]>
Commit | Line | Data |
---|---|---|
fbd26352 | 1 | /* Copyright (C) 2016-2019 Free Software Foundation, Inc. |
b9833bfd | 2 | Contributed by Martin Sebor <msebor@redhat.com>. |
3 | ||
4 | This file is part of GCC. | |
5 | ||
6 | GCC is free software; you can redistribute it and/or modify it under | |
7 | the terms of the GNU General Public License as published by the Free | |
8 | Software Foundation; either version 3, or (at your option) any later | |
9 | version. | |
10 | ||
11 | GCC is distributed in the hope that it will be useful, but WITHOUT ANY | |
12 | WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
13 | FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | for more details. | |
15 | ||
16 | You should have received a copy of the GNU General Public License | |
17 | along with GCC; see the file COPYING3. If not see | |
18 | <http://www.gnu.org/licenses/>. */ | |
19 | ||
20 | /* This file implements the printf-return-value pass. The pass does | |
21 | two things: 1) it analyzes calls to formatted output functions like | |
22 | sprintf looking for possible buffer overflows and calls to bounded | |
23 | functions like snprintf for early truncation (and under the control | |
24 | of the -Wformat-length option issues warnings), and 2) under the | |
25 | control of the -fprintf-return-value option it folds the return | |
26 | value of safe calls into constants, making it possible to eliminate | |
27 | code that depends on the value of those constants. | |
28 | ||
29 | For all functions (bounded or not) the pass uses the size of the | |
30 | destination object. That means that it will diagnose calls to | |
31 | snprintf not on the basis of the size specified by the function's | |
32 | second argument but rathger on the basis of the size the first | |
33 | argument points to (if possible). For bound-checking built-ins | |
34 | like __builtin___snprintf_chk the pass uses the size typically | |
35 | determined by __builtin_object_size and passed to the built-in | |
36 | by the Glibc inline wrapper. | |
37 | ||
38 | The pass handles all forms standard sprintf format directives, | |
39 | including character, integer, floating point, pointer, and strings, | |
3c57b79b | 40 | with the standard C flags, widths, and precisions. For integers |
b9833bfd | 41 | and strings it computes the length of output itself. For floating |
42 | point it uses MPFR to fornmat known constants with up and down | |
43 | rounding and uses the resulting range of output lengths. For | |
44 | strings it uses the length of string literals and the sizes of | |
45 | character arrays that a character pointer may point to as a bound | |
46 | on the longest string. */ | |
47 | ||
48 | #include "config.h" | |
49 | #include "system.h" | |
50 | #include "coretypes.h" | |
51 | #include "backend.h" | |
52 | #include "tree.h" | |
53 | #include "gimple.h" | |
54 | #include "tree-pass.h" | |
55 | #include "ssa.h" | |
56 | #include "gimple-fold.h" | |
57 | #include "gimple-pretty-print.h" | |
58 | #include "diagnostic-core.h" | |
59 | #include "fold-const.h" | |
60 | #include "gimple-iterator.h" | |
61 | #include "tree-ssa.h" | |
62 | #include "tree-object-size.h" | |
63 | #include "params.h" | |
64 | #include "tree-cfg.h" | |
a27264ed | 65 | #include "tree-ssa-propagate.h" |
b9833bfd | 66 | #include "calls.h" |
67 | #include "cfgloop.h" | |
22287fcd | 68 | #include "tree-scalar-evolution.h" |
69 | #include "tree-ssa-loop.h" | |
b9833bfd | 70 | #include "intl.h" |
722889f9 | 71 | #include "langhooks.h" |
b9833bfd | 72 | |
7b2ced2f | 73 | #include "attribs.h" |
b9833bfd | 74 | #include "builtins.h" |
75 | #include "stor-layout.h" | |
76 | ||
77 | #include "realmpfr.h" | |
78 | #include "target.h" | |
b9833bfd | 79 | |
80 | #include "cpplib.h" | |
81 | #include "input.h" | |
82 | #include "toplev.h" | |
83 | #include "substring-locations.h" | |
84 | #include "diagnostic.h" | |
9d8823fc | 85 | #include "domwalk.h" |
4d02592b | 86 | #include "alloc-pool.h" |
87 | #include "vr-values.h" | |
88 | #include "gimple-ssa-evrp-analyze.h" | |
b9833bfd | 89 | |
c62d63d4 | 90 | /* The likely worst case value of MB_LEN_MAX for the target, large enough |
91 | for UTF-8. Ideally, this would be obtained by a target hook if it were | |
92 | to be used for optimization but it's good enough as is for warnings. */ | |
26a75cc5 | 93 | #define target_mb_len_max() 6 |
c62d63d4 | 94 | |
84960375 | 95 | /* The maximum number of bytes a single non-string directive can result |
