]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/gimple-ssa-sprintf.c
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
* config/mips/mips.c (mips_final_postscan_insn): Modify call
[thirdparty/gcc.git] / gcc / gimple-ssa-sprintf.c
CommitLineData
fbd26352 1/* Copyright (C) 2016-2019 Free Software Foundation, Inc.
b9833bfd 2 Contributed by Martin Sebor <msebor@redhat.com>.
3
4This file is part of GCC.
5
6GCC is free software; you can redistribute it and/or modify it under
7the terms of the GNU General Public License as published by the Free
8Software Foundation; either version 3, or (at your option) any later
9version.
10
11GCC is distributed in the hope that it will be useful, but WITHOUT ANY
12WARRANTY; without even the implied warranty of MERCHANTABILITY or
13FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14for more details.
15
16You should have received a copy of the GNU General Public License
17along with GCC; see the file COPYING3. If not see
18<http://www.gnu.org/licenses/>. */
19
20/* This file implements the printf-return-value pass. The pass does
21 two things: 1) it analyzes calls to formatted output functions like
22 sprintf looking for possible buffer overflows and calls to bounded
23 functions like snprintf for early truncation (and under the control
24 of the -Wformat-length option issues warnings), and 2) under the
25 control of the -fprintf-return-value option it folds the return
26 value of safe calls into constants, making it possible to eliminate
27 code that depends on the value of those constants.
28
29 For all functions (bounded or not) the pass uses the size of the
30 destination object. That means that it will diagnose calls to
31 snprintf not on the basis of the size specified by the function's
32 second argument but rathger on the basis of the size the first
33 argument points to (if possible). For bound-checking built-ins
34 like __builtin___snprintf_chk the pass uses the size typically
35 determined by __builtin_object_size and passed to the built-in
36 by the Glibc inline wrapper.
37
38 The pass handles all forms standard sprintf format directives,
39 including character, integer, floating point, pointer, and strings,
3c57b79b 40 with the standard C flags, widths, and precisions. For integers
b9833bfd 41 and strings it computes the length of output itself. For floating
42 point it uses MPFR to fornmat known constants with up and down
43 rounding and uses the resulting range of output lengths. For
44 strings it uses the length of string literals and the sizes of
45 character arrays that a character pointer may point to as a bound
46 on the longest string. */
47
48#include "config.h"
49#include "system.h"
50#include "coretypes.h"
51#include "backend.h"
52#include "tree.h"
53#include "gimple.h"
54#include "tree-pass.h"
55#include "ssa.h"
56#include "gimple-fold.h"
57#include "gimple-pretty-print.h"
58#include "diagnostic-core.h"
59#include "fold-const.h"
60#include "gimple-iterator.h"
61#include "tree-ssa.h"
62#include "tree-object-size.h"
63#include "params.h"
64#include "tree-cfg.h"
a27264ed 65#include "tree-ssa-propagate.h"
b9833bfd 66#include "calls.h"
67#include "cfgloop.h"
22287fcd 68#include "tree-scalar-evolution.h"
69#include "tree-ssa-loop.h"
b9833bfd 70#include "intl.h"
722889f9 71#include "langhooks.h"
b9833bfd 72
7b2ced2f 73#include "attribs.h"
b9833bfd 74#include "builtins.h"
75#include "stor-layout.h"
76
77#include "realmpfr.h"
78#include "target.h"
b9833bfd 79
80#include "cpplib.h"
81#include "input.h"
82#include "toplev.h"
83#include "substring-locations.h"
84#include "diagnostic.h"
9d8823fc 85#include "domwalk.h"
4d02592b 86#include "alloc-pool.h"
87#include "vr-values.h"
88#include "gimple-ssa-evrp-analyze.h"
b9833bfd 89
c62d63d4 90/* The likely worst case value of MB_LEN_MAX for the target, large enough
91 for UTF-8. Ideally, this would be obtained by a target hook if it were
92 to be used for optimization but it's good enough as is for warnings. */
26a75cc5 93#define target_mb_len_max() 6
c62d63d4 94
84960375 95/* The maximum number of bytes a single non-string directive can result
96 in. This is the result of printf("%.*Lf", INT_MAX, -LDBL_MAX) for
97 LDBL_MAX_10_EXP of 4932. */
98#define IEEE_MAX_10_EXP 4932
99#define target_dir_max() (target_int_max () + IEEE_MAX_10_EXP + 2)
100
b9833bfd 101namespace {
102
103const pass_data pass_data_sprintf_length = {
104 GIMPLE_PASS, // pass type
105 "printf-return-value", // pass name
106 OPTGROUP_NONE, // optinfo_flags
107 TV_NONE, // tv_id
108 PROP_cfg, // properties_required
109 0, // properties_provided
110 0, // properties_destroyed
111 0, // properties_start
112 0, // properties_finish
113};
114
76cf0084 115/* Set to the warning level for the current function which is equal
116 either to warn_format_trunc for bounded functions or to
117 warn_format_overflow otherwise. */
118
119static int warn_level;
120
b9833bfd 121struct format_result;
122
9d8823fc 123class sprintf_dom_walker : public dom_walker
124{
125 public:
447602ef 126 sprintf_dom_walker ()
127 : dom_walker (CDI_DOMINATORS),
128 evrp_range_analyzer (false) {}
9d8823fc 129 ~sprintf_dom_walker () {}
130
ac03d822 131 edge before_dom_children (basic_block) FINAL OVERRIDE;
4d02592b 132 void after_dom_children (basic_block) FINAL OVERRIDE;
9d8823fc 133 bool handle_gimple_call (gimple_stmt_iterator *);
134
135 struct call_info;
136 bool compute_format_length (call_info &, format_result *);
4d02592b 137 class evrp_range_analyzer evrp_range_analyzer;
9d8823fc 138};
139
b9833bfd 140class pass_sprintf_length : public gimple_opt_pass
141{
142 bool fold_return_value;
143
144public:
145 pass_sprintf_length (gcc::context *ctxt)
146 : gimple_opt_pass (pass_data_sprintf_length, ctxt),
147 fold_return_value (false)
148 { }
149
150 opt_pass * clone () { return new pass_sprintf_length (m_ctxt); }
151
152 virtual bool gate (function *);
153
154 virtual unsigned int execute (function *);
155
156 void set_pass_param (unsigned int n, bool param)
157 {
158 gcc_assert (n == 0);
159 fold_return_value = param;
160 }
161
b9833bfd 162};
163
164bool
165pass_sprintf_length::gate (function *)
166{
76cf0084 167 /* Run the pass iff -Warn-format-overflow or -Warn-format-truncation
168 is specified and either not optimizing and the pass is being invoked
169 early, or when optimizing and the pass is being invoked during
170 optimization (i.e., "late"). */
26a75cc5 171 return ((warn_format_overflow > 0
172 || warn_format_trunc > 0
173 || flag_printf_return_value)
bd94fe4f 174 && (optimize > 0) == fold_return_value);
b9833bfd 175}
176
425bd7b1 177/* The minimum, maximum, likely, and unlikely maximum number of bytes
178 of output either a formatting function or an individual directive
179 can result in. */
180
181struct result_range
182{
183 /* The absolute minimum number of bytes. The result of a successful
184 conversion is guaranteed to be no less than this. (An erroneous
185 conversion can be indicated by MIN > HOST_WIDE_INT_MAX.) */
186 unsigned HOST_WIDE_INT min;
187 /* The likely maximum result that is used in diagnostics. In most
188 cases MAX is the same as the worst case UNLIKELY result. */
189 unsigned HOST_WIDE_INT max;
190 /* The likely result used to trigger diagnostics. For conversions
191 that result in a range of bytes [MIN, MAX], LIKELY is somewhere
192 in that range. */
193 unsigned HOST_WIDE_INT likely;
194 /* In rare cases (e.g., for nultibyte characters) UNLIKELY gives
195 the worst cases maximum result of a directive. In most cases
196 UNLIKELY == MAX. UNLIKELY is used to control the return value
197 optimization but not in diagnostics. */
198 unsigned HOST_WIDE_INT unlikely;
199};
200
b9833bfd 201/* The result of a call to a formatted function. */
202
203struct format_result
204{
425bd7b1 205 /* Range of characters written by the formatted function.
206 Setting the minimum to HOST_WIDE_INT_MAX disables all
207 length tracking for the remainder of the format string. */
208 result_range range;
b9833bfd 209
c62d63d4 210 /* True when the range above is obtained from known values of
425bd7b1 211 directive arguments, or bounds on the amount of output such
212 as width and precision, and not the result of heuristics that
213 depend on warning levels. It's used to issue stricter diagnostics
214 in cases where strings of unknown lengths are bounded by the arrays
215 they are determined to refer to. KNOWNRANGE must not be used for
216 the return value optimization. */
c62d63d4 217 bool knownrange;
218
17d7e9ff 219 /* True if no individual directive could fail or result in more than
220 4095 bytes of output (the total NUMBER_CHARS_{MIN,MAX} might be
221 greater). Implementations are not required to handle directives
222 that produce more than 4K bytes (leading to undefined behavior)
223 and so when one is found it disables the return value optimization.
224 Similarly, directives that can fail (such as wide character
225 directives) disable the optimization. */
226 bool posunder4k;
b9833bfd 227
228 /* True when a floating point directive has been seen in the format
229 string. */
230 bool floating;
231
232 /* True when an intermediate result has caused a warning. Used to
233 avoid issuing duplicate warnings while finishing the processing
425bd7b1 234 of a call. WARNED also disables the return value optimization. */
b9833bfd 235 bool warned;
236
237 /* Preincrement the number of output characters by 1. */
238 format_result& operator++ ()
239 {
240 return *this += 1;
241 }
242
243 /* Postincrement the number of output characters by 1. */
244 format_result operator++ (int)
245 {
246 format_result prev (*this);
247 *this += 1;
248 return prev;
249 }
250
251 /* Increment the number of output characters by N. */
26a75cc5 252 format_result& operator+= (unsigned HOST_WIDE_INT);
b9833bfd 253};
254
26a75cc5 255format_result&
256format_result::operator+= (unsigned HOST_WIDE_INT n)
257{
258 gcc_assert (n < HOST_WIDE_INT_MAX);
259
425bd7b1 260 if (range.min < HOST_WIDE_INT_MAX)
261 range.min += n;
262
263 if (range.max < HOST_WIDE_INT_MAX)
264 range.max += n;
26a75cc5 265
425bd7b1 266 if (range.likely < HOST_WIDE_INT_MAX)
267 range.likely += n;
26a75cc5 268
425bd7b1 269 if (range.unlikely < HOST_WIDE_INT_MAX)
270 range.unlikely += n;
26a75cc5 271
272 return *this;
273}
274
b9833bfd 275/* Return the value of INT_MIN for the target. */
276
7bcd359a 277static inline HOST_WIDE_INT
b9833bfd 278target_int_min ()
279{
7bcd359a 280 return tree_to_shwi (TYPE_MIN_VALUE (integer_type_node));
c62d63d4 281}
282
283/* Return the value of INT_MAX for the target. */
284
285static inline unsigned HOST_WIDE_INT
286target_int_max ()
287{
7bcd359a 288 return tree_to_uhwi (TYPE_MAX_VALUE (integer_type_node));
c62d63d4 289}
290
291/* Return the value of SIZE_MAX for the target. */
292
293static inline unsigned HOST_WIDE_INT
294target_size_max ()
295{
7bcd359a 296 return tree_to_uhwi (TYPE_MAX_VALUE (size_type_node));
b9833bfd 297}
298
722889f9 299/* A straightforward mapping from the execution character set to the host
300 character set indexed by execution character. */
301
302static char target_to_host_charmap[256];
303
304/* Initialize a mapping from the execution character set to the host
305 character set. */
306
307static bool
308init_target_to_host_charmap ()
309{
310 /* If the percent sign is non-zero the mapping has already been
311 initialized. */
312 if (target_to_host_charmap['%'])
313 return true;
314
315 /* Initialize the target_percent character (done elsewhere). */
316 if (!init_target_chars ())
317 return false;
318
319 /* The subset of the source character set used by printf conversion
320 specifications (strictly speaking, not all letters are used but
321 they are included here for the sake of simplicity). The dollar
322 sign must be included even though it's not in the basic source
323 character set. */
324 const char srcset[] = " 0123456789!\"#%&'()*+,-./:;<=>?[\\]^_{|}~$"
325 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
326
327 /* Set the mapping for all characters to some ordinary value (i,e.,
328 not none used in printf conversion specifications) and overwrite
329 those that are used by conversion specifications with their
330 corresponding values. */
331 memset (target_to_host_charmap + 1, '?', sizeof target_to_host_charmap - 1);
332
333 /* Are the two sets of characters the same? */
334 bool all_same_p = true;
335
336 for (const char *pc = srcset; *pc; ++pc)
337 {
338 /* Slice off the high end bits in case target characters are
339 signed. All values are expected to be non-nul, otherwise
340 there's a problem. */
341 if (unsigned char tc = lang_hooks.to_target_charset (*pc))
342 {
343 target_to_host_charmap[tc] = *pc;
344 if (tc != *pc)
345 all_same_p = false;
346 }
347 else
348 return false;
349
350 }
351
352 /* Set the first element to a non-zero value if the mapping
353 is 1-to-1, otherwise leave it clear (NUL is assumed to be
354 the same in both character sets). */
355 target_to_host_charmap[0] = all_same_p;
356
357 return true;
358}
359
360/* Return the host source character corresponding to the character
361 CH in the execution character set if one exists, or some innocuous
362 (non-special, non-nul) source character otherwise. */
363
364static inline unsigned char
365target_to_host (unsigned char ch)
366{
367 return target_to_host_charmap[ch];
368}
369
370/* Convert an initial substring of the string TARGSTR consisting of
371 characters in the execution character set into a string in the
372 source character set on the host and store up to HOSTSZ characters
373 in the buffer pointed to by HOSTR. Return HOSTR. */
374
375static const char*
376target_to_host (char *hostr, size_t hostsz, const char *targstr)
377{
378 /* Make sure the buffer is reasonably big. */
379 gcc_assert (hostsz > 4);
380
381 /* The interesting subset of source and execution characters are
382 the same so no conversion is necessary. However, truncate
383 overlong strings just like the translated strings are. */
384 if (target_to_host_charmap['\0'] == 1)
385 {
92a180c6 386 size_t len = strlen (targstr);
387 if (len >= hostsz)
388 {
389 memcpy (hostr, targstr, hostsz - 4);
390 strcpy (hostr + hostsz - 4, "...");
391 }
392 else
393 memcpy (hostr, targstr, len + 1);
722889f9 394 return hostr;
395 }
396
397 /* Convert the initial substring of TARGSTR to the corresponding
398 characters in the host set, appending "..." if TARGSTR is too
399 long to fit. Using the static buffer assumes the function is
400 not called in between sequence points (which it isn't). */
401 for (char *ph = hostr; ; ++targstr)
402 {
403 *ph++ = target_to_host (*targstr);
404 if (!*targstr)
405 break;
406
92a180c6 407 if (size_t (ph - hostr) == hostsz)
722889f9 408 {
92a180c6 409 strcpy (ph - 4, "...");
722889f9 410 break;
411 }
412 }
413
414 return hostr;
415}
416
417/* Convert the sequence of decimal digits in the execution character
1d4fa533 418 starting at *PS to a HOST_WIDE_INT, analogously to strtol. Return
419 the result and set *PS to one past the last converted character.
420 On range error set ERANGE to the digit that caused it. */
722889f9 421
1d4fa533 422static inline HOST_WIDE_INT
423target_strtowi (const char **ps, const char **erange)
722889f9 424{
425 unsigned HOST_WIDE_INT val = 0;
426 for ( ; ; ++*ps)
427 {
428 unsigned char c = target_to_host (**ps);
429 if (ISDIGIT (c))
430 {
431 c -= '0';
432
433 /* Check for overflow. */
1d4fa533 434 if (val > ((unsigned HOST_WIDE_INT) HOST_WIDE_INT_MAX - c) / 10LU)
722889f9 435 {
1d4fa533 436 val = HOST_WIDE_INT_MAX;
722889f9 437 *erange = *ps;
438
439 /* Skip the remaining digits. */
440 do
441 c = target_to_host (*++*ps);
442 while (ISDIGIT (c));
443 break;
444 }
445 else
446 val = val * 10 + c;
447 }
448 else
449 break;
450 }
451
452 return val;
453}
454
b9833bfd 455/* Given FORMAT, set *PLOC to the source location of the format string
456 and return the format string if it is known or null otherwise. */
457
458static const char*
459get_format_string (tree format, location_t *ploc)
460{
b9833bfd 461 *ploc = EXPR_LOC_OR_LOC (format, input_location);
462
fd5cbc99 463 return c_getstr (format);
b9833bfd 464}
465
7ac1c1d7 466/* For convenience and brevity, shorter named entrypoints of
995dda73 467 format_string_diagnostic_t::emit_warning_va and
468 format_string_diagnostic_t::emit_warning_n_va.
7ac1c1d7 469 These have to be functions with the attribute so that exgettext
470 works properly. */
b9833bfd 471
7ac1c1d7 472static bool
473ATTRIBUTE_GCC_DIAG (5, 6)
474fmtwarn (const substring_loc &fmt_loc, location_t param_loc,
475 const char *corrected_substring, int opt, const char *gmsgid, ...)
476{
995dda73 477 format_string_diagnostic_t diag (fmt_loc, NULL, param_loc, NULL,
478 corrected_substring);
7ac1c1d7 479 va_list ap;
480 va_start (ap, gmsgid);
995dda73 481 bool warned = diag.emit_warning_va (opt, gmsgid, &ap);
7ac1c1d7 482 va_end (ap);
b9833bfd 483
7ac1c1d7 484 return warned;
485}
b9833bfd 486
487static bool
7ac1c1d7 488ATTRIBUTE_GCC_DIAG (6, 8) ATTRIBUTE_GCC_DIAG (7, 8)
489fmtwarn_n (const substring_loc &fmt_loc, location_t param_loc,
490 const char *corrected_substring, int opt, unsigned HOST_WIDE_INT n,
491 const char *singular_gmsgid, const char *plural_gmsgid, ...)
492{
995dda73 493 format_string_diagnostic_t diag (fmt_loc, NULL, param_loc, NULL,
494 corrected_substring);
7ac1c1d7 495 va_list ap;
496 va_start (ap, plural_gmsgid);
995dda73 497 bool warned = diag.emit_warning_n_va (opt, n, singular_gmsgid, plural_gmsgid,
498 &ap);
7ac1c1d7 499 va_end (ap);
500
501 return warned;
502}
b9833bfd 503
504/* Format length modifiers. */
505
506enum format_lengths
507{
508 FMT_LEN_none,
509 FMT_LEN_hh, // char argument
510 FMT_LEN_h, // short
511 FMT_LEN_l, // long
512 FMT_LEN_ll, // long long
513 FMT_LEN_L, // long double (and GNU long long)
514 FMT_LEN_z, // size_t
515 FMT_LEN_t, // ptrdiff_t
516 FMT_LEN_j // intmax_t
517};
518
519
b9833bfd 520/* Description of the result of conversion either of a single directive
521 or the whole format string. */
522
523struct fmtresult
524{
26a75cc5 525 /* Construct a FMTRESULT object with all counters initialized
526 to MIN. KNOWNRANGE is set when MIN is valid. */
527 fmtresult (unsigned HOST_WIDE_INT min = HOST_WIDE_INT_MAX)
f1625820 528 : argmin (), argmax (), nonstr (),
26a75cc5 529 knownrange (min < HOST_WIDE_INT_MAX),
17d7e9ff 530 mayfail (), nullp ()
c62d63d4 531 {
26a75cc5 532 range.min = min;
533 range.max = min;
425bd7b1 534 range.likely = min;
535 range.unlikely = min;
26a75cc5 536 }
537
425bd7b1 538 /* Construct a FMTRESULT object with MIN, MAX, and LIKELY counters.
