blob: 7c568a42d49838a6aa2eb944cb6954884f22cf59 [file] [log] [blame]
/* String length optimization
Copyright (C) 2011-2021 Free Software Foundation, Inc.
Contributed by Jakub Jelinek <jakub@redhat.com>
This file is part of GCC.
GCC is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3, or (at your option)
any later version.
GCC is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GCC; see the file COPYING3. If not see
<http://www.gnu.org/licenses/>. */
#include "config.h"
#include "system.h"
#include "coretypes.h"
#include "backend.h"
#include "rtl.h"
#include "tree.h"
#include "gimple.h"
#include "alloc-pool.h"
#include "tree-pass.h"
#include "ssa.h"
#include "cgraph.h"
#include "gimple-pretty-print.h"
#include "gimple-ssa-warn-access.h"
#include "gimple-ssa-warn-restrict.h"
#include "fold-const.h"
#include "stor-layout.h"
#include "gimple-fold.h"
#include "tree-eh.h"
#include "gimplify.h"
#include "gimple-iterator.h"
#include "gimplify-me.h"
#include "expr.h"
#include "tree-cfg.h"
#include "tree-dfa.h"
#include "domwalk.h"
#include "tree-ssa-alias.h"
#include "tree-ssa-propagate.h"
#include "tree-ssa-strlen.h"
#include "tree-hash-traits.h"
#include "builtins.h"
#include "pointer-query.h"
#include "target.h"
#include "diagnostic-core.h"
#include "diagnostic.h"
#include "intl.h"
#include "attribs.h"
#include "calls.h"
#include "cfgloop.h"
#include "tree-ssa-loop.h"
#include "tree-scalar-evolution.h"
#include "vr-values.h"
#include "gimple-ssa-evrp-analyze.h"
#include "tree-ssa.h"
/* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
is an index into strinfo vector, negative value stands for
string length of a string literal (~strlen). */
static vec<int> ssa_ver_to_stridx;
/* Number of currently active string indexes plus one. */
static int max_stridx;
/* Set to true to optimize, false when just checking. */
static bool strlen_optimize;
/* String information record. */
struct strinfo
{
/* Number of leading characters that are known to be nonzero. This is
also the length of the string if FULL_STRING_P.
The values in a list of related string pointers must be consistent;
that is, if strinfo B comes X bytes after strinfo A, it must be
the case that A->nonzero_chars == X + B->nonzero_chars. */
tree nonzero_chars;
/* Any of the corresponding pointers for querying alias oracle. */
tree ptr;
/* STMT is used for two things:
- To record the statement that should be used for delayed length
computations. We maintain the invariant that all related strinfos
have delayed lengths or none do.
- To record the malloc or calloc call that produced this result
to optimize away malloc/memset sequences. STMT is reset after
a calloc-allocated object has been stored a non-zero value into. */
gimple *stmt;
/* Set to the dynamic allocation statement for the object (alloca,
calloc, malloc, or VLA). Unlike STMT, once set for a strinfo
object, ALLOC doesn't change. */
gimple *alloc;
/* Pointer to '\0' if known, if NULL, it can be computed as
ptr + length. */
tree endptr;
/* Reference count. Any changes to strinfo entry possibly shared
with dominating basic blocks need unshare_strinfo first, except
for dont_invalidate which affects only the immediately next
maybe_invalidate. */
int refcount;
/* Copy of index. get_strinfo (si->idx) should return si; */
int idx;
/* These 3 fields are for chaining related string pointers together.
E.g. for
bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
strcpy (c, d); e = c + dl;
strinfo(a) -> strinfo(c) -> strinfo(e)
All have ->first field equal to strinfo(a)->idx and are doubly
chained through prev/next fields. The later strinfos are required
to point into the same string with zero or more bytes after
the previous pointer and all bytes in between the two pointers
must be non-zero. Functions like strcpy or memcpy are supposed
to adjust all previous strinfo lengths, but not following strinfo
lengths (those are uncertain, usually invalidated during
maybe_invalidate, except when the alias oracle knows better).
Functions like strcat on the other side adjust the whole
related strinfo chain.
They are updated lazily, so to use the chain the same first fields
and si->prev->next == si->idx needs to be verified. */
int first;
int next;
int prev;
/* A flag whether the string is known to be written in the current
function. */
bool writable;
/* A flag for the next maybe_invalidate that this strinfo shouldn't
be invalidated. Always cleared by maybe_invalidate. */
bool dont_invalidate;
/* True if the string is known to be nul-terminated after NONZERO_CHARS
characters. False is useful when detecting strings that are built
up via successive memcpys. */
bool full_string_p;
};
/* Pool for allocating strinfo_struct entries. */
static object_allocator<strinfo> strinfo_pool ("strinfo pool");
/* Vector mapping positive string indexes to strinfo, for the
current basic block. The first pointer in the vector is special,
it is either NULL, meaning the vector isn't shared, or it is
a basic block pointer to the owner basic_block if shared.
If some other bb wants to modify the vector, the vector needs
to be unshared first, and only the owner bb is supposed to free it. */
static vec<strinfo *, va_heap, vl_embed> *stridx_to_strinfo;
/* One OFFSET->IDX mapping. */
struct stridxlist
{
struct stridxlist *next;
HOST_WIDE_INT offset;
int idx;
};
/* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
struct decl_stridxlist_map
{
struct tree_map_base base;
struct stridxlist list;
};
/* Hash table for mapping decls to a chained list of offset -> idx
mappings. */
typedef hash_map<tree_decl_hash, stridxlist> decl_to_stridxlist_htab_t;
static decl_to_stridxlist_htab_t *decl_to_stridxlist_htab;
/* Hash table mapping strlen (or strnlen with constant bound and return
smaller than bound) calls to stridx instances describing
the calls' arguments. Non-null only when warn_stringop_truncation
is non-zero. */
typedef std::pair<int, location_t> stridx_strlenloc;
static hash_map<tree, stridx_strlenloc> *strlen_to_stridx;
/* Obstack for struct stridxlist and struct decl_stridxlist_map. */
static struct obstack stridx_obstack;
/* Last memcpy statement if it could be adjusted if the trailing
'\0' written is immediately overwritten, or
*x = '\0' store that could be removed if it is immediately overwritten. */
struct laststmt_struct
{
gimple *stmt;
tree len;
int stridx;
} laststmt;
static int get_stridx_plus_constant (strinfo *, unsigned HOST_WIDE_INT, tree);
static void handle_builtin_stxncpy_strncat (bool, gimple_stmt_iterator *);
static bool handle_assign (gimple_stmt_iterator *, tree, bool *,
pointer_query &);
/* Sets MINMAX to either the constant value or the range VAL is in
and returns either the constant value or VAL on success or null
when the range couldn't be determined. Uses RVALS or CFUN for
range info, whichever is nonnull. */
tree
get_range (tree val, gimple *stmt, wide_int minmax[2],
range_query *rvals /* = NULL */)
{
if (!rvals)
{
if (!cfun)
/* When called from front ends for global initializers CFUN
may be null. */
return NULL_TREE;
rvals = get_range_query (cfun);
}
value_range vr;
if (!rvals->range_of_expr (vr, val, stmt))
return NULL_TREE;
value_range_kind rng = vr.kind ();
if (rng == VR_RANGE)
{
/* Only handle straight ranges. */
minmax[0] = wi::to_wide (vr.min ());
minmax[1] = wi::to_wide (vr.max ());
return val;
}
return NULL_TREE;
}
/* Return:
* +1 if SI is known to start with more than OFF nonzero characters.
* 0 if SI is known to start with exactly OFF nonzero characters.
* -1 if SI either does not start with OFF nonzero characters
or the relationship between the number of leading nonzero
characters in SI and OFF is unknown. */
static inline int
compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off)
{
if (si->nonzero_chars
&& TREE_CODE (si->nonzero_chars) == INTEGER_CST)
return compare_tree_int (si->nonzero_chars, off);
else
return -1;
}
/* Same as above but suitable also for strings with non-constant lengths.
Uses RVALS to determine length range. */
static int
compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off,
range_query *rvals)
{
if (!si->nonzero_chars)
return -1;
if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
return compare_tree_int (si->nonzero_chars, off);
if (!rvals || TREE_CODE (si->nonzero_chars) != SSA_NAME)
return -1;
value_range vr;
if (!rvals->range_of_expr (vr, si->nonzero_chars, si->stmt))
return -1;
value_range_kind rng = vr.kind ();
if (rng != VR_RANGE)
return -1;
/* If the offset is less than the minimum length or if the bounds
of the length range are equal return the result of the comparison
same as in the constant case. Otherwise return a conservative
result. */
int cmpmin = compare_tree_int (vr.min (), off);
if (cmpmin > 0 || tree_int_cst_equal (vr.min (), vr.max ()))
return cmpmin;
return -1;
}
/* Return true if SI is known to be a zero-length string. */
static inline bool
zero_length_string_p (strinfo *si)
{
return si->full_string_p && integer_zerop (si->nonzero_chars);
}
/* Return strinfo vector entry IDX. */
static inline strinfo *
get_strinfo (int idx)
{
if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
return NULL;
return (*stridx_to_strinfo)[idx];
}
/* Get the next strinfo in the chain after SI, or null if none. */
static inline strinfo *
get_next_strinfo (strinfo *si)
{
if (si->next == 0)
return NULL;
strinfo *nextsi = get_strinfo (si->next);
if (nextsi == NULL || nextsi->first != si->first || nextsi->prev != si->idx)
return NULL;
return nextsi;
}
/* Helper function for get_stridx. Return the strinfo index of the address
of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
OK to return the index for some X <= &EXP and store &EXP - X in
*OFFSET_OUT. When RVALS is nonnull uses it to determine range
information. */
static int
get_addr_stridx (tree exp, tree ptr, unsigned HOST_WIDE_INT *offset_out,
range_query *rvals = NULL)
{
HOST_WIDE_INT off;
struct stridxlist *list, *last = NULL;
tree base;
if (!decl_to_stridxlist_htab)
return 0;
poly_int64 poff;
base = get_addr_base_and_unit_offset (exp, &poff);
if (base == NULL || !DECL_P (base) || !poff.is_constant (&off))
return 0;
list = decl_to_stridxlist_htab->get (base);
if (list == NULL)
return 0;
do
{
if (list->offset == off)
{
if (offset_out)
*offset_out = 0;
return list->idx;
}
if (list->offset > off)
return 0;
last = list;
list = list->next;
}
while (list);
if ((offset_out || ptr) && last && last->idx > 0)
{
unsigned HOST_WIDE_INT rel_off
= (unsigned HOST_WIDE_INT) off - last->offset;
strinfo *si = get_strinfo (last->idx);
if (si && compare_nonzero_chars (si, rel_off, rvals) >= 0)
{
if (offset_out)
{
*offset_out = rel_off;
return last->idx;
}
else
return get_stridx_plus_constant (si, rel_off, ptr);
}
}
return 0;
}
/* Returns string index for EXP. When EXP is an SSA_NAME that refers
to a known strinfo with an offset and OFFRNG is non-null, sets
both elements of the OFFRNG array to the range of the offset and
returns the index of the known strinfo. In this case the result
must not be used in for functions that modify the string.