96 | in. This is the result of printf("%.*Lf", INT_MAX, -LDBL_MAX) for | |
97 | LDBL_MAX_10_EXP of 4932. */ | |
98 | #define IEEE_MAX_10_EXP 4932 | |
99 | #define target_dir_max() (target_int_max () + IEEE_MAX_10_EXP + 2) | |
100 | ||
b9833bfd | 101 | namespace { |
102 | ||
103 | const pass_data pass_data_sprintf_length = { | |
104 | GIMPLE_PASS, // pass type | |
105 | "printf-return-value", // pass name | |
106 | OPTGROUP_NONE, // optinfo_flags | |
107 | TV_NONE, // tv_id | |
108 | PROP_cfg, // properties_required | |
109 | 0, // properties_provided | |
110 | 0, // properties_destroyed | |
111 | 0, // properties_start | |
112 | 0, // properties_finish | |
113 | }; | |
114 | ||
76cf0084 | 115 | /* Set to the warning level for the current function which is equal |
116 | either to warn_format_trunc for bounded functions or to | |
117 | warn_format_overflow otherwise. */ | |
118 | ||
119 | static int warn_level; | |
120 | ||
b9833bfd | 121 | struct format_result; |
122 | ||
9d8823fc | 123 | class sprintf_dom_walker : public dom_walker |
124 | { | |
125 | public: | |
447602ef | 126 | sprintf_dom_walker () |
127 | : dom_walker (CDI_DOMINATORS), | |
128 | evrp_range_analyzer (false) {} | |
9d8823fc | 129 | ~sprintf_dom_walker () {} |
130 | ||
ac03d822 | 131 | edge before_dom_children (basic_block) FINAL OVERRIDE; |
4d02592b | 132 | void after_dom_children (basic_block) FINAL OVERRIDE; |
9d8823fc | 133 | bool handle_gimple_call (gimple_stmt_iterator *); |
134 | ||
135 | struct call_info; | |
136 | bool compute_format_length (call_info &, format_result *); | |
4d02592b | 137 | class evrp_range_analyzer evrp_range_analyzer; |
9d8823fc | 138 | }; |
139 | ||
b9833bfd | 140 | class pass_sprintf_length : public gimple_opt_pass |
141 | { | |
142 | bool fold_return_value; | |
143 | ||
144 | public: | |
145 | pass_sprintf_length (gcc::context *ctxt) | |
146 | : gimple_opt_pass (pass_data_sprintf_length, ctxt), | |
147 | fold_return_value (false) | |
148 | { } | |
149 | ||
150 | opt_pass * clone () { return new pass_sprintf_length (m_ctxt); } | |
151 | ||
152 | virtual bool gate (function *); | |
153 | ||
154 | virtual unsigned int execute (function *); | |
155 | ||
156 | void set_pass_param (unsigned int n, bool param) | |
157 | { | |
158 | gcc_assert (n == 0); | |
159 | fold_return_value = param; | |
160 | } | |
161 | ||
b9833bfd | 162 | }; |
163 | ||
164 | bool | |
165 | pass_sprintf_length::gate (function *) | |
166 | { | |
76cf0084 | 167 | /* Run the pass iff -Warn-format-overflow or -Warn-format-truncation |
168 | is specified and either not optimizing and the pass is being invoked | |
169 | early, or when optimizing and the pass is being invoked during | |
170 | optimization (i.e., "late"). */ | |
26a75cc5 | 171 | return ((warn_format_overflow > 0 |
172 | || warn_format_trunc > 0 | |
173 | || flag_printf_return_value) | |
bd94fe4f | 174 | && (optimize > 0) == fold_return_value); |
b9833bfd | 175 | } |
176 | ||
425bd7b1 | 177 | /* The minimum, maximum, likely, and unlikely maximum number of bytes |
178 | of output either a formatting function or an individual directive | |
179 | can result in. */ | |
180 | ||
181 | struct result_range | |
182 | { | |
183 | /* The absolute minimum number of bytes. The result of a successful | |
184 | conversion is guaranteed to be no less than this. (An erroneous | |
185 | conversion can be indicated by MIN > HOST_WIDE_INT_MAX.) */ | |
186 | unsigned HOST_WIDE_INT min; | |
187 | /* The likely maximum result that is used in diagnostics. In most | |
188 | cases MAX is the same as the worst case UNLIKELY result. */ | |
189 | unsigned HOST_WIDE_INT max; | |
190 | /* The likely result used to trigger diagnostics. For conversions | |
191 | that result in a range of bytes [MIN, MAX], LIKELY is somewhere | |
192 | in that range. */ | |
193 | unsigned HOST_WIDE_INT likely; | |
194 | /* In rare cases (e.g., for nultibyte characters) UNLIKELY gives | |
195 | the worst cases maximum result of a directive. In most cases | |
196 | UNLIKELY == MAX. UNLIKELY is used to control the return value | |
197 | optimization but not in diagnostics. */ | |
198 | unsigned HOST_WIDE_INT unlikely; | |
199 | }; | |
200 | ||
b9833bfd | 201 | /* The result of a call to a formatted function. */ |
202 | ||
203 | struct format_result | |
204 | { | |
425bd7b1 | 205 | /* Range of characters written by the formatted function. |
206 | Setting the minimum to HOST_WIDE_INT_MAX disables all | |