539 KNOWNRANGE is set when both MIN and MAX are valid. */
540 fmtresult (unsigned HOST_WIDE_INT min, unsigned HOST_WIDE_INT max,
541 unsigned HOST_WIDE_INT likely = HOST_WIDE_INT_MAX)
f1625820 542 : argmin (), argmax (), nonstr (),
26a75cc5 543 knownrange (min < HOST_WIDE_INT_MAX && max < HOST_WIDE_INT_MAX),
17d7e9ff 544 mayfail (), nullp ()
26a75cc5 545 {
546 range.min = min;
974e2c47 547 range.max = max;
425bd7b1 548 range.likely = max < likely ? min : likely;
549 range.unlikely = max;
c62d63d4 550 }
551
9b0feec7 552 /* Adjust result upward to reflect the RANGE of values the specified
553 width or precision is known to be in. */
554 fmtresult& adjust_for_width_or_precision (const HOST_WIDE_INT[2],
425bd7b1 555 tree = NULL_TREE,
556 unsigned = 0, unsigned = 0);
557
558 /* Return the maximum number of decimal digits a value of TYPE
559 formats as on output. */
9b0feec7 560 static unsigned type_max_digits (tree, int);
425bd7b1 561
b9833bfd 562 /* The range a directive's argument is in. */
563 tree argmin, argmax;
564
565 /* The minimum and maximum number of bytes that a directive
566 results in on output for an argument in the range above. */
567 result_range range;
568
f1625820 569 /* Non-nul when the argument of a string directive is not a nul
570 terminated string. */
571 tree nonstr;
572
c62d63d4 573 /* True when the range above is obtained from a known value of
574 a directive's argument or its bounds and not the result of
575 heuristics that depend on warning levels. */
576 bool knownrange;
577
17d7e9ff 578 /* True for a directive that may fail (such as wide character
579 directives). */
580 bool mayfail;
581
519bbccd 582 /* True when the argument is a null pointer. */
583 bool nullp;
b9833bfd 584};
585
9b0feec7 586/* Adjust result upward to reflect the range ADJUST of values the
587 specified width or precision is known to be in. When non-null,
588 TYPE denotes the type of the directive whose result is being
589 adjusted, BASE gives the base of the directive (octal, decimal,
590 or hex), and ADJ denotes the additional adjustment to the LIKELY
591 counter that may need to be added when ADJUST is a range. */
425bd7b1 592
593fmtresult&
9b0feec7 594fmtresult::adjust_for_width_or_precision (const HOST_WIDE_INT adjust[2],
425bd7b1 595 tree type /* = NULL_TREE */,
596 unsigned base /* = 0 */,
597 unsigned adj /* = 0 */)
598{
599 bool minadjusted = false;
600
425bd7b1 601 /* Adjust the minimum and likely counters. */
f84f68b2 602 if (adjust[0] >= 0)
425bd7b1 603 {
604 if (range.min < (unsigned HOST_WIDE_INT)adjust[0])
605 {
606 range.min = adjust[0];
607 minadjusted = true;
608 }
609
610 /* Adjust the likely counter. */
611 if (range.likely < range.min)
612 range.likely = range.min;
613 }
614 else if (adjust[0] == target_int_min ()
615 && (unsigned HOST_WIDE_INT)adjust[1] == target_int_max ())
616 knownrange = false;
617
618 /* Adjust the maximum counter. */
f84f68b2 619 if (adjust[1] > 0)
425bd7b1 620 {
621 if (range.max < (unsigned HOST_WIDE_INT)adjust[1])
622 {
623 range.max = adjust[1];
624
625 /* Set KNOWNRANGE if both the minimum and maximum have been
626 adjusted. Otherwise leave it at what it was before. */
627 knownrange = minadjusted;
628 }
629 }
630
631 if (warn_level > 1 && type)
632 {
633 /* For large non-constant width or precision whose range spans
634 the maximum number of digits produced by the directive for
635 any argument, set the likely number of bytes to be at most
636 the number digits plus other adjustment determined by the
637 caller (one for sign or two for the hexadecimal "0x"
638 prefix). */
639 unsigned dirdigs = type_max_digits (type, base);
640 if (adjust[0] < dirdigs && dirdigs < adjust[1]
641 && range.likely < dirdigs)
642 range.likely = dirdigs + adj;
643 }
644 else if (range.likely < (range.min ? range.min : 1))
645 {
646 /* Conservatively, set LIKELY to at least MIN but no less than
647 1 unless MAX is zero. */
648 range.likely = (range.min
649 ? range.min
650 : range.max && (range.max < HOST_WIDE_INT_MAX
651 || warn_level > 1) ? 1 : 0);
652 }
653
654 /* Finally adjust the unlikely counter to be at least as large as
655 the maximum. */
656 if (range.unlikely < range.max)
657 range.unlikely = range.max;
658
659 return *this;
660}
661
662/* Return the maximum number of digits a value of TYPE formats in
663 BASE on output, not counting base prefix . */
664
665unsigned
666fmtresult::type_max_digits (tree type, int base)
667{
668 unsigned prec = TYPE_PRECISION (type);
b35bf93a 669 switch (base)
670 {
671 case 8:
672 return (prec + 2) / 3;
673 case 10:
674 /* Decimal approximation: yields 3, 5, 10, and 20 for precision
675 of 8, 16, 32, and 64 bits. */
676 return prec * 301 / 1000 + 1;
677 case 16:
678 return prec / 4;
679 }
425bd7b1 680
b35bf93a 681 gcc_unreachable ();
425bd7b1 682}
683
9b0feec7 684static bool
a669405f 685get_int_range (tree, HOST_WIDE_INT *, HOST_WIDE_INT *, bool, HOST_WIDE_INT,
686 class vr_values *vr_values);
9b0feec7 687
688/* Description of a format directive. A directive is either a plain
689 string or a conversion specification that starts with '%'. */
b9833bfd 690
26a75cc5 691struct directive
b9833bfd 692{
26a75cc5 693 /* The 1-based directive number (for debugging). */
694 unsigned dirno;
695
696 /* The first character of the directive and its length. */
697 const char *beg;
698 size_t len;
699
b9833bfd 700 /* A bitmap of flags, one for each character. */
701 unsigned flags[256 / sizeof (int)];
b9833bfd 702
9b0feec7 703 /* The range of values of the specified width, or -1 if not specified. */
704 HOST_WIDE_INT width[2];
705 /* The range of values of the specified precision, or -1 if not
706 specified. */
707 HOST_WIDE_INT prec[2];
b9833bfd 708
709 /* Length modifier. */
710 format_lengths modifier;
711
712 /* Format specifier character. */
713 char specifier;
714
26a75cc5 715 /* The argument of the directive or null when the directive doesn't
716 take one or when none is available (such as for vararg functions). */
717 tree arg;
b9833bfd 718
425bd7b1 719 /* Format conversion function that given a directive and an argument
720 returns the formatting result. */
a669405f 721 fmtresult (*fmtfunc) (const directive &, tree, vr_values *);
b9833bfd 722
723 /* Return True when a the format flag CHR has been used. */
724 bool get_flag (char chr) const
725 {
726 unsigned char c = chr & 0xff;
727 return (flags[c / (CHAR_BIT * sizeof *flags)]
728 & (1U << (c % (CHAR_BIT * sizeof *flags))));
729 }
730
731 /* Make a record of the format flag CHR having been used. */
732 void set_flag (char chr)
733 {
734 unsigned char c = chr & 0xff;
735 flags[c / (CHAR_BIT * sizeof *flags)]
736 |= (1U << (c % (CHAR_BIT * sizeof *flags)));
737 }
738
739 /* Reset the format flag CHR. */
740 void clear_flag (char chr)
741 {
742 unsigned char c = chr & 0xff;
743 flags[c / (CHAR_BIT * sizeof *flags)]
744 &= ~(1U << (c % (CHAR_BIT * sizeof *flags)));
745 }
26a75cc5 746
9b0feec7 747 /* Set both bounds of the width range to VAL. */
26a75cc5 748 void set_width (HOST_WIDE_INT val)
749 {
9b0feec7 750 width[0] = width[1] = val;
26a75cc5 751 }
752
9b0feec7 753 /* Set the width range according to ARG, with both bounds being
754 no less than 0. For a constant ARG set both bounds to its value
755 or 0, whichever is greater. For a non-constant ARG in some range
756 set width to its range adjusting each bound to -1 if it's less.
757 For an indeterminate ARG set width to [0, INT_MAX]. */
a669405f 758 void set_width (tree arg, vr_values *vr_values)
26a75cc5 759 {
a669405f 760 get_int_range (arg, width, width + 1, true, 0, vr_values);
26a75cc5 761 }
762
9b0feec7 763 /* Set both bounds of the precision range to VAL. */
26a75cc5 764 void set_precision (HOST_WIDE_INT val)
765 {
9b0feec7 766 prec[0] = prec[1] = val;
26a75cc5 767 }
768
9b0feec7 769 /* Set the precision range according to ARG, with both bounds being
770 no less than -1. For a constant ARG set both bounds to its value
771 or -1 whichever is greater. For a non-constant ARG in some range
772 set precision to its range adjusting each bound to -1 if it's less.
773 For an indeterminate ARG set precision to [-1, INT_MAX]. */
a669405f 774 void set_precision (tree arg, vr_values *vr_values)
26a75cc5 775 {
a669405f 776 get_int_range (arg, prec, prec + 1, false, -1, vr_values);
26a75cc5 777 }
7b2c89ef 778
779 /* Return true if both width and precision are known to be
780 either constant or in some range, false otherwise. */
781 bool known_width_and_precision () const
782 {
783 return ((width[1] < 0
784 || (unsigned HOST_WIDE_INT)width[1] <= target_int_max ())
785 && (prec[1] < 0
786 || (unsigned HOST_WIDE_INT)prec[1] < target_int_max ()));
787 }
b9833bfd 788};
789
790/* Return the logarithm of X in BASE. */
791
792static int
793ilog (unsigned HOST_WIDE_INT x, int base)
794{
795 int res = 0;
796 do
797 {
798 ++res;
799 x /= base;
800 } while (x);
801 return res;
802}
803
804/* Return the number of bytes resulting from converting into a string
07242bec 805 the INTEGER_CST tree node X in BASE with a minimum of PREC digits.
806 PLUS indicates whether 1 for a plus sign should be added for positive
807 numbers, and PREFIX whether the length of an octal ('O') or hexadecimal
808 ('0x') prefix should be added for nonzero numbers. Return -1 if X cannot
809 be represented. */
810
811static HOST_WIDE_INT
812tree_digits (tree x, int base, HOST_WIDE_INT prec, bool plus, bool prefix)
b9833bfd 813{
814 unsigned HOST_WIDE_INT absval;
815
07242bec 816 HOST_WIDE_INT res;
b9833bfd 817
818 if (TYPE_UNSIGNED (TREE_TYPE (x)))
819 {
820 if (tree_fits_uhwi_p (x))
821 {
822 absval = tree_to_uhwi (x);
823 res = plus;
824 }
825 else
826 return -1;
827 }
828 else
829 {
830 if (tree_fits_shwi_p (x))
831 {
832 HOST_WIDE_INT i = tree_to_shwi (x);
a61df77a 833 if (HOST_WIDE_INT_MIN == i)
834 {
835 /* Avoid undefined behavior due to negating a minimum. */
836 absval = HOST_WIDE_INT_MAX;
837 res = 1;
838 }
839 else if (i < 0)
840 {
841 absval = -i;
842 res = 1;
843 }
844 else
845 {
846 absval = i;
847 res = plus;
848 }
b9833bfd 849 }
850 else
851 return -1;
852 }
853
07242bec 854 int ndigs = ilog (absval, base);
855
856 res += prec < ndigs ? ndigs : prec;
b9833bfd 857
300d15eb 858 /* Adjust a non-zero value for the base prefix, either hexadecimal,
859 or, unless precision has resulted in a leading zero, also octal. */
860 if (prefix && absval && (base == 16 || prec <= ndigs))
b9833bfd 861 {
862 if (base == 8)
863 res += 1;
864 else if (base == 16)
865 res += 2;
866 }
867
868 return res;
869}
870
871/* Given the formatting result described by RES and NAVAIL, the number
9b0feec7 872 of available in the destination, return the range of bytes remaining
b9833bfd 873 in the destination. */
874
875static inline result_range
876bytes_remaining (unsigned HOST_WIDE_INT navail, const format_result &res)
877{
878 result_range range;
879
880 if (HOST_WIDE_INT_MAX <= navail)
881 {
425bd7b1 882 range.min = range.max = range.likely = range.unlikely = navail;
b9833bfd 883 return range;
884 }
885
425bd7b1 886 /* The lower bound of the available range is the available size
887 minus the maximum output size, and the upper bound is the size
888 minus the minimum. */
889 range.max = res.range.min < navail ? navail - res.range.min : 0;
b9833bfd 890
425bd7b1 891 range.likely = res.range.likely < navail ? navail - res.range.likely : 0;
b9833bfd 892
425bd7b1 893 if (res.range.max < HOST_WIDE_INT_MAX)
894 range.min = res.range.max < navail ? navail - res.range.max : 0;
b9833bfd 895 else
425bd7b1 896 range.min = range.likely;
b9833bfd 897
425bd7b1 898 range.unlikely = (res.range.unlikely < navail
899 ? navail - res.range.unlikely : 0);
b9833bfd 900
425bd7b1 901 return range;
b9833bfd 902}
903
904/* Description of a call to a formatted function. */
905
9d8823fc 906struct sprintf_dom_walker::call_info
b9833bfd 907{
908 /* Function call statement. */
909 gimple *callstmt;
910
911 /* Function called. */
912 tree func;
913
914 /* Called built-in function code. */
915 built_in_function fncode;
916
917 /* Format argument and format string extracted from it. */
918 tree format;
919 const char *fmtstr;
920
921 /* The location of the format argument. */
922 location_t fmtloc;
923
924 /* The destination object size for __builtin___xxx_chk functions
925 typically determined by __builtin_object_size, or -1 if unknown. */
926 unsigned HOST_WIDE_INT objsize;
927
928 /* Number of the first variable argument. */
929 unsigned HOST_WIDE_INT argidx;
930
931 /* True for functions like snprintf that specify the size of
932 the destination, false for others like sprintf that don't. */
933 bool bounded;
a27264ed 934
935 /* True for bounded functions like snprintf that specify a zero-size
936 buffer as a request to compute the size of output without actually
f9325e71 937 writing any. NOWRITE is cleared in response to the %n directive
938 which has side-effects similar to writing output. */
a27264ed 939 bool nowrite;
aba01341 940
941 /* Return true if the called function's return value is used. */
942 bool retval_used () const
943 {
944 return gimple_get_lhs (callstmt);
945 }
946
947 /* Return the warning option corresponding to the called function. */
948 int warnopt () const
949 {
78cf39ca 950 return bounded ? OPT_Wformat_truncation_ : OPT_Wformat_overflow_;
aba01341 951 }
c1b65cc2 952
953 /* Return true for calls to file formatted functions. */
954 bool is_file_func () const
955 {
956 return (fncode == BUILT_IN_FPRINTF
957 || fncode == BUILT_IN_FPRINTF_CHK
958 || fncode == BUILT_IN_FPRINTF_UNLOCKED
959 || fncode == BUILT_IN_VFPRINTF
960 || fncode == BUILT_IN_VFPRINTF_CHK);
961 }
962
963 /* Return true for calls to string formatted functions. */
964 bool is_string_func () const
965 {
966 return (fncode == BUILT_IN_SPRINTF
967 || fncode == BUILT_IN_SPRINTF_CHK
968 || fncode == BUILT_IN_SNPRINTF
969 || fncode == BUILT_IN_SNPRINTF_CHK
970 || fncode == BUILT_IN_VSPRINTF
971 || fncode == BUILT_IN_VSPRINTF_CHK
972 || fncode == BUILT_IN_VSNPRINTF
973 || fncode == BUILT_IN_VSNPRINTF_CHK);
974 }
b9833bfd 975};
976
26a75cc5 977/* Return the result of formatting a no-op directive (such as '%n'). */
978
979static fmtresult
a669405f 980format_none (const directive &, tree, vr_values *)
26a75cc5 981{
982 fmtresult res (0);
26a75cc5 983 return res;
984}
985
b9833bfd 986/* Return the result of formatting the '%%' directive. */
987
988static fmtresult
a669405f 989format_percent (const directive &, tree, vr_values *)
b9833bfd 990{
26a75cc5 991 fmtresult res (1);
b9833bfd 992 return res;
993}
994
995
6156f076 996/* Compute intmax_type_node and uintmax_type_node similarly to how
997 tree.c builds size_type_node. */
b9833bfd 998
999static void
1000build_intmax_type_nodes (tree *pintmax, tree *puintmax)
1001{
6156f076 1002 if (strcmp (UINTMAX_TYPE, "unsigned int") == 0)
b9833bfd 1003 {
1004 *pintmax = integer_type_node;
1005 *puintmax = unsigned_type_node;
1006 }
6156f076 1007 else if (strcmp (UINTMAX_TYPE, "long unsigned int") == 0)
b9833bfd 1008 {
1009 *pintmax = long_integer_type_node;
1010 *puintmax = long_unsigned_type_node;
1011 }
6156f076 1012 else if (strcmp (UINTMAX_TYPE, "long long unsigned int") == 0)
b9833bfd 1013 {
1014 *pintmax = long_long_integer_type_node;
1015 *puintmax = long_long_unsigned_type_node;
1016 }
1017 else
1018 {
1019 for (int i = 0; i < NUM_INT_N_ENTS; i++)
1020 if (int_n_enabled_p[i])
1021 {
1022 char name[50];
1023 sprintf (name, "__int%d unsigned", int_n_data[i].bitsize);
1024
6156f076 1025 if (strcmp (name, UINTMAX_TYPE) == 0)
b9833bfd 1026 {
1027 *pintmax = int_n_trees[i].signed_type;
1028 *puintmax = int_n_trees[i].unsigned_type;
6156f076 1029 return;
b9833bfd 1030 }
1031 }
6156f076 1032 gcc_unreachable ();
b9833bfd 1033 }
1034}
1035
3319bb15 1036/* Determine the range [*PMIN, *PMAX] that the expression ARG is
1037 in and that is representable in type int.
1038 Return true when the range is a subrange of that of int.
1039 When ARG is null it is as if it had the full range of int.
9b0feec7 1040 When ABSOLUTE is true the range reflects the absolute value of
1041 the argument. When ABSOLUTE is false, negative bounds of
1042 the determined range are replaced with NEGBOUND. */
1043
1044static bool
3319bb15 1045get_int_range (tree arg, HOST_WIDE_INT *pmin, HOST_WIDE_INT *pmax,
a669405f 1046 bool absolute, HOST_WIDE_INT negbound,
1047 class vr_values *vr_values)
9b0feec7 1048{
3319bb15 1049 /* The type of the result. */
1050 const_tree type = integer_type_node;
1051
9b0feec7 1052 bool knownrange = false;
1053
1054 if (!arg)
1055 {
3319bb15 1056 *pmin = tree_to_shwi (TYPE_MIN_VALUE (type));
1057 *pmax = tree_to_shwi (TYPE_MAX_VALUE (type));
9b0feec7 1058 }
27213f15 1059 else if (TREE_CODE (arg) == INTEGER_CST
1060 && TYPE_PRECISION (TREE_TYPE (arg)) <= TYPE_PRECISION (type))
9b0feec7 1061 {
1062 /* For a constant argument return its value adjusted as specified
1063 by NEGATIVE and NEGBOUND and return true to indicate that the
1064 result is known. */
1065 *pmin = tree_fits_shwi_p (arg) ? tree_to_shwi (arg) : tree_to_uhwi (arg);
1066 *pmax = *pmin;
1067 knownrange = true;
1068 }
1069 else
1070 {
1071 /* True if the argument's range cannot be determined. */
1072 bool unknown = true;
1073
3319bb15 1074 tree argtype = TREE_TYPE (arg);
9b0feec7 1075
3319bb15 1076 /* Ignore invalid arguments with greater precision that that
1077 of the expected type (e.g., in sprintf("%*i", 12LL, i)).
1078 They will have been detected and diagnosed by -Wformat and
1079 so it's not important to complicate this code to try to deal
1080 with them again. */
9b0feec7 1081 if (TREE_CODE (arg) == SSA_NAME
3319bb15 1082 && INTEGRAL_TYPE_P (argtype)
1083 && TYPE_PRECISION (argtype) <= TYPE_PRECISION (type))
9b0feec7 1084 {
1085 /* Try to determine the range of values of the integer argument. */
3a06a652 1086 value_range *vr = vr_values->get_value_range (arg);
be44111e 1087 if (range_int_cst_p (vr))
9b0feec7 1088 {
1089 HOST_WIDE_INT type_min
3319bb15 1090 = (TYPE_UNSIGNED (argtype)
1091 ? tree_to_uhwi (TYPE_MIN_VALUE (argtype))
1092 : tree_to_shwi (TYPE_MIN_VALUE (argtype)));
9b0feec7 1093
3319bb15 1094 HOST_WIDE_INT type_max = tree_to_uhwi (TYPE_MAX_VALUE (argtype));
9b0feec7 1095
be44111e 1096 *pmin = TREE_INT_CST_LOW (vr->min ());
1097 *pmax = TREE_INT_CST_LOW (vr->max ());
9b0feec7 1098
3319bb15 1099 if (*pmin < *pmax)
1100 {
1101 /* Return true if the adjusted range is a subrange of
1102 the full range of the argument's type. *PMAX may
1103 be less than *PMIN when the argument is unsigned
1104 and its upper bound is in excess of TYPE_MAX. In
1105 that (invalid) case disregard the range and use that
1106 of the expected type instead. */
1107 knownrange = type_min < *pmin || *pmax < type_max;
1108
1109 unknown = false;
1110 }
9b0feec7 1111 }
1112 }
1113
1114 /* Handle an argument with an unknown range as if none had been
1115 provided. */
1116 if (unknown)
a669405f 1117 return get_int_range (NULL_TREE, pmin, pmax, absolute,
1118 negbound, vr_values);
9b0feec7 1119 }
1120
1121 /* Adjust each bound as specified by ABSOLUTE and NEGBOUND. */
1122 if (absolute)
1123 {
1124 if (*pmin < 0)
1125 {
1126 if (*pmin == *pmax)
1127 *pmin = *pmax = -*pmin;
1128 else
1129 {
3319bb15 1130 /* Make sure signed overlow is avoided. */
1131 gcc_assert (*pmin != HOST_WIDE_INT_MIN);
1132
9b0feec7 1133 HOST_WIDE_INT tmp = -*pmin;
1134 *pmin = 0;
1135 if (*pmax < tmp)
1136 *pmax = tmp;
1137 }
1138 }
1139 }
1140 else if (*pmin < negbound)
1141 *pmin = negbound;
1142
1143 return knownrange;
1144}
1145
514c86c7 1146/* With the range [*ARGMIN, *ARGMAX] of an integer directive's actual
1147 argument, due to the conversion from either *ARGMIN or *ARGMAX to
1148 the type of the directive's formal argument it's possible for both
1149 to result in the same number of bytes or a range of bytes that's
1150 less than the number of bytes that would result from formatting
1151 some other value in the range [*ARGMIN, *ARGMAX]. This can be
1152 determined by checking for the actual argument being in the range
1153 of the type of the directive. If it isn't it must be assumed to
1154 take on the full range of the directive's type.