When nonnull, uses RVALS to determine range information. */
static int
get_stridx (tree exp, wide_int offrng[2] = NULL, range_query *rvals = NULL)
{
if (offrng)
offrng[0] = offrng[1] = wi::zero (TYPE_PRECISION (ptrdiff_type_node));
if (TREE_CODE (exp) == SSA_NAME)
{
if (ssa_ver_to_stridx[SSA_NAME_VERSION (exp)])
return ssa_ver_to_stridx[SSA_NAME_VERSION (exp)];
tree e = exp;
int last_idx = 0;
HOST_WIDE_INT offset = 0;
/* Follow a chain of at most 5 assignments. */
for (int i = 0; i < 5; i++)
{
gimple *def_stmt = SSA_NAME_DEF_STMT (e);
if (!is_gimple_assign (def_stmt))
return last_idx;
tree_code rhs_code = gimple_assign_rhs_code (def_stmt);
tree ptr, off;
if (rhs_code == ADDR_EXPR)
{
/* Handle indices/offsets into VLAs which are implemented
as pointers to arrays. */
ptr = gimple_assign_rhs1 (def_stmt);
ptr = TREE_OPERAND (ptr, 0);
/* Handle also VLAs of types larger than char. */
if (tree eltsize = TYPE_SIZE_UNIT (TREE_TYPE (ptr)))
{
if (TREE_CODE (ptr) == ARRAY_REF)
{
off = TREE_OPERAND (ptr, 1);
ptr = TREE_OPERAND (ptr, 0);
if (!integer_onep (eltsize))
{
/* Scale the array index by the size of the element
type in the rare case that it's greater than
the typical 1 for char, making sure both operands
have the same type. */
eltsize = fold_convert (ssizetype, eltsize);
off = fold_convert (ssizetype, off);
off = fold_build2 (MULT_EXPR, ssizetype, off, eltsize);
}
}
else
off = integer_zero_node;
}
else
return 0;
if (TREE_CODE (ptr) != MEM_REF)
return 0;
/* Add the MEM_REF byte offset. */
tree mem_off = TREE_OPERAND (ptr, 1);
off = fold_build2 (PLUS_EXPR, TREE_TYPE (off), off, mem_off);
ptr = TREE_OPERAND (ptr, 0);
}
else if (rhs_code == POINTER_PLUS_EXPR)
{
ptr = gimple_assign_rhs1 (def_stmt);
off = gimple_assign_rhs2 (def_stmt);
}
else
return 0;
if (TREE_CODE (ptr) != SSA_NAME)
return 0;
if (!tree_fits_shwi_p (off))
{
if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
if (offrng)
{
/* Only when requested by setting OFFRNG to non-null,
return the index corresponding to the SSA_NAME.
Do this irrespective of the whether the offset
is known. */
if (get_range (off, def_stmt, offrng, rvals))
{
/* When the offset range is known, increment it
it by the constant offset computed in prior
iterations and store it in the OFFRNG array. */
offrng[0] += offset;
offrng[1] += offset;
}
else
{
/* When the offset range cannot be determined
store [0, SIZE_MAX] and let the caller decide
if the offset matters. */
offrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
offrng[0] = wi::zero (offrng[1].get_precision ());
}
return idx;
}
return 0;
}
HOST_WIDE_INT this_off = tree_to_shwi (off);
if (offrng)
{
offrng[0] += wi::shwi (this_off, offrng->get_precision ());
offrng[1] += offrng[0];
}
if (this_off < 0)
return last_idx;
offset = (unsigned HOST_WIDE_INT) offset + this_off;
if (offset < 0)
return last_idx;
if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
{
strinfo *si = get_strinfo (idx);
if (si)
{
if (compare_nonzero_chars (si, offset) >= 0)
return get_stridx_plus_constant (si, offset, exp);
if (offrng)
last_idx = idx;
}
}
e = ptr;
}
return last_idx;
}
if (TREE_CODE (exp) == ADDR_EXPR)
{
int idx = get_addr_stridx (TREE_OPERAND (exp, 0), exp, NULL);
if (idx != 0)
return idx;
}
const char *p = c_getstr (exp);
if (p)
return ~(int) strlen (p);
return 0;
}
/* Return true if strinfo vector is shared with the immediate dominator. */
static inline bool
strinfo_shared (void)
{
return vec_safe_length (stridx_to_strinfo)
&& (*stridx_to_strinfo)[0] != NULL;
}
/* Unshare strinfo vector that is shared with the immediate dominator. */
static void
unshare_strinfo_vec (void)
{
strinfo *si;
unsigned int i = 0;
gcc_assert (strinfo_shared ());
stridx_to_strinfo = vec_safe_copy (stridx_to_strinfo);
for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
if (si != NULL)
si->refcount++;
(*stridx_to_strinfo)[0] = NULL;
}
/* Attempt to create a string index for exp, ADDR_EXPR's operand.
Return a pointer to the location where the string index can
be stored (if 0) or is stored, or NULL if this can't be tracked. */
static int *
addr_stridxptr (tree exp)
{
HOST_WIDE_INT off;
poly_int64 poff;
tree base = get_addr_base_and_unit_offset (exp, &poff);
if (base == NULL_TREE || !DECL_P (base) || !poff.is_constant (&off))
return NULL;
if (!decl_to_stridxlist_htab)
{
decl_to_stridxlist_htab
= new hash_map<tree_decl_hash, stridxlist> (64);
gcc_obstack_init (&stridx_obstack);
}
bool existed;
stridxlist *list = &decl_to_stridxlist_htab->get_or_insert (base, &existed);
if (existed)
{
int i;
stridxlist *before = NULL;
for (i = 0; i < 32; i++)
{
if (list->offset == off)
return &list->idx;
if (list->offset > off && before == NULL)
before = list;
if (list->next == NULL)
break;
list = list->next;
}
if (i == 32)
return NULL;
if (before)
{
list = before;
before = XOBNEW (&stridx_obstack, struct stridxlist);
*before = *list;
list->next = before;
list->offset = off;
list->idx = 0;
return &list->idx;
}
list->next = XOBNEW (&stridx_obstack, struct stridxlist);
list = list->next;
}
list->next = NULL;
list->offset = off;
list->idx = 0;
return &list->idx;
}
/* Create a new string index, or return 0 if reached limit. */
static int
new_stridx (tree exp)
{
int idx;
if (max_stridx >= param_max_tracked_strlens)
return 0;
if (TREE_CODE (exp) == SSA_NAME)
{
if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp))
return 0;
idx = max_stridx++;
ssa_ver_to_stridx[SSA_NAME_VERSION (exp)] = idx;
return idx;
}
if (TREE_CODE (exp) == ADDR_EXPR)
{
int *pidx = addr_stridxptr (TREE_OPERAND (exp, 0));
if (pidx != NULL)
{
gcc_assert (*pidx == 0);
*pidx = max_stridx++;
return *pidx;
}
}
return 0;
}
/* Like new_stridx, but for ADDR_EXPR's operand instead. */
static int
new_addr_stridx (tree exp)
{
int *pidx;
if (max_stridx >= param_max_tracked_strlens)
return 0;
pidx = addr_stridxptr (exp);
if (pidx != NULL)
{
gcc_assert (*pidx == 0);
*pidx = max_stridx++;
return *pidx;
}
return 0;
}
/* Create a new strinfo. */
static strinfo *
new_strinfo (tree ptr, int idx, tree nonzero_chars, bool full_string_p)
{
strinfo *si = strinfo_pool.allocate ();
si->nonzero_chars = nonzero_chars;
STRIP_USELESS_TYPE_CONVERSION (ptr);
si->ptr = ptr;
si->stmt = NULL;
si->alloc = NULL;
si->endptr = NULL_TREE;
si->refcount = 1;
si->idx = idx;
si->first = 0;
si->prev = 0;
si->next = 0;
si->writable = false;
si->dont_invalidate = false;
si->full_string_p = full_string_p;
return si;
}
/* Decrease strinfo refcount and free it if not referenced anymore. */
static inline void
free_strinfo (strinfo *si)
{
if (si && --si->refcount == 0)
strinfo_pool.remove (si);
}
/* Set strinfo in the vector entry IDX to SI. */
static inline void
set_strinfo (int idx, strinfo *si)
{
if (vec_safe_length (stridx_to_strinfo) && (*stridx_to_strinfo)[0])
unshare_strinfo_vec ();
if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
vec_safe_grow_cleared (stridx_to_strinfo, idx + 1, true);
(*stridx_to_strinfo)[idx] = si;
}
/* Return the first strinfo in the related strinfo chain
if all strinfos in between belong to the chain, otherwise NULL. */
static strinfo *
verify_related_strinfos (strinfo *origsi)
{
strinfo *si = origsi, *psi;
if (origsi->first == 0)
return NULL;
for (; si->prev; si = psi)
{
if (si->first != origsi->first)
return NULL;
psi = get_strinfo (si->prev);
if (psi == NULL)
return NULL;
if (psi->next != si->idx)
return NULL;
}
if (si->idx != si->first)
return NULL;
return si;
}
/* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
Use LOC for folding. */
static void
set_endptr_and_length (location_t loc, strinfo *si, tree endptr)
{
si->endptr = endptr;
si->stmt = NULL;
tree start_as_size = fold_convert_loc (loc, size_type_node, si->ptr);
tree end_as_size = fold_convert_loc (loc, size_type_node, endptr);
si->nonzero_chars = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
end_as_size, start_as_size);
si->full_string_p = true;
}
/* Return the string length, or NULL if it can't be computed.