207 | length tracking for the remainder of the format string. */ | |
208 | result_range range; | |
b9833bfd | 209 | |
c62d63d4 | 210 | /* True when the range above is obtained from known values of |
425bd7b1 | 211 | directive arguments, or bounds on the amount of output such |
212 | as width and precision, and not the result of heuristics that | |
213 | depend on warning levels. It's used to issue stricter diagnostics | |
214 | in cases where strings of unknown lengths are bounded by the arrays | |
215 | they are determined to refer to. KNOWNRANGE must not be used for | |
216 | the return value optimization. */ | |
c62d63d4 | 217 | bool knownrange; |
218 | ||
17d7e9ff | 219 | /* True if no individual directive could fail or result in more than |
220 | 4095 bytes of output (the total NUMBER_CHARS_{MIN,MAX} might be | |
221 | greater). Implementations are not required to handle directives | |
222 | that produce more than 4K bytes (leading to undefined behavior) | |
223 | and so when one is found it disables the return value optimization. | |
224 | Similarly, directives that can fail (such as wide character | |
225 | directives) disable the optimization. */ | |
226 | bool posunder4k; | |
b9833bfd | 227 | |
228 | /* True when a floating point directive has been seen in the format | |
229 | string. */ | |
230 | bool floating; | |
231 | ||
232 | /* True when an intermediate result has caused a warning. Used to | |
233 | avoid issuing duplicate warnings while finishing the processing | |
425bd7b1 | 234 | of a call. WARNED also disables the return value optimization. */ |
b9833bfd | 235 | bool warned; |
236 | ||
237 | /* Preincrement the number of output characters by 1. */ | |
238 | format_result& operator++ () | |
239 | { | |
240 | return *this += 1; | |
241 | } | |
242 | ||
243 | /* Postincrement the number of output characters by 1. */ | |
244 | format_result operator++ (int) | |
245 | { | |
246 | format_result prev (*this); | |
247 | *this += 1; | |
248 | return prev; | |
249 | } | |
250 | ||
251 | /* Increment the number of output characters by N. */ | |
26a75cc5 | 252 | format_result& operator+= (unsigned HOST_WIDE_INT); |
b9833bfd | 253 | }; |
254 | ||
26a75cc5 | 255 | format_result& |
256 | format_result::operator+= (unsigned HOST_WIDE_INT n) | |
257 | { | |
258 | gcc_assert (n < HOST_WIDE_INT_MAX); | |
259 | ||
425bd7b1 | 260 | if (range.min < HOST_WIDE_INT_MAX) |
261 | range.min += n; | |
262 | ||
263 | if (range.max < HOST_WIDE_INT_MAX) | |
264 | range.max += n; | |
26a75cc5 | 265 | |
425bd7b1 | 266 | if (range.likely < HOST_WIDE_INT_MAX) |
267 | range.likely += n; | |
26a75cc5 | 268 | |
425bd7b1 | 269 | if (range.unlikely < HOST_WIDE_INT_MAX) |
270 | range.unlikely += n; | |
26a75cc5 | 271 | |
272 | return *this; | |
273 | } | |
274 | ||
b9833bfd | 275 | /* Return the value of INT_MIN for the target. */ |
276 | ||
7bcd359a | 277 | static inline HOST_WIDE_INT |
b9833bfd | 278 | target_int_min () |
279 | { | |
7bcd359a | 280 | return tree_to_shwi (TYPE_MIN_VALUE (integer_type_node)); |
c62d63d4 | 281 | } |
282 | ||
283 | /* Return the value of INT_MAX for the target. */ | |
284 | ||
285 | static inline unsigned HOST_WIDE_INT | |
286 | target_int_max () | |
287 | { | |
7bcd359a | 288 | return tree_to_uhwi (TYPE_MAX_VALUE (integer_type_node)); |
c62d63d4 | 289 | } |
290 | ||
291 | /* Return the value of SIZE_MAX for the target. */ | |
292 | ||
293 | static inline unsigned HOST_WIDE_INT | |
294 | target_size_max () | |
295 | { | |
7bcd359a | 296 | return tree_to_uhwi (TYPE_MAX_VALUE (size_type_node)); |
b9833bfd | 297 | } |
298 | ||
722889f9 | 299 | /* A straightforward mapping from the execution character set to the host |
300 | character set indexed by execution character. */ | |
301 | ||
302 | static char target_to_host_charmap[256]; | |
303 | ||
304 | /* Initialize a mapping from the execution character set to the host | |
305 | character set. */ | |
306 | ||
307 | static bool | |
308 | init_target_to_host_charmap () | |
309 | { | |
310 | /* If the percent sign is non-zero the mapping has already been | |
311 | initialized. */ | |
312 | if (target_to_host_charmap['%']) | |
313 | return true; | |
314 | ||
315 | /* Initialize the target_percent character (done elsewhere). */ | |
316 | if (!init_target_chars ()) | |
317 | return false; | |
318 | ||
319 | /* The subset of the source character set used by printf conversion | |
320 | specifications (strictly speaking, not all letters are used but | |