f0775220 1155 Return true when the range has been adjusted to the full range
1156 of DIRTYPE, and false otherwise. */
514c86c7 1157
1158static bool
1159adjust_range_for_overflow (tree dirtype, tree *argmin, tree *argmax)
1160{
1161 tree argtype = TREE_TYPE (*argmin);
1162 unsigned argprec = TYPE_PRECISION (argtype);
1163 unsigned dirprec = TYPE_PRECISION (dirtype);
1164
1165 /* If the actual argument and the directive's argument have the same
1166 precision and sign there can be no overflow and so there is nothing
1167 to adjust. */
1168 if (argprec == dirprec && TYPE_SIGN (argtype) == TYPE_SIGN (dirtype))
1169 return false;
1170
1171 /* The logic below was inspired/lifted from the CONVERT_EXPR_CODE_P
1172 branch in the extract_range_from_unary_expr function in tree-vrp.c. */
1173
1174 if (TREE_CODE (*argmin) == INTEGER_CST
1175 && TREE_CODE (*argmax) == INTEGER_CST
1176 && (dirprec >= argprec
1177 || integer_zerop (int_const_binop (RSHIFT_EXPR,
1178 int_const_binop (MINUS_EXPR,
1179 *argmax,
1180 *argmin),
1181 size_int (dirprec)))))
1182 {
1183 *argmin = force_fit_type (dirtype, wi::to_widest (*argmin), 0, false);
1184 *argmax = force_fit_type (dirtype, wi::to_widest (*argmax), 0, false);
1185
1186 /* If *ARGMIN is still less than *ARGMAX the conversion above
1187 is safe. Otherwise, it has overflowed and would be unsafe. */
1188 if (tree_int_cst_le (*argmin, *argmax))
1189 return false;
1190 }
1191
f0775220 1192 *argmin = TYPE_MIN_VALUE (dirtype);
1193 *argmax = TYPE_MAX_VALUE (dirtype);
514c86c7 1194 return true;
1195}
1196
b9833bfd 1197/* Return a range representing the minimum and maximum number of bytes
9b0feec7 1198 that the format directive DIR will output for any argument given
1199 the WIDTH and PRECISION (extracted from DIR). This function is
1200 used when the directive argument or its value isn't known. */
b9833bfd 1201
1202static fmtresult
a669405f 1203format_integer (const directive &dir, tree arg, vr_values *vr_values)
b9833bfd 1204{
6156f076 1205 tree intmax_type_node;
1206 tree uintmax_type_node;
b9833bfd 1207
76cf0084 1208 /* Base to format the number in. */
1209 int base;
1210
425bd7b1 1211 /* True when a conversion is preceded by a prefix indicating the base
1212 of the argument (octal or hexadecimal). */
1213 bool maybebase = dir.get_flag ('#');
1214
76cf0084 1215 /* True when a signed conversion is preceded by a sign or space. */
1216 bool maybesign = false;
1217
1218 /* True for signed conversions (i.e., 'd' and 'i'). */
1219 bool sign = false;
1220
1221 switch (dir.specifier)
1222 {
1223 case 'd':
1224 case 'i':
1225 /* Space and '+' are only meaningful for signed conversions. */
1226 maybesign = dir.get_flag (' ') | dir.get_flag ('+');
1227 sign = true;
1228 base = 10;
1229 break;
1230 case 'u':
1231 base = 10;
1232 break;
1233 case 'o':
1234 base = 8;
1235 break;
1236 case 'X':
1237 case 'x':
1238 base = 16;
1239 break;
1240 default:
1241 gcc_unreachable ();
1242 }
b9833bfd 1243
1244 /* The type of the "formal" argument expected by the directive. */
1245 tree dirtype = NULL_TREE;
1246
1247 /* Determine the expected type of the argument from the length
1248 modifier. */
26a75cc5 1249 switch (dir.modifier)
b9833bfd 1250 {
1251 case FMT_LEN_none:
26a75cc5 1252 if (dir.specifier == 'p')
b9833bfd 1253 dirtype = ptr_type_node;
1254 else
1255 dirtype = sign ? integer_type_node : unsigned_type_node;
1256 break;
1257
1258 case FMT_LEN_h:
1259 dirtype = sign ? short_integer_type_node : short_unsigned_type_node;
1260 break;
1261
1262 case FMT_LEN_hh:
1263 dirtype = sign ? signed_char_type_node : unsigned_char_type_node;
1264 break;
1265
1266 case FMT_LEN_l:
1267 dirtype = sign ? long_integer_type_node : long_unsigned_type_node;
1268 break;
1269
1270 case FMT_LEN_L:
1271 case FMT_LEN_ll:
ff982ab4 1272 dirtype = (sign
1273 ? long_long_integer_type_node
1274 : long_long_unsigned_type_node);
b9833bfd 1275 break;
1276
1277 case FMT_LEN_z:
6156f076 1278 dirtype = signed_or_unsigned_type_for (!sign, size_type_node);
b9833bfd 1279 break;
1280
1281 case FMT_LEN_t:
6156f076 1282 dirtype = signed_or_unsigned_type_for (!sign, ptrdiff_type_node);
b9833bfd 1283 break;
1284
1285 case FMT_LEN_j:
6156f076 1286 build_intmax_type_nodes (&intmax_type_node, &uintmax_type_node);
b9833bfd 1287 dirtype = sign ? intmax_type_node : uintmax_type_node;
1288 break;
1289
1290 default:
6156f076 1291 return fmtresult ();
b9833bfd 1292 }
1293
1294 /* The type of the argument to the directive, either deduced from
1295 the actual non-constant argument if one is known, or from
1296 the directive itself when none has been provided because it's
1297 a va_list. */
1298 tree argtype = NULL_TREE;
1299
1300 if (!arg)
1301 {
1302 /* When the argument has not been provided, use the type of
1303 the directive's argument as an approximation. This will
1304 result in false positives for directives like %i with
1305 arguments with smaller precision (such as short or char). */
1306 argtype = dirtype;
1307 }
1308 else if (TREE_CODE (arg) == INTEGER_CST)
1309 {
b9833bfd 1310 /* When a constant argument has been provided use its value
1311 rather than type to determine the length of the output. */
425bd7b1 1312 fmtresult res;
7bcd359a 1313
9b0feec7 1314 if ((dir.prec[0] <= 0 && dir.prec[1] >= 0) && integer_zerop (arg))
7bcd359a 1315 {
514c86c7 1316 /* As a special case, a precision of zero with a zero argument
1317 results in zero bytes except in base 8 when the '#' flag is
1318 specified, and for signed conversions in base 8 and 10 when
7b2c89ef 1319 either the space or '+' flag has been specified and it results
1320 in just one byte (with width having the normal effect). This
1321 must extend to the case of a specified precision with
1322 an unknown value because it can be zero. */
425bd7b1 1323 res.range.min = ((base == 8 && dir.get_flag ('#')) || maybesign);
9b0feec7 1324 if (res.range.min == 0 && dir.prec[0] != dir.prec[1])
425bd7b1 1325 {
1326 res.range.max = 1;
1327 res.range.likely = 1;
1328 }
1329 else
1330 {
1331 res.range.max = res.range.min;
1332 res.range.likely = res.range.min;
1333 }
7bcd359a 1334 }
1335 else
1336 {
1337 /* Convert the argument to the type of the directive. */
1338 arg = fold_convert (dirtype, arg);
b9833bfd 1339
9b0feec7 1340 res.range.min = tree_digits (arg, base, dir.prec[0],
425bd7b1 1341 maybesign, maybebase);
9b0feec7 1342 if (dir.prec[0] == dir.prec[1])
425bd7b1 1343 res.range.max = res.range.min;
9b0feec7 1344 else
1345 res.range.max = tree_digits (arg, base, dir.prec[1],
1346 maybesign, maybebase);
425bd7b1 1347 res.range.likely = res.range.min;
debcef5f 1348 res.knownrange = true;
7bcd359a 1349 }
b9833bfd 1350
425bd7b1 1351 res.range.unlikely = res.range.max;
1352
1353 /* Bump up the counters if WIDTH is greater than LEN. */
1354 res.adjust_for_width_or_precision (dir.width, dirtype, base,
1355 (sign | maybebase) + (base == 16));
1356 /* Bump up the counters again if PRECision is greater still. */
1357 res.adjust_for_width_or_precision (dir.prec, dirtype, base,
1358 (sign | maybebase) + (base == 16));
9b0feec7 1359
b9833bfd 1360 return res;
1361 }
305149ce 1362 else if (INTEGRAL_TYPE_P (TREE_TYPE (arg))
b9833bfd 1363 || TREE_CODE (TREE_TYPE (arg)) == POINTER_TYPE)
f2b9ddff 1364 /* Determine the type of the provided non-constant argument. */
1365 argtype = TREE_TYPE (arg);
b9833bfd 1366 else
f2b9ddff 1367 /* Don't bother with invalid arguments since they likely would
1368 have already been diagnosed, and disable any further checking
1369 of the format string by returning [-1, -1]. */
1370 return fmtresult ();
b9833bfd 1371
c62d63d4 1372 fmtresult res;
b9833bfd 1373
1374 /* Using either the range the non-constant argument is in, or its
1375 type (either "formal" or actual), create a range of values that
1376 constrain the length of output given the warning level. */
1377 tree argmin = NULL_TREE;
1378 tree argmax = NULL_TREE;
1379
57330dbd 1380 if (arg
1381 && TREE_CODE (arg) == SSA_NAME
305149ce 1382 && INTEGRAL_TYPE_P (argtype))
b9833bfd 1383 {
1384 /* Try to determine the range of values of the integer argument
1385 (range information is not available for pointers). */
7368576a 1386 value_range *vr = vr_values->get_value_range (arg);
be44111e 1387 if (range_int_cst_p (vr))
b9833bfd 1388 {
be44111e 1389 argmin = vr->min ();
1390 argmax = vr->max ();
514c86c7 1391
1392 /* Set KNOWNRANGE if the argument is in a known subrange
7b2c89ef 1393 of the directive's type and neither width nor precision
1394 is unknown. (KNOWNRANGE may be reset below). */
514c86c7 1395 res.knownrange
7b2c89ef 1396 = ((!tree_int_cst_equal (TYPE_MIN_VALUE (dirtype), argmin)
1397 || !tree_int_cst_equal (TYPE_MAX_VALUE (dirtype), argmax))
1398 && dir.known_width_and_precision ());
514c86c7 1399
1400 res.argmin = argmin;
1401 res.argmax = argmax;
b9833bfd 1402 }
be44111e 1403 else if (vr->kind () == VR_ANTI_RANGE)
b9833bfd 1404 {
1405 /* Handle anti-ranges if/when bug 71690 is resolved. */
1406 }
be44111e 1407 else if (vr->varying_p () || vr->undefined_p ())
b9833bfd 1408 {
1409 /* The argument here may be the result of promoting the actual
1410 argument to int. Try to determine the type of the actual
3c57b79b 1411 argument before promotion and narrow down its range that
b9833bfd 1412 way. */
1413 gimple *def = SSA_NAME_DEF_STMT (arg);
3c57b79b 1414 if (is_gimple_assign (def))
b9833bfd 1415 {
1416 tree_code code = gimple_assign_rhs_code (def);
c62d63d4 1417 if (code == INTEGER_CST)
1418 {
1419 arg = gimple_assign_rhs1 (def);
a669405f 1420 return format_integer (dir, arg, vr_values);
c62d63d4 1421 }
1422
b9833bfd 1423 if (code == NOP_EXPR)
f2b9ddff 1424 {
1425 tree type = TREE_TYPE (gimple_assign_rhs1 (def));
305149ce 1426 if (INTEGRAL_TYPE_P (type)
f2b9ddff 1427 || TREE_CODE (type) == POINTER_TYPE)
1428 argtype = type;
1429 }
b9833bfd 1430 }
1431 }
1432 }
1433
1434 if (!argmin)
1435 {
f0775220 1436 if (TREE_CODE (argtype) == POINTER_TYPE)
b9833bfd 1437 {
f0775220 1438 argmin = build_int_cst (pointer_sized_int_node, 0);
1439 argmax = build_all_ones_cst (pointer_sized_int_node);
b9833bfd 1440 }
1441 else
1442 {
f0775220 1443 argmin = TYPE_MIN_VALUE (argtype);
1444 argmax = TYPE_MAX_VALUE (argtype);
b9833bfd 1445 }
514c86c7 1446 }
1447
1448 /* Clear KNOWNRANGE if the range has been adjusted to the maximum
1449 of the directive. If it has been cleared then since ARGMIN and/or
1450 ARGMAX have been adjusted also adjust the corresponding ARGMIN and
1451 ARGMAX in the result to include in diagnostics. */
1452 if (adjust_range_for_overflow (dirtype, &argmin, &argmax))
1453 {
1454 res.knownrange = false;
1455 res.argmin = argmin;
1456 res.argmax = argmax;
1457 }
1458
f0775220 1459 /* Recursively compute the minimum and maximum from the known range. */
1460 if (TYPE_UNSIGNED (dirtype) || tree_int_cst_sgn (argmin) >= 0)
514c86c7 1461 {
f0775220 1462 /* For unsigned conversions/directives or signed when
1463 the minimum is positive, use the minimum and maximum to compute
1464 the shortest and longest output, respectively. */
a669405f 1465 res.range.min = format_integer (dir, argmin, vr_values).range.min;
1466 res.range.max = format_integer (dir, argmax, vr_values).range.max;
514c86c7 1467 }
f0775220 1468 else if (tree_int_cst_sgn (argmax) < 0)
514c86c7 1469 {
f0775220 1470 /* For signed conversions/directives if maximum is negative,
1471 use the minimum as the longest output and maximum as the
1472 shortest output. */
a669405f 1473 res.range.min = format_integer (dir, argmax, vr_values).range.min;
1474 res.range.max = format_integer (dir, argmin, vr_values).range.max;
514c86c7 1475 }
f0775220 1476 else
b9833bfd 1477 {
f0775220 1478 /* Otherwise, 0 is inside of the range and minimum negative. Use 0
1479 as the shortest output and for the longest output compute the
1480 length of the output of both minimum and maximum and pick the
1481 longer. */
a669405f 1482 unsigned HOST_WIDE_INT max1
1483 = format_integer (dir, argmin, vr_values).range.max;
1484 unsigned HOST_WIDE_INT max2
1485 = format_integer (dir, argmax, vr_values).range.max;
1486 res.range.min
1487 = format_integer (dir, integer_zero_node, vr_values).range.min;
f0775220 1488 res.range.max = MAX (max1, max2);
b9833bfd 1489 }
1490
3ac1f210 1491 /* If the range is known, use the maximum as the likely length. */
300d15eb 1492 if (res.knownrange)
1493 res.range.likely = res.range.max;
1494 else
1495 {
3ac1f210 1496 /* Otherwise, use the minimum. Except for the case where for %#x or
1497 %#o the minimum is just for a single value in the range (0) and
1498 for all other values it is something longer, like 0x1 or 01.
1499 Use the length for value 1 in that case instead as the likely
1500 length. */
300d15eb 1501 res.range.likely = res.range.min;
3ac1f210 1502 if (maybebase
1503 && base != 10
1504 && (tree_int_cst_sgn (argmin) < 0 || tree_int_cst_sgn (argmax) > 0))
300d15eb 1505 {
1506 if (res.range.min == 1)
1507 res.range.likely += base == 8 ? 1 : 2;
1508 else if (res.range.min == 2
1509 && base == 16
1510 && (dir.width[0] == 2 || dir.prec[0] == 2))
1511 ++res.range.likely;
1512 }
1513 }
1514
425bd7b1 1515 res.range.unlikely = res.range.max;
1516 res.adjust_for_width_or_precision (dir.width, dirtype, base,
1517 (sign | maybebase) + (base == 16));
1518 res.adjust_for_width_or_precision (dir.prec, dirtype, base,
1519 (sign | maybebase) + (base == 16));
1520
b9833bfd 1521 return res;
1522}
1523
84960375 1524/* Return the number of bytes that a format directive consisting of FLAGS,
1525 PRECision, format SPECification, and MPFR rounding specifier RNDSPEC,
1526 would result for argument X under ideal conditions (i.e., if PREC
1527 weren't excessive). MPFR 3.1 allocates large amounts of memory for
1528 values of PREC with large magnitude and can fail (see MPFR bug #21056).
1529 This function works around those problems. */
1530
1531static unsigned HOST_WIDE_INT
1532get_mpfr_format_length (mpfr_ptr x, const char *flags, HOST_WIDE_INT prec,
1533 char spec, char rndspec)
1534{
1535 char fmtstr[40];
1536
1537 HOST_WIDE_INT len = strlen (flags);
1538
1539 fmtstr[0] = '%';
1540 memcpy (fmtstr + 1, flags, len);
1541 memcpy (fmtstr + 1 + len, ".*R", 3);
1542 fmtstr[len + 4] = rndspec;
1543 fmtstr[len + 5] = spec;
1544 fmtstr[len + 6] = '\0';
1545
4c43afbf 1546 spec = TOUPPER (spec);
1547 if (spec == 'E' || spec == 'F')
1548 {
1549 /* For %e, specify the precision explicitly since mpfr_sprintf
1550 does its own thing just to be different (see MPFR bug 21088). */
1551 if (prec < 0)
1552 prec = 6;
1553 }
1554 else
1555 {
1556 /* Avoid passing negative precisions with larger magnitude to MPFR
1557 to avoid exposing its bugs. (A negative precision is supposed
1558 to be ignored.) */
1559 if (prec < 0)
1560 prec = -1;
1561 }
84960375 1562
1563 HOST_WIDE_INT p = prec;
1564
7b2c89ef 1565 if (spec == 'G' && !strchr (flags, '#'))
84960375 1566 {
7b2c89ef 1567 /* For G/g without the pound flag, precision gives the maximum number
1568 of significant digits which is bounded by LDBL_MAX_10_EXP, or, for
1569 a 128 bit IEEE extended precision, 4932. Using twice as much here
1570 should be more than sufficient for any real format. */
84960375 1571 if ((IEEE_MAX_10_EXP * 2) < prec)
1572 prec = IEEE_MAX_10_EXP * 2;
1573 p = prec;
1574 }
1575 else
1576 {
1577 /* Cap precision arbitrarily at 1KB and add the difference
1578 (if any) to the MPFR result. */
f84f68b2 1579 if (prec > 1024)
84960375 1580 p = 1024;
1581 }
1582
1583 len = mpfr_snprintf (NULL, 0, fmtstr, (int)p, x);
1584
1585 /* Handle the unlikely (impossible?) error by returning more than
1586 the maximum dictated by the function's return type. */
1587 if (len < 0)
1588 return target_dir_max () + 1;
1589
1590 /* Adjust the return value by the difference. */
1591 if (p < prec)
1592 len += prec - p;
1593
1594 return len;
1595}
1596
b9833bfd 1597/* Return the number of bytes to format using the format specifier
4c43afbf 1598 SPEC and the precision PREC the largest value in the real floating
1599 TYPE. */
b9833bfd 1600
84960375 1601static unsigned HOST_WIDE_INT
1602format_floating_max (tree type, char spec, HOST_WIDE_INT prec)
b9833bfd 1603{
1604 machine_mode mode = TYPE_MODE (type);
1605
1606 /* IBM Extended mode. */
1607 if (MODE_COMPOSITE_P (mode))
1608 mode = DFmode;
1609
1610 /* Get the real type format desription for the target. */
1611 const real_format *rfmt = REAL_MODE_FORMAT (mode);
1612 REAL_VALUE_TYPE rv;
1613
26a75cc5 1614 real_maxval (&rv, 0, mode);
b9833bfd 1615
1616 /* Convert the GCC real value representation with the precision
1617 of the real type to the mpfr_t format with the GCC default
1618 round-to-nearest mode. */
1619 mpfr_t x;
1620 mpfr_init2 (x, rfmt->p);
17a58f8a 1621 mpfr_from_real (x, &rv, GMP_RNDN);
b9833bfd 1622
c62d63d4 1623 /* Return a value one greater to account for the leading minus sign. */
c1d579d6 1624 unsigned HOST_WIDE_INT r
1625 = 1 + get_mpfr_format_length (x, "", prec, spec, 'D');
1626 mpfr_clear (x);
1627 return r;
b9833bfd 1628}
1629
1630/* Return a range representing the minimum and maximum number of bytes
63e30ce7 1631 that the directive DIR will output for any argument. PREC gives
1632 the adjusted precision range to account for negative precisions
1633 meaning the default 6. This function is used when the directive
1634 argument or its value isn't known. */
b9833bfd 1635
1636static fmtresult
63e30ce7 1637format_floating (const directive &dir, const HOST_WIDE_INT prec[2])
b9833bfd 1638{
1639 tree type;
b9833bfd 1640
26a75cc5 1641 switch (dir.modifier)
b9833bfd 1642 {
21ce832f 1643 case FMT_LEN_l:
b9833bfd 1644 case FMT_LEN_none:
1645 type = double_type_node;
1646 break;
1647
1648 case FMT_LEN_L:
1649 type = long_double_type_node;
b9833bfd 1650 break;
1651
1652 case FMT_LEN_ll:
1653 type = long_double_type_node;
b9833bfd 1654 break;
1655
1656 default:
c62d63d4 1657 return fmtresult ();
b9833bfd 1658 }
1659
1660 /* The minimum and maximum number of bytes produced by the directive. */
c62d63d4 1661 fmtresult res;
b9833bfd 1662
425bd7b1 1663 /* The minimum output as determined by flags. It's always at least 1.