The length may but need not be constant. Instead, it might be
the result of a strlen() call. */
static tree
get_string_length (strinfo *si)
{
/* If the length has already been computed return it if it's exact
(i.e., the string is nul-terminated at NONZERO_CHARS), or return
null if it isn't. */
if (si->nonzero_chars)
return si->full_string_p ? si->nonzero_chars : NULL;
/* If the string is the result of one of the built-in calls below
attempt to compute the length from the call statement. */
if (si->stmt)
{
gimple *stmt = si->stmt, *lenstmt;
tree callee, lhs, fn, tem;
location_t loc;
gimple_stmt_iterator gsi;
gcc_assert (is_gimple_call (stmt));
callee = gimple_call_fndecl (stmt);
gcc_assert (callee && fndecl_built_in_p (callee, BUILT_IN_NORMAL));
lhs = gimple_call_lhs (stmt);
/* unshare_strinfo is intentionally not called here. The (delayed)
transformation of strcpy or strcat into stpcpy is done at the place
of the former strcpy/strcat call and so can affect all the strinfos
with the same stmt. If they were unshared before and transformation
has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
just compute the right length. */
switch (DECL_FUNCTION_CODE (callee))
{
case BUILT_IN_STRCAT:
case BUILT_IN_STRCAT_CHK:
gsi = gsi_for_stmt (stmt);
fn = builtin_decl_implicit (BUILT_IN_STRLEN);
gcc_assert (lhs == NULL_TREE);
tem = unshare_expr (gimple_call_arg (stmt, 0));
lenstmt = gimple_build_call (fn, 1, tem);
lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), lenstmt);
gimple_call_set_lhs (lenstmt, lhs);
gimple_set_vuse (lenstmt, gimple_vuse (stmt));
gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
tem = gimple_call_arg (stmt, 0);
if (!ptrofftype_p (TREE_TYPE (lhs)))
{
lhs = convert_to_ptrofftype (lhs);
lhs = force_gimple_operand_gsi (&gsi, lhs, true, NULL_TREE,
true, GSI_SAME_STMT);
}
lenstmt = gimple_build_assign
(make_ssa_name (TREE_TYPE (gimple_call_arg (stmt, 0))),
POINTER_PLUS_EXPR,tem, lhs);
gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
gimple_call_set_arg (stmt, 0, gimple_assign_lhs (lenstmt));
lhs = NULL_TREE;
/* FALLTHRU */
case BUILT_IN_STRCPY:
case BUILT_IN_STRCPY_CHK:
gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY));
if (gimple_call_num_args (stmt) == 2)
fn = builtin_decl_implicit (BUILT_IN_STPCPY);
else
fn = builtin_decl_explicit (BUILT_IN_STPCPY_CHK);
gcc_assert (lhs == NULL_TREE);
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "Optimizing: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
gimple_call_set_fndecl (stmt, fn);
lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt);
gimple_call_set_lhs (stmt, lhs);
update_stmt (stmt);
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "into: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
/* FALLTHRU */
case BUILT_IN_STPCPY:
case BUILT_IN_STPCPY_CHK:
gcc_assert (lhs != NULL_TREE);
loc = gimple_location (stmt);
set_endptr_and_length (loc, si, lhs);
for (strinfo *chainsi = verify_related_strinfos (si);
chainsi != NULL;
chainsi = get_next_strinfo (chainsi))
if (chainsi->nonzero_chars == NULL)
set_endptr_and_length (loc, chainsi, lhs);
break;
case BUILT_IN_ALLOCA:
case BUILT_IN_ALLOCA_WITH_ALIGN:
case BUILT_IN_MALLOC:
break;
/* BUILT_IN_CALLOC always has si->nonzero_chars set. */
default:
gcc_unreachable ();
break;
}
}
return si->nonzero_chars;
}
/* Dump strlen data to FP for statement STMT. When non-null, RVALS
points to the valuation engine used to calculate ranges, and is
used to dump strlen range for non-constant results. */
DEBUG_FUNCTION void
dump_strlen_info (FILE *fp, gimple *stmt, range_query *rvals)
{
if (stmt)
{
fprintf (fp, "\nDumping strlen pass data after ");
print_gimple_expr (fp, stmt, TDF_LINENO);
fputc ('\n', fp);
}
else
fprintf (fp, "\nDumping strlen pass data\n");
fprintf (fp, "max_stridx = %i\n", max_stridx);
fprintf (fp, "ssa_ver_to_stridx has %u elements\n",
ssa_ver_to_stridx.length ());
fprintf (fp, "stridx_to_strinfo");
if (stridx_to_strinfo)
{
fprintf (fp, " has %u elements\n", stridx_to_strinfo->length ());
for (unsigned i = 0; i != stridx_to_strinfo->length (); ++i)
{
if (strinfo *si = (*stridx_to_strinfo)[i])
{
if (!si->idx)
continue;
fprintf (fp, " idx = %i", si->idx);
if (si->ptr)
{
fprintf (fp, ", ptr = ");
print_generic_expr (fp, si->ptr);
}
if (si->nonzero_chars)
{
fprintf (fp, ", nonzero_chars = ");
print_generic_expr (fp, si->nonzero_chars);
if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
{
value_range_kind rng = VR_UNDEFINED;
wide_int min, max;
if (rvals)
{
value_range vr;
rvals->range_of_expr (vr, si->nonzero_chars,
si->stmt);
rng = vr.kind ();
if (range_int_cst_p (&vr))
{
min = wi::to_wide (vr.min ());
max = wi::to_wide (vr.max ());
}
else
rng = VR_UNDEFINED;
}
else
{
value_range vr;
get_range_query (cfun)
->range_of_expr (vr, si->nonzero_chars);
rng = vr.kind ();
if (!vr.undefined_p ())
{
min = wi::to_wide (vr.min ());
max = wi::to_wide (vr.max ());
}
}
if (rng == VR_RANGE || rng == VR_ANTI_RANGE)
{
fprintf (fp, " %s[%llu, %llu]",
rng == VR_RANGE ? "" : "~",
(long long) min.to_uhwi (),
(long long) max.to_uhwi ());
}
}
}
fprintf (fp, ", refcount = %i", si->refcount);
if (si->stmt)
{
fprintf (fp, ", stmt = ");
print_gimple_expr (fp, si->stmt, 0);
}
if (si->alloc)
{
fprintf (fp, ", alloc = ");
print_gimple_expr (fp, si->alloc, 0);
}
if (si->writable)
fprintf (fp, ", writable");
if (si->dont_invalidate)
fprintf (fp, ", dont_invalidate");
if (si->full_string_p)
fprintf (fp, ", full_string_p");
if (strinfo *next = get_next_strinfo (si))
{
fprintf (fp, ", {");
do
fprintf (fp, "%i%s", next->idx, next->first ? ", " : "");
while ((next = get_next_strinfo (next)));
fprintf (fp, "}");
}
fputs ("\n", fp);
}
}
}
else
fprintf (fp, " = null\n");
fprintf (fp, "decl_to_stridxlist_htab");
if (decl_to_stridxlist_htab)
{
fputs ("\n", fp);
typedef decl_to_stridxlist_htab_t::iterator iter_t;
for (iter_t it = decl_to_stridxlist_htab->begin ();
it != decl_to_stridxlist_htab->end (); ++it)
{
tree decl = (*it).first;
stridxlist *list = &(*it).second;
fprintf (fp, " decl = ");
print_generic_expr (fp, decl);
if (list)
{
fprintf (fp, ", offsets = {");
for (; list; list = list->next)
fprintf (fp, "%lli%s", (long long) list->offset,
list->next ? ", " : "");
fputs ("}", fp);
}
fputs ("\n", fp);
}
}
else
fprintf (fp, " = null\n");
if (laststmt.stmt)
{
fprintf (fp, "laststmt = ");
print_gimple_expr (fp, laststmt.stmt, 0);
fprintf (fp, ", len = ");
print_generic_expr (fp, laststmt.len);
fprintf (fp, ", stridx = %i\n", laststmt.stridx);
}
}
/* Attempt to determine the length of the string SRC. On success, store
the length in *PDATA and return true. Otherwise, return false.
VISITED is a bitmap of visited PHI nodes. RVALS points to the valuation
engine used to calculate ranges. PSSA_DEF_MAX to an SSA_NAME
assignment limit used to prevent runaway recursion. */
static bool
get_range_strlen_dynamic (tree src, gimple *stmt,
c_strlen_data *pdata, bitmap *visited,
range_query *rvals, unsigned *pssa_def_max)
{
int idx = get_stridx (src);
if (!idx)
{
if (TREE_CODE (src) == SSA_NAME)
{
gimple *def_stmt = SSA_NAME_DEF_STMT (src);
if (gimple_code (def_stmt) == GIMPLE_PHI)
{
if (!*visited)
*visited = BITMAP_ALLOC (NULL);
if (!bitmap_set_bit (*visited, SSA_NAME_VERSION (src)))
return true;
if (*pssa_def_max == 0)
return false;
--*pssa_def_max;
/* Iterate over the PHI arguments and determine the minimum
and maximum length/size of each and incorporate them into
the overall result. */
gphi *phi = as_a <gphi *> (def_stmt);
for (unsigned i = 0; i != gimple_phi_num_args (phi); ++i)
{
tree arg = gimple_phi_arg_def (phi, i);
if (arg == gimple_phi_result (def_stmt))
continue;
c_strlen_data argdata = { };
if (get_range_strlen_dynamic (arg, phi, &argdata, visited,
rvals, pssa_def_max))
{
/* Set the DECL of an unterminated array this argument
refers to if one hasn't been found yet. */
if (!pdata->decl && argdata.decl)
pdata->decl = argdata.decl;
if (!argdata.minlen
|| (integer_zerop (argdata.minlen)
&& (!argdata.maxbound
|| integer_all_onesp (argdata.maxbound))
&& integer_all_onesp (argdata.maxlen)))
{
/* Set the upper bound of the length to unbounded. */
pdata->maxlen = build_all_ones_cst (size_type_node);
continue;
}
/* Adjust the minimum and maximum length determined
so far and the upper bound on the array size. */
if (!pdata->minlen
|| tree_int_cst_lt (argdata.minlen, pdata->minlen))
pdata->minlen = argdata.minlen;
if (!pdata->maxlen
|| (argdata.maxlen
&& tree_int_cst_lt (pdata->maxlen, argdata.maxlen)))
pdata->maxlen = argdata.maxlen;
if (!pdata->maxbound
|| TREE_CODE (pdata->maxbound) != INTEGER_CST
|| (argdata.maxbound
&& tree_int_cst_lt (pdata->maxbound,
argdata.maxbound)
&& !integer_all_onesp (argdata.maxbound)))
pdata->maxbound = argdata.maxbound;
}
else
pdata->maxlen = build_all_ones_cst (size_type_node);
}
return true;
}
}
/* Return success regardless of the result and handle *PDATA
in the caller. */
get_range_strlen (src, pdata, 1);
return true;
}
if (idx < 0)
{
/* SRC is a string of constant length. */
pdata->minlen = build_int_cst (size_type_node, ~idx);
pdata->maxlen = pdata->minlen;
pdata->maxbound = pdata->maxlen;
return true;
}
if (strinfo *si = get_strinfo (idx))
{
pdata->minlen = get_string_length (si);
if (!pdata->minlen && si->nonzero_chars)
{
if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
pdata->minlen = si->nonzero_chars;
else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
{
value_range vr;
rvals->range_of_expr (vr, si->nonzero_chars, si->stmt);
if (range_int_cst_p (&vr))
{
pdata->minlen = vr.min ();
pdata->maxlen = vr.max ();
}
else
pdata->minlen = build_zero_cst (size_type_node);
}
else
pdata->minlen = build_zero_cst (size_type_node);
tree base = si->ptr;
if (TREE_CODE (base) == ADDR_EXPR)
base = TREE_OPERAND (base, 0);
HOST_WIDE_INT off;
poly_int64 poff;
base = get_addr_base_and_unit_offset (base, &poff);
if (base
&& DECL_P (base)
&& TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE
&& TYPE_SIZE_UNIT (TREE_TYPE (base))
&& poff.is_constant (&off))
{
tree basetype = TREE_TYPE (base);
tree size = TYPE_SIZE_UNIT (basetype);
if (TREE_CODE (size) == INTEGER_CST)
{
++off; /* Increment for the terminating nul. */
tree toffset = build_int_cst (size_type_node, off);
pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node, size,
toffset);
pdata->maxbound = pdata->maxlen;
}
else
pdata->maxlen = build_all_ones_cst (size_type_node);
}
else
pdata->maxlen = build_all_ones_cst (size_type_node);
}
else if (pdata->minlen && TREE_CODE (pdata->minlen) == SSA_NAME)
{
value_range vr;
rvals->range_of_expr (vr, si->nonzero_chars, stmt);
if (range_int_cst_p (&vr))
{
pdata->minlen = vr.min ();
pdata->maxlen = vr.max ();
pdata->maxbound = pdata->maxlen;
}
else
{
pdata->minlen = build_zero_cst (size_type_node);
pdata->maxlen = build_all_ones_cst (size_type_node);
}
}
else if (pdata->minlen && TREE_CODE (pdata->minlen) == INTEGER_CST)
{
pdata->maxlen = pdata->minlen;
pdata->maxbound = pdata->minlen;
}
else
{
/* For PDATA->MINLEN that's a non-constant expression such
as PLUS_EXPR whose value range is unknown, set the bounds
to zero and SIZE_MAX. */
pdata->minlen = build_zero_cst (size_type_node);
pdata->maxlen = build_all_ones_cst (size_type_node);
}
return true;
}
return false;
}
/* Analogous to get_range_strlen but for dynamically created strings,
i.e., those created by calls to strcpy as opposed to just string
constants.