321 | they are included here for the sake of simplicity). The dollar | |
322 | sign must be included even though it's not in the basic source | |
323 | character set. */ | |
324 | const char srcset[] = " 0123456789!\"#%&'()*+,-./:;<=>?[\\]^_{|}~$" | |
325 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | |
326 | ||
327 | /* Set the mapping for all characters to some ordinary value (i,e., | |
328 | not none used in printf conversion specifications) and overwrite | |
329 | those that are used by conversion specifications with their | |
330 | corresponding values. */ | |
331 | memset (target_to_host_charmap + 1, '?', sizeof target_to_host_charmap - 1); | |
332 | ||
333 | /* Are the two sets of characters the same? */ | |
334 | bool all_same_p = true; | |
335 | ||
336 | for (const char *pc = srcset; *pc; ++pc) | |
337 | { | |
338 | /* Slice off the high end bits in case target characters are | |
339 | signed. All values are expected to be non-nul, otherwise | |
340 | there's a problem. */ | |
341 | if (unsigned char tc = lang_hooks.to_target_charset (*pc)) | |
342 | { | |
343 | target_to_host_charmap[tc] = *pc; | |
344 | if (tc != *pc) | |
345 | all_same_p = false; | |
346 | } | |
347 | else | |
348 | return false; | |
349 | ||
350 | } | |
351 | ||
352 | /* Set the first element to a non-zero value if the mapping | |
353 | is 1-to-1, otherwise leave it clear (NUL is assumed to be | |
354 | the same in both character sets). */ | |
355 | target_to_host_charmap[0] = all_same_p; | |
356 | ||
357 | return true; | |
358 | } | |
359 | ||
360 | /* Return the host source character corresponding to the character | |
361 | CH in the execution character set if one exists, or some innocuous | |
362 | (non-special, non-nul) source character otherwise. */ | |
363 | ||
364 | static inline unsigned char | |
365 | target_to_host (unsigned char ch) | |
366 | { | |
367 | return target_to_host_charmap[ch]; | |
368 | } | |
369 | ||
370 | /* Convert an initial substring of the string TARGSTR consisting of | |
371 | characters in the execution character set into a string in the | |
372 | source character set on the host and store up to HOSTSZ characters | |
373 | in the buffer pointed to by HOSTR. Return HOSTR. */ | |
374 | ||
375 | static const char* | |
376 | target_to_host (char *hostr, size_t hostsz, const char *targstr) | |
377 | { | |
378 | /* Make sure the buffer is reasonably big. */ | |
379 | gcc_assert (hostsz > 4); | |
380 | ||
381 | /* The interesting subset of source and execution characters are | |
382 | the same so no conversion is necessary. However, truncate | |
383 | overlong strings just like the translated strings are. */ | |
384 | if (target_to_host_charmap['\0'] == 1) | |
385 | { | |
92a180c6 | 386 | size_t len = strlen (targstr); |
387 | if (len >= hostsz) | |
388 | { | |
389 | memcpy (hostr, targstr, hostsz - 4); | |
390 | strcpy (hostr + hostsz - 4, "..."); | |
391 | } | |
392 | else | |
393 | memcpy (hostr, targstr, len + 1); | |
722889f9 | 394 | return hostr; |
395 | } | |
396 | ||
397 | /* Convert the initial substring of TARGSTR to the corresponding | |
398 | characters in the host set, appending "..." if TARGSTR is too | |
399 | long to fit. Using the static buffer assumes the function is | |
400 | not called in between sequence points (which it isn't). */ | |
401 | for (char *ph = hostr; ; ++targstr) | |
402 | { | |
403 | *ph++ = target_to_host (*targstr); | |
404 | if (!*targstr) | |
405 | break; | |
406 | ||
92a180c6 | 407 | if (size_t (ph - hostr) == hostsz) |
722889f9 | 408 | { |
92a180c6 | 409 | strcpy (ph - 4, "..."); |
722889f9 | 410 | break; |
411 | } | |
412 | } | |
413 | ||
414 | return hostr; | |
415 | } | |
416 | ||
417 | /* Convert the sequence of decimal digits in the execution character | |
1d4fa533 | 418 | starting at *PS to a HOST_WIDE_INT, analogously to strtol. Return |
419 | the result and set *PS to one past the last converted character. | |
420 | On range error set ERANGE to the digit that caused it. */ | |
722889f9 | 421 | |
1d4fa533 | 422 | static inline HOST_WIDE_INT |
423 | target_strtowi (const char **ps, const char **erange) | |
722889f9 | 424 | { |
425 | unsigned HOST_WIDE_INT val = 0; | |
426 | for ( ; ; ++*ps) | |
427 | { | |
428 | unsigned char c = target_to_host (**ps); | |
429 | if (ISDIGIT (c)) | |
430 | { | |
431 | c -= '0'; | |
432 | ||
433 | /* Check for overflow. */ | |
1d4fa533 | 434 | if (val > ((unsigned HOST_WIDE_INT) HOST_WIDE_INT_MAX - c) / 10LU) |