1664 When plus or space are set the output is preceded by either a sign
1665 or a space. */
63e30ce7 1666 unsigned flagmin = (1 /* for the first digit */
1667 + (dir.get_flag ('+') | dir.get_flag (' ')));
b9833bfd 1668
b35bf93a 1669 /* The minimum is 3 for "inf" and "nan" for all specifiers, plus 1
1670 for the plus sign/space with the '+' and ' ' flags, respectively,
1671 unless reduced below. */
1672 res.range.min = 2 + flagmin;
1673
425bd7b1 1674 /* When the pound flag is set the decimal point is included in output
1675 regardless of precision. Whether or not a decimal point is included
1676 otherwise depends on the specification and precision. */
1677 bool radix = dir.get_flag ('#');
b9833bfd 1678
26a75cc5 1679 switch (dir.specifier)
b9833bfd 1680 {
1681 case 'A':
1682 case 'a':
1683 {
425bd7b1 1684 HOST_WIDE_INT minprec = 6 + !radix /* decimal point */;
9b0feec7 1685 if (dir.prec[0] <= 0)
425bd7b1 1686 minprec = 0;
9b0feec7 1687 else if (dir.prec[0] > 0)
1688 minprec = dir.prec[0] + !radix /* decimal point */;
425bd7b1 1689
b35bf93a 1690 res.range.likely = (2 /* 0x */
1691 + flagmin
1692 + radix
1693 + minprec
1694 + 3 /* p+0 */);
425bd7b1 1695
63e30ce7 1696 res.range.max = format_floating_max (type, 'a', prec[1]);
425bd7b1 1697
1698 /* The unlikely maximum accounts for the longest multibyte
1699 decimal point character. */
9b0feec7 1700 res.range.unlikely = res.range.max;
63e30ce7 1701 if (dir.prec[1] > 0)
9b0feec7 1702 res.range.unlikely += target_mb_len_max () - 1;
4c43afbf 1703
b9833bfd 1704 break;
1705 }
1706
1707 case 'E':
1708 case 'e':
1709 {
63e30ce7 1710 /* Minimum output attributable to precision and, when it's
1711 non-zero, decimal point. */
1712 HOST_WIDE_INT minprec = prec[0] ? prec[0] + !radix : 0;
1713
b35bf93a 1714 /* The likely minimum output is "[-+]1.234567e+00" regardless
b9833bfd 1715 of the value of the actual argument. */
b35bf93a 1716 res.range.likely = (flagmin
1717 + radix
1718 + minprec
1719 + 2 /* e+ */ + 2);
425bd7b1 1720
63e30ce7 1721 res.range.max = format_floating_max (type, 'e', prec[1]);
425bd7b1 1722
1723 /* The unlikely maximum accounts for the longest multibyte
1724 decimal point character. */
9b0feec7 1725 if (dir.prec[0] != dir.prec[1]
1726 || dir.prec[0] == -1 || dir.prec[0] > 0)
425bd7b1 1727 res.range.unlikely = res.range.max + target_mb_len_max () -1;
1728 else
1729 res.range.unlikely = res.range.max;
b9833bfd 1730 break;
1731 }
1732
1733 case 'F':
1734 case 'f':
1735 {
63e30ce7 1736 /* Minimum output attributable to precision and, when it's non-zero,
1737 decimal point. */
1738 HOST_WIDE_INT minprec = prec[0] ? prec[0] + !radix : 0;
1739
b35bf93a 1740 /* For finite numbers (i.e., not infinity or NaN) the lower bound
1741 when precision isn't specified is 8 bytes ("1.23456" since
1742 precision is taken to be 6). When precision is zero, the lower
1743 bound is 1 byte (e.g., "1"). Otherwise, when precision is greater
1744 than zero, then the lower bound is 2 plus precision (plus flags).
1745 But in all cases, the lower bound is no greater than 3. */
1746 unsigned HOST_WIDE_INT min = flagmin + radix + minprec;
1747 if (min < res.range.min)
1748 res.range.min = min;
425bd7b1 1749
1750 /* Compute the upper bound for -TYPE_MAX. */
63e30ce7 1751 res.range.max = format_floating_max (type, 'f', prec[1]);
425bd7b1 1752
7b2c89ef 1753 /* The minimum output with unknown precision is a single byte
1754 (e.g., "0") but the more likely output is 3 bytes ("0.0"). */
1755 if (dir.prec[0] < 0 && dir.prec[1] > 0)
1756 res.range.likely = 3;
1757 else
b35bf93a 1758 res.range.likely = min;
425bd7b1 1759
1760 /* The unlikely maximum accounts for the longest multibyte
1761 decimal point character. */
9b0feec7 1762 if (dir.prec[0] != dir.prec[1]
1763 || dir.prec[0] == -1 || dir.prec[0] > 0)
425bd7b1 1764 res.range.unlikely = res.range.max + target_mb_len_max () - 1;
b9833bfd 1765 break;
1766 }
4c43afbf 1767
b9833bfd 1768 case 'G':
1769 case 'g':
1770 {
4c43afbf 1771 /* The %g output depends on precision and the exponent of
1772 the argument. Since the value of the argument isn't known
1773 the lower bound on the range of bytes (not counting flags
7b2c89ef 1774 or width) is 1 plus radix (i.e., either "0" or "0." for
1775 "%g" and "%#g", respectively, with a zero argument). */
b35bf93a 1776 unsigned HOST_WIDE_INT min = flagmin + radix;
1777 if (min < res.range.min)
1778 res.range.min = min;
7b2c89ef 1779
1780 char spec = 'g';
1781 HOST_WIDE_INT maxprec = dir.prec[1];
1782 if (radix && maxprec)
1783 {
1784 /* When the pound flag (radix) is set, trailing zeros aren't
1785 trimmed and so the longest output is the same as for %e,
1786 except with precision minus 1 (as specified in C11). */
1787 spec = 'e';
1788 if (maxprec > 0)
1789 --maxprec;
1790 else if (maxprec < 0)
1791 maxprec = 5;
1792 }
63e30ce7 1793 else
1794 maxprec = prec[1];
7b2c89ef 1795
1796 res.range.max = format_floating_max (type, spec, maxprec);
1797
1798 /* The likely output is either the maximum computed above
1799 minus 1 (assuming the maximum is positive) when precision
1800 is known (or unspecified), or the same minimum as for %e
1801 (which is computed for a non-negative argument). Unlike
1802 for the other specifiers above the likely output isn't
1803 the minimum because for %g that's 1 which is unlikely. */
1804 if (dir.prec[1] < 0
1805 || (unsigned HOST_WIDE_INT)dir.prec[1] < target_int_max ())
1806 res.range.likely = res.range.max - 1;
1807 else
1808 {
1809 HOST_WIDE_INT minprec = 6 + !radix /* decimal point */;
1810 res.range.likely = (flagmin
1811 + radix
1812 + minprec
1813 + 2 /* e+ */ + 2);
1814 }
425bd7b1 1815
1816 /* The unlikely maximum accounts for the longest multibyte
1817 decimal point character. */
1818 res.range.unlikely = res.range.max + target_mb_len_max () - 1;
b9833bfd 1819 break;
1820 }
1821
1822 default:
c62d63d4 1823 return fmtresult ();
b9833bfd 1824 }
1825
425bd7b1 1826 /* Bump up the byte counters if WIDTH is greater. */
1827 res.adjust_for_width_or_precision (dir.width);
b9833bfd 1828 return res;
1829}
1830
1831/* Return a range representing the minimum and maximum number of bytes
9b0feec7 1832 that the directive DIR will write on output for the floating argument
1833 ARG. */
b9833bfd 1834
1835static fmtresult
a669405f 1836format_floating (const directive &dir, tree arg, vr_values *)
b9833bfd 1837{
9b0feec7 1838 HOST_WIDE_INT prec[] = { dir.prec[0], dir.prec[1] };
4f2bedf8 1839 tree type = (dir.modifier == FMT_LEN_L || dir.modifier == FMT_LEN_ll
1840 ? long_double_type_node : double_type_node);
b9833bfd 1841
7b2c89ef 1842 /* For an indeterminate precision the lower bound must be assumed
1843 to be zero. */
425bd7b1 1844 if (TOUPPER (dir.specifier) == 'A')
b9833bfd 1845 {
7b2c89ef 1846 /* Get the number of fractional decimal digits needed to represent
1847 the argument without a loss of accuracy. */
7b2c89ef 1848 unsigned fmtprec
1849 = REAL_MODE_FORMAT (TYPE_MODE (type))->p;
1850
1851 /* The precision of the IEEE 754 double format is 53.
1852 The precision of all other GCC binary double formats
1853 is 56 or less. */
1854 unsigned maxprec = fmtprec <= 56 ? 13 : 15;
1855
425bd7b1 1856 /* For %a, leave the minimum precision unspecified to let
1857 MFPR trim trailing zeros (as it and many other systems
1858 including Glibc happen to do) and set the maximum
1859 precision to reflect what it would be with trailing zeros
1860 present (as Solaris and derived systems do). */
7b2c89ef 1861 if (dir.prec[1] < 0)
425bd7b1 1862 {
7b2c89ef 1863 /* Both bounds are negative implies that precision has
1864 not been specified. */
1865 prec[0] = maxprec;
1866 prec[1] = -1;
1867 }
1868 else if (dir.prec[0] < 0)
1869 {
1870 /* With a negative lower bound and a non-negative upper
1871 bound set the minimum precision to zero and the maximum
1872 to the greater of the maximum precision (i.e., with
1873 trailing zeros present) and the specified upper bound. */
1874 prec[0] = 0;
1875 prec[1] = dir.prec[1] < maxprec ? maxprec : dir.prec[1];
1876 }
1877 }
1878 else if (dir.prec[0] < 0)
1879 {
1880 if (dir.prec[1] < 0)
1881 {
1882 /* A precision in a strictly negative range is ignored and
1883 the default of 6 is used instead. */
1884 prec[0] = prec[1] = 6;
1885 }
1886 else
1887 {
1888 /* For a precision in a partly negative range, the lower bound
1889 must be assumed to be zero and the new upper bound is the
1890 greater of 6 (the default precision used when the specified
1891 precision is negative) and the upper bound of the specified
1892 range. */
1893 prec[0] = 0;
1894 prec[1] = dir.prec[1] < 6 ? 6 : dir.prec[1];
425bd7b1 1895 }
b9833bfd 1896 }
1897
4f2bedf8 1898 if (!arg
1899 || TREE_CODE (arg) != REAL_CST
1900 || !useless_type_conversion_p (type, TREE_TYPE (arg)))
63e30ce7 1901 return format_floating (dir, prec);
1902
26a75cc5 1903 /* The minimum and maximum number of bytes produced by the directive. */
1904 fmtresult res;
b9833bfd 1905
26a75cc5 1906 /* Get the real type format desription for the target. */
1907 const REAL_VALUE_TYPE *rvp = TREE_REAL_CST_PTR (arg);
1908 const real_format *rfmt = REAL_MODE_FORMAT (TYPE_MODE (TREE_TYPE (arg)));
1909
b35bf93a 1910 if (!real_isfinite (rvp))
1911 {
1912 /* The format for Infinity and NaN is "[-]inf"/"[-]infinity"
1913 and "[-]nan" with the choice being implementation-defined
1914 but not locale dependent. */
1915 bool sign = dir.get_flag ('+') || real_isneg (rvp);
1916 res.range.min = 3 + sign;
1917
1918 res.range.likely = res.range.min;
1919 res.range.max = res.range.min;
d3abe5e0 1920 /* The unlikely maximum is "[-/+]infinity" or "[-/+][qs]nan".
1921 For NaN, the C/POSIX standards specify two formats:
1922 "[-/+]nan"
1923 and
1924 "[-/+]nan(n-char-sequence)"
1925 No known printf implementation outputs the latter format but AIX
1926 outputs QNaN and SNaN for quiet and signalling NaN, respectively,
1927 so the unlikely maximum reflects that. */
1928 res.range.unlikely = sign + (real_isinf (rvp) ? 8 : 4);
b35bf93a 1929
1930 /* The range for infinity and NaN is known unless either width
1931 or precision is unknown. Width has the same effect regardless
1932 of whether the argument is finite. Precision is either ignored
1933 (e.g., Glibc) or can have an effect on the short vs long format
1934 such as inf/infinity (e.g., Solaris). */
1935 res.knownrange = dir.known_width_and_precision ();
1936
1937 /* Adjust the range for width but ignore precision. */
1938 res.adjust_for_width_or_precision (dir.width);
1939
1940 return res;
1941 }
1942
26a75cc5 1943 char fmtstr [40];
1944 char *pfmt = fmtstr;
b9833bfd 1945
26a75cc5 1946 /* Append flags. */
1947 for (const char *pf = "-+ #0"; *pf; ++pf)
1948 if (dir.get_flag (*pf))
1949 *pfmt++ = *pf;
b9833bfd 1950
26a75cc5 1951 *pfmt = '\0';
b9833bfd 1952
26a75cc5 1953 {
1954 /* Set up an array to easily iterate over. */
1955 unsigned HOST_WIDE_INT* const minmax[] = {
1956 &res.range.min, &res.range.max
1957 };
b9833bfd 1958
26a75cc5 1959 for (int i = 0; i != sizeof minmax / sizeof *minmax; ++i)
4c43afbf 1960 {
26a75cc5 1961 /* Convert the GCC real value representation with the precision
1962 of the real type to the mpfr_t format rounding down in the
1963 first iteration that computes the minimm and up in the second
1964 that computes the maximum. This order is arbibtrary because
1965 rounding in either direction can result in longer output. */
1966 mpfr_t mpfrval;
1967 mpfr_init2 (mpfrval, rfmt->p);
4c7d2cb4 1968 mpfr_from_real (mpfrval, rvp, i ? GMP_RNDU : GMP_RNDD);
26a75cc5 1969
1970 /* Use the MPFR rounding specifier to round down in the first
1971 iteration and then up. In most but not all cases this will
1972 result in the same number of bytes. */
1973 char rndspec = "DU"[i];
1974
1975 /* Format it and store the result in the corresponding member
1976 of the result struct. */
425bd7b1 1977 *minmax[i] = get_mpfr_format_length (mpfrval, fmtstr, prec[i],
1978 dir.specifier, rndspec);
c1d579d6 1979 mpfr_clear (mpfrval);
4c43afbf 1980 }
26a75cc5 1981 }
4c43afbf 1982
26a75cc5 1983 /* Make sure the minimum is less than the maximum (MPFR rounding
1984 in the call to mpfr_snprintf can result in the reverse. */
1985 if (res.range.max < res.range.min)
1986 {
1987 unsigned HOST_WIDE_INT tmp = res.range.min;
1988 res.range.min = res.range.max;
1989 res.range.max = tmp;
1990 }
c62d63d4 1991
7b2c89ef 1992 /* The range is known unless either width or precision is unknown. */
1993 res.knownrange = dir.known_width_and_precision ();
1994
1995 /* For the same floating point constant, unless width or precision
1996 is unknown, use the longer output as the likely maximum since
1997 with round to nearest either is equally likely. Otheriwse, when
1998 precision is unknown, use the greater of the minimum and 3 as
1999 the likely output (for "0.0" since zero precision is unlikely). */
2000 if (res.knownrange)
2001 res.range.likely = res.range.max;
2002 else if (res.range.min < 3
2003 && dir.prec[0] < 0
2004 && (unsigned HOST_WIDE_INT)dir.prec[1] == target_int_max ())
2005 res.range.likely = 3;
2006 else
2007 res.range.likely = res.range.min;
425bd7b1 2008
425bd7b1 2009 res.range.unlikely = res.range.max;
2010
2011 if (res.range.max > 2 && (prec[0] != 0 || prec[1] != 0))
26a75cc5 2012 {
425bd7b1 2013 /* Unless the precision is zero output longer than 2 bytes may
2014 include the decimal point which must be a single character
2015 up to MB_LEN_MAX in length. This is overly conservative
2016 since in some conversions some constants result in no decimal
2017 point (e.g., in %g). */
2018 res.range.unlikely += target_mb_len_max () - 1;
b9833bfd 2019 }
2020
425bd7b1 2021 res.adjust_for_width_or_precision (dir.width);
26a75cc5 2022 return res;
b9833bfd 2023}
2024
2025/* Return a FMTRESULT struct set to the lengths of the shortest and longest
2026 strings referenced by the expression STR, or (-1, -1) when not known.
2027 Used by the format_string function below. */
2028
2029static fmtresult
893c4605 2030get_string_length (tree str, unsigned eltsize)
b9833bfd 2031{
2032 if (!str)
c62d63d4 2033 return fmtresult ();
b9833bfd 2034
b9833bfd 2035 /* Determine the length of the shortest and longest string referenced
2036 by STR. Strings of unknown lengths are bounded by the sizes of
2037 arrays that subexpressions of STR may refer to. Pointers that
14c286b1 2038 aren't known to point any such arrays result in LENDATA.MAXLEN
2039 set to SIZE_MAX. */
2040 c_strlen_data lendata = { };
4db23c18 2041 get_range_strlen (str, &lendata, eltsize);
14c286b1 2042
2043 /* Return the default result when nothing is known about the string. */
2044 if (integer_all_onesp (lendata.maxbound)
2045 && integer_all_onesp (lendata.maxlen))
2046 return fmtresult ();
b9833bfd 2047
14c286b1 2048 HOST_WIDE_INT min
2049 = (tree_fits_uhwi_p (lendata.minlen)
2050 ? tree_to_uhwi (lendata.minlen)
2051 : 0);
2052
2053 HOST_WIDE_INT max
2054 = (tree_fits_uhwi_p (lendata.maxbound)
2055 ? tree_to_uhwi (lendata.maxbound)
2056 : HOST_WIDE_INT_M1U);
2057
4db23c18 2058 const bool unbounded = integer_all_onesp (lendata.maxlen);
14c286b1 2059
2060 /* Set the max/likely counters to unbounded when a minimum is known
2061 but the maximum length isn't bounded. This implies that STR is
2062 a conditional expression involving a string of known length and
2063 and an expression of unknown/unbounded length. */
2064 if (min
2065 && (unsigned HOST_WIDE_INT)min < HOST_WIDE_INT_M1U
2066 && unbounded)
2067 max = HOST_WIDE_INT_M1U;
2068
2069 /* get_range_strlen() returns the target value of SIZE_MAX for
2070 strings of unknown length. Bump it up to HOST_WIDE_INT_M1U
2071 which may be bigger. */
2072 if ((unsigned HOST_WIDE_INT)min == target_size_max ())
2073 min = HOST_WIDE_INT_M1U;
2074 if ((unsigned HOST_WIDE_INT)max == target_size_max ())
2075 max = HOST_WIDE_INT_M1U;
2076
2077 fmtresult res (min, max);
2078 res.nonstr = lendata.decl;
2079
2080 /* Set RES.KNOWNRANGE to true if and only if all strings referenced
2081 by STR are known to be bounded (though not necessarily by their
2082 actual length but perhaps by their maximum possible length). */
2083 if (res.range.max < target_int_max ())
b9833bfd 2084 {
14c286b1 2085 res.knownrange = true;
2086 /* When the the length of the longest string is known and not
2087 excessive use it as the likely length of the string(s). */
2088 res.range.likely = res.range.max;
2089 }
2090 else
2091 {
2092 /* When the upper bound is unknown (it can be zero or excessive)
2093 set the likely length to the greater of 1 and the length of
2094 the shortest string and reset the lower bound to zero. */
2095 res.range.likely = res.range.min ? res.range.min : warn_level > 1;
2096 res.range.min = 0;
b9833bfd 2097 }
2098
14c286b1 2099 res.range.unlikely = unbounded ? HOST_WIDE_INT_MAX : res.range.max;
2100
2101 return res;
b9833bfd 2102}
2103
2104/* Return the minimum and maximum number of characters formatted
26a75cc5 2105 by the '%c' format directives and its wide character form for
2106 the argument ARG. ARG can be null (for functions such as
2107 vsprinf). */
b9833bfd 2108
2109static fmtresult
a669405f 2110format_character (const directive &dir, tree arg, vr_values *vr_values)
b9833bfd 2111{
c62d63d4 2112 fmtresult res;
b9833bfd 2113
425bd7b1 2114 res.knownrange = true;
2115
17d7e9ff 2116 if (dir.specifier == 'C'
2117 || dir.modifier == FMT_LEN_l)
425bd7b1 2118 {
425bd7b1 2119 /* A wide character can result in as few as zero bytes. */
2120 res.range.min = 0;
2121
9b0feec7 2122 HOST_WIDE_INT min, max;
a669405f 2123 if (get_int_range (arg, &min, &max, false, 0, vr_values))
425bd7b1 2124 {
9b0feec7 2125 if (min == 0 && max == 0)
2126 {
2127 /* The NUL wide character results in no bytes. */
2128 res.range.max = 0;
2129 res.range.likely = 0;
2130 res.range.unlikely = 0;
2131 }
17d7e9ff 2132 else if (min >= 0 && min < 128)
9b0feec7 2133 {
17d7e9ff 2134 /* Be conservative if the target execution character set
2135 is not a 1-to-1 mapping to the source character set or
2136 if the source set is not ASCII. */
2137 bool one_2_one_ascii
2138 = (target_to_host_charmap[0] == 1 && target_to_host ('a') == 97);
2139
9b0feec7 2140 /* A wide character in the ASCII range most likely results
2141 in a single byte, and only unlikely in up to MB_LEN_MAX. */
17d7e9ff 2142 res.range.max = one_2_one_ascii ? 1 : target_mb_len_max ();;
9b0feec7 2143 res.range.likely = 1;
2144 res.range.unlikely = target_mb_len_max ();
17d7e9ff 2145 res.mayfail = !one_2_one_ascii;
9b0feec7 2146 }
2147 else
2148 {
2149 /* A wide character outside the ASCII range likely results
2150 in up to two bytes, and only unlikely in up to MB_LEN_MAX. */
2151 res.range.max = target_mb_len_max ();
2152 res.range.likely = 2;
2153 res.range.unlikely = res.range.max;
17d7e9ff 2154 /* Converting such a character may fail. */
2155 res.mayfail = true;
9b0feec7 2156 }
425bd7b1 2157 }
2158 else
2159 {
9b0feec7 2160 /* An unknown wide character is treated the same as a wide
2161 character outside the ASCII range. */
425bd7b1 2162 res.range.max = target_mb_len_max ();
2163 res.range.likely = 2;
2164 res.range.unlikely = res.range.max;
17d7e9ff 2165 res.mayfail = true;
425bd7b1 2166 }
26a75cc5 2167 }
2168 else
2169 {
2170 /* A plain '%c' directive. Its ouput is exactly 1. */
2171 res.range.min = res.range.max = 1;
9b0feec7 2172 res.range.likely = res.range.unlikely = 1;
26a75cc5 2173 res.knownrange = true;
26a75cc5 2174 }
2175
425bd7b1 2176 /* Bump up the byte counters if WIDTH is greater. */
2177 return res.adjust_for_width_or_precision (dir.width);
26a75cc5 2178}
2179
2180/* Return the minimum and maximum number of characters formatted
9b0feec7 2181 by the '%s' format directive and its wide character form for
2182 the argument ARG. ARG can be null (for functions such as
2183 vsprinf). */
26a75cc5 2184
2185static fmtresult
a669405f 2186format_string (const directive &dir, tree arg, vr_values *)
26a75cc5 2187{
2188 fmtresult res;
b9833bfd 2189
26a75cc5 2190 /* Compute the range the argument's length can be in. */
3c487f08 2191 int count_by = 1;
2192 if (dir.specifier == 'S' || dir.modifier == FMT_LEN_l)
2193 {
2194 /* Get a node for a C type that will be the same size
2195 as a wchar_t on the target. */
2196 tree node = get_typenode_from_name (MODIFIED_WCHAR_TYPE);
2197
2198 /* Now that we have a suitable node, get the number of
2199 bytes it occupies. */
2200 count_by = int_size_in_bytes (node);
2201 gcc_checking_assert (count_by == 2 || count_by == 4);
2202 }
2203
893c4605 2204 fmtresult slen = get_string_length (arg, count_by);
974e2c47 2205 if (slen.range.min == slen.range.max
2206 && slen.range.min < HOST_WIDE_INT_MAX)
b9833bfd 2207 {
425bd7b1 2208 /* The argument is either a string constant or it refers
2209 to one of a number of strings of the same length. */
b9833bfd 2210
26a75cc5 2211 /* A '%s' directive with a string argument with constant length. */