Try to obtain the range of the lengths of the string(s) referenced
by SRC, or the size of the largest array SRC refers to if the range
of lengths cannot be determined, and store all in *PDATA. RVALS
points to the valuation engine used to calculate ranges. */
void
get_range_strlen_dynamic (tree src, gimple *stmt, c_strlen_data *pdata,
range_query *rvals)
{
bitmap visited = NULL;
tree maxbound = pdata->maxbound;
unsigned limit = param_ssa_name_def_chain_limit;
if (!get_range_strlen_dynamic (src, stmt, pdata, &visited, rvals, &limit))
{
/* On failure extend the length range to an impossible maximum
(a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other
members can stay unchanged regardless. */
pdata->minlen = ssize_int (0);
pdata->maxlen = build_all_ones_cst (size_type_node);
}
else if (!pdata->minlen)
pdata->minlen = ssize_int (0);
/* If it's unchanged from it initial non-null value, set the conservative
MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */
if (maxbound && pdata->maxbound == maxbound)
pdata->maxbound = build_all_ones_cst (size_type_node);
if (visited)
BITMAP_FREE (visited);
}
/* Invalidate string length information for strings whose length might
change due to stores in STMT, except those marked DONT_INVALIDATE.
For string-modifying statements, ZERO_WRITE is set when the statement
wrote only zeros.
Returns true if any STRIDX_TO_STRINFO entries were considered
for invalidation. */
static bool
maybe_invalidate (gimple *stmt, bool zero_write = false)
{
if (dump_file && (dump_flags & TDF_DETAILS))
{
fprintf (dump_file, "%s called for ", __func__);
print_gimple_stmt (dump_file, stmt, TDF_LINENO);
}
strinfo *si;
bool nonempty = false;
for (unsigned i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
{
if (si == NULL || !POINTER_TYPE_P (TREE_TYPE (si->ptr)))
continue;
nonempty = true;
/* Unconditionally reset DONT_INVALIDATE. */
bool dont_invalidate = si->dont_invalidate;
si->dont_invalidate = false;
if (dont_invalidate)
continue;
ao_ref r;
tree size = si->nonzero_chars;
ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
/* Include the terminating nul in the size of the string
to consider when determining possible clobber. But do not
add it to 'size' since we don't know whether it would
actually fit the allocated area. */
if (known_size_p (r.size))
{
if (known_le (r.size, HOST_WIDE_INT_MAX - BITS_PER_UNIT))
r.max_size += BITS_PER_UNIT;
else
r.max_size = -1;
}
if (stmt_may_clobber_ref_p_1 (stmt, &r))
{
if (dump_file && (dump_flags & TDF_DETAILS))
{
fputs (" statement may clobber object ", dump_file);
print_generic_expr (dump_file, si->ptr);
if (size && tree_fits_uhwi_p (size))
fprintf (dump_file, " " HOST_WIDE_INT_PRINT_UNSIGNED
" bytes in size", tree_to_uhwi (size));
fputc ('\n', dump_file);
}
set_strinfo (i, NULL);
free_strinfo (si);
continue;
}
if (size
&& !zero_write
&& si->stmt
&& is_gimple_call (si->stmt)
&& (DECL_FUNCTION_CODE (gimple_call_fndecl (si->stmt))
== BUILT_IN_CALLOC))
{
/* If the clobber test above considered the length of
the string (including the nul), then for (potentially)
non-zero writes that might modify storage allocated by
calloc consider the whole object and if it might be
clobbered by the statement reset the statement. */
ao_ref_init_from_ptr_and_size (&r, si->ptr, NULL_TREE);
if (stmt_may_clobber_ref_p_1 (stmt, &r))
si->stmt = NULL;
}
}
if (dump_file && (dump_flags & TDF_DETAILS))
fprintf (dump_file, "%s returns %i\n", __func__, nonempty);
return nonempty;
}
/* Unshare strinfo record SI, if it has refcount > 1 or
if stridx_to_strinfo vector is shared with some other
bbs. */
static strinfo *
unshare_strinfo (strinfo *si)
{
strinfo *nsi;
if (si->refcount == 1 && !strinfo_shared ())
return si;
nsi = new_strinfo (si->ptr, si->idx, si->nonzero_chars, si->full_string_p);
nsi->stmt = si->stmt;
nsi->alloc = si->alloc;
nsi->endptr = si->endptr;
nsi->first = si->first;
nsi->prev = si->prev;
nsi->next = si->next;
nsi->writable = si->writable;
set_strinfo (si->idx, nsi);
free_strinfo (si);
return nsi;
}
/* Attempt to create a new strinfo for BASESI + OFF, or find existing
strinfo if there is any. Return it's idx, or 0 if no strinfo has
been created. */
static int
get_stridx_plus_constant (strinfo *basesi, unsigned HOST_WIDE_INT off,
tree ptr)
{
if (TREE_CODE (ptr) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
return 0;
if (compare_nonzero_chars (basesi, off) < 0
|| !tree_fits_uhwi_p (basesi->nonzero_chars))
return 0;
unsigned HOST_WIDE_INT nonzero_chars
= tree_to_uhwi (basesi->nonzero_chars) - off;
strinfo *si = basesi, *chainsi;
if (si->first || si->prev || si->next)
si = verify_related_strinfos (basesi);
if (si == NULL
|| si->nonzero_chars == NULL_TREE
|| TREE_CODE (si->nonzero_chars) != INTEGER_CST)
return 0;
if (TREE_CODE (ptr) == SSA_NAME
&& ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
gcc_checking_assert (compare_tree_int (si->nonzero_chars, off) != -1);
for (chainsi = si; chainsi->next; chainsi = si)
{
si = get_next_strinfo (chainsi);
if (si == NULL
|| si->nonzero_chars == NULL_TREE
|| TREE_CODE (si->nonzero_chars) != INTEGER_CST)
break;
int r = compare_tree_int (si->nonzero_chars, nonzero_chars);
if (r != 1)
{
if (r == 0)
{
if (TREE_CODE (ptr) == SSA_NAME)
ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = si->idx;
else
{
int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
if (pidx != NULL && *pidx == 0)
*pidx = si->idx;
}
return si->idx;
}
break;
}
}
int idx = new_stridx (ptr);
if (idx == 0)
return 0;
si = new_strinfo (ptr, idx, build_int_cst (size_type_node, nonzero_chars),
basesi->full_string_p);
set_strinfo (idx, si);
if (strinfo *nextsi = get_strinfo (chainsi->next))
{
nextsi = unshare_strinfo (nextsi);
si->next = nextsi->idx;
nextsi->prev = idx;
}
chainsi = unshare_strinfo (chainsi);
if (chainsi->first == 0)
chainsi->first = chainsi->idx;
chainsi->next = idx;
if (chainsi->endptr == NULL_TREE && zero_length_string_p (si))
chainsi->endptr = ptr;
si->endptr = chainsi->endptr;
si->prev = chainsi->idx;
si->first = chainsi->first;
si->writable = chainsi->writable;
return si->idx;
}
/* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
to a zero-length string and if possible chain it to a related strinfo
chain whose part is or might be CHAINSI. */
static strinfo *
zero_length_string (tree ptr, strinfo *chainsi)
{
strinfo *si;
int idx;
if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
gcc_checking_assert (TREE_CODE (ptr) == SSA_NAME
&& ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] == 0);
if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
return NULL;
if (chainsi != NULL)
{
si = verify_related_strinfos (chainsi);
if (si)
{
do
{
/* We shouldn't mix delayed and non-delayed lengths. */
gcc_assert (si->full_string_p);
if (si->endptr == NULL_TREE)
{
si = unshare_strinfo (si);
si->endptr = ptr;
}
chainsi = si;
si = get_next_strinfo (si);
}
while (si != NULL);
if (zero_length_string_p (chainsi))
{
if (chainsi->next)
{
chainsi = unshare_strinfo (chainsi);
chainsi->next = 0;
}
ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = chainsi->idx;
return chainsi;
}
}
else
{
/* We shouldn't mix delayed and non-delayed lengths. */
gcc_assert (chainsi->full_string_p);
if (chainsi->first || chainsi->prev || chainsi->next)
{
chainsi = unshare_strinfo (chainsi);
chainsi->first = 0;
chainsi->prev = 0;
chainsi->next = 0;
}
}
}
idx = new_stridx (ptr);
if (idx == 0)
return NULL;
si = new_strinfo (ptr, idx, build_int_cst (size_type_node, 0), true);
set_strinfo (idx, si);
si->endptr = ptr;
if (chainsi != NULL)
{
chainsi = unshare_strinfo (chainsi);
if (chainsi->first == 0)
chainsi->first = chainsi->idx;
chainsi->next = idx;
if (chainsi->endptr == NULL_TREE)
chainsi->endptr = ptr;
si->prev = chainsi->idx;
si->first = chainsi->first;
si->writable = chainsi->writable;
}
return si;
}
/* For strinfo ORIGSI whose length has been just updated, adjust other
related strinfos so that they match the new ORIGSI. This involves:
- adding ADJ to the nonzero_chars fields
- copying full_string_p from the new ORIGSI. */
static void
adjust_related_strinfos (location_t loc, strinfo *origsi, tree adj)
{
strinfo *si = verify_related_strinfos (origsi);
if (si == NULL)
return;
while (1)
{
strinfo *nsi;
if (si != origsi)
{
tree tem;
si = unshare_strinfo (si);
/* We shouldn't see delayed lengths here; the caller must
have calculated the old length in order to calculate
the adjustment. */
gcc_assert (si->nonzero_chars);
tem = fold_convert_loc (loc, TREE_TYPE (si->nonzero_chars), adj);
si->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
TREE_TYPE (si->nonzero_chars),
si->nonzero_chars, tem);
si->full_string_p = origsi->full_string_p;
si->endptr = NULL_TREE;
si->dont_invalidate = true;
}
nsi = get_next_strinfo (si);
if (nsi == NULL)
return;
si = nsi;
}
}
/* Find if there are other SSA_NAME pointers equal to PTR
for which we don't track their string lengths yet. If so, use
IDX for them. */
static void
find_equal_ptrs (tree ptr, int idx)
{
if (TREE_CODE (ptr) != SSA_NAME)
return;
while (1)
{
gimple *stmt = SSA_NAME_DEF_STMT (ptr);
if (!is_gimple_assign (stmt))
return;
ptr = gimple_assign_rhs1 (stmt);
switch (gimple_assign_rhs_code (stmt))
{
case SSA_NAME:
break;
CASE_CONVERT:
if (!POINTER_TYPE_P (TREE_TYPE (ptr)))
return;
if (TREE_CODE (ptr) == SSA_NAME)
break;
if (TREE_CODE (ptr) != ADDR_EXPR)
return;
/* FALLTHRU */
case ADDR_EXPR:
{
int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
if (pidx != NULL && *pidx == 0)
*pidx = idx;
return;
}
default:
return;
}
