMINATORS, bb); |
5780 | |
5781 | if (dombb == NULL) |
5782 | stridx_to_strinfo = NULL; |
5783 | else |
5784 | { |
5785 | stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) dombb->aux); |
5786 | if (stridx_to_strinfo) |
5787 | { |
5788 | for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (i: gsi); |
5789 | gsi_next (i: &gsi)) |
5790 | { |
5791 | gphi *phi = gsi.phi (); |
5792 | if (virtual_operand_p (op: gimple_phi_result (gs: phi))) |
5793 | { |
5794 | bitmap visited = BITMAP_ALLOC (NULL); |
5795 | int count_vdef = 100; |
5796 | do_invalidate (dombb, phi, visited, count: &count_vdef); |
5797 | BITMAP_FREE (visited); |
5798 | if (count_vdef == 0) |
5799 | { |
5800 | /* If there were too many vdefs in between immediate |
5801 | dominator and current bb, invalidate everything. |
5802 | If stridx_to_strinfo has been unshared, we need |
5803 | to free it, otherwise just set it to NULL. */ |
5804 | if (!strinfo_shared ()) |
5805 | { |
5806 | unsigned int i; |
5807 | strinfo *si; |
5808 | |
5809 | for (i = 1; |
5810 | vec_safe_iterate (v: stridx_to_strinfo, ix: i, ptr: &si); |
5811 | ++i) |
5812 | { |
5813 | free_strinfo (si); |
5814 | (*stridx_to_strinfo)[i] = NULL; |
5815 | } |
5816 | } |
5817 | else |
5818 | stridx_to_strinfo = NULL; |
5819 | } |
5820 | break; |
5821 | } |
5822 | } |
5823 | } |
5824 | } |
5825 | |
5826 | /* If all PHI arguments have the same string index, the PHI result |
5827 | has it as well. */ |
5828 | for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (i: gsi); |
5829 | gsi_next (i: &gsi)) |
5830 | { |
5831 | gphi *phi = gsi.phi (); |
5832 | tree result = gimple_phi_result (gs: phi); |
5833 | if (!virtual_operand_p (op: result) && POINTER_TYPE_P (TREE_TYPE (result))) |
5834 | { |
5835 | int idx = get_stridx (exp: gimple_phi_arg_def (gs: phi, index: 0), stmt: phi); |
5836 | if (idx != 0) |
5837 | { |
5838 | unsigned int i, n = gimple_phi_num_args (gs: phi); |
5839 | for (i = 1; i < n; i++) |
5840 | if (idx != get_stridx (exp: gimple_phi_arg_def (gs: phi, index: i), stmt: phi)) |
5841 | break; |
5842 | if (i == n) |
5843 | ssa_ver_to_stridx[SSA_NAME_VERSION (result)] = idx; |
5844 | } |
5845 | } |
5846 | } |
5847 | |
5848 | bool cleanup_eh = false; |
5849 | |
5850 | /* Attempt to optimize individual statements. */ |
5851 | for (m_gsi = gsi_start_bb (bb); !gsi_end_p (i: m_gsi); ) |
5852 | { |
5853 | /* Reset search depth performance counter. */ |
5854 | ptr_qry.depth = 0; |
5855 | |
5856 | if (check_and_optimize_stmt (cleanup_eh: &cleanup_eh)) |
5857 | gsi_next (i: &m_gsi); |
5858 | } |
5859 | |
5860 | if (cleanup_eh && gimple_purge_dead_eh_edges (bb)) |
5861 | m_cleanup_cfg = true; |
5862 | |
5863 | bb->aux = stridx_to_strinfo; |
5864 | if (vec_safe_length (v: stridx_to_strinfo) && !strinfo_shared ()) |
5865 | (*stridx_to_strinfo)[0] = (strinfo *) bb; |
5866 | return NULL; |
5867 | } |
5868 | |
5869 | /* Callback for walk_dominator_tree. Free strinfo vector if it is |
5870 | owned by the current bb, clear bb->aux. */ |
5871 | |
5872 | void |
5873 | strlen_pass::after_dom_children (basic_block bb) |
5874 | { |
5875 | if (bb->aux) |
5876 | { |
5877 | stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) bb->aux); |
5878 | if (vec_safe_length (v: stridx_to_strinfo) |
5879 | && (*stridx_to_strinfo)[0] == (strinfo *) bb) |
5880 | { |
5881 | unsigned int i; |
5882 | strinfo *si; |
5883 | |
5884 | for (i = 1; vec_safe_iterate (v: stridx_to_strinfo, ix: i, ptr: &si); ++i) |
5885 | free_strinfo (si); |
5886 | vec_free (v&: stridx_to_strinfo); |
5887 | } |
5888 | bb->aux = NULL; |
5889 | } |
5890 | } |
5891 | |
5892 | namespace { |
5893 | |
5894 | static unsigned int |
5895 | printf_strlen_execute (function *fun, bool warn_only) |
5896 | { |
5897 | strlen_optimize = !warn_only; |
5898 | |
5899 | calculate_dominance_info (CDI_DOMINATORS); |
5900 | loop_optimizer_init (LOOPS_NORMAL); |
5901 | scev_initialize (); |
5902 | |
5903 | gcc_assert (!strlen_to_stridx); |
5904 | if (warn_stringop_overflow || warn_stringop_truncation) |
5905 | strlen_to_stridx = new hash_map<tree, stridx_strlenloc> (); |
5906 | |
5907 | /* This has to happen after initializing the loop optimizer |
5908 | and initializing SCEV as they create new SSA_NAMEs. */ |
5909 | ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, exact: true); |
5910 | max_stridx = 1; |
5911 | |
5912 | /* String length optimization is implemented as a walk of the dominator |
5913 | tree and a forward walk of statements within each block. */ |