2212 res.range = slen.range;
b9833bfd 2213
17d7e9ff 2214 if (dir.specifier == 'S'
2215 || dir.modifier == FMT_LEN_l)
26a75cc5 2216 {
425bd7b1 2217 /* In the worst case the length of output of a wide string S
2218 is bounded by MB_LEN_MAX * wcslen (S). */
2219 res.range.max *= target_mb_len_max ();
2220 res.range.unlikely = res.range.max;
2221 /* It's likely that the the total length is not more that
2222 2 * wcslen (S).*/
2223 res.range.likely = res.range.min * 2;
b9833bfd 2224
f84f68b2 2225 if (dir.prec[1] >= 0
9b0feec7 2226 && (unsigned HOST_WIDE_INT)dir.prec[1] < res.range.max)
425bd7b1 2227 {
9b0feec7 2228 res.range.max = dir.prec[1];
2229 res.range.likely = dir.prec[1];
2230 res.range.unlikely = dir.prec[1];
425bd7b1 2231 }
b9833bfd 2232
9b0feec7 2233 if (dir.prec[0] < 0 && dir.prec[1] > -1)
2234 res.range.min = 0;
f84f68b2 2235 else if (dir.prec[0] >= 0)
9b0feec7 2236 res.range.likely = dir.prec[0];
2237
425bd7b1 2238 /* Even a non-empty wide character string need not convert into
2239 any bytes. */
2240 res.range.min = 0;
17d7e9ff 2241
2242 /* A non-empty wide character conversion may fail. */
2243 if (slen.range.max > 0)
2244 res.mayfail = true;
26a75cc5 2245 }
425bd7b1 2246 else
26a75cc5 2247 {
425bd7b1 2248 res.knownrange = true;
2249
9b0feec7 2250 if (dir.prec[0] < 0 && dir.prec[1] > -1)
425bd7b1 2251 res.range.min = 0;
9b0feec7 2252 else if ((unsigned HOST_WIDE_INT)dir.prec[0] < res.range.min)
2253 res.range.min = dir.prec[0];
2254
2255 if ((unsigned HOST_WIDE_INT)dir.prec[1] < res.range.max)
425bd7b1 2256 {
9b0feec7 2257 res.range.max = dir.prec[1];
2258 res.range.likely = dir.prec[1];
2259 res.range.unlikely = dir.prec[1];
425bd7b1 2260 }
26a75cc5 2261 }
2262 }
2263 else if (arg && integer_zerop (arg))
2264 {
2265 /* Handle null pointer argument. */
b9833bfd 2266
26a75cc5 2267 fmtresult res (0);
2268 res.nullp = true;
2269 return res;
2270 }
2271 else
2272 {
d9922b2c 2273 /* For a '%s' and '%ls' directive with a non-constant string (either
2274 one of a number of strings of known length or an unknown string)
2275 the minimum number of characters is lesser of PRECISION[0] and
2276 the length of the shortest known string or zero, and the maximum
2277 is the lessser of the length of the longest known string or
2278 PTRDIFF_MAX and PRECISION[1]. The likely length is either
2279 the minimum at level 1 and the greater of the minimum and 1
2280 at level 2. This result is adjust upward for width (if it's
2281 specified). */
2282
17d7e9ff 2283 if (dir.specifier == 'S'
2284 || dir.modifier == FMT_LEN_l)
d9922b2c 2285 {
2286 /* A wide character converts to as few as zero bytes. */
2287 slen.range.min = 0;
2288 if (slen.range.max < target_int_max ())
2289 slen.range.max *= target_mb_len_max ();
2290
2291 if (slen.range.likely < target_int_max ())
2292 slen.range.likely *= 2;
2293
2294 if (slen.range.likely < target_int_max ())
2295 slen.range.unlikely *= target_mb_len_max ();
17d7e9ff 2296
2297 /* A non-empty wide character conversion may fail. */
2298 if (slen.range.max > 0)
2299 res.mayfail = true;
d9922b2c 2300 }
2301
2302 res.range = slen.range;
b9833bfd 2303
f84f68b2 2304 if (dir.prec[0] >= 0)
26a75cc5 2305 {
d9922b2c 2306 /* Adjust the minimum to zero if the string length is unknown,
2307 or at most the lower bound of the precision otherwise. */
26a75cc5 2308 if (slen.range.min >= target_int_max ())
d9922b2c 2309 res.range.min = 0;
9b0feec7 2310 else if ((unsigned HOST_WIDE_INT)dir.prec[0] < slen.range.min)
d9922b2c 2311 res.range.min = dir.prec[0];
26a75cc5 2312
d9922b2c 2313 /* Make both maxima no greater than the upper bound of precision. */
9b0feec7 2314 if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.max
26a75cc5 2315 || slen.range.max >= target_int_max ())
425bd7b1 2316 {
d9922b2c 2317 res.range.max = dir.prec[1];
2318 res.range.unlikely = dir.prec[1];
425bd7b1 2319 }
d9922b2c 2320
2321 /* If precision is constant, set the likely counter to the lesser
2322 of it and the maximum string length. Otherwise, if the lower
2323 bound of precision is greater than zero, set the likely counter
2324 to the minimum. Otherwise set it to zero or one based on
2325 the warning level. */
2326 if (dir.prec[0] == dir.prec[1])
2327 res.range.likely
2328 = ((unsigned HOST_WIDE_INT)dir.prec[0] < slen.range.max
2329 ? dir.prec[0] : slen.range.max);
2330 else if (dir.prec[0] > 0)
2331 res.range.likely = res.range.min;
2332 else
2333 res.range.likely = warn_level > 1;
2334 }
2335 else if (dir.prec[1] >= 0)
2336 {
2337 res.range.min = 0;
2338 if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.max)
2339 res.range.max = dir.prec[1];
2340 res.range.likely = dir.prec[1] ? warn_level > 1 : 0;
14c286b1 2341 if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.unlikely)
2342 res.range.unlikely = dir.prec[1];
26a75cc5 2343 }
2344 else if (slen.range.min >= target_int_max ())
2345 {
d9922b2c 2346 res.range.min = 0;
2347 res.range.max = HOST_WIDE_INT_MAX;
2348 /* At level 1 strings of unknown length are assumed to be
425bd7b1 2349 empty, while at level 1 they are assumed to be one byte
2350 long. */
d9922b2c 2351 res.range.likely = warn_level > 1;
14c286b1 2352 res.range.unlikely = HOST_WIDE_INT_MAX;
d9922b2c 2353 }
2354 else
2355 {
2356 /* A string of unknown length unconstrained by precision is
2357 assumed to be empty at level 1 and just one character long
2358 at higher levels. */
2359 if (res.range.likely >= target_int_max ())
2360 res.range.likely = warn_level > 1;
b9833bfd 2361 }
2362 }
2363
f1625820 2364 /* If the argument isn't a nul-terminated string and the number
2365 of bytes on output isn't bounded by precision, set NONSTR. */
2366 if (slen.nonstr && slen.range.min < (unsigned HOST_WIDE_INT)dir.prec[0])
2367 res.nonstr = slen.nonstr;
2368
425bd7b1 2369 /* Bump up the byte counters if WIDTH is greater. */
2370 return res.adjust_for_width_or_precision (dir.width);
2371}
2372
2373/* Format plain string (part of the format string itself). */
2374
2375static fmtresult
a669405f 2376format_plain (const directive &dir, tree, vr_values *)
425bd7b1 2377{
2378 fmtresult res (dir.len);
2379 return res;
2380}
2381
2382/* Return true if the RESULT of a directive in a call describe by INFO
2383 should be diagnosed given the AVAILable space in the destination. */
2384
2385static bool
9d8823fc 2386should_warn_p (const sprintf_dom_walker::call_info &info,
425bd7b1 2387 const result_range &avail, const result_range &result)
2388{
2389 if (result.max <= avail.min)
2390 {
2391 /* The least amount of space remaining in the destination is big
2392 enough for the longest output. */
2393 return false;
2394 }
2395
2396 if (info.bounded)
7bcd359a 2397 {
f84f68b2 2398 if (warn_format_trunc == 1 && result.min <= avail.max
425bd7b1 2399 && info.retval_used ())
2400 {
2401 /* The likely amount of space remaining in the destination is big
2402 enough for the least output and the return value is used. */
2403 return false;
2404 }
b9833bfd 2405
f84f68b2 2406 if (warn_format_trunc == 1 && result.likely <= avail.likely
425bd7b1 2407 && !info.retval_used ())
2408 {
2409 /* The likely amount of space remaining in the destination is big
2410 enough for the likely output and the return value is unused. */
2411 return false;
2412 }
b9833bfd 2413
425bd7b1 2414 if (warn_format_trunc == 2
2415 && result.likely <= avail.min
2416 && (result.max <= avail.min
2417 || result.max > HOST_WIDE_INT_MAX))
2418 {
2419 /* The minimum amount of space remaining in the destination is big
2420 enough for the longest output. */
2421 return false;
2422 }
7bcd359a 2423 }
425bd7b1 2424 else
2425 {
f84f68b2 2426 if (warn_level == 1 && result.likely <= avail.likely)
425bd7b1 2427 {
2428 /* The likely amount of space remaining in the destination is big
2429 enough for the likely output. */
2430 return false;
2431 }
b9833bfd 2432
425bd7b1 2433 if (warn_level == 2
2434 && result.likely <= avail.min
2435 && (result.max <= avail.min
2436 || result.max > HOST_WIDE_INT_MAX))
2437 {
2438 /* The minimum amount of space remaining in the destination is big
2439 enough for the longest output. */
2440 return false;
2441 }
2442 }
c62d63d4 2443
425bd7b1 2444 return true;
b9833bfd 2445}
2446
76cf0084 2447/* At format string location describe by DIRLOC in a call described
2448 by INFO, issue a warning for a directive DIR whose output may be
2449 in excess of the available space AVAIL_RANGE in the destination
2450 given the formatting result FMTRES. This function does nothing
2451 except decide whether to issue a warning for a possible write
2452 past the end or truncation and, if so, format the warning.
2453 Return true if a warning has been issued. */
2454
2455static bool
3a010afa 2456maybe_warn (substring_loc &dirloc, location_t argloc,
9d8823fc 2457 const sprintf_dom_walker::call_info &info,
425bd7b1 2458 const result_range &avail_range, const result_range &res,
76cf0084 2459 const directive &dir)
2460{
425bd7b1 2461 if (!should_warn_p (info, avail_range, res))
2462 return false;
2463
2464 /* A warning will definitely be issued below. */
2465
2466 /* The maximum byte count to reference in the warning. Larger counts
2467 imply that the upper bound is unknown (and could be anywhere between
2468 RES.MIN + 1 and SIZE_MAX / 2) are printed as "N or more bytes" rather
2469 than "between N and X" where X is some huge number. */
2470 unsigned HOST_WIDE_INT maxbytes = target_dir_max ();
76cf0084 2471
425bd7b1 2472 /* True when there is enough room in the destination for the least
2473 amount of a directive's output but not enough for its likely or
2474 maximum output. */
2475 bool maybe = (res.min <= avail_range.max
2476 && (avail_range.min < res.likely
2477 || (res.max < HOST_WIDE_INT_MAX
2478 && avail_range.min < res.max)));
2479
722889f9 2480 /* Buffer for the directive in the host character set (used when
2481 the source character set is different). */
2482 char hostdir[32];
2483
425bd7b1 2484 if (avail_range.min == avail_range.max)
76cf0084 2485 {
425bd7b1 2486 /* The size of the destination region is exact. */
2487 unsigned HOST_WIDE_INT navail = avail_range.max;
2488
722889f9 2489 if (target_to_host (*dir.beg) != '%')
76cf0084 2490 {
425bd7b1 2491 /* For plain character directives (i.e., the format string itself)
2492 but not others, point the caret at the first character that's
2493 past the end of the destination. */
9574b6e7 2494 if (navail < dir.len)
2495 dirloc.set_caret_index (dirloc.get_caret_idx () + navail);
76cf0084 2496 }
425bd7b1 2497
2498 if (*dir.beg == '\0')
76cf0084 2499 {
425bd7b1 2500 /* This is the terminating nul. */
2501 gcc_assert (res.min == 1 && res.min == res.max);
2502
3a010afa 2503 return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
7ac1c1d7 2504 info.bounded
2505 ? (maybe
2506 ? G_("%qE output may be truncated before the "
2507 "last format character")
2508 : G_("%qE output truncated before the last "
2509 "format character"))
2510 : (maybe
2511 ? G_("%qE may write a terminating nul past the "
2512 "end of the destination")
2513 : G_("%qE writing a terminating nul past the "
2514 "end of the destination")),
2515 info.func);
425bd7b1 2516 }
2517
2518 if (res.min == res.max)
2519 {
7ac1c1d7 2520 const char *d = target_to_host (hostdir, sizeof hostdir, dir.beg);
2521 if (!info.bounded)
2522 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2523 "%<%.*s%> directive writing %wu byte into a "
2524 "region of size %wu",
2525 "%<%.*s%> directive writing %wu bytes into a "
2526 "region of size %wu",
2527 (int) dir.len, d, res.min, navail);
2528 else if (maybe)
2529 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2530 "%<%.*s%> directive output may be truncated "
2531 "writing %wu byte into a region of size %wu",
2532 "%<%.*s%> directive output may be truncated "
2533 "writing %wu bytes into a region of size %wu",
2534 (int) dir.len, d, res.min, navail);
2535 else
2536 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2537 "%<%.*s%> directive output truncated writing "
2538 "%wu byte into a region of size %wu",
2539 "%<%.*s%> directive output truncated writing "
2540 "%wu bytes into a region of size %wu",
2541 (int) dir.len, d, res.min, navail);
425bd7b1 2542 }
f84f68b2 2543 if (res.min == 0 && res.max < maxbytes)
7ac1c1d7 2544 return fmtwarn (dirloc, argloc, NULL,
2545 info.warnopt (),
2546 info.bounded
2547 ? (maybe
2548 ? G_("%<%.*s%> directive output may be truncated "
2549 "writing up to %wu bytes into a region of "
2550 "size %wu")
2551 : G_("%<%.*s%> directive output truncated writing "
2552 "up to %wu bytes into a region of size %wu"))
2553 : G_("%<%.*s%> directive writing up to %wu bytes "
2554 "into a region of size %wu"), (int) dir.len,
2555 target_to_host (hostdir, sizeof hostdir, dir.beg),
2556 res.max, navail);
425bd7b1 2557
f84f68b2 2558 if (res.min == 0 && maxbytes <= res.max)
7ac1c1d7 2559 /* This is a special case to avoid issuing the potentially
2560 confusing warning:
2561 writing 0 or more bytes into a region of size 0. */
2562 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2563 info.bounded
2564 ? (maybe
2565 ? G_("%<%.*s%> directive output may be truncated "
2566 "writing likely %wu or more bytes into a "
2567 "region of size %wu")
2568 : G_("%<%.*s%> directive output truncated writing "
2569 "likely %wu or more bytes into a region of "
2570 "size %wu"))
2571 : G_("%<%.*s%> directive writing likely %wu or more "
2572 "bytes into a region of size %wu"), (int) dir.len,
2573 target_to_host (hostdir, sizeof hostdir, dir.beg),
2574 res.likely, navail);
425bd7b1 2575
2576 if (res.max < maxbytes)
7ac1c1d7 2577 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2578 info.bounded
2579 ? (maybe
2580 ? G_("%<%.*s%> directive output may be truncated "
2581 "writing between %wu and %wu bytes into a "
2582 "region of size %wu")
2583 : G_("%<%.*s%> directive output truncated "
2584 "writing between %wu and %wu bytes into a "
2585 "region of size %wu"))
2586 : G_("%<%.*s%> directive writing between %wu and "
2587 "%wu bytes into a region of size %wu"),
2588 (int) dir.len,
2589 target_to_host (hostdir, sizeof hostdir, dir.beg),
2590 res.min, res.max, navail);
2591
2592 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2593 info.bounded
2594 ? (maybe
2595 ? G_("%<%.*s%> directive output may be truncated "
2596 "writing %wu or more bytes into a region of "
2597 "size %wu")
2598 : G_("%<%.*s%> directive output truncated writing "
2599 "%wu or more bytes into a region of size %wu"))
2600 : G_("%<%.*s%> directive writing %wu or more bytes "
2601 "into a region of size %wu"), (int) dir.len,
722889f9 2602 target_to_host (hostdir, sizeof hostdir, dir.beg),
425bd7b1 2603 res.min, navail);
76cf0084 2604 }
2605
425bd7b1 2606 /* The size of the destination region is a range. */
2607
722889f9 2608 if (target_to_host (*dir.beg) != '%')
425bd7b1 2609 {
2610 unsigned HOST_WIDE_INT navail = avail_range.max;
2611
2612 /* For plain character directives (i.e., the format string itself)
2613 but not others, point the caret at the first character that's
2614 past the end of the destination. */
9574b6e7 2615 if (navail < dir.len)
2616 dirloc.set_caret_index (dirloc.get_caret_idx () + navail);
425bd7b1 2617 }
2618
2619 if (*dir.beg == '\0')
2620 {
2621 gcc_assert (res.min == 1 && res.min == res.max);
2622
7ac1c1d7 2623 return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
2624 info.bounded
2625 ? (maybe
2626 ? G_("%qE output may be truncated before the last "
2627 "format character")
2628 : G_("%qE output truncated before the last format "
2629 "character"))
2630 : (maybe
2631 ? G_("%qE may write a terminating nul past the end "
2632 "of the destination")
2633 : G_("%qE writing a terminating nul past the end "
2634 "of the destination")), info.func);
425bd7b1 2635 }
2636
2637 if (res.min == res.max)
2638 {
7ac1c1d7 2639 const char *d = target_to_host (hostdir, sizeof hostdir, dir.beg);
2640 if (!info.bounded)
2641 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2642 "%<%.*s%> directive writing %wu byte into a region "
2643 "of size between %wu and %wu",
2644 "%<%.*s%> directive writing %wu bytes into a region "
2645 "of size between %wu and %wu", (int) dir.len, d,
2646 res.min, avail_range.min, avail_range.max);
2647 else if (maybe)
2648 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2649 "%<%.*s%> directive output may be truncated writing "
2650 "%wu byte into a region of size between %wu and %wu",
2651 "%<%.*s%> directive output may be truncated writing "
2652 "%wu bytes into a region of size between %wu and "
2653 "%wu", (int) dir.len, d, res.min, avail_range.min,
2654 avail_range.max);
2655 else
2656 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2657 "%<%.*s%> directive output truncated writing %wu "
2658 "byte into a region of size between %wu and %wu",
2659 "%<%.*s%> directive output truncated writing %wu "
2660 "bytes into a region of size between %wu and %wu",
2661 (int) dir.len, d, res.min, avail_range.min,
2662 avail_range.max);
425bd7b1 2663 }
2664
f84f68b2 2665 if (res.min == 0 && res.max < maxbytes)
7ac1c1d7 2666 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2667 info.bounded
2668 ? (maybe
2669 ? G_("%<%.*s%> directive output may be truncated "
2670 "writing up to %wu bytes into a region of size "
2671 "between %wu and %wu")
2672 : G_("%<%.*s%> directive output truncated writing "
2673 "up to %wu bytes into a region of size between "
2674 "%wu and %wu"))
2675 : G_("%<%.*s%> directive writing up to %wu bytes "
2676 "into a region of size between %wu and %wu"),
2677 (int) dir.len,
2678 target_to_host (hostdir, sizeof hostdir, dir.beg),
2679 res.max, avail_range.min, avail_range.max);
425bd7b1 2680
f84f68b2 2681 if (res.min == 0 && maxbytes <= res.max)
7ac1c1d7 2682 /* This is a special case to avoid issuing the potentially confusing
2683 warning:
2684 writing 0 or more bytes into a region of size between 0 and N. */
2685 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2686 info.bounded
2687 ? (maybe
2688 ? G_("%<%.*s%> directive output may be truncated "
2689 "writing likely %wu or more bytes into a region "
2690 "of size between %wu and %wu")
2691 : G_("%<%.*s%> directive output truncated writing "
2692 "likely %wu or more bytes into a region of size "
2693 "between %wu and %wu"))
2694 : G_("%<%.*s%> directive writing likely %wu or more bytes "
2695 "into a region of size between %wu and %wu"),
2696 (int) dir.len,
2697 target_to_host (hostdir, sizeof hostdir, dir.beg),
2698 res.likely, avail_range.min, avail_range.max);
425bd7b1 2699
2700 if (res.max < maxbytes)
7ac1c1d7 2701 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2702 info.bounded
2703 ? (maybe
2704 ? G_("%<%.*s%> directive output may be truncated "
2705 "writing between %wu and %wu bytes into a region "
2706 "of size between %wu and %wu")
2707 : G_("%<%.*s%> directive output truncated writing "
2708 "between %wu and %wu bytes into a region of size "
2709 "between %wu and %wu"))
2710 : G_("%<%.*s%> directive writing between %wu and "
2711 "%wu bytes into a region of size between %wu and "
2712 "%wu"), (int) dir.len,
2713 target_to_host (hostdir, sizeof hostdir, dir.beg),
2714 res.min, res.max, avail_range.min, avail_range.max);
2715
2716 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2717 info.bounded
2718 ? (maybe
2719 ? G_("%<%.*s%> directive output may be truncated writing "
2720 "%wu or more bytes into a region of size between "
2721 "%wu and %wu")
2722 : G_("%<%.*s%> directive output truncated writing "
2723 "%wu or more bytes into a region of size between "
2724 "%wu and %wu"))
2725 : G_("%<%.*s%> directive writing %wu or more bytes "
2726 "into a region of size between %wu and %wu"),
2727 (int) dir.len,
722889f9 2728 target_to_host (hostdir, sizeof hostdir, dir.beg),
2729 res.min, avail_range.min, avail_range.max);
76cf0084 2730}
2731
9b0feec7 2732/* Compute the length of the output resulting from the directive DIR
2733 in a call described by INFO and update the overall result of the call
2734 in *RES. Return true if the directive has been handled. */
b9833bfd 2735
26a75cc5 2736static bool
9d8823fc 2737format_directive (const sprintf_dom_walker::call_info &info,
a669405f 2738 format_result *res, const directive &dir,
2739 class vr_values *vr_values)
b9833bfd 2740{
2741 /* Offset of the beginning of the directive from the beginning
2742 of the format string. */
9b0feec7 2743 size_t offset = dir.beg - info.fmtstr;
2744 size_t start = offset;
2745 size_t length = offset + dir.len - !!dir.len;
b9833bfd 2746
2747 /* Create a location for the whole directive from the % to the format
2748 specifier. */
2749 substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format),
9b0feec7 2750 offset, start, length);
b9833bfd 2751
3a010afa 2752 /* Also get the location of the argument if possible.