/* We might find an endptr created in this pass. Grow the
vector in that case. */
if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
if (ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] != 0)
return;
ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = idx;
}
}
/* Return true if STMT is a call to a builtin function with the right
arguments and attributes that should be considered for optimization
by this pass. */
static bool
valid_builtin_call (gimple *stmt)
{
if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
return false;
tree callee = gimple_call_fndecl (stmt);
tree decl = builtin_decl_explicit (DECL_FUNCTION_CODE (callee));
if (decl
&& decl != callee
&& !gimple_builtin_call_types_compatible_p (stmt, decl))
return false;
switch (DECL_FUNCTION_CODE (callee))
{
case BUILT_IN_MEMCMP:
case BUILT_IN_MEMCMP_EQ:
case BUILT_IN_STRCMP:
case BUILT_IN_STRNCMP:
case BUILT_IN_STRCHR:
case BUILT_IN_STRLEN:
case BUILT_IN_STRNLEN:
/* The above functions should be pure. Punt if they aren't. */
if (gimple_vdef (stmt) || gimple_vuse (stmt) == NULL_TREE)
return false;
break;
case BUILT_IN_ALLOCA:
case BUILT_IN_ALLOCA_WITH_ALIGN:
case BUILT_IN_CALLOC:
case BUILT_IN_MALLOC:
case BUILT_IN_MEMCPY:
case BUILT_IN_MEMCPY_CHK:
case BUILT_IN_MEMPCPY:
case BUILT_IN_MEMPCPY_CHK:
case BUILT_IN_MEMSET:
case BUILT_IN_STPCPY:
case BUILT_IN_STPCPY_CHK:
case BUILT_IN_STPNCPY:
case BUILT_IN_STPNCPY_CHK:
case BUILT_IN_STRCAT:
case BUILT_IN_STRCAT_CHK:
case BUILT_IN_STRCPY:
case BUILT_IN_STRCPY_CHK:
case BUILT_IN_STRNCAT:
case BUILT_IN_STRNCAT_CHK:
case BUILT_IN_STRNCPY:
case BUILT_IN_STRNCPY_CHK:
/* The above functions should be neither const nor pure. Punt if they
aren't. */
if (gimple_vdef (stmt) == NULL_TREE || gimple_vuse (stmt) == NULL_TREE)
return false;
break;
default:
break;
}
return true;
}
/* If the last .MEM setter statement before STMT is
memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
just memcpy (x, y, strlen (y)). SI must be the zero length
strinfo. */
static void
adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat,
pointer_query &ptr_qry)
{
tree vuse, callee, len;
struct laststmt_struct last = laststmt;
strinfo *lastsi, *firstsi;
unsigned len_arg_no = 2;
laststmt.stmt = NULL;
laststmt.len = NULL_TREE;
laststmt.stridx = 0;
if (last.stmt == NULL)
return;
vuse = gimple_vuse (stmt);
if (vuse == NULL_TREE
|| SSA_NAME_DEF_STMT (vuse) != last.stmt
|| !has_single_use (vuse))
return;
gcc_assert (last.stridx > 0);
lastsi = get_strinfo (last.stridx);
if (lastsi == NULL)
return;
if (lastsi != si)
{
if (lastsi->first == 0 || lastsi->first != si->first)
return;
firstsi = verify_related_strinfos (si);
if (firstsi == NULL)
return;
while (firstsi != lastsi)
{
firstsi = get_next_strinfo (firstsi);
if (firstsi == NULL)
return;
}
}
if (!is_strcat && !zero_length_string_p (si))
return;
if (is_gimple_assign (last.stmt))
{
gimple_stmt_iterator gsi;
if (!integer_zerop (gimple_assign_rhs1 (last.stmt)))
return;
if (stmt_could_throw_p (cfun, last.stmt))
return;
gsi = gsi_for_stmt (last.stmt);
unlink_stmt_vdef (last.stmt);
release_defs (last.stmt);
gsi_remove (&gsi, true);
return;
}
if (!valid_builtin_call (last.stmt))
return;
callee = gimple_call_fndecl (last.stmt);
switch (DECL_FUNCTION_CODE (callee))
{
case BUILT_IN_MEMCPY:
case BUILT_IN_MEMCPY_CHK:
break;
default:
return;
}
len = gimple_call_arg (last.stmt, len_arg_no);
if (tree_fits_uhwi_p (len))
{
if (!tree_fits_uhwi_p (last.len)
|| integer_zerop (len)
|| tree_to_uhwi (len) != tree_to_uhwi (last.len) + 1)
return;
/* Don't adjust the length if it is divisible by 4, it is more efficient
to store the extra '\0' in that case. */
if ((tree_to_uhwi (len) & 3) == 0)
return;
/* Don't fold away an out of bounds access, as this defeats proper
warnings. */
tree dst = gimple_call_arg (last.stmt, 0);
access_ref aref;
tree size = compute_objsize (dst, 1, &aref, &ptr_qry);
if (size && tree_int_cst_lt (size, len))
return;
}
else if (TREE_CODE (len) == SSA_NAME)
{
gimple *def_stmt = SSA_NAME_DEF_STMT (len);
if (!is_gimple_assign (def_stmt)
|| gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
|| gimple_assign_rhs1 (def_stmt) != last.len
|| !integer_onep (gimple_assign_rhs2 (def_stmt)))
return;
}
else
return;
gimple_call_set_arg (last.stmt, len_arg_no, last.len);
update_stmt (last.stmt);
}
/* For an LHS that is an SSA_NAME that is the result of a strlen()
call, or when BOUND is non-null, of a strnlen() call, set LHS
range info to [0, min (MAX, BOUND)] when the range includes more
than one value and return LHS. Otherwise, when the range
[MIN, MAX] is such that MIN == MAX, return the tree representation
of (MIN). The latter allows callers to fold suitable strnlen() calls
to constants. */
tree
set_strlen_range (tree lhs, wide_int min, wide_int max,
tree bound /* = NULL_TREE */)
{
if (TREE_CODE (lhs) != SSA_NAME
|| !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
return NULL_TREE;
if (bound)
{
/* For strnlen, adjust MIN and MAX as necessary. If the bound
is less than the size of the array set MAX to it. It it's
greater than MAX and MAX is non-zero bump MAX down to account
for the necessary terminating nul. Otherwise leave it alone. */
if (TREE_CODE (bound) == INTEGER_CST)
{
wide_int wibnd = wi::to_wide (bound);
int cmp = wi::cmpu (wibnd, max);
if (cmp < 0)
max = wibnd;
else if (cmp && wi::ne_p (max, min))
--max;
}
else if (TREE_CODE (bound) == SSA_NAME)
{
value_range r;
get_range_query (cfun)->range_of_expr (r, bound);
if (!r.undefined_p ())
{
/* For a bound in a known range, adjust the range determined
above as necessary. For a bound in some anti-range or
in an unknown range, use the range determined by callers. */
if (wi::ltu_p (r.lower_bound (), min))
min = r.lower_bound ();
if (wi::ltu_p (r.upper_bound (), max))
max = r.upper_bound ();
}
}
}
if (min == max)
return wide_int_to_tree (size_type_node, min);
set_range_info (lhs, VR_RANGE, min, max);
return lhs;
}
/* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
a character array A[N] with unknown length bounded by N, and for
strnlen(), by min (N, BOUND). */
static tree
maybe_set_strlen_range (tree lhs, tree src, tree bound)
{
if (TREE_CODE (lhs) != SSA_NAME
|| !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
return NULL_TREE;
if (TREE_CODE (src) == SSA_NAME)
{
gimple *def = SSA_NAME_DEF_STMT (src);
if (is_gimple_assign (def)
&& gimple_assign_rhs_code (def) == ADDR_EXPR)
src = gimple_assign_rhs1 (def);
}
/* The longest string is PTRDIFF_MAX - 1 bytes including the final
NUL so that the difference between a pointer to just past it and
one to its beginning is positive. */
wide_int max = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
if (TREE_CODE (src) == ADDR_EXPR)
{
/* The last array member of a struct can be bigger than its size
suggests if it's treated as a poor-man's flexible array member. */
src = TREE_OPERAND (src, 0);
if (TREE_CODE (src) != MEM_REF
&& !array_at_struct_end_p (src))
{
tree type = TREE_TYPE (src);
tree size = TYPE_SIZE_UNIT (type);
if (size
&& TREE_CODE (size) == INTEGER_CST
&& !integer_zerop (size))
{
/* Even though such uses of strlen would be undefined,
avoid relying on arrays of arrays in case some genius
decides to call strlen on an unterminated array element
that's followed by a terminated one. Likewise, avoid
assuming that a struct array member is necessarily
nul-terminated (the nul may be in the member that
follows). In those cases, assume that the length
of the string stored in such an array is bounded
by the size of the enclosing object if one can be
determined. */
tree base = get_base_address (src);
if (VAR_P (base))
{
if (tree size = DECL_SIZE_UNIT (base))
if (size
&& TREE_CODE (size) == INTEGER_CST
&& TREE_CODE (TREE_TYPE (base)) != POINTER_TYPE)
max = wi::to_wide (size);
}
}
/* For strlen() the upper bound above is equal to
the longest string that can be stored in the array
(i.e., it accounts for the terminating nul. For
strnlen() bump up the maximum by one since the array
need not be nul-terminated. */
if (!bound && max != 0)
--max;
}
}
wide_int min = wi::zero (max.get_precision ());
return set_strlen_range (lhs, min, max, bound);
}
/* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes,
either into a region allocated for the object SI when non-null,
or into an object designated by the LHS of STMT otherwise.
For a call STMT, when CALL_LHS is set use its left hand side
as the destination, otherwise use argument zero.
When nonnull uses RVALS to determine range information.
RAWMEM may be set by memcpy and other raw memory functions
to allow accesses across subobject boundaries. */
static void
maybe_warn_overflow (gimple *stmt, bool call_lhs, tree len,
pointer_query &ptr_qry,
strinfo *si = NULL, bool plus_one = false,
bool rawmem = false)
{
if (!len || warning_suppressed_p (stmt, OPT_Wstringop_overflow_))
return;
/* The DECL of the function performing the write if it is done
by one. */
tree writefn = NULL_TREE;
/* The destination expression involved in the store or call STMT. */
tree dest = NULL_TREE;
if (is_gimple_assign (stmt))
dest = gimple_assign_lhs (stmt);
else if (is_gimple_call (stmt))
{
if (call_lhs)
dest = gimple_call_lhs (stmt);
else
{
gcc_assert (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL));
dest = gimple_call_arg (stmt, 0);
}
if (!dest)
return;
writefn = gimple_call_fndecl (stmt);
}
else
return;
if (warning_suppressed_p (dest, OPT_Wstringop_overflow_))
return;
const int ostype = rawmem ? 0 : 1;
/* Use maximum precision to avoid overflow in the addition below.