722889f9 | 435 | { |
1d4fa533 | 436 | val = HOST_WIDE_INT_MAX; |
722889f9 | 437 | *erange = *ps; |
438 | ||
439 | /* Skip the remaining digits. */ | |
440 | do | |
441 | c = target_to_host (*++*ps); | |
442 | while (ISDIGIT (c)); | |
443 | break; | |
444 | } | |
445 | else | |
446 | val = val * 10 + c; | |
447 | } | |
448 | else | |
449 | break; | |
450 | } | |
451 | ||
452 | return val; | |
453 | } | |
454 | ||
b9833bfd | 455 | /* Given FORMAT, set *PLOC to the source location of the format string |
456 | and return the format string if it is known or null otherwise. */ | |
457 | ||
458 | static const char* | |
459 | get_format_string (tree format, location_t *ploc) | |
460 | { | |
b9833bfd | 461 | *ploc = EXPR_LOC_OR_LOC (format, input_location); |
462 | ||
fd5cbc99 | 463 | return c_getstr (format); |
b9833bfd | 464 | } |
465 | ||
7ac1c1d7 | 466 | /* For convenience and brevity, shorter named entrypoints of |
995dda73 | 467 | format_string_diagnostic_t::emit_warning_va and |
468 | format_string_diagnostic_t::emit_warning_n_va. | |
7ac1c1d7 | 469 | These have to be functions with the attribute so that exgettext |
470 | works properly. */ | |
b9833bfd | 471 | |
7ac1c1d7 | 472 | static bool |
473 | ATTRIBUTE_GCC_DIAG (5, 6) | |
474 | fmtwarn (const substring_loc &fmt_loc, location_t param_loc, | |
475 | const char *corrected_substring, int opt, const char *gmsgid, ...) | |
476 | { | |
995dda73 | 477 | format_string_diagnostic_t diag (fmt_loc, NULL, param_loc, NULL, |
478 | corrected_substring); | |
7ac1c1d7 | 479 | va_list ap; |
480 | va_start (ap, gmsgid); | |
995dda73 | 481 | bool warned = diag.emit_warning_va (opt, gmsgid, &ap); |
7ac1c1d7 | 482 | va_end (ap); |
b9833bfd | 483 | |
7ac1c1d7 | 484 | return warned; |
485 | } | |
b9833bfd | 486 | |
487 | static bool | |
7ac1c1d7 | 488 | ATTRIBUTE_GCC_DIAG (6, 8) ATTRIBUTE_GCC_DIAG (7, 8) |
489 | fmtwarn_n (const substring_loc &fmt_loc, location_t param_loc, | |
490 | const char *corrected_substring, int opt, unsigned HOST_WIDE_INT n, | |
491 | const char *singular_gmsgid, const char *plural_gmsgid, ...) | |
492 | { | |
995dda73 | 493 | format_string_diagnostic_t diag (fmt_loc, NULL, param_loc, NULL, |
494 | corrected_substring); | |
7ac1c1d7 | 495 | va_list ap; |
496 | va_start (ap, plural_gmsgid); | |
995dda73 | 497 | bool warned = diag.emit_warning_n_va (opt, n, singular_gmsgid, plural_gmsgid, |
498 | &ap); | |
7ac1c1d7 | 499 | va_end (ap); |
500 | ||
501 | return warned; | |
502 | } | |
b9833bfd | 503 | |
504 | /* Format length modifiers. */ | |
505 | ||
506 | enum format_lengths | |
507 | { | |
508 | FMT_LEN_none, | |
509 | FMT_LEN_hh, // char argument | |
510 | FMT_LEN_h, // short | |
511 | FMT_LEN_l, // long | |
512 | FMT_LEN_ll, // long long | |
513 | FMT_LEN_L, // long double (and GNU long long) | |
514 | FMT_LEN_z, // size_t | |
515 | FMT_LEN_t, // ptrdiff_t | |
516 | FMT_LEN_j // intmax_t | |
517 | }; | |
518 | ||
519 | ||
b9833bfd | 520 | /* Description of the result of conversion either of a single directive |
521 | or the whole format string. */ | |
522 | ||
523 | struct fmtresult | |
524 | { | |
26a75cc5 | 525 | /* Construct a FMTRESULT object with all counters initialized |
526 | to MIN. KNOWNRANGE is set when MIN is valid. */ | |
527 | fmtresult (unsigned HOST_WIDE_INT min = HOST_WIDE_INT_MAX) | |
f1625820 | 528 | : argmin (), argmax (), nonstr (), |
26a75cc5 | 529 | knownrange (min < HOST_WIDE_INT_MAX), |
17d7e9ff | 530 | mayfail (), nullp () |
c62d63d4 | 531 | { |
26a75cc5 | 532 | range.min = min; |
533 | range.max = min; | |
425bd7b1 | 534 | range.likely = min; |
535 | range.unlikely = min; | |
26a75cc5 | 536 | } |
537 | ||
425bd7b1 | 538 | /* Construct a FMTRESULT object with MIN, MAX, and LIKELY counters. |
539 | KNOWNRANGE is set when both MIN and MAX are valid. */ | |
540 | fmtresult (unsigned HOST_WIDE_INT min, unsigned HOST_WIDE_INT max, | |
541 | unsigned HOST_WIDE_INT likely = HOST_WIDE_INT_MAX) | |
f1625820 | 542 | : argmin (), argmax (), nonstr (), |
26a75cc5 | 543 | knownrange (min < HOST_WIDE_INT_MAX && max < HOST_WIDE_INT_MAX), |
17d7e9ff | 544 | mayfail (), nullp () |
26a75cc5 | 545 | { |
546 | range.min = min; | |
974e2c47 | 547 | range.max = max; |
425bd7b1 | 548 | range.likely = max < likely ? min : likely; |
549 | range.unlikely = max; | |
c62d63d4 | 550 | } |
551 | ||
9b0feec7 | 552 | /* Adjust result upward to reflect the RANGE of values the specified |
553 | width or precision is known to be in. */ | |