5914 | strlen_pass walker (CDI_DOMINATORS); |
5915 | walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun)); |
5916 | |
5917 | if (dump_file && (dump_flags & TDF_DETAILS)) |
5918 | walker.ptr_qry.dump (dump_file, true); |
5919 | |
5920 | ssa_ver_to_stridx.release (); |
5921 | strinfo_pool.release (); |
5922 | if (decl_to_stridxlist_htab) |
5923 | { |
5924 | obstack_free (&stridx_obstack, NULL); |
5925 | delete decl_to_stridxlist_htab; |
5926 | decl_to_stridxlist_htab = NULL; |
5927 | } |
5928 | laststmt.stmt = NULL; |
5929 | laststmt.len = NULL_TREE; |
5930 | laststmt.stridx = 0; |
5931 | |
5932 | if (strlen_to_stridx) |
5933 | { |
5934 | strlen_to_stridx->empty (); |
5935 | delete strlen_to_stridx; |
5936 | strlen_to_stridx = NULL; |
5937 | } |
5938 | |
5939 | scev_finalize (); |
5940 | loop_optimizer_finalize (); |
5941 | |
5942 | return walker.m_cleanup_cfg ? TODO_cleanup_cfg : 0; |
5943 | } |
5944 | |
5945 | /* This file defines two passes: one for warnings that runs only when |
5946 | optimization is disabled, and another that implements optimizations |
5947 | and also issues warnings. */ |
5948 | |
5949 | const pass_data pass_data_warn_printf = |
5950 | { |
5951 | .type: GIMPLE_PASS, /* type */ |
5952 | .name: "warn-printf" , /* name */ |
5953 | .optinfo_flags: OPTGROUP_NONE, /* optinfo_flags */ |
5954 | .tv_id: TV_NONE, /* tv_id */ |
5955 | /* Normally an optimization pass would require PROP_ssa but because |
5956 | this pass runs early, with no optimization, to do sprintf format |
5957 | checking, it only requires PROP_cfg. */ |
5958 | PROP_cfg, /* properties_required */ |
5959 | .properties_provided: 0, /* properties_provided */ |
5960 | .properties_destroyed: 0, /* properties_destroyed */ |
5961 | .todo_flags_start: 0, /* todo_flags_start */ |
5962 | .todo_flags_finish: 0, /* todo_flags_finish */ |
5963 | }; |
5964 | |
5965 | class pass_warn_printf : public gimple_opt_pass |
5966 | { |
5967 | public: |
5968 | pass_warn_printf (gcc::context *ctxt) |
5969 | : gimple_opt_pass (pass_data_warn_printf, ctxt) |
5970 | {} |
5971 | |
5972 | bool gate (function *) final override; |
5973 | unsigned int execute (function *fun) final override |
5974 | { |
5975 | return printf_strlen_execute (fun, warn_only: true); |
5976 | } |
5977 | }; |
5978 | |
5979 | |
5980 | /* Return true to run the warning pass only when not optimizing and |
5981 | iff either -Wformat-overflow or -Wformat-truncation is specified. */ |
5982 | |
5983 | bool |
5984 | pass_warn_printf::gate (function *) |
5985 | { |
5986 | return !optimize && (warn_format_overflow > 0 || warn_format_trunc > 0); |
5987 | } |
5988 | |
5989 | const pass_data pass_data_strlen = |
5990 | { |
5991 | .type: GIMPLE_PASS, /* type */ |
5992 | .name: "strlen" , /* name */ |
5993 | .optinfo_flags: OPTGROUP_NONE, /* optinfo_flags */ |
5994 | .tv_id: TV_TREE_STRLEN, /* tv_id */ |
5995 | PROP_cfg | PROP_ssa, /* properties_required */ |
5996 | .properties_provided: 0, /* properties_provided */ |
5997 | .properties_destroyed: 0, /* properties_destroyed */ |
5998 | .todo_flags_start: 0, /* todo_flags_start */ |
5999 | .todo_flags_finish: 0, /* todo_flags_finish */ |
6000 | }; |
6001 | |
6002 | class pass_strlen : public gimple_opt_pass |
6003 | { |
6004 | public: |
6005 | pass_strlen (gcc::context *ctxt) |
6006 | : gimple_opt_pass (pass_data_strlen, ctxt) |
6007 | {} |
6008 | |
6009 | opt_pass * clone () final override { return new pass_strlen (m_ctxt); } |
6010 | |
6011 | bool gate (function *) final override; |
6012 | unsigned int execute (function *fun) final override |
6013 | { |
6014 | return printf_strlen_execute (fun, warn_only: false); |
6015 | } |
6016 | }; |
6017 | |
6018 | /* Return true to run the pass only when the sprintf and/or strlen |
6019 | optimizations are enabled and -Wformat-overflow or -Wformat-truncation |
6020 | are specified. */ |
6021 | |
6022 | bool |
6023 | pass_strlen::gate (function *) |
6024 | { |
6025 | return ((warn_format_overflow > 0 |
6026 | || warn_format_trunc > 0 |
6027 | || warn_restrict > 0 |
6028 | || flag_optimize_strlen > 0 |
6029 | || flag_printf_return_value) |
6030 | && optimize > 0); |
6031 | } |
6032 | |
6033 | } // anon namespace |
6034 | |
6035 | gimple_opt_pass * |
6036 | make_pass_warn_printf (gcc::context *ctxt) |
6037 | { |
6038 | return new pass_warn_printf (ctxt); |
6039 | } |
6040 | |
6041 | gimple_opt_pass * |
6042 | make_pass_strlen (gcc::context *ctxt) |
6043 | { |
6044 | return new pass_strlen (ctxt); |
6045 | } |
6046 | |