Make sure all operands have the same precision to keep wide_int
from ICE'ing. */
access_ref aref;
/* The size of the destination region (which is smaller than
the destination object for stores at a non-zero offset). */
tree destsize = compute_objsize (dest, ostype, &aref, &ptr_qry);
if (!destsize)
{
aref.sizrng[0] = 0;
aref.sizrng[1] = wi::to_offset (max_object_size ());
}
/* Return early if the DESTSIZE size expression is the same as LEN
and the offset into the destination is zero. This might happen
in the case of a pair of malloc and memset calls to allocate
an object and clear it as if by calloc. */
if (destsize == len && !plus_one
&& aref.offrng[0] == 0 && aref.offrng[0] == aref.offrng[1])
return;
wide_int rng[2];
if (!get_range (len, stmt, rng, ptr_qry.rvals))
return;
widest_int lenrng[2] =
{ widest_int::from (rng[0], SIGNED), widest_int::from (rng[1], SIGNED) };
if (plus_one)
{
lenrng[0] += 1;
lenrng[1] += 1;
}
/* The size of the remaining space in the destination computed
as the size of the latter minus the offset into it. */
widest_int spcrng[2];
{
offset_int remrng[2];
remrng[1] = aref.size_remaining (remrng);
spcrng[0] = remrng[0] == -1 ? 0 : widest_int::from (remrng[0], UNSIGNED);
spcrng[1] = widest_int::from (remrng[1], UNSIGNED);
}
if (wi::leu_p (lenrng[0], spcrng[0])
&& wi::leu_p (lenrng[1], spcrng[1]))
return;
location_t loc = gimple_or_expr_nonartificial_location (stmt, dest);
bool warned = false;
if (wi::leu_p (lenrng[0], spcrng[1]))
{
if (len != destsize
&& (!si || rawmem || !is_strlen_related_p (si->ptr, len)))
return;
warned = (writefn
? warning_at (loc, OPT_Wstringop_overflow_,
"%qD writing one too many bytes into a region "
"of a size that depends on %<strlen%>",
writefn)
: warning_at (loc, OPT_Wstringop_overflow_,
"writing one too many bytes into a region "
"of a size that depends on %<strlen%>"));
}
else if (lenrng[0] == lenrng[1])
{
if (spcrng[0] == spcrng[1])
warned = (writefn
? warning_n (loc, OPT_Wstringop_overflow_,
lenrng[0].to_uhwi (),
"%qD writing %wu byte into a region "
"of size %wu",
"%qD writing %wu bytes into a region "
"of size %wu",
writefn, lenrng[0].to_uhwi (),
spcrng[0].to_uhwi ())
: warning_n (loc, OPT_Wstringop_overflow_,
lenrng[0].to_uhwi (),
"writing %wu byte into a region "
"of size %wu",
"writing %wu bytes into a region "
"of size %wu",
lenrng[0].to_uhwi (),
spcrng[0].to_uhwi ()));
else
warned = (writefn
? warning_n (loc, OPT_Wstringop_overflow_,
lenrng[0].to_uhwi (),
"%qD writing %wu byte into a region "
"of size between %wu and %wu",
"%qD writing %wu bytes into a region "
"of size between %wu and %wu",
writefn, lenrng[0].to_uhwi (),
spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
: warning_n (loc, OPT_Wstringop_overflow_,
lenrng[0].to_uhwi (),
"writing %wu byte into a region "
"of size between %wu and %wu",
"writing %wu bytes into a region "
"of size between %wu and %wu",
lenrng[0].to_uhwi (),
spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
}
else if (spcrng[0] == spcrng[1])
warned = (writefn
? warning_at (loc, OPT_Wstringop_overflow_,
"%qD writing between %wu and %wu bytes "
"into a region of size %wu",
writefn, lenrng[0].to_uhwi (),
lenrng[1].to_uhwi (),
spcrng[0].to_uhwi ())
: warning_at (loc, OPT_Wstringop_overflow_,
"writing between %wu and %wu bytes "
"into a region of size %wu",
lenrng[0].to_uhwi (),
lenrng[1].to_uhwi (),
spcrng[0].to_uhwi ()));
else
warned = (writefn
? warning_at (loc, OPT_Wstringop_overflow_,
"%qD writing between %wu and %wu bytes "
"into a region of size between %wu and %wu",
writefn, lenrng[0].to_uhwi (),
lenrng[1].to_uhwi (),
spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
: warning_at (loc, OPT_Wstringop_overflow_,
"writing between %wu and %wu bytes "
"into a region of size between %wu and %wu",
lenrng[0].to_uhwi (),
lenrng[1].to_uhwi (),
spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
if (!warned)
return;
suppress_warning (stmt, OPT_Wstringop_overflow_);
aref.inform_access (access_write_only);
}
/* Convenience wrapper for the above. */
static inline void
maybe_warn_overflow (gimple *stmt, bool call_lhs, unsigned HOST_WIDE_INT len,
pointer_query &ptr_qry, strinfo *si = NULL,
bool plus_one = false, bool rawmem = false)
{
tree tlen = build_int_cst (size_type_node, len);
maybe_warn_overflow (stmt, call_lhs, tlen, ptr_qry, si, plus_one, rawmem);
}
/* Handle a strlen call. If strlen of the argument is known, replace
the strlen call with the known value, otherwise remember that strlen
of the argument is stored in the lhs SSA_NAME. */
static void
handle_builtin_strlen (gimple_stmt_iterator *gsi)
{
gimple *stmt = gsi_stmt (*gsi);
tree lhs = gimple_call_lhs (stmt);
if (lhs == NULL_TREE)
return;
location_t loc = gimple_location (stmt);
tree callee = gimple_call_fndecl (stmt);
tree src = gimple_call_arg (stmt, 0);
tree bound = (DECL_FUNCTION_CODE (callee) == BUILT_IN_STRNLEN
? gimple_call_arg (stmt, 1) : NULL_TREE);
int idx = get_stridx (src);
if (idx || (bound && integer_zerop (bound)))
{
strinfo *si = NULL;
tree rhs;
if (idx < 0)
rhs = build_int_cst (TREE_TYPE (lhs), ~idx);
else if (idx == 0)
rhs = bound;
else
{
rhs = NULL_TREE;
si = get_strinfo (idx);
if (si != NULL)
{
rhs = get_string_length (si);
/* For strnlen, if bound is constant, even if si is not known
to be zero terminated, if we know at least bound bytes are
not zero, the return value will be bound. */
if (rhs == NULL_TREE
&& bound != NULL_TREE
&& TREE_CODE (bound) == INTEGER_CST
&& si->nonzero_chars != NULL_TREE
&& TREE_CODE (si->nonzero_chars) == INTEGER_CST
&& tree_int_cst_le (bound, si->nonzero_chars))
rhs = bound;
}
}
if (rhs != NULL_TREE)
{
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "Optimizing: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
rhs = unshare_expr (rhs);
if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
if (bound)
rhs = fold_build2_loc (loc, MIN_EXPR, TREE_TYPE (rhs), rhs, bound);
gimplify_and_update_call_from_tree (gsi, rhs);
stmt = gsi_stmt (*gsi);
update_stmt (stmt);
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "into: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
if (si != NULL
/* Don't update anything for strnlen. */
&& bound == NULL_TREE
&& TREE_CODE (si->nonzero_chars) != SSA_NAME
&& TREE_CODE (si->nonzero_chars) != INTEGER_CST
&& !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
{
si = unshare_strinfo (si);
si->nonzero_chars = lhs;
gcc_assert (si->full_string_p);
}
if (strlen_to_stridx
&& (bound == NULL_TREE
/* For strnlen record this only if the call is proven
to return the same value as strlen would. */
|| (TREE_CODE (bound) == INTEGER_CST
&& TREE_CODE (rhs) == INTEGER_CST
&& tree_int_cst_lt (rhs, bound))))
strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
return;
}
}
if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
return;
if (idx == 0)
idx = new_stridx (src);
else
{
strinfo *si = get_strinfo (idx);
if (si != NULL)
{
if (!si->full_string_p && !si->stmt)
{
/* Until now we only had a lower bound on the string length.
Install LHS as the actual length. */
si = unshare_strinfo (si);
tree old = si->nonzero_chars;
si->nonzero_chars = lhs;
si->full_string_p = true;
if (old && TREE_CODE (old) == INTEGER_CST)
{
old = fold_convert_loc (loc, TREE_TYPE (lhs), old);
tree adj = fold_build2_loc (loc, MINUS_EXPR,
TREE_TYPE (lhs), lhs, old);
adjust_related_strinfos (loc, si, adj);
/* Use the constant minimum length as the lower bound
of the non-constant length. */
wide_int min = wi::to_wide (old);
wide_int max
= wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
set_strlen_range (lhs, min, max);
}
else
{
si->first = 0;
si->prev = 0;
si->next = 0;
}
}
return;
}
}
if (idx)
{
if (!bound)
{
/* Only store the new length information for calls to strlen(),
not for those to strnlen(). */
strinfo *si = new_strinfo (src, idx, lhs, true);
set_strinfo (idx, si);
find_equal_ptrs (src, idx);
}
/* For SRC that is an array of N elements, set LHS's range
to [0, min (N, BOUND)]. A constant return value means
the range would have consisted of a single value. In
that case, fold the result into the returned constant. */
if (tree ret = maybe_set_strlen_range (lhs, src, bound))
if (TREE_CODE (ret) == INTEGER_CST)
{
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "Optimizing: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (ret)))
ret = fold_convert_loc (loc, TREE_TYPE (lhs), ret);
gimplify_and_update_call_from_tree (gsi, ret);
stmt = gsi_stmt (*gsi);
update_stmt (stmt);
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "into: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
}
if (strlen_to_stridx && !bound)
strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
}
}
/* Handle a strchr call. If strlen of the first argument is known, replace
the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
that lhs of the call is endptr and strlen of the argument is endptr - x. */
static void
handle_builtin_strchr (gimple_stmt_iterator *gsi)
{
gimple *stmt = gsi_stmt (*gsi);
tree lhs = gimple_call_lhs (stmt);
if (lhs == NULL_TREE)
return;
if (!integer_zerop (gimple_call_arg (stmt, 1)))
return;
tree src = gimple_call_arg (stmt, 0);
/* Avoid folding if the first argument is not a nul-terminated array.