b9833bfd 2753 This doesn't work for integer literals or function calls. */
3a010afa 2754 location_t argloc = UNKNOWN_LOCATION;
2755 if (dir.arg)
2756 argloc = EXPR_LOCATION (dir.arg);
b9833bfd 2757
2758 /* Bail when there is no function to compute the output length,
2759 or when minimum length checking has been disabled. */
425bd7b1 2760 if (!dir.fmtfunc || res->range.min >= HOST_WIDE_INT_MAX)
26a75cc5 2761 return false;
b9833bfd 2762
9b0feec7 2763 /* Compute the range of lengths of the formatted output. */
a669405f 2764 fmtresult fmtres = dir.fmtfunc (dir, dir.arg, vr_values);
b9833bfd 2765
c62d63d4 2766 /* Record whether the output of all directives is known to be
2767 bounded by some maximum, implying that their arguments are
2768 either known exactly or determined to be in a known range
2769 or, for strings, limited by the upper bounds of the arrays
2770 they refer to. */
2771 res->knownrange &= fmtres.knownrange;
b9833bfd 2772
c62d63d4 2773 if (!fmtres.knownrange)
b9833bfd 2774 {
c62d63d4 2775 /* Only when the range is known, check it against the host value
84960375 2776 of INT_MAX + (the number of bytes of the "%.*Lf" directive with
2777 INT_MAX precision, which is the longest possible output of any
2778 single directive). That's the largest valid byte count (though
2779 not valid call to a printf-like function because it can never
2780 return such a count). Otherwise, the range doesn't correspond
2781 to known values of the argument. */
2782 if (fmtres.range.max > target_dir_max ())
c62d63d4 2783 {
2784 /* Normalize the MAX counter to avoid having to deal with it
2785 later. The counter can be less than HOST_WIDE_INT_M1U
2786 when compiling for an ILP32 target on an LP64 host. */
2787 fmtres.range.max = HOST_WIDE_INT_M1U;
2788 /* Disable exact and maximum length checking after a failure
2789 to determine the maximum number of characters (for example
2790 for wide characters or wide character strings) but continue
2791 tracking the minimum number of characters. */
425bd7b1 2792 res->range.max = HOST_WIDE_INT_M1U;
c62d63d4 2793 }
2794
84960375 2795 if (fmtres.range.min > target_dir_max ())
c62d63d4 2796 {
2797 /* Disable exact length checking after a failure to determine
2798 even the minimum number of characters (it shouldn't happen
2799 except in an error) but keep tracking the minimum and maximum
2800 number of characters. */
26a75cc5 2801 return true;
c62d63d4 2802 }
b9833bfd 2803 }
2804
722889f9 2805 /* Buffer for the directive in the host character set (used when
2806 the source character set is different). */
2807 char hostdir[32];
2808
425bd7b1 2809 int dirlen = dir.len;
2810
519bbccd 2811 if (fmtres.nullp)
2812 {
3a010afa 2813 fmtwarn (dirloc, argloc, NULL, info.warnopt (),
7b2ced2f 2814 "%G%<%.*s%> directive argument is null",
2815 info.callstmt, dirlen,
2816 target_to_host (hostdir, sizeof hostdir, dir.beg));
519bbccd 2817
2818 /* Don't bother processing the rest of the format string. */
2819 res->warned = true;
425bd7b1 2820 res->range.min = HOST_WIDE_INT_M1U;
2821 res->range.max = HOST_WIDE_INT_M1U;
26a75cc5 2822 return false;
519bbccd 2823 }
2824
b9833bfd 2825 /* Compute the number of available bytes in the destination. There
2826 must always be at least one byte of space for the terminating
2827 NUL that's appended after the format string has been processed. */
425bd7b1 2828 result_range avail_range = bytes_remaining (info.objsize, *res);
b9833bfd 2829
76cf0084 2830 bool warned = res->warned;
2831
2832 if (!warned)
3a010afa 2833 warned = maybe_warn (dirloc, argloc, info, avail_range,
76cf0084 2834 fmtres.range, dir);
2835
425bd7b1 2836 /* Bump up the total maximum if it isn't too big. */
2837 if (res->range.max < HOST_WIDE_INT_MAX
2838 && fmtres.range.max < HOST_WIDE_INT_MAX)
2839 res->range.max += fmtres.range.max;
b9833bfd 2840
425bd7b1 2841 /* Raise the total unlikely maximum by the larger of the maximum
af4ec936 2842 and the unlikely maximum. */
2843 unsigned HOST_WIDE_INT save = res->range.unlikely;
425bd7b1 2844 if (fmtres.range.max < fmtres.range.unlikely)
2845 res->range.unlikely += fmtres.range.unlikely;
b9833bfd 2846 else
425bd7b1 2847 res->range.unlikely += fmtres.range.max;
2848
af4ec936 2849 if (res->range.unlikely < save)
2850 res->range.unlikely = HOST_WIDE_INT_M1U;
2851
425bd7b1 2852 res->range.min += fmtres.range.min;
2853 res->range.likely += fmtres.range.likely;
b9833bfd 2854
2855 /* Has the minimum directive output length exceeded the maximum
2856 of 4095 bytes required to be supported? */
2857 bool minunder4k = fmtres.range.min < 4096;
425bd7b1 2858 bool maxunder4k = fmtres.range.max < 4096;
17d7e9ff 2859 /* Clear POSUNDER4K in the overall result if the maximum has exceeded
2860 the 4k (this is necessary to avoid the return value optimization
425bd7b1 2861 that may not be safe in the maximum case). */
2862 if (!maxunder4k)
17d7e9ff 2863 res->posunder4k = false;
2864 /* Also clear POSUNDER4K if the directive may fail. */
2865 if (fmtres.mayfail)
2866 res->posunder4k = false;
b9833bfd 2867
425bd7b1 2868 if (!warned
2869 /* Only warn at level 2. */
c9281ef8 2870 && warn_level > 1
c1b65cc2 2871 /* Only warn for string functions. */
2872 && info.is_string_func ()
425bd7b1 2873 && (!minunder4k
2874 || (!maxunder4k && fmtres.range.max < HOST_WIDE_INT_MAX)))
b9833bfd 2875 {
2876 /* The directive output may be longer than the maximum required
2877 to be handled by an implementation according to 7.21.6.1, p15
2878 of C11. Warn on this only at level 2 but remember this and
2879 prevent folding the return value when done. This allows for
2880 the possibility of the actual libc call failing due to ENOMEM
c1b65cc2 2881 (like Glibc does with very large precision or width).
2882 Issue the "may exceed" warning only for string functions and
2883 not for fprintf or printf. */
b9833bfd 2884
2885 if (fmtres.range.min == fmtres.range.max)
7ac1c1d7 2886 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
514c86c7 2887 "%<%.*s%> directive output of %wu bytes exceeds "
7ac1c1d7 2888 "minimum required size of 4095", dirlen,
722889f9 2889 target_to_host (hostdir, sizeof hostdir, dir.beg),
2890 fmtres.range.min);
c1b65cc2 2891 else if (!minunder4k)
2892 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2893 "%<%.*s%> directive output between %wu and %wu "
2894 "bytes exceeds minimum required size of 4095",
2895 dirlen,
2896 target_to_host (hostdir, sizeof hostdir, dir.beg),
2897 fmtres.range.min, fmtres.range.max);
2898 else if (!info.retval_used () && info.is_string_func ())
7ac1c1d7 2899 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
c1b65cc2 2900 "%<%.*s%> directive output between %wu and %wu "
2901 "bytes may exceed minimum required size of "
2902 "4095",
7ac1c1d7 2903 dirlen,
2904 target_to_host (hostdir, sizeof hostdir, dir.beg),
2905 fmtres.range.min, fmtres.range.max);
b9833bfd 2906 }
2907
425bd7b1 2908 /* Has the likely and maximum directive output exceeded INT_MAX? */
2909 bool likelyximax = *dir.beg && res->range.likely > target_int_max ();
af4ec936 2910 /* Don't consider the maximum to be in excess when it's the result
2911 of a string of unknown length (i.e., whose maximum has been set
2912 to be greater than or equal to HOST_WIDE_INT_MAX. */
2913 bool maxximax = (*dir.beg
2914 && res->range.max > target_int_max ()
2915 && res->range.max < HOST_WIDE_INT_MAX);
b9833bfd 2916
514c86c7 2917 if (!warned
425bd7b1 2918 /* Warn for the likely output size at level 1. */
2919 && (likelyximax
2920 /* But only warn for the maximum at level 2. */
c9281ef8 2921 || (warn_level > 1
425bd7b1 2922 && maxximax
2923 && fmtres.range.max < HOST_WIDE_INT_MAX)))
b9833bfd 2924 {
c1b65cc2 2925 if (fmtres.range.min > target_int_max ())
2926 {
2927 /* The directive output exceeds INT_MAX bytes. */
2928 if (fmtres.range.min == fmtres.range.max)
2929 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2930 "%<%.*s%> directive output of %wu bytes exceeds "
2931 "%<INT_MAX%>", dirlen,
2932 target_to_host (hostdir, sizeof hostdir, dir.beg),
2933 fmtres.range.min);
2934 else
2935 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2936 "%<%.*s%> directive output between %wu and "
2937 "%wu bytes exceeds %<INT_MAX%>", dirlen,
2938 target_to_host (hostdir, sizeof hostdir, dir.beg),
2939 fmtres.range.min, fmtres.range.max);
2940 }
2941 else if (res->range.min > target_int_max ())
2942 {
2943 /* The directive output is under INT_MAX but causes the result
2944 to exceed INT_MAX bytes. */
2945 if (fmtres.range.min == fmtres.range.max)
2946 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2947 "%<%.*s%> directive output of %wu bytes causes "
2948 "result to exceed %<INT_MAX%>", dirlen,
2949 target_to_host (hostdir, sizeof hostdir, dir.beg),
2950 fmtres.range.min);
2951 else
2952 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2953 "%<%.*s%> directive output between %wu and "
2954 "%wu bytes causes result to exceed %<INT_MAX%>",
2955 dirlen,
2956 target_to_host (hostdir, sizeof hostdir, dir.beg),
2957 fmtres.range.min, fmtres.range.max);
2958 }
2959 else if ((!info.retval_used () || !info.bounded)
2960 && (info.is_string_func ()))
2961 /* Warn for calls to string functions that either aren't bounded
2962 (sprintf) or whose return value isn't used. */
7ac1c1d7 2963 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
c1b65cc2 2964 "%<%.*s%> directive output between %wu and "
2965 "%wu bytes may cause result to exceed "
2966 "%<INT_MAX%>", dirlen,
7ac1c1d7 2967 target_to_host (hostdir, sizeof hostdir, dir.beg),
2968 fmtres.range.min, fmtres.range.max);
b9833bfd 2969 }
514c86c7 2970
f1625820 2971 if (!warned && fmtres.nonstr)
2972 {
2973 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2974 "%<%.*s%> directive argument is not a nul-terminated "
2975 "string",
2976 dirlen,
2977 target_to_host (hostdir, sizeof hostdir, dir.beg));
2978 if (warned && DECL_P (fmtres.nonstr))
2979 inform (DECL_SOURCE_LOCATION (fmtres.nonstr),
2980 "referenced argument declared here");
2981 return false;
2982 }
2983
425bd7b1 2984 if (warned && fmtres.range.min < fmtres.range.likely
2985 && fmtres.range.likely < fmtres.range.max)
f4e3e4b1 2986 inform_n (info.fmtloc, fmtres.range.likely,
504b0b7d 2987 "assuming directive output of %wu byte",
2988 "assuming directive output of %wu bytes",
425bd7b1 2989 fmtres.range.likely);
425bd7b1 2990
514c86c7 2991 if (warned && fmtres.argmin)
2992 {
2993 if (fmtres.argmin == fmtres.argmax)
2994 inform (info.fmtloc, "directive argument %qE", fmtres.argmin);
2995 else if (fmtres.knownrange)
2996 inform (info.fmtloc, "directive argument in the range [%E, %E]",
2997 fmtres.argmin, fmtres.argmax);
2998 else
2999 inform (info.fmtloc,
3000 "using the range [%E, %E] for directive argument",
3001 fmtres.argmin, fmtres.argmax);
3002 }
3003
3004 res->warned |= warned;
76cf0084 3005
c1b65cc2 3006 if (!dir.beg[0] && res->warned)
b9833bfd 3007 {
b9833bfd 3008 location_t callloc = gimple_location (info.callstmt);
3009
425bd7b1 3010 unsigned HOST_WIDE_INT min = res->range.min;
3011 unsigned HOST_WIDE_INT max = res->range.max;
b9833bfd 3012
c1b65cc2 3013 if (info.objsize < HOST_WIDE_INT_MAX)
3014 {
3015 /* If a warning has been issued for buffer overflow or truncation
3016 help the user figure out how big a buffer they need. */
3017
3018 if (min == max)
b3ed1c3c 3019 inform_n (callloc, min,
3020 "%qE output %wu byte into a destination of size %wu",
3021 "%qE output %wu bytes into a destination of size %wu",
3022 info.func, min, info.objsize);
c1b65cc2 3023 else if (max < HOST_WIDE_INT_MAX)
3024 inform (callloc,
3025 "%qE output between %wu and %wu bytes into "
3026 "a destination of size %wu",
3027 info.func, min, max, info.objsize);
3028 else if (min < res->range.likely && res->range.likely < max)
3029 inform (callloc,
3030 "%qE output %wu or more bytes (assuming %wu) into "
3031 "a destination of size %wu",
3032 info.func, min, res->range.likely, info.objsize);
3033 else
3034 inform (callloc,
3035 "%qE output %wu or more bytes into a destination of size "
3036 "%wu",
3037 info.func, min, info.objsize);
3038 }
3039 else if (!info.is_string_func ())
3040 {
3041 /* If the warning is for a file function function like fprintf
3042 of printf with no destination size just print the computed
3043 result. */
3044 if (min == max)
b3ed1c3c 3045 inform_n (callloc, min,
3046 "%qE output %wu byte", "%qE output %wu bytes",
3047 info.func, min);
c1b65cc2 3048 else if (max < HOST_WIDE_INT_MAX)
3049 inform (callloc,
3050 "%qE output between %wu and %wu bytes",
3051 info.func, min, max);
3052 else if (min < res->range.likely && res->range.likely < max)
3053 inform (callloc,
3054 "%qE output %wu or more bytes (assuming %wu)",
3055 info.func, min, res->range.likely);
3056 else
3057 inform (callloc,
3058 "%qE output %wu or more bytes",
3059 info.func, min);
3060 }
b9833bfd 3061 }
3062
425bd7b1 3063 if (dump_file && *dir.beg)
b9833bfd 3064 {
cb442e51 3065 fprintf (dump_file,
3066 " Result: "
3067 HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ", "
3068 HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC " ("
3069 HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ", "
3070 HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ")\n",
3071 fmtres.range.min, fmtres.range.likely,
3072 fmtres.range.max, fmtres.range.unlikely,
3073 res->range.min, res->range.likely,
3074 res->range.max, res->range.unlikely);
b9833bfd 3075 }
425bd7b1 3076
3077 return true;
b9833bfd 3078}
3079
26a75cc5 3080/* Parse a format directive in function call described by INFO starting
3081 at STR and populate DIR structure. Bump up *ARGNO by the number of
3082 arguments extracted for the directive. Return the length of
3083 the directive. */
b9833bfd 3084
26a75cc5 3085static size_t
9d8823fc 3086parse_directive (sprintf_dom_walker::call_info &info,
26a75cc5 3087 directive &dir, format_result *res,
a669405f 3088 const char *str, unsigned *argno,
3089 vr_values *vr_values)
b9833bfd 3090{
722889f9 3091 const char *pcnt = strchr (str, target_percent);
26a75cc5 3092 dir.beg = str;
b9833bfd 3093
26a75cc5 3094 if (size_t len = pcnt ? pcnt - str : *str ? strlen (str) : 1)
3095 {
3096 /* This directive is either a plain string or the terminating nul
3097 (which isn't really a directive but it simplifies things to
3098 handle it as if it were). */
3099 dir.len = len;
425bd7b1 3100 dir.fmtfunc = format_plain;
b9833bfd 3101
26a75cc5 3102 if (dump_file)
3103 {
cb442e51 3104 fprintf (dump_file, " Directive %u at offset "
3105 HOST_WIDE_INT_PRINT_UNSIGNED ": \"%.*s\", "
3106 "length = " HOST_WIDE_INT_PRINT_UNSIGNED "\n",
e452d2eb 3107 dir.dirno,
cb442e51 3108 (unsigned HOST_WIDE_INT)(size_t)(dir.beg - info.fmtstr),
49464683 3109 (int)dir.len, dir.beg, (unsigned HOST_WIDE_INT) dir.len);
26a75cc5 3110 }
3111
3112 return len - !*str;
3113 }
b9833bfd 3114
26a75cc5 3115 const char *pf = pcnt + 1;
3116
3117 /* POSIX numbered argument index or zero when none. */
722889f9 3118 HOST_WIDE_INT dollar = 0;
26a75cc5 3119
3120 /* With and precision. -1 when not specified, HOST_WIDE_INT_MIN
3121 when given by a va_list argument, and a non-negative value
3122 when specified in the format string itself. */
3123 HOST_WIDE_INT width = -1;
3124 HOST_WIDE_INT precision = -1;
b9833bfd 3125
722889f9 3126 /* Pointers to the beginning of the width and precision decimal
3127 string (if any) within the directive. */
3128 const char *pwidth = 0;
3129 const char *pprec = 0;
3130
3131 /* When the value of the decimal string that specifies width or
3132 precision is out of range, points to the digit that causes
3133 the value to exceed the limit. */
3134 const char *werange = NULL;
3135 const char *perange = NULL;
3136
26a75cc5 3137 /* Width specified via the asterisk. Need not be INTEGER_CST.
3138 For vararg functions set to void_node. */
3139 tree star_width = NULL_TREE;
3140
3141 /* Width specified via the asterisk. Need not be INTEGER_CST.
3142 For vararg functions set to void_node. */
3143 tree star_precision = NULL_TREE;
3144
722889f9 3145 if (ISDIGIT (target_to_host (*pf)))
b9833bfd 3146 {
26a75cc5 3147 /* This could be either a POSIX positional argument, the '0'
3148 flag, or a width, depending on what follows. Store it as
3149 width and sort it out later after the next character has
3150 been seen. */
722889f9 3151 pwidth = pf;
1d4fa533 3152 width = target_strtowi (&pf, &werange);
26a75cc5 3153 }
722889f9 3154 else if (target_to_host (*pf) == '*')
26a75cc5 3155 {
3156 /* Similarly to the block above, this could be either a POSIX
3157 positional argument or a width, depending on what follows. */
3158 if (*argno < gimple_call_num_args (info.callstmt))
3159 star_width = gimple_call_arg (info.callstmt, (*argno)++);
3160 else
3161 star_width = void_node;
3162 ++pf;
3163 }
b9833bfd 3164
722889f9 3165 if (target_to_host (*pf) == '$')
26a75cc5 3166 {
3167 /* Handle the POSIX dollar sign which references the 1-based
3168 positional argument number. */
3169 if (width != -1)
3170 dollar = width + info.argidx;
3171 else if (star_width
27213f15 3172 && TREE_CODE (star_width) == INTEGER_CST
3173 && (TYPE_PRECISION (TREE_TYPE (star_width))
3174 <= TYPE_PRECISION (integer_type_node)))
26a75cc5 3175 dollar = width + tree_to_shwi (star_width);
b9833bfd 3176
26a75cc5 3177 /* Bail when the numbered argument is out of range (it will
3178 have already been diagnosed by -Wformat). */
3179 if (dollar == 0
722889f9 3180 || dollar == (int)info.argidx
26a75cc5 3181 || dollar > gimple_call_num_args (info.callstmt))
3182 return false;
3183
3184 --dollar;
b9833bfd 3185
26a75cc5 3186 star_width = NULL_TREE;
3187 width = -1;
3188 ++pf;
3189 }
b9833bfd 3190
26a75cc5 3191 if (dollar || !star_width)
3192 {
3193 if (width != -1)
b9833bfd 3194 {
26a75cc5 3195 if (width == 0)
3196 {
3197 /* The '0' that has been interpreted as a width above is
3198 actually a flag. Reset HAVE_WIDTH, set the '0' flag,
3199 and continue processing other flags. */
3200 width = -1;
3201 dir.set_flag ('0');
3202 }
3203 else if (!dollar)
3204 {
3205 /* (Non-zero) width has been seen. The next character
3206 is either a period or a digit. */
3207 goto start_precision;
3208 }
b9833bfd 3209 }
26a75cc5 3210 /* When either '$' has been seen, or width has not been seen,
3211 the next field is the optional flags followed by an optional
3212 width. */
3213 for ( ; ; ) {
722889f9 3214 switch (target_to_host (*pf))
26a75cc5 3215 {
3216 case ' ':
3217 case '0':
3218 case '+':
3219 case '-':
3220 case '#':
722889f9 3221 dir.set_flag (target_to_host (*pf++));
26a75cc5 3222 break;
3223
3224 default:
3225 goto start_width;
3226 }
3227 }
b9833bfd 3228
26a75cc5 3229 start_width:
722889f9 3230 if (ISDIGIT (target_to_host (*pf)))
b9833bfd 3231 {
722889f9 3232 werange = 0;
3233 pwidth = pf;
1d4fa533 3234 width = target_strtowi (&pf, &werange);
b9833bfd 3235 }
722889f9 3236 else if (target_to_host (*pf) == '*')
b9833bfd 3237 {
26a75cc5 3238 if (*argno < gimple_call_num_args (info.callstmt))
3239 star_width = gimple_call_arg (info.callstmt, (*argno)++);
4c43afbf 3240 else
26a75cc5 3241 {
3242 /* This is (likely) a va_list. It could also be an invalid
3243 call with insufficient arguments. */
3244 star_width = void_node;
3245 }
b9833bfd 3246 ++pf;
3247 }
722889f9 3248 else if (target_to_host (*pf) == '\'')
b9833bfd 3249 {
26a75cc5 3250 /* The POSIX apostrophe indicating a numeric grouping
3251 in the current locale. Even though it's possible to
3252 estimate the upper bound on the size of the output
3253 based on the number of digits it probably isn't worth
3254 continuing. */
3255 return 0;
3256 }
3257 }
b9833bfd 3258
26a75cc5 3259 start_precision:
722889f9 3260 if (target_to_host (*pf) == '.')