554 | fmtresult& adjust_for_width_or_precision (const HOST_WIDE_INT[2], | |
425bd7b1 | 555 | tree = NULL_TREE, |
556 | unsigned = 0, unsigned = 0); | |
557 | ||
558 | /* Return the maximum number of decimal digits a value of TYPE | |
559 | formats as on output. */ | |
9b0feec7 | 560 | static unsigned type_max_digits (tree, int); |
425bd7b1 | 561 | |
b9833bfd | 562 | /* The range a directive's argument is in. */ |
563 | tree argmin, argmax; | |
564 | ||
565 | /* The minimum and maximum number of bytes that a directive | |
566 | results in on output for an argument in the range above. */ | |
567 | result_range range; | |
568 | ||
f1625820 | 569 | /* Non-nul when the argument of a string directive is not a nul |
570 | terminated string. */ | |
571 | tree nonstr; | |
572 | ||
c62d63d4 | 573 | /* True when the range above is obtained from a known value of |
574 | a directive's argument or its bounds and not the result of | |
575 | heuristics that depend on warning levels. */ | |
576 | bool knownrange; | |
577 | ||
17d7e9ff | 578 | /* True for a directive that may fail (such as wide character |
579 | directives). */ | |
580 | bool mayfail; | |
581 | ||
519bbccd | 582 | /* True when the argument is a null pointer. */ |
583 | bool nullp; | |
b9833bfd | 584 | }; |
585 | ||
9b0feec7 | 586 | /* Adjust result upward to reflect the range ADJUST of values the |
587 | specified width or precision is known to be in. When non-null, | |
588 | TYPE denotes the type of the directive whose result is being | |
589 | adjusted, BASE gives the base of the directive (octal, decimal, | |
590 | or hex), and ADJ denotes the additional adjustment to the LIKELY | |
591 | counter that may need to be added when ADJUST is a range. */ | |
425bd7b1 | 592 | |
593 | fmtresult& | |
9b0feec7 | 594 | fmtresult::adjust_for_width_or_precision (const HOST_WIDE_INT adjust[2], |
425bd7b1 | 595 | tree type /* = NULL_TREE */, |
596 | unsigned base /* = 0 */, | |
597 | unsigned adj /* = 0 */) | |
598 | { | |
599 | bool minadjusted = false; | |
600 | ||
425bd7b1 | 601 | /* Adjust the minimum and likely counters. */ |
f84f68b2 | 602 | if (adjust[0] >= 0) |
425bd7b1 | 603 | { |
604 | if (range.min < (unsigned HOST_WIDE_INT)adjust[0]) | |
605 | { | |
606 | range.min = adjust[0]; | |
607 | minadjusted = true; | |
608 | } | |
609 | ||
610 | /* Adjust the likely counter. */ | |
611 | if (range.likely < range.min) | |
612 | range.likely = range.min; | |
613 | } | |
614 | else if (adjust[0] == target_int_min () | |
615 | && (unsigned HOST_WIDE_INT)adjust[1] == target_int_max ()) | |
616 | knownrange = false; | |
617 | ||
618 | /* Adjust the maximum counter. */ | |
f84f68b2 | 619 | if (adjust[1] > 0) |
425bd7b1 | 620 | { |
621 | if (range.max < (unsigned HOST_WIDE_INT)adjust[1]) | |
622 | { | |
623 | range.max = adjust[1]; | |
624 | ||
625 | /* Set KNOWNRANGE if both the minimum and maximum have been | |
626 | adjusted. Otherwise leave it at what it was before. */ | |
627 | knownrange = minadjusted; | |
628 | } | |
629 | } | |
630 | ||
631 | if (warn_level > 1 && type) | |
632 | { | |
633 | /* For large non-constant width or precision whose range spans | |
634 | the maximum number of digits produced by the directive for | |
635 | any argument, set the likely number of bytes to be at most | |
636 | the number digits plus other adjustment determined by the | |
637 | caller (one for sign or two for the hexadecimal "0x" | |
638 | prefix). */ | |
639 | unsigned dirdigs = type_max_digits (type, base); | |
640 | if (adjust[0] < dirdigs && dirdigs < adjust[1] | |
641 | && range.likely < dirdigs) | |
642 | range.likely = dirdigs + adj; | |
643 | } | |
644 | else if (range.likely < (range.min ? range.min : 1)) | |
645 | { | |
646 | /* Conservatively, set LIKELY to at least MIN but no less than | |
647 | 1 unless MAX is zero. */ | |
648 | range.likely = (range.min | |
649 | ? range.min | |
650 | : range.max && (range.max < HOST_WIDE_INT_MAX | |
651 | || warn_level > 1) ? 1 : 0); | |
652 | } | |
653 | ||
654 | /* Finally adjust the unlikely counter to be at least as large as | |
655 | the maximum. */ | |
656 | if (range.unlikely < range.max) | |
657 | range.unlikely = range.max; | |
658 | ||
659 | return *this; | |
660 | } | |
661 | ||
662 | /* Return the maximum number of digits a value of TYPE formats in | |
663 | BASE on output, not counting base prefix . */ | |
664 | ||
665 | unsigned | |
666 | fmtresult::type_max_digits (tree type, int base) | |
667 | { | |