Defer warning until later. */
if (!check_nul_terminated_array (NULL_TREE, src))
return;
int idx = get_stridx (src);
if (idx)
{
strinfo *si = NULL;
tree rhs;
if (idx < 0)
rhs = build_int_cst (size_type_node, ~idx);
else
{
rhs = NULL_TREE;
si = get_strinfo (idx);
if (si != NULL)
rhs = get_string_length (si);
}
if (rhs != NULL_TREE)
{
location_t loc = gimple_location (stmt);
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "Optimizing: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
if (si != NULL && si->endptr != NULL_TREE)
{
rhs = unshare_expr (si->endptr);
if (!useless_type_conversion_p (TREE_TYPE (lhs),
TREE_TYPE (rhs)))
rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
}
else
{
rhs = fold_convert_loc (loc, sizetype, unshare_expr (rhs));
rhs = fold_build2_loc (loc, POINTER_PLUS_EXPR,
TREE_TYPE (src), src, rhs);
if (!useless_type_conversion_p (TREE_TYPE (lhs),
TREE_TYPE (rhs)))
rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
}
gimplify_and_update_call_from_tree (gsi, rhs);
stmt = gsi_stmt (*gsi);
update_stmt (stmt);
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "into: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
if (si != NULL
&& si->endptr == NULL_TREE
&& !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
{
si = unshare_strinfo (si);
si->endptr = lhs;
}
zero_length_string (lhs, si);
return;
}
}
if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
return;
if (TREE_CODE (src) != SSA_NAME || !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src))
{
if (idx == 0)
idx = new_stridx (src);
else if (get_strinfo (idx) != NULL)
{
zero_length_string (lhs, NULL);
return;
}
if (idx)
{
location_t loc = gimple_location (stmt);
tree lhsu = fold_convert_loc (loc, size_type_node, lhs);
tree srcu = fold_convert_loc (loc, size_type_node, src);
tree length = fold_build2_loc (loc, MINUS_EXPR,
size_type_node, lhsu, srcu);
strinfo *si = new_strinfo (src, idx, length, true);
si->endptr = lhs;
set_strinfo (idx, si);
find_equal_ptrs (src, idx);
zero_length_string (lhs, si);
}
}
else
zero_length_string (lhs, NULL);
}
/* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
If strlen of the second argument is known, strlen of the first argument
is the same after this call. Furthermore, attempt to convert it to
memcpy. Uses RVALS to determine range information. */
static void
handle_builtin_strcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi,
pointer_query &ptr_qry)
{
int idx, didx;
tree src, dst, srclen, len, lhs, type, fn, oldlen;
bool success;
gimple *stmt = gsi_stmt (*gsi);
strinfo *si, *dsi, *olddsi, *zsi;
location_t loc;
src = gimple_call_arg (stmt, 1);
dst = gimple_call_arg (stmt, 0);
lhs = gimple_call_lhs (stmt);
idx = get_stridx (src);
si = NULL;
if (idx > 0)
si = get_strinfo (idx);
didx = get_stridx (dst);
olddsi = NULL;
oldlen = NULL_TREE;
if (didx > 0)
olddsi = get_strinfo (didx);
else if (didx < 0)
return;
if (olddsi != NULL)
adjust_last_stmt (olddsi, stmt, false, ptr_qry);
srclen = NULL_TREE;
if (si != NULL)
srclen = get_string_length (si);
else if (idx < 0)
srclen = build_int_cst (size_type_node, ~idx);
maybe_warn_overflow (stmt, false, srclen, ptr_qry, olddsi, true);
if (olddsi != NULL)
adjust_last_stmt (olddsi, stmt, false, ptr_qry);
loc = gimple_location (stmt);
if (srclen == NULL_TREE)
switch (bcode)
{
case BUILT_IN_STRCPY:
case BUILT_IN_STRCPY_CHK:
if (lhs != NULL_TREE || !builtin_decl_implicit_p (BUILT_IN_STPCPY))
return;
break;
case BUILT_IN_STPCPY:
case BUILT_IN_STPCPY_CHK:
if (lhs == NULL_TREE)
return;
else
{
tree lhsuint = fold_convert_loc (loc, size_type_node, lhs);
srclen = fold_convert_loc (loc, size_type_node, dst);
srclen = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
lhsuint, srclen);
}
break;
default:
gcc_unreachable ();
}
if (didx == 0)
{
didx = new_stridx (dst);
if (didx == 0)
return;
}
if (olddsi != NULL)
{
oldlen = olddsi->nonzero_chars;
dsi = unshare_strinfo (olddsi);
dsi->nonzero_chars = srclen;
dsi->full_string_p = (srclen != NULL_TREE);
/* Break the chain, so adjust_related_strinfo on later pointers in
the chain won't adjust this one anymore. */
dsi->next = 0;
dsi->stmt = NULL;
dsi->endptr = NULL_TREE;
}
else
{
dsi = new_strinfo (dst, didx, srclen, srclen != NULL_TREE);
set_strinfo (didx, dsi);
find_equal_ptrs (dst, didx);
}
dsi->writable = true;
dsi->dont_invalidate = true;
if (dsi->nonzero_chars == NULL_TREE)
{
strinfo *chainsi;
/* If string length of src is unknown, use delayed length
computation. If string length of dst will be needed, it
can be computed by transforming this strcpy call into
stpcpy and subtracting dst from the return value. */
/* Look for earlier strings whose length could be determined if
this strcpy is turned into an stpcpy. */
if (dsi->prev != 0 && (chainsi = verify_related_strinfos (dsi)) != NULL)
{
for (; chainsi && chainsi != dsi; chainsi = get_strinfo (chainsi->next))
{
/* When setting a stmt for delayed length computation
prevent all strinfos through dsi from being
invalidated. */
chainsi = unshare_strinfo (chainsi);
chainsi->stmt = stmt;
chainsi->nonzero_chars = NULL_TREE;
chainsi->full_string_p = false;
chainsi->endptr = NULL_TREE;
chainsi->dont_invalidate = true;
}
}
dsi->stmt = stmt;
/* Try to detect overlap before returning. This catches cases
like strcpy (d, d + n) where n is non-constant whose range
is such that (n <= strlen (d) holds).
OLDDSI->NONZERO_chars may have been reset by this point with
oldlen holding it original value. */
if (olddsi && oldlen)
{
/* Add 1 for the terminating NUL. */
tree type = TREE_TYPE (oldlen);
oldlen = fold_build2 (PLUS_EXPR, type, oldlen,
build_int_cst (type, 1));
check_bounds_or_overlap (stmt, olddsi->ptr, src, oldlen, NULL_TREE);
}
return;
}
if (olddsi != NULL)
{
tree adj = NULL_TREE;
if (oldlen == NULL_TREE)
;
else if (integer_zerop (oldlen))
adj = srclen;
else if (TREE_CODE (oldlen) == INTEGER_CST
|| TREE_CODE (srclen) == INTEGER_CST)
adj = fold_build2_loc (loc, MINUS_EXPR,
TREE_TYPE (srclen), srclen,
fold_convert_loc (loc, TREE_TYPE (srclen),
oldlen));
if (adj != NULL_TREE)
adjust_related_strinfos (loc, dsi, adj);
else
dsi->prev = 0;
}
/* strcpy src may not overlap dst, so src doesn't need to be
invalidated either. */
if (si != NULL)
si->dont_invalidate = true;
fn = NULL_TREE;
zsi = NULL;
switch (bcode)
{
case BUILT_IN_STRCPY:
fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
if (lhs)
ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
break;
case BUILT_IN_STRCPY_CHK:
fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
if (lhs)
ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
break;
case BUILT_IN_STPCPY:
/* This would need adjustment of the lhs (subtract one),
or detection that the trailing '\0' doesn't need to be
written, if it will be immediately overwritten.
fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
if (lhs)
{
dsi->endptr = lhs;
zsi = zero_length_string (lhs, dsi);
}
break;
case BUILT_IN_STPCPY_CHK:
/* This would need adjustment of the lhs (subtract one),
or detection that the trailing '\0' doesn't need to be
written, if it will be immediately overwritten.
fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
if (lhs)
{
dsi->endptr = lhs;
zsi = zero_length_string (lhs, dsi);
}
break;
default:
gcc_unreachable ();
}
if (zsi != NULL)
zsi->dont_invalidate = true;
if (fn)
{
tree args = TYPE_ARG_TYPES (TREE_TYPE (fn));
type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
}
else
type = size_type_node;
len = fold_convert_loc (loc, type, unshare_expr (srclen));
len = fold_build2_loc (loc, PLUS_EXPR, type, len, build_int_cst (type, 1));
/* Disable warning for the transformed statement? */
opt_code no_warning_opt = no_warning;
if (const strinfo *chksi = si ? olddsi ? olddsi : dsi : NULL)
{
no_warning_opt = check_bounds_or_overlap (stmt, chksi->ptr, si->ptr,
NULL_TREE, len);
if (no_warning_opt)
suppress_warning (stmt, no_warning_opt);
}
if (fn == NULL_TREE)
return;
len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
GSI_SAME_STMT);
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "Optimizing: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
if (gimple_call_num_args (stmt) == 2)
success = update_gimple_call (gsi, fn, 3, dst, src, len);
else
success = update_gimple_call (gsi, fn, 4, dst, src, len,
gimple_call_arg (stmt, 2));
if (success)
{
stmt = gsi_stmt (*gsi);
update_stmt (stmt);
if (dump_file && (dump_flags & TDF_DETAILS) != 0)
{
fprintf (dump_file, "into: ");
print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
}
/* Allow adjust_last_stmt to decrease this memcpy's size. */
laststmt.stmt = stmt;
laststmt.len = srclen;
laststmt.stridx = dsi->idx;
}
else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
fprintf (dump_file, "not possible.\n");
if (no_warning_opt)
suppress_warning (stmt, no_warning_opt);
}
/* Check the size argument to the built-in forms of stpncpy and strncpy
for out-of-bounds offsets or overlapping access, and to see if the
size argument is derived from a call to strlen() on the source argument,
and if so, issue an appropriate warning. */
static void
handle_builtin_strncat (built_in_function, gimple_stmt_iterator *gsi)
{
/* Same as stxncpy(). */
handle_builtin_stxncpy_strncat (true, gsi);
}
/* Return true if LEN depends on a call to strlen(SRC) in an interesting
way. LEN can either be an integer expression, or a pointer (to char).
When it is the latter (such as in recursive calls to self) it is
assumed to be the argument in some call to strlen() whose relationship
to SRC is being ascertained. */
bool
is_strlen_related_p (tree src, tree len)
{
if (TREE_CODE (TREE_TYPE (len)) == POINTER_TYPE
&& operand_equal_p (src, len, 0))
return true;
if (TREE_CODE (len) != SSA_NAME)
return false;
if (TREE_CODE (src) == SSA_NAME)
{
gimple *srcdef = SSA_NAME_DEF_STMT (src);
if (is_gimple_assign (srcdef))
{
/* Handle bitwise AND used in conversions from wider size_t
to narrower unsigned types. */
tree_code code = gimple_assign_rhs_code (srcdef);
if (code == BIT_AND_EXPR
|| code == NOP_EXPR)
return is_strlen_related_p (gimple_assign_rhs1 (srcdef), len);
return false;
}
if (gimple_call_builtin_p (srcdef, BUILT_IN_NORMAL))
{
/* If SRC is the result of a call to an allocation function
or strlen, use the function's argument instead. */
tree func = gimple_call_fndecl (srcdef);
built_in_function code = DECL_FUNCTION_CODE (func);
if (code == BUILT_IN_ALLOCA
|| code == BUILT_IN_ALLOCA_WITH_ALIGN
|| code == BUILT_IN_MALLOC
|| code == BUILT_IN_STRLEN)
return is_strlen_related_p (gimple_call_arg (srcdef, 0), len);
/* FIXME: Handle other functions with attribute alloc_size. */
return false;
}
}
gimple *lendef = SSA_NAME_DEF_STMT (len);
if (!lendef)
return false;
if (is_gimple_call (lendef))
{
tree func = gimple_call_fndecl (lendef);
if (!valid_builtin_call (lendef)
|| DECL_FUNCTION_CODE (func) != BUILT_IN_STRLEN)
return false;
tree arg = gimple_call_arg (lendef, 0);
return is_strlen_related_p (src, arg);
}
if (!is_gimple_assign (lendef))
return false;
tree_code code = gimple_assign_rhs_code (lendef);
tree rhs1 = gimple_assign_rhs1 (lendef);
tree rhstype = TREE_TYPE (rhs1);
if ((TREE_CODE (rhstype) == POINTER_TYPE && code == POINTER_PLUS_EXPR)
|| (INTEGRAL_TYPE_P (rhstype)
&& (code == BIT_AND_EXPR
|| code == NOP_EXPR)))
{
/* Pointer plus (an integer), and truncation are considered among
the (potentially) related expressions to strlen. */
return is_strlen_related_p (src, rhs1);
}
if (tree rhs2 = gimple_assign_rhs2 (lendef))
{
/* Integer subtraction is considered strlen-related when both
arguments are integers and second one is strlen-related. */
rhstype = TREE_TYPE (rhs2);
if (INTEGRAL_TYPE_P (rhstype) && code == MINUS_EXPR)
return is_strlen_related_p (src, rhs2);
}
return false;
}
/* Called by handle_builtin_stxncpy_strncat and by
gimple_fold_builtin_strncpy in gimple-fold.c.