26a75cc5 3261 {
3262 ++pf;
b9833bfd 3263
722889f9 3264 if (ISDIGIT (target_to_host (*pf)))
26a75cc5 3265 {
722889f9 3266 pprec = pf;
1d4fa533 3267 precision = target_strtowi (&pf, &perange);
b9833bfd 3268 }
722889f9 3269 else if (target_to_host (*pf) == '*')
b9833bfd 3270 {
26a75cc5 3271 if (*argno < gimple_call_num_args (info.callstmt))
3272 star_precision = gimple_call_arg (info.callstmt, (*argno)++);
3273 else
b9833bfd 3274 {
26a75cc5 3275 /* This is (likely) a va_list. It could also be an invalid
3276 call with insufficient arguments. */
3277 star_precision = void_node;
b9833bfd 3278 }
26a75cc5 3279 ++pf;
b9833bfd 3280 }
26a75cc5 3281 else
3282 {
3283 /* The decimal precision or the asterisk are optional.
3284 When neither is dirified it's taken to be zero. */
3285 precision = 0;
3286 }
3287 }
b9833bfd 3288
722889f9 3289 switch (target_to_host (*pf))
26a75cc5 3290 {
3291 case 'h':
722889f9 3292 if (target_to_host (pf[1]) == 'h')
b9833bfd 3293 {
3294 ++pf;
26a75cc5 3295 dir.modifier = FMT_LEN_hh;
b9833bfd 3296 }
26a75cc5 3297 else
3298 dir.modifier = FMT_LEN_h;
3299 ++pf;
3300 break;
3301
3302 case 'j':
3303 dir.modifier = FMT_LEN_j;
3304 ++pf;
3305 break;
b9833bfd 3306
26a75cc5 3307 case 'L':
3308 dir.modifier = FMT_LEN_L;
3309 ++pf;
3310 break;
3311
3312 case 'l':
722889f9 3313 if (target_to_host (pf[1]) == 'l')
b9833bfd 3314 {
b9833bfd 3315 ++pf;
26a75cc5 3316 dir.modifier = FMT_LEN_ll;
3317 }
3318 else
3319 dir.modifier = FMT_LEN_l;
3320 ++pf;
3321 break;
b9833bfd 3322
26a75cc5 3323 case 't':
3324 dir.modifier = FMT_LEN_t;
3325 ++pf;
3326 break;
b9833bfd 3327
26a75cc5 3328 case 'z':
3329 dir.modifier = FMT_LEN_z;
3330 ++pf;
3331 break;
3332 }
b9833bfd 3333
722889f9 3334 switch (target_to_host (*pf))
26a75cc5 3335 {
3336 /* Handle a sole '%' character the same as "%%" but since it's
3337 undefined prevent the result from being folded. */
3338 case '\0':
3339 --pf;
425bd7b1 3340 res->range.min = res->range.max = HOST_WIDE_INT_M1U;
26a75cc5 3341 /* FALLTHRU */
3342 case '%':
3343 dir.fmtfunc = format_percent;
3344 break;
b9833bfd 3345
26a75cc5 3346 case 'a':
3347 case 'A':
3348 case 'e':
3349 case 'E':
3350 case 'f':
3351 case 'F':
3352 case 'g':
3353 case 'G':
3354 res->floating = true;
3355 dir.fmtfunc = format_floating;
3356 break;
b9833bfd 3357
26a75cc5 3358 case 'd':
3359 case 'i':
3360 case 'o':
3361 case 'u':
3362 case 'x':
3363 case 'X':
3364 dir.fmtfunc = format_integer;
3365 break;
3366
3367 case 'p':
3368 /* The %p output is implementation-defined. It's possible
3369 to determine this format but due to extensions (edirially
3370 those of the Linux kernel -- see bug 78512) the first %p
3371 in the format string disables any further processing. */
3372 return false;
3373
3374 case 'n':
3375 /* %n has side-effects even when nothing is actually printed to
3376 any buffer. */
3377 info.nowrite = false;
3378 dir.fmtfunc = format_none;
3379 break;
3380
17d7e9ff 3381 case 'C':
26a75cc5 3382 case 'c':
17d7e9ff 3383 /* POSIX wide character and C/POSIX narrow character. */
26a75cc5 3384 dir.fmtfunc = format_character;
3385 break;
3386
3387 case 'S':
3388 case 's':
17d7e9ff 3389 /* POSIX wide string and C/POSIX narrow character string. */
26a75cc5 3390 dir.fmtfunc = format_string;
3391 break;
3392
3393 default:
3394 /* Unknown conversion specification. */
3395 return 0;
3396 }
3397
722889f9 3398 dir.specifier = target_to_host (*pf++);
3399
3400 /* Store the length of the format directive. */
3401 dir.len = pf - pcnt;
3402
3403 /* Buffer for the directive in the host character set (used when
3404 the source character set is different). */
3405 char hostdir[32];
26a75cc5 3406
3407 if (star_width)
3408 {
3319bb15 3409 if (INTEGRAL_TYPE_P (TREE_TYPE (star_width)))
a669405f 3410 dir.set_width (star_width, vr_values);
26a75cc5 3411 else
3412 {
3413 /* Width specified by a va_list takes on the range [0, -INT_MIN]
3414 (width is the absolute value of that specified). */
9b0feec7 3415 dir.width[0] = 0;
3416 dir.width[1] = target_int_max () + 1;
b9833bfd 3417 }
26a75cc5 3418 }
3419 else
722889f9 3420 {
1d4fa533 3421 if (width == HOST_WIDE_INT_MAX && werange)
722889f9 3422 {
3423 size_t begin = dir.beg - info.fmtstr + (pwidth - pcnt);
3424 size_t caret = begin + (werange - pcnt);
3425 size_t end = pf - info.fmtstr - 1;
3426
3427 /* Create a location for the width part of the directive,
3428 pointing the caret at the first out-of-range digit. */
3429 substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format),
3430 caret, begin, end);
3431
7ac1c1d7 3432 fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
3433 "%<%.*s%> directive width out of range", (int) dir.len,
3434 target_to_host (hostdir, sizeof hostdir, dir.beg));
722889f9 3435 }
3436
3437 dir.set_width (width);
3438 }
b9833bfd 3439
26a75cc5 3440 if (star_precision)
3441 {
3319bb15 3442 if (INTEGRAL_TYPE_P (TREE_TYPE (star_precision)))
a669405f 3443 dir.set_precision (star_precision, vr_values);
26a75cc5 3444 else
b9833bfd 3445 {
26a75cc5 3446 /* Precision specified by a va_list takes on the range [-1, INT_MAX]
3447 (unlike width, negative precision is ignored). */
9b0feec7 3448 dir.prec[0] = -1;
3449 dir.prec[1] = target_int_max ();
26a75cc5 3450 }
3451 }
3452 else
722889f9 3453 {
1d4fa533 3454 if (precision == HOST_WIDE_INT_MAX && perange)
722889f9 3455 {
3456 size_t begin = dir.beg - info.fmtstr + (pprec - pcnt) - 1;
3457 size_t caret = dir.beg - info.fmtstr + (perange - pcnt) - 1;
3458 size_t end = pf - info.fmtstr - 2;
3459
3460 /* Create a location for the precision part of the directive,
3461 including the leading period, pointing the caret at the first
3462 out-of-range digit . */
3463 substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format),
3464 caret, begin, end);
3465
7ac1c1d7 3466 fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
3467 "%<%.*s%> directive precision out of range", (int) dir.len,
3468 target_to_host (hostdir, sizeof hostdir, dir.beg));
722889f9 3469 }
3470
3471 dir.set_precision (precision);
3472 }
b9833bfd 3473
26a75cc5 3474 /* Extract the argument if the directive takes one and if it's
3475 available (e.g., the function doesn't take a va_list). Treat
3476 missing arguments the same as va_list, even though they will
3477 have likely already been diagnosed by -Wformat. */
3478 if (dir.specifier != '%'
3479 && *argno < gimple_call_num_args (info.callstmt))
3480 dir.arg = gimple_call_arg (info.callstmt, dollar ? dollar : (*argno)++);
b9833bfd 3481
26a75cc5 3482 if (dump_file)
3483 {
cb442e51 3484 fprintf (dump_file,
3485 " Directive %u at offset " HOST_WIDE_INT_PRINT_UNSIGNED
3486 ": \"%.*s\"",
3487 dir.dirno,
3488 (unsigned HOST_WIDE_INT)(size_t)(dir.beg - info.fmtstr),
26a75cc5 3489 (int)dir.len, dir.beg);
3490 if (star_width)
9b0feec7 3491 {
3492 if (dir.width[0] == dir.width[1])
cb442e51 3493 fprintf (dump_file, ", width = " HOST_WIDE_INT_PRINT_DEC,
3494 dir.width[0]);
9b0feec7 3495 else
cb442e51 3496 fprintf (dump_file,
3497 ", width in range [" HOST_WIDE_INT_PRINT_DEC
3498 ", " HOST_WIDE_INT_PRINT_DEC "]",
3499 dir.width[0], dir.width[1]);
9b0feec7 3500 }
b9833bfd 3501
26a75cc5 3502 if (star_precision)
9b0feec7 3503 {
3504 if (dir.prec[0] == dir.prec[1])
cb442e51 3505 fprintf (dump_file, ", precision = " HOST_WIDE_INT_PRINT_DEC,
3506 dir.prec[0]);
9b0feec7 3507 else
cb442e51 3508 fprintf (dump_file,
3509 ", precision in range [" HOST_WIDE_INT_PRINT_DEC
3510 HOST_WIDE_INT_PRINT_DEC "]",
3511 dir.prec[0], dir.prec[1]);
9b0feec7 3512 }
26a75cc5 3513 fputc ('\n', dump_file);
3514 }
3515
3516 return dir.len;
3517}
3518
3519/* Compute the length of the output resulting from the call to a formatted
3520 output function described by INFO and store the result of the call in
3521 *RES. Issue warnings for detected past the end writes. Return true
3522 if the complete format string has been processed and *RES can be relied
3523 on, false otherwise (e.g., when a unknown or unhandled directive was seen
3524 that caused the processing to be terminated early). */
3525
3526bool
9d8823fc 3527sprintf_dom_walker::compute_format_length (call_info &info,
4d02592b 3528 format_result *res)
26a75cc5 3529{
76cf0084 3530 if (dump_file)
3531 {
3532 location_t callloc = gimple_location (info.callstmt);
3533 fprintf (dump_file, "%s:%i: ",
3534 LOCATION_FILE (callloc), LOCATION_LINE (callloc));
3535 print_generic_expr (dump_file, info.func, dump_flags);
3536
cb442e51 3537 fprintf (dump_file,
3538 ": objsize = " HOST_WIDE_INT_PRINT_UNSIGNED
3539 ", fmtstr = \"%s\"\n",
3540 info.objsize, info.fmtstr);
76cf0084 3541 }
3542
9b0feec7 3543 /* Reset the minimum and maximum byte counters. */
425bd7b1 3544 res->range.min = res->range.max = 0;
26a75cc5 3545
3546 /* No directive has been seen yet so the length of output is bounded
17d7e9ff 3547 by the known range [0, 0] (with no conversion resulting in a failure
3548 or producing more than 4K bytes) until determined otherwise. */
26a75cc5 3549 res->knownrange = true;
26a75cc5 3550 res->floating = false;
3551 res->warned = false;
3552
3553 /* 1-based directive counter. */
3554 unsigned dirno = 1;
3555
3556 /* The variadic argument counter. */
3557 unsigned argno = info.argidx;
3558
3559 for (const char *pf = info.fmtstr; ; ++dirno)
3560 {
3561 directive dir = directive ();
3562 dir.dirno = dirno;
b9833bfd 3563
a669405f 3564 size_t n = parse_directive (info, dir, res, pf, &argno,
3565 evrp_range_analyzer.get_vr_values ());
b9833bfd 3566
425bd7b1 3567 /* Return failure if the format function fails. */
a669405f 3568 if (!format_directive (info, res, dir,
3569 evrp_range_analyzer.get_vr_values ()))
425bd7b1 3570 return false;
b9833bfd 3571
26a75cc5 3572 /* Return success the directive is zero bytes long and it's
3573 the last think in the format string (i.e., it's the terminating
3574 nul, which isn't really a directive but handling it as one makes
3575 things simpler). */
3576 if (!n)
3577 return *pf == '\0';
b9833bfd 3578
26a75cc5 3579 pf += n;
b9833bfd 3580 }
72d5639d 3581
425bd7b1 3582 /* The complete format string was processed (with or without warnings). */
72d5639d 3583 return true;
b9833bfd 3584}
3585
3586/* Return the size of the object referenced by the expression DEST if
c1b65cc2 3587 available, or the maximum possible size otherwise. */
b9833bfd 3588
3589static unsigned HOST_WIDE_INT
3590get_destination_size (tree dest)
3591{
c1b65cc2 3592 /* When there is no destination return the maximum. */
7b2ced2f 3593 if (!dest)
c1b65cc2 3594 return HOST_WIDE_INT_MAX;
7b2ced2f 3595
76cf0084 3596 /* Initialize object size info before trying to compute it. */
3597 init_object_sizes ();
3598
b9833bfd 3599 /* Use __builtin_object_size to determine the size of the destination
3600 object. When optimizing, determine the smallest object (such as
3601 a member array as opposed to the whole enclosing object), otherwise
3602 use type-zero object size to determine the size of the enclosing
3603 object (the function fails without optimization in this type). */
bd94fe4f 3604 int ost = optimize > 0;
b9833bfd 3605 unsigned HOST_WIDE_INT size;
3606 if (compute_builtin_object_size (dest, ost, &size))
3607 return size;
3608
c1b65cc2 3609 return HOST_WIDE_INT_MAX;
b9833bfd 3610}
3611
53e0530a 3612/* Return true if the call described by INFO with result RES safe to
3613 optimize (i.e., no undefined behavior), and set RETVAL to the range
3614 of its return values. */
b9833bfd 3615
df259a3b 3616static bool
9d8823fc 3617is_call_safe (const sprintf_dom_walker::call_info &info,
53e0530a 3618 const format_result &res, bool under4k,
3619 unsigned HOST_WIDE_INT retval[2])
b9833bfd 3620{
17d7e9ff 3621 if (under4k && !res.posunder4k)
53e0530a 3622 return false;
974e2c47 3623
425bd7b1 3624 /* The minimum return value. */
53e0530a 3625 retval[0] = res.range.min;
974e2c47 3626
425bd7b1 3627 /* The maximum return value is in most cases bounded by RES.RANGE.MAX
3628 but in cases involving multibyte characters could be as large as
3629 RES.RANGE.UNLIKELY. */
53e0530a 3630 retval[1]
425bd7b1 3631 = res.range.unlikely < res.range.max ? res.range.max : res.range.unlikely;
974e2c47 3632
3633 /* Adjust the number of bytes which includes the terminating nul
3634 to reflect the return value of the function which does not.
3635 Because the valid range of the function is [INT_MIN, INT_MAX],
3636 a valid range before the adjustment below is [0, INT_MAX + 1]
3637 (the functions only return negative values on error or undefined
3638 behavior). */
53e0530a 3639 if (retval[0] <= target_int_max () + 1)
3640 --retval[0];
3641 if (retval[1] <= target_int_max () + 1)
3642 --retval[1];
974e2c47 3643
b9833bfd 3644 /* Avoid the return value optimization when the behavior of the call
3645 is undefined either because any directive may have produced 4K or
3646 more of output, or the return value exceeds INT_MAX, or because
3647 the output overflows the destination object (but leave it enabled
3648 when the function is bounded because then the behavior is well-
3649 defined). */
53e0530a 3650 if (retval[0] == retval[1]
3651 && (info.bounded || retval[0] < info.objsize)
3652 && retval[0] <= target_int_max ())
3653 return true;
3654
3655 if ((info.bounded || retval[1] < info.objsize)
3656 && (retval[0] < target_int_max ()
3657 && retval[1] < target_int_max ()))
3658 return true;
3659
3660 if (!under4k && (info.bounded || retval[0] < info.objsize))
3661 return true;
3662
3663 return false;
3664}
3665
3666/* Given a suitable result RES of a call to a formatted output function
3667 described by INFO, substitute the result for the return value of
3668 the call. The result is suitable if the number of bytes it represents
3669 is known and exact. A result that isn't suitable for substitution may
3670 have its range set to the range of return values, if that is known.