668 | unsigned prec = TYPE_PRECISION (type); | |
b35bf93a | 669 | switch (base) |
670 | { | |
671 | case 8: | |
672 | return (prec + 2) / 3; | |
673 | case 10: | |
674 | /* Decimal approximation: yields 3, 5, 10, and 20 for precision | |
675 | of 8, 16, 32, and 64 bits. */ | |
676 | return prec * 301 / 1000 + 1; | |
677 | case 16: | |
678 | return prec / 4; | |
679 | } | |
425bd7b1 | 680 | |
b35bf93a | 681 | gcc_unreachable (); |
425bd7b1 | 682 | } |
683 | ||
9b0feec7 | 684 | static bool |
a669405f | 685 | get_int_range (tree, HOST_WIDE_INT *, HOST_WIDE_INT *, bool, HOST_WIDE_INT, |
686 | class vr_values *vr_values); | |
9b0feec7 | 687 | |
688 | /* Description of a format directive. A directive is either a plain | |
689 | string or a conversion specification that starts with '%'. */ | |
b9833bfd | 690 | |
26a75cc5 | 691 | struct directive |
b9833bfd | 692 | { |
26a75cc5 | 693 | /* The 1-based directive number (for debugging). */ |
694 | unsigned dirno; | |
695 | ||
696 | /* The first character of the directive and its length. */ | |
697 | const char *beg; | |
698 | size_t len; | |
699 | ||
b9833bfd | 700 | /* A bitmap of flags, one for each character. */ |
701 | unsigned flags[256 / sizeof (int)]; | |
b9833bfd | 702 | |
9b0feec7 | 703 | /* The range of values of the specified width, or -1 if not specified. */ |
704 | HOST_WIDE_INT width[2]; | |
705 | /* The range of values of the specified precision, or -1 if not | |
706 | specified. */ | |
707 | HOST_WIDE_INT prec[2]; | |
b9833bfd | 708 | |
709 | /* Length modifier. */ | |
710 | format_lengths modifier; | |
711 | ||
712 | /* Format specifier character. */ | |
713 | char specifier; | |
714 | ||
26a75cc5 | 715 | /* The argument of the directive or null when the directive doesn't |
716 | take one or when none is available (such as for vararg functions). */ | |
717 | tree arg; | |
b9833bfd | 718 | |
425bd7b1 | 719 | /* Format conversion function that given a directive and an argument |
720 | returns the formatting result. */ | |
a669405f | 721 | fmtresult (*fmtfunc) (const directive &, tree, vr_values *); |
b9833bfd | 722 | |
723 | /* Return True when a the format flag CHR has been used. */ | |
724 | bool get_flag (char chr) const | |
725 | { | |
726 | unsigned char c = chr & 0xff; | |
727 | return (flags[c / (CHAR_BIT * sizeof *flags)] | |
728 | & (1U << (c % (CHAR_BIT * sizeof *flags)))); | |
729 | } | |
730 | ||
731 | /* Make a record of the format flag CHR having been used. */ | |
732 | void set_flag (char chr) | |
733 | { | |
734 | unsigned char c = chr & 0xff; | |
735 | flags[c / (CHAR_BIT * sizeof *flags)] | |
736 | |= (1U << (c % (CHAR_BIT * sizeof *flags))); | |
737 | } | |
738 | ||
739 | /* Reset the format flag CHR. */ | |
740 | void clear_flag (char chr) | |
741 | { | |
742 | unsigned char c = chr & 0xff; | |
743 | flags[c / (CHAR_BIT * sizeof *flags)] | |
744 | &= ~(1U << (c % (CHAR_BIT * sizeof *flags))); | |
745 | } | |
26a75cc5 | 746 | |
9b0feec7 | 747 | /* Set both bounds of the width range to VAL. */ |
26a75cc5 | 748 | void set_width (HOST_WIDE_INT val) |
749 | { | |
9b0feec7 | 750 | width[0] = width[1] = val; |
26a75cc5 | 751 | } |
752 | ||
9b0feec7 | 753 | /* Set the width range according to ARG, with both bounds being |
754 | no less than 0. For a constant ARG set both bounds to its value | |
755 | or 0, whichever is greater. For a non-constant ARG in some range | |
756 | set width to its range adjusting each bound to -1 if it's less. | |
757 | For an indeterminate ARG set width to [0, INT_MAX]. */ | |
a669405f | 758 | void set_width (tree arg, vr_values *vr_values) |
26a75cc5 | 759 | { |
a669405f | 760 | get_int_range (arg, width, width + 1, true, 0, vr_values); |
26a75cc5 | 761 | } |
762 | ||
9b0feec7 | 763 | /* Set both bounds of the precision range to VAL. */ |
26a75cc5 | 764 | void set_precision (HOST_WIDE_INT val) |
765 | { | |
9b0feec7 | 766 | prec[0] = prec[1] = val; |
26a75cc5 | 767 | } |
768 | ||
9b0feec7 | 769 | /* Set the precision range according to ARG, with both bounds being |
770 | no less than -1. For a constant ARG set both bounds to its value | |
771 | or -1 whichever is greater. For a non-constant ARG in some range | |
772 | set precision to its range adjusting each bound to -1 if it's less. | |
773 | For an indeterminate ARG set precision to [-1, INT_MAX]. */ | |
a669405f | 774 | void set_precision (tree arg, vr_values *vr_values) |
26a75cc5 | 775 | { |
a669405f | 776 | get_int_range (arg, prec, prec + 1, false, -1, vr_values); |