Check to see if the specified bound is a) equal to the size of
the destination DST and if so, b) if it's immediately followed by
DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
do nothing. Return true if diagnostic has been issued.
The purpose is to diagnose calls to strncpy and stpncpy that do
not nul-terminate the copy while allowing for the idiom where
such a call is immediately followed by setting the last element
to nul, as in:
char a[32];
strncpy (a, s, sizeof a);
a[sizeof a - 1] = '\0';
*/
bool
maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi, tree src, tree cnt,
pointer_query *ptr_qry /* = NULL */)
{
gimple *stmt = gsi_stmt (gsi);
if (warning_suppressed_p (stmt, OPT_Wstringop_truncation))
return false;
wide_int cntrange[2];
value_range r;
if (!get_range_query (cfun)->range_of_expr (r, cnt)
|| r.varying_p ()
|| r.undefined_p ())
return false;
cntrange[0] = wi::to_wide (r.min ());
cntrange[1] = wi::to_wide (r.max ());
if (r.kind () == VR_ANTI_RANGE)
{
wide_int maxobjsize = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
if (wi::ltu_p (cntrange[1], maxobjsize))
{
cntrange[0] = cntrange[1] + 1;
cntrange[1] = maxobjsize;
}
else
{
cntrange[1] = cntrange[0] - 1;
cntrange[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt)));
}
}
/* Negative value is the constant string length. If it's less than
the lower bound there is no truncation. Avoid calling get_stridx()
when ssa_ver_to_stridx is empty. That implies the caller isn't
running under the control of this pass and ssa_ver_to_stridx hasn't
been created yet. */
int sidx = ssa_ver_to_stridx.length () ? get_stridx (src) : 0;
if (sidx < 0 && wi::gtu_p (cntrange[0], ~sidx))
return false;
tree dst = gimple_call_arg (stmt, 0);
tree dstdecl = dst;
if (TREE_CODE (dstdecl) == ADDR_EXPR)
dstdecl = TREE_OPERAND (dstdecl, 0);
tree ref = NULL_TREE;
if (!sidx)
{
/* If the source is a non-string return early to avoid warning
for possible truncation (if the truncation is certain SIDX
is non-zero). */
tree srcdecl = gimple_call_arg (stmt, 1);
if (TREE_CODE (srcdecl) == ADDR_EXPR)
srcdecl = TREE_OPERAND (srcdecl, 0);
if (get_attr_nonstring_decl (srcdecl, &ref))
return false;
}
/* Likewise, if the destination refers to an array/pointer declared
nonstring return early. */
if (get_attr_nonstring_decl (dstdecl, &ref))
return false;
/* Look for dst[i] = '\0'; after the stxncpy() call and if found
avoid the truncation warning. */
gsi_next_nondebug (&gsi);
gimple *next_stmt = gsi_stmt (gsi);
if (!next_stmt)
{
/* When there is no statement in the same basic block check
the immediate successor block. */
if (basic_block bb = gimple_bb (stmt))
{
if (single_succ_p (bb))
{
/* For simplicity, ignore blocks with multiple outgoing
edges for now and only consider successor blocks along
normal edges. */
edge e = EDGE_SUCC (bb, 0);
if (!(e->flags & EDGE_ABNORMAL))
{
gsi = gsi_start_bb (e->dest);
next_stmt = gsi_stmt (gsi);
if (next_stmt && is_gimple_debug (next_stmt))
{
gsi_next_nondebug (&gsi);
next_stmt = gsi_stmt (gsi);
}
}
}
}
}
if (next_stmt && is_gimple_assign (next_stmt))
{
tree lhs = gimple_assign_lhs (next_stmt);
tree_code code = TREE_CODE (lhs);
if (code == ARRAY_REF || code == MEM_REF)
lhs = TREE_OPERAND (lhs, 0);
tree func = gimple_call_fndecl (stmt);
if (DECL_FUNCTION_CODE (func) == BUILT_IN_STPNCPY)
{
tree ret = gimple_call_lhs (stmt);
if (ret && operand_equal_p (ret, lhs, 0))
return false;
}
/* Determine the base address and offset of the reference,
ignoring the innermost array index. */
if (TREE_CODE (ref) == ARRAY_REF)
ref = TREE_OPERAND (ref, 0);
poly_int64 dstoff;
tree dstbase = get_addr_base_and_unit_offset (ref, &dstoff);
poly_int64 lhsoff;
tree lhsbase = get_addr_base_and_unit_offset (lhs, &lhsoff);
if (lhsbase
&& dstbase
&& known_eq (dstoff, lhsoff)
&& operand_equal_p (dstbase, lhsbase, 0))
return false;
}
int prec = TYPE_PRECISION (TREE_TYPE (cnt));
wide_int lenrange[2];
if (strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL)
{
lenrange[0] = (sisrc->nonzero_chars
&& TREE_CODE (sisrc->nonzero_chars) == INTEGER_CST
? wi::to_wide (sisrc->nonzero_chars)
: wi::zero (prec));
lenrange[1] = lenrange[0];
}
else if (sidx < 0)
lenrange[0] = lenrange[1] = wi::shwi (~sidx, prec);
else
{
c_strlen_data lendata = { };
/* Set MAXBOUND to an arbitrary non-null non-integer node as a request
to have it set to the length of the longest string in a PHI. */
lendata.maxbound = src;
get_range_strlen (src, &lendata, /* eltsize = */1);
if (TREE_CODE (lendata.minlen) == INTEGER_CST
&& TREE_CODE (lendata.maxbound) == INTEGER_CST)
{
/* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
which stores the length of the shortest known string. */
if (integer_all_onesp (lendata.maxlen))
lenrange[0] = wi::shwi (0, prec);
else
lenrange[0] = wi::to_wide (lendata.minlen, prec);
lenrange[1] = wi::to_wide (lendata.maxbound, prec);
}
else
{
lenrange[0] = wi::shwi (0, prec);
lenrange[1] = wi::shwi (-1, prec);
}
}
location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
tree func = gimple_call_fndecl (stmt);
if (lenrange[0] != 0 || !wi::neg_p (lenrange[1]))
{
/* If the longest source string is shorter than the lower bound
of the specified count the copy is definitely nul-terminated. */
if (wi::ltu_p (lenrange[1], cntrange[0]))
return false;
if (wi::neg_p (lenrange[1]))
{
/* The length of one of the strings is unknown but at least
one has non-zero length and that length is stored in
LENRANGE[1]. Swap the bounds to force a "may be truncated"
warning below. */
lenrange[1] = lenrange[0];
lenrange[0] = wi::shwi (0, prec);
}
/* Set to true for strncat whose bound is derived from the length
of the destination (the expected usage pattern). */
bool cat_dstlen_bounded = false;
if (DECL_FUNCTION_CODE (func) == BUILT_IN_STRNCAT)
cat_dstlen_bounded = is_strlen_related_p (dst, cnt);
if (lenrange[0] == cntrange[1] && cntrange[0] == cntrange[1])
return warning_n (callloc, OPT_Wstringop_truncation,
cntrange[0].to_uhwi (),
"%qD output truncated before terminating "
"nul copying %E byte from a string of the "
"same length",
"%qD output truncated before terminating nul "
"copying %E bytes from a string of the same "
"length",
func, cnt);
else if (!cat_dstlen_bounded)
{
if (wi::geu_p (lenrange[0], cntrange[1]))
{
/* The shortest string is longer than the upper bound of
the count so the truncation is certain. */
if (cntrange[0] == cntrange[1])
return warning_n (callloc, OPT_Wstringop_truncation,
cntrange[0].to_uhwi (),
"%qD output truncated copying %E byte "
"from a string of length %wu",
"%qD output truncated copying %E bytes "
"from a string of length %wu",
func, cnt, lenrange[0].to_uhwi ());
return warning_at (callloc, OPT_Wstringop_truncation,
"%qD output truncated copying between %wu "
"and %wu bytes from a string of length %wu",
func, cntrange[0].to_uhwi (),
cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
}
else if (wi::geu_p (lenrange[1], cntrange[1]))
{
/* The longest string is longer than the upper bound of
the count so the truncation is possible. */
if (cntrange[0] == cntrange[1])
return warning_n (callloc, OPT_Wstringop_truncation,
cntrange[0].to_uhwi (),
"%qD output may be truncated copying %E "
"byte from a string of length %wu",
"%qD output may be truncated copying %E "
"bytes from a string of length %wu",
func, cnt, lenrange[1].to_uhwi ());
return warning_at (callloc, OPT_Wstringop_truncation,
"%qD output may be truncated copying between "
"%wu and %wu bytes from a string of length %wu",
func, cntrange[0].to_uhwi (),
cntrange[1].to_uhwi (), lenrange[1].to_uhwi ());
}
}
if (!cat_dstlen_bounded
&& cntrange[0] != cntrange[1]
&& wi::leu_p (cntrange[0], lenrange[0])
&& wi::leu_p (cntrange[1], lenrange[0] + 1))
{
/* If the source (including the terminating nul) is longer than
the lower bound of the specified count but shorter than the
upper bound the copy may (but need not) be truncated. */
return warning_at (callloc, OPT_Wstringop_truncation,
"%qD output may be truncated copying between "
"%wu and %wu bytes from a string of length %wu",
func, cntrange[0].to_uhwi (),
cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
}
}
access_ref aref;
if (tree dstsize = compute_objsize (dst, 1, &aref, ptr_qry))
{
/* The source length is unknown. Try to determine the destination
size and see if it matches the specified bound. If not, bail.
Otherwise go on to see if it should be diagnosed for possible
truncation. */
if (!dstsize)
return false;
if (wi::to_wide (dstsize) != cntrange[1])
return false;
/* Avoid warning for strncpy(a, b, N) calls where the following
equalities hold:
N == sizeof a && N == sizeof b */
if (tree srcsize = compute_objsize (src, 1, &aref, ptr_qry))
if (wi::to_wide (srcsize) == cntrange[1])
return false;
if (cntrange[0] == cntrange[1])
return warning_at (callloc, OPT_Wstringop_truncation,
"%qD specified bound %E equals destination size",
func, cnt);
}
return false;
}
/* Check the arguments to the built-in forms of stpncpy, strncpy, and
strncat, for out-of-bounds offsets or overlapping access, and to see
if the size is derived from calling strlen() on the source argument,
and if so, issue the appropriate warning.
APPEND_P is true for strncat. */
static void
handle_builtin_stx