3671 Return true if the call is removed and gsi_next should not be performed
3672 in the caller. */
3673
3674static bool
3675try_substitute_return_value (gimple_stmt_iterator *gsi,
9d8823fc 3676 const sprintf_dom_walker::call_info &info,
53e0530a 3677 const format_result &res)
3678{
3679 tree lhs = gimple_get_lhs (info.callstmt);
3680
3681 /* Set to true when the entire call has been removed. */
3682 bool removed = false;
3683
3684 /* The minimum and maximum return value. */
3685 unsigned HOST_WIDE_INT retval[2];
3686 bool safe = is_call_safe (info, res, true, retval);
3687
3688 if (safe
3689 && retval[0] == retval[1]
418624fa 3690 /* Not prepared to handle possibly throwing calls here; they shouldn't
3691 appear in non-artificial testcases, except when the __*_chk routines
3692 are badly declared. */
3693 && !stmt_ends_bb_p (info.callstmt))
b9833bfd 3694 {
5f17d3c4 3695 tree cst = build_int_cst (lhs ? TREE_TYPE (lhs) : integer_type_node,
3696 retval[0]);
a27264ed 3697
5f17d3c4 3698 if (lhs == NULL_TREE && info.nowrite)
974e2c47 3699 {
3700 /* Remove the call to the bounded function with a zero size
3701 (e.g., snprintf(0, 0, "%i", 123)) if there is no lhs. */
3702 unlink_stmt_vdef (info.callstmt);
3703 gsi_remove (gsi, true);
3704 removed = true;
3705 }
3706 else if (info.nowrite)
a27264ed 3707 {
3708 /* Replace the call to the bounded function with a zero size
3709 (e.g., snprintf(0, 0, "%i", 123) with the constant result
974e2c47 3710 of the function. */
a27264ed 3711 if (!update_call_from_tree (gsi, cst))
3712 gimplify_and_update_call_from_tree (gsi, cst);
3713 gimple *callstmt = gsi_stmt (*gsi);
3714 update_stmt (callstmt);
3715 }
974e2c47 3716 else if (lhs)
a27264ed 3717 {
3718 /* Replace the left-hand side of the call with the constant
974e2c47 3719 result of the formatted function. */
a27264ed 3720 gimple_call_set_lhs (info.callstmt, NULL_TREE);
3721 gimple *g = gimple_build_assign (lhs, cst);
3722 gsi_insert_after (gsi, g, GSI_NEW_STMT);
3723 update_stmt (info.callstmt);
3724 }
b9833bfd 3725
3726 if (dump_file)
3727 {
974e2c47 3728 if (removed)
3729 fprintf (dump_file, " Removing call statement.");
3730 else
3731 {
3732 fprintf (dump_file, " Substituting ");
3733 print_generic_expr (dump_file, cst, dump_flags);
3734 fprintf (dump_file, " for %s.\n",
3735 info.nowrite ? "statement" : "return value");
3736 }
b9833bfd 3737 }
3738 }
5f17d3c4 3739 else if (lhs && types_compatible_p (TREE_TYPE (lhs), integer_type_node))
df259a3b 3740 {
974e2c47 3741 bool setrange = false;
b9833bfd 3742
53e0530a 3743 if (safe
3744 && (info.bounded || retval[1] < info.objsize)
3745 && (retval[0] < target_int_max ()
3746 && retval[1] < target_int_max ()))
b9833bfd 3747 {
3748 /* If the result is in a valid range bounded by the size of
3749 the destination set it so that it can be used for subsequent
3750 optimizations. */
3751 int prec = TYPE_PRECISION (integer_type_node);
3752
53e0530a 3753 wide_int min = wi::shwi (retval[0], prec);
3754 wide_int max = wi::shwi (retval[1], prec);
974e2c47 3755 set_range_info (lhs, VR_RANGE, min, max);
3756
3757 setrange = true;
b9833bfd 3758 }
3759
3760 if (dump_file)
3761 {
3762 const char *inbounds
53e0530a 3763 = (retval[0] < info.objsize
3764 ? (retval[1] < info.objsize
b9833bfd 3765 ? "in" : "potentially out-of")
3766 : "out-of");
3767
974e2c47 3768 const char *what = setrange ? "Setting" : "Discarding";
53e0530a 3769 if (retval[0] != retval[1])
b9833bfd 3770 fprintf (dump_file,
cb442e51 3771 " %s %s-bounds return value range ["
3772 HOST_WIDE_INT_PRINT_UNSIGNED ", "
3773 HOST_WIDE_INT_PRINT_UNSIGNED "].\n",
3774 what, inbounds, retval[0], retval[1]);
b9833bfd 3775 else
cb442e51 3776 fprintf (dump_file, " %s %s-bounds return value "
3777 HOST_WIDE_INT_PRINT_UNSIGNED ".\n",
3778 what, inbounds, retval[0]);
b9833bfd 3779 }
3780 }
df259a3b 3781
76cf0084 3782 if (dump_file)
3783 fputc ('\n', dump_file);
3784
3785 return removed;
b9833bfd 3786}
3787
53e0530a 3788/* Try to simplify a s{,n}printf call described by INFO with result
3789 RES by replacing it with a simpler and presumably more efficient
3790 call (such as strcpy). */
3791
3792static bool
3793try_simplify_call (gimple_stmt_iterator *gsi,
9d8823fc 3794 const sprintf_dom_walker::call_info &info,
53e0530a 3795 const format_result &res)
3796{
3797 unsigned HOST_WIDE_INT dummy[2];
3798 if (!is_call_safe (info, res, info.retval_used (), dummy))
3799 return false;
3800
3801 switch (info.fncode)
3802 {
3803 case BUILT_IN_SNPRINTF:
3804 return gimple_fold_builtin_snprintf (gsi);
3805
3806 case BUILT_IN_SPRINTF:
3807 return gimple_fold_builtin_sprintf (gsi);
3808
3809 default:
3810 ;
3811 }
3812
3813 return false;
3814}
3815
7b2ced2f 3816/* Return the zero-based index of the format string argument of a printf
3817 like function and set *IDX_ARGS to the first format argument. When
3818 no such index exists return UINT_MAX. */
3819
3820static unsigned
3821get_user_idx_format (tree fndecl, unsigned *idx_args)
3822{
3823 tree attrs = lookup_attribute ("format", DECL_ATTRIBUTES (fndecl));
3824 if (!attrs)
3825 attrs = lookup_attribute ("format", TYPE_ATTRIBUTES (TREE_TYPE (fndecl)));
3826
3827 if (!attrs)
3828 return UINT_MAX;
3829
3830 attrs = TREE_VALUE (attrs);
3831
3832 tree archetype = TREE_VALUE (attrs);
3833 if (strcmp ("printf", IDENTIFIER_POINTER (archetype)))
3834 return UINT_MAX;
3835
3836 attrs = TREE_CHAIN (attrs);
3837 tree fmtarg = TREE_VALUE (attrs);
3838
3839 attrs = TREE_CHAIN (attrs);
3840 tree elliparg = TREE_VALUE (attrs);
3841
3842 /* Attribute argument indices are 1-based but we use zero-based. */
3843 *idx_args = tree_to_uhwi (elliparg) - 1;
3844 return tree_to_uhwi (fmtarg) - 1;
3845}
3846
b9833bfd 3847/* Determine if a GIMPLE CALL is to one of the sprintf-like built-in
df259a3b 3848 functions and if so, handle it. Return true if the call is removed
3849 and gsi_next should not be performed in the caller. */
b9833bfd 3850
df259a3b 3851bool
9d8823fc 3852sprintf_dom_walker::handle_gimple_call (gimple_stmt_iterator *gsi)
b9833bfd 3853{
3854 call_info info = call_info ();
3855
a27264ed 3856 info.callstmt = gsi_stmt (*gsi);
7b2ced2f 3857 info.func = gimple_call_fndecl (info.callstmt);
3858 if (!info.func)
df259a3b 3859 return false;
b9833bfd 3860
7b2ced2f 3861 /* Format string argument number (valid for all functions). */
3862 unsigned idx_format = UINT_MAX;
499fa2c1 3863 if (gimple_call_builtin_p (info.callstmt, BUILT_IN_NORMAL))
3864 info.fncode = DECL_FUNCTION_CODE (info.func);
3865 else
7b2ced2f 3866 {
3867 unsigned idx_args;
3868 idx_format = get_user_idx_format (info.func, &idx_args);
499fa2c1 3869 if (idx_format == UINT_MAX
3870 || idx_format >= gimple_call_num_args (info.callstmt)
3871 || idx_args > gimple_call_num_args (info.callstmt)
3872 || !POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (info.callstmt,
3873 idx_format))))
7b2ced2f 3874 return false;
499fa2c1 3875 info.fncode = BUILT_IN_NONE;
7b2ced2f 3876 info.argidx = idx_args;
3877 }
3878
b9833bfd 3879 /* The size of the destination as in snprintf(dest, size, ...). */
3880 unsigned HOST_WIDE_INT dstsize = HOST_WIDE_INT_M1U;
3881
3882 /* The size of the destination determined by __builtin_object_size. */
3883 unsigned HOST_WIDE_INT objsize = HOST_WIDE_INT_M1U;
3884
7b2ced2f 3885 /* Zero-based buffer size argument number (snprintf and vsnprintf). */
3886 unsigned idx_dstsize = UINT_MAX;
b9833bfd 3887
3888 /* Object size argument number (snprintf_chk and vsnprintf_chk). */
7b2ced2f 3889 unsigned idx_objsize = UINT_MAX;
b9833bfd 3890
7b2ced2f 3891 /* Destinaton argument number (valid for sprintf functions only). */
3892 unsigned idx_dstptr = 0;
b9833bfd 3893
3894 switch (info.fncode)
3895 {
7b2ced2f 3896 case BUILT_IN_NONE:
3897 // User-defined function with attribute format (printf).
3898 idx_dstptr = -1;
3899 break;
3900
3901 case BUILT_IN_FPRINTF:
3902 // Signature:
3903 // __builtin_fprintf (FILE*, format, ...)
3904 idx_format = 1;
3905 info.argidx = 2;
3906 idx_dstptr = -1;
3907 break;
3908
3909 case BUILT_IN_FPRINTF_CHK:
3910 // Signature:
3911 // __builtin_fprintf_chk (FILE*, ost, format, ...)
3912 idx_format = 2;
3913 info.argidx = 3;
3914 idx_dstptr = -1;
3915 break;
3916
3917 case BUILT_IN_FPRINTF_UNLOCKED:
3918 // Signature:
3919 // __builtin_fprintf_unnlocked (FILE*, format, ...)
3920 idx_format = 1;
3921 info.argidx = 2;
3922 idx_dstptr = -1;
3923 break;
3924
3925 case BUILT_IN_PRINTF:
3926 // Signature:
3927 // __builtin_printf (format, ...)
3928 idx_format = 0;
3929 info.argidx = 1;
3930 idx_dstptr = -1;
3931 break;
3932
3933 case BUILT_IN_PRINTF_CHK:
3934 // Signature:
c1b65cc2 3935 // __builtin_printf_chk (ost, format, ...)
7b2ced2f 3936 idx_format = 1;
3937 info.argidx = 2;
3938 idx_dstptr = -1;
3939 break;
3940
3941 case BUILT_IN_PRINTF_UNLOCKED:
3942 // Signature:
3943 // __builtin_printf (format, ...)
3944 idx_format = 0;
3945 info.argidx = 1;
3946 idx_dstptr = -1;
3947 break;
3948
b9833bfd 3949 case BUILT_IN_SPRINTF:
3950 // Signature:
3951 // __builtin_sprintf (dst, format, ...)
3952 idx_format = 1;
3953 info.argidx = 2;
3954 break;
3955
3c57b79b 3956 case BUILT_IN_SPRINTF_CHK:
3957 // Signature:
3958 // __builtin___sprintf_chk (dst, ost, objsize, format, ...)
3959 idx_objsize = 2;
3960 idx_format = 3;
3961 info.argidx = 4;
3962 break;
3963
b9833bfd 3964 case BUILT_IN_SNPRINTF:
3965 // Signature:
3966 // __builtin_snprintf (dst, size, format, ...)
3967 idx_dstsize = 1;
3968 idx_format = 2;
3969 info.argidx = 3;
3970 info.bounded = true;
3971 break;
3972
3973 case BUILT_IN_SNPRINTF_CHK:
3974 // Signature:
3c57b79b 3975 // __builtin___snprintf_chk (dst, size, ost, objsize, format, ...)
b9833bfd 3976 idx_dstsize = 1;
3977 idx_objsize = 3;
3978 idx_format = 4;
3979 info.argidx = 5;
3980 info.bounded = true;
3981 break;
3982
7b2ced2f 3983 case BUILT_IN_VFPRINTF:
3984 // Signature:
3985 // __builtin_vprintf (FILE*, format, va_list)
3986 idx_format = 1;
3987 info.argidx = -1;
3988 idx_dstptr = -1;
3989 break;
3990
3991 case BUILT_IN_VFPRINTF_CHK:
3992 // Signature:
3993 // __builtin___vfprintf_chk (FILE*, ost, format, va_list)
3994 idx_format = 2;
3995 info.argidx = -1;
3996 idx_dstptr = -1;
3997 break;
3998
3999 case BUILT_IN_VPRINTF:
4000 // Signature:
4001 // __builtin_vprintf (format, va_list)
4002 idx_format = 0;
4003 info.argidx = -1;
4004 idx_dstptr = -1;
4005 break;
4006
4007 case BUILT_IN_VPRINTF_CHK:
4008 // Signature:
4009 // __builtin___vprintf_chk (ost, format, va_list)
4010 idx_format = 1;
4011 info.argidx = -1;
4012 idx_dstptr = -1;
4013 break;
4014
b9833bfd 4015 case BUILT_IN_VSNPRINTF:
4016 // Signature:
4017 // __builtin_vsprintf (dst, size, format, va)
4018 idx_dstsize = 1;
4019 idx_format = 2;
4020 info.argidx = -1;
4021 info.bounded = true;
4022 break;
4023
4024 case BUILT_IN_VSNPRINTF_CHK:
4025 // Signature:
4026 // __builtin___vsnprintf_chk (dst, size, ost, objsize, format, va)
4027 idx_dstsize = 1;
3e822015 4028 idx_objsize = 3;
4029 idx_format = 4;
b9833bfd 4030 info.argidx = -1;
4031 info.bounded = true;
4032 break;
4033
4034 case BUILT_IN_VSPRINTF:
4035 // Signature:
4036 // __builtin_vsprintf (dst, format, va)
4037 idx_format = 1;
4038 info.argidx = -1;
4039 break;
4040
4041 case BUILT_IN_VSPRINTF_CHK:
4042 // Signature:
4043 // __builtin___vsprintf_chk (dst, ost, objsize, format, va)
4044 idx_format = 3;
4045 idx_objsize = 2;
4046 info.argidx = -1;
4047 break;
4048
4049 default:
df259a3b 4050 return false;
b9833bfd 4051 }
4052
76cf0084 4053 /* Set the global warning level for this function. */
4054 warn_level = info.bounded ? warn_format_trunc : warn_format_overflow;
4055
7b2ced2f 4056 /* For all string functions the first argument is a pointer to
4057 the destination. */
4058 tree dstptr = (idx_dstptr < gimple_call_num_args (info.callstmt)
4059 ? gimple_call_arg (info.callstmt, 0) : NULL_TREE);
519bbccd 4060
b9833bfd 4061 info.format = gimple_call_arg (info.callstmt, idx_format);
4062
0529b8f5 4063 /* True when the destination size is constant as opposed to the lower
4064 or upper bound of a range. */
4065 bool dstsize_cst_p = true;
2ecb854b 4066 bool posunder4k = true;
0529b8f5 4067
7b2ced2f 4068 if (idx_dstsize == UINT_MAX)
b9833bfd 4069 {
7bcd359a 4070 /* For non-bounded functions like sprintf, determine the size
4071 of the destination from the object or pointer passed to it
4072 as the first argument. */
519bbccd 4073 dstsize = get_destination_size (dstptr);
b9833bfd 4074 }
4075 else if (tree size = gimple_call_arg (info.callstmt, idx_dstsize))
4076 {
4077 /* For bounded functions try to get the size argument. */
4078
4079 if (TREE_CODE (size) == INTEGER_CST)
4080 {
4081 dstsize = tree_to_uhwi (size);
c62d63d4 4082 /* No object can be larger than SIZE_MAX bytes (half the address
5aef8938 4083 space) on the target.
7bcd359a 4084 The functions are defined only for output of at most INT_MAX
4085 bytes. Specifying a bound in excess of that limit effectively
4086 defeats the bounds checking (and on some implementations such
4087 as Solaris cause the function to fail with EINVAL). */
5aef8938 4088 if (dstsize > target_size_max () / 2)
4089 {
4090 /* Avoid warning if -Wstringop-overflow is specified since
4091 it also warns for the same thing though only for the
4092 checking built-ins. */
7b2ced2f 4093 if ((idx_objsize == UINT_MAX
5aef8938 4094 || !warn_stringop_overflow))
aba01341 4095 warning_at (gimple_location (info.callstmt), info.warnopt (),
5aef8938 4096 "specified bound %wu exceeds maximum object size "
4097 "%wu",
4098 dstsize, target_size_max () / 2);
2ecb854b 4099 /* POSIX requires snprintf to fail if DSTSIZE is greater
4100 than INT_MAX. Even though not all POSIX implementations
4101 conform to the requirement, avoid folding in this case. */
4102 posunder4k = false;
5aef8938 4103 }
7bcd359a 4104 else if (dstsize > target_int_max ())
2ecb854b 4105 {
4106 warning_at (gimple_location (info.callstmt), info.warnopt (),
4107 "specified bound %wu exceeds %<INT_MAX%>",
4108 dstsize);
4109 /* POSIX requires snprintf to fail if DSTSIZE is greater
4110 than INT_MAX. Avoid folding in that case. */
4111 posunder4k = false;
4112 }
b9833bfd 4113 }
4114 else if (TREE_CODE (size) == SSA_NAME)
4115 {
4116 /* Try to determine the range of values of the argument
0529b8f5 4117 and use the greater of the two at level 1 and the smaller
4118 of them at level 2. */
d1524944 4119 value_range *vr = evrp_range_analyzer.get_value_range (size);
be44111e 4120 if (range_int_cst_p (vr))
2ecb854b 4121 {
4122 unsigned HOST_WIDE_INT minsize = TREE_INT_CST_LOW (vr->min ());
4123 unsigned HOST_WIDE_INT maxsize = TREE_INT_CST_LOW (vr->max ());
4124 dstsize = warn_level < 2 ? maxsize : minsize;
4125
4126 if (minsize > target_int_max ())
4127 warning_at (gimple_location (info.callstmt), info.warnopt (),
4128 "specified bound range [%wu, %wu] exceeds "
4129 "%<INT_MAX%>",
4130 minsize, maxsize);
4131
4132 /* POSIX requires snprintf to fail if DSTSIZE is greater
4133 than INT_MAX. Avoid folding if that's possible. */
4134 if (maxsize > target_int_max ())
4135 posunder4k = false;
4136 }
4137 else if (vr->varying_p ())
4138 {
4139 /* POSIX requires snprintf to fail if DSTSIZE is greater
4140 than INT_MAX. Since SIZE's range is unknown, avoid
4141 folding. */
4142 posunder4k = false;
4143 }
0529b8f5 4144
4145 /* The destination size is not constant. If the function is
4146 bounded (e.g., snprintf) a lower bound of zero doesn't
4147 necessarily imply it can be eliminated. */
4148 dstsize_cst_p = false;
b9833bfd 4149 }
4150 }
4151
7b2ced2f 4152 if (idx_objsize != UINT_MAX)
df259a3b 4153 if (tree size = gimple_call_arg (info.callstmt, idx_objsize))
4154 if (tree_fits_uhwi_p (size))
4155 objsize = tree_to_uhwi (size);
b9833bfd 4156
4157 if (info.bounded && !dstsize)
4158 {
4159 /* As a special case, when the explicitly specified destination
4160 size argument (to a bounded function like snprintf) is zero
4161 it is a request to determine the number of bytes on output
4162 without actually producing any. Pretend the size is
4163 unlimited in this case. */
4164 info.objsize = HOST_WIDE_INT_MAX;
0529b8f5 4165 info.nowrite = dstsize_cst_p;
b9833bfd 4166 }
4167 else
4168 {
519bbccd 4169 /* For calls to non-bounded functions or to those of bounded
4170 functions with a non-zero size, warn if the destination
4171 pointer is null. */
7b2ced2f 4172 if (dstptr && integer_zerop (dstptr))
519bbccd 4173 {
4174 /* This is diagnosed with -Wformat only when the null is a constant
4175 pointer. The warning here diagnoses instances where the pointer
4176 is not constant. */
4177 location_t loc = gimple_location (info.callstmt);
4178 warning_at (EXPR_LOC_OR_LOC (dstptr, loc),
7b2ced2f 4179 info.warnopt (), "%Gnull destination pointer",
4180 info.callstmt);
df259a3b 4181 return false;
519bbccd 4182 }
4183
b9833bfd 4184 /* Set the object size to the smaller of the two arguments
4185 of both have been specified and they're not equal. */
4186 info.objsize = dstsize < objsize ? dstsize : objsize;
4187
4188 if (info.bounded
5aef8938 4189 && dstsize < target_size_max () / 2 && objsize < dstsize
4190 /* Avoid warning if -Wstringop-overflow is specified since
4191 it also warns for the same thing though only for the
4192 checking built-ins. */
7b2ced2f 4193 && (idx_objsize == UINT_MAX
5aef8938 4194 || !warn_stringop_overflow))
b9833bfd 4195 {
aba01341 4196 warning_at (gimple_location (info.callstmt), info.warnopt (),
5aef8938 4197 "specified bound %wu exceeds the size %wu "
b9833bfd 4198 "of the destination object", dstsize, objsize);
4199 }
4200 }
4201
7b2ced2f 4202 /* Determine if the format argument may be null and warn if not
4203 and if the argument is null. */
4204 if (integer_zerop (info.format)
4205 && gimple_call_builtin_p (info.callstmt, BUILT_IN_NORMAL))
b9833bfd 4206 {
519bbccd 4207 location_t loc = gimple_location (info.callstmt);
4208 warning_at (EXPR_LOC_OR_LOC (info.format, loc),
7b2ced2f 4209 info.warnopt (), "%Gnull format string",
4210 info.callstmt);
df259a3b 4211 return false;
b9833bfd 4212 }
4213
4214 info.fmtstr = get_format_string (info.format, &info.fmtloc);
4215 if (!info.fmtstr)
df259a3b 4216 return false;
b9833bfd 4217
4218 /* The result is the number of bytes output by the formatted function,
4219 including the terminating NUL. */
4220 format_result res = format_result ();
72d5639d 4221
7b2ced2f 4222 /* I/O functions with no destination argument (i.e., all forms of fprintf
4223 and printf) may fail under any conditions. Others (i.e., all forms of
4224 sprintf) may only fail under specific conditions determined for each
4225 directive. Clear POSUNDER4K for the former set of functions and set
4226 it to true for the latter (it can only be cleared later, but it is
4227 never set to true again). */
2ecb854b 4228 res.posunder4k = posunder4k && dstptr;
7b2ced2f 4229
72d5639d 4230 bool success = compute_format_length (info, &res);
f1625820 4231 if (res.warned)
4232 gimple_set_no_warning (info.callstmt, true);
b9833bfd 4233
4234 /* When optimizing and the printf return value optimization is enabled,
4235 attempt to substitute the computed result for the return value of
4236 the call. Avoid this optimization when -frounding-math is in effect
4237 and the format string contains a floating point directive. */
53e0530a 4238 bool call_removed = false;
4239 if (success && optimize > 0)
4240 {
4241 /* Save a copy of the iterator pointing at the call. The iterator
4242 may change to point past the call in try_substitute_return_value
4243 but the original value is needed in try_simplify_call. */
4244 gimple_stmt_iterator gsi_call = *gsi;
76cf0084 4245
53e0530a 4246 if (flag_printf_return_value
4247 && (!flag_rounding_math || !res.floating))
4248 call_removed = try_substitute_return_value (gsi, info, res);
4249
4250 if (!call_removed)
4251 try_simplify_call (&gsi_call, info, res);
4252 }
4253
4254 return call_removed;
b9833bfd 4255}
4256
9d8823fc 4257edge
4258sprintf_dom_walker::before_dom_children (basic_block bb)
4259{
4d02592b 4260 evrp_range_analyzer.enter (bb);
9d8823fc 4261 for (gimple_stmt_iterator si = gsi_start_bb (bb); !gsi_end_p (si); )
4262 {
4263 /* Iterate over statements, looking for function calls. */
4264 gimple *stmt = gsi_stmt (si);
4265
4d02592b 4266 /* First record ranges generated by this statement. */
4267 evrp_range_analyzer.record_ranges_from_stmt (stmt, false);
4268
9d8823fc 4269 if (is_gimple_call (stmt) && handle_gimple_call (&si))
4270 /* If handle_gimple_call returns true, the iterator is
4271 already pointing to the next statement. */
4272 continue;
4273
4274 gsi_next (&si);
4275 }
4276 return NULL;
4277}
4278
4d02592b 4279void
4280sprintf_dom_walker::after_dom_children (basic_block bb)
4281{
4282 evrp_range_analyzer.leave (bb);
4283}
4284
b9833bfd 4285/* Execute the pass for function FUN. */
4286
4287unsigned int
4288pass_sprintf_length::execute (function *fun)
4289{
722889f9 4290 init_target_to_host_charmap ();
4291
9d8823fc 4292 calculate_dominance_info (CDI_DOMINATORS);
22287fcd 4293 bool use_scev = optimize > 0 && flag_printf_return_value;
4294 if (use_scev)
4295 {
4296 loop_optimizer_init (LOOPS_NORMAL);
4297 scev_initialize ();
4298 }
df259a3b 4299
9d8823fc 4300 sprintf_dom_walker sprintf_dom_walker;
4301 sprintf_dom_walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun));
b9833bfd 4302
22287fcd 4303 if (use_scev)
4304 {
4305 scev_finalize ();
4306 loop_optimizer_finalize ();
4307 }
4308
76cf0084 4309 /* Clean up object size info. */
d17f89dd 4310 fini_object_sizes ();
b9833bfd 4311 return 0;
4312}
4313
4314} /* Unnamed namespace. */
4315
4316/* Return a pointer to a pass object newly constructed from the context
4317 CTXT. */
4318
4319gimple_opt_pass *
4320make_pass_sprintf_length (gcc::context *ctxt)
4321{
4322 return new pass_sprintf_length (ctxt);
4323}
Mirror of https://gcc.gnu.org/git/gcc.git