26a75cc5 | 777 | } |
7b2c89ef | 778 | |
779 | /* Return true if both width and precision are known to be | |
780 | either constant or in some range, false otherwise. */ | |
781 | bool known_width_and_precision () const | |
782 | { | |
783 | return ((width[1] < 0 | |
784 | || (unsigned HOST_WIDE_INT)width[1] <= target_int_max ()) | |
785 | && (prec[1] < 0 | |
786 | || (unsigned HOST_WIDE_INT)prec[1] < target_int_max ())); | |
787 | } | |
b9833bfd | 788 | }; |
789 | ||
790 | /* Return the logarithm of X in BASE. */ | |
791 | ||
792 | static int | |
793 | ilog (unsigned HOST_WIDE_INT x, int base) | |
794 | { | |
795 | int res = 0; | |
796 | do | |
797 | { | |
798 | ++res; | |
799 | x /= base; | |
800 | } while (x); | |
801 | return res; | |
802 | } | |
803 | ||
804 | /* Return the number of bytes resulting from converting into a string | |
07242bec | 805 | the INTEGER_CST tree node X in BASE with a minimum of PREC digits. |
806 | PLUS indicates whether 1 for a plus sign should be added for positive | |
807 | numbers, and PREFIX whether the length of an octal ('O') or hexadecimal | |
808 | ('0x') prefix should be added for nonzero numbers. Return -1 if X cannot | |
809 | be represented. */ | |
810 | ||
811 | static HOST_WIDE_INT | |
812 | tree_digits (tree x, int base, HOST_WIDE_INT prec, bool plus, bool prefix) | |
b9833bfd | 813 | { |
814 | unsigned HOST_WIDE_INT absval; | |
815 | ||
07242bec | 816 | HOST_WIDE_INT res; |
b9833bfd | 817 | |
818 | if (TYPE_UNSIGNED (TREE_TYPE (x))) | |
819 | { | |
820 | if (tree_fits_uhwi_p (x)) | |
821 | { | |
822 | absval = tree_to_uhwi (x); | |
823 | res = plus; | |
824 | } | |
825 | else | |
826 | return -1; | |
827 | } | |
828 | else | |
829 | { | |
830 | if (tree_fits_shwi_p (x)) | |
831 | { | |
832 | HOST_WIDE_INT i = tree_to_shwi (x); | |
a61df77a | 833 | if (HOST_WIDE_INT_MIN == i) |
834 | { | |
835 | /* Avoid undefined behavior due to negating a minimum. */ | |
836 | absval = HOST_WIDE_INT_MAX; | |
837 | res = 1; | |
838 | } | |
839 | else if (i < 0) | |
840 | { | |
841 | absval = -i; | |
842 | res = 1; | |
843 | } | |
844 | else | |
845 | { | |
846 | absval = i; | |
847 | res = plus; | |
848 | } | |
b9833bfd | 849 | } |
850 | else | |
851 | return -1; | |
852 | } | |
853 | ||
07242bec | 854 | int ndigs = ilog (absval, base); |
855 | ||
856 | res += prec < ndigs ? ndigs : prec; | |
b9833bfd | 857 | |
300d15eb | 858 | /* Adjust a non-zero value for the base prefix, either hexadecimal, |
859 | or, unless precision has resulted in a leading zero, also octal. */ | |
860 | if (prefix && absval && (base == 16 || prec <= ndigs)) | |
b9833bfd | 861 | { |
862 | if (base == 8) | |
863 | res += 1; | |
864 | else if (base == 16) | |
865 | res += 2; | |
866 | } | |
867 | ||
868 | return res; | |
869 | } | |
870 | ||
871 | /* Given the formatting result described by RES and NAVAIL, the number | |
9b0feec7 | 872 | of available in the destination, return the range of bytes remaining |
b9833bfd | 873 | in the destination. */ |
874 | ||
875 | static inline result_range | |
876 | bytes_remaining (unsigned HOST_WIDE_INT navail, const format_result &res) | |
877 | { | |
878 | result_range range; | |
879 | ||
880 | if (HOST_WIDE_INT_MAX <= navail) | |
881 | { | |
425bd7b1 | 882 | range.min = range.max = range.likely = range.unlikely = navail; |
b9833bfd | 883 | return range; |
884 | } | |
885 | ||
425bd7b1 | 886 | /* The lower bound of the available range is the available size |
887 | minus the maximum output size, and the upper bound is the size | |
888 | minus the minimum. */ | |
889 | range.max = res.range.min < navail ? navail - res.range.min : 0; | |
b9833bfd | 890 | |
425bd7b1 | 891 | range.likely = res.range.likely < navail ? navail - res.range.likely : 0; |
b9833bfd | 892 | |
425bd7b1 | 893 | if (res.range.max < HOST_WIDE_INT_MAX) |
894 | range.min = res.range.max < navail ? navail - res.range.max : 0; | |
b9833bfd | 895 | else |
425bd7b1 | 896 | range.min = range.likely; |
b9833bfd | 897 | |
425bd7b1 | 898 | range.unlikely = (res.range.unlikely < navail |
899 | ? navail - res.range.unlikely : 0); | |
b9833bfd | 900 | |
425bd7b1 | 901 | return range; |
b9833bfd | 902 | } |
903 | ||
904 | /* Description of a call to a formatted function. */ | |
905 | ||
9d8823fc | 906 | struct sprintf_dom_walker::call_info |
b9833bfd | 907 | { |
908 | /* Function call statement. */ | |
909 | gimple *callstmt; | |
910 | ||
911 | /* Function called. */ | |
912 | tree func; | |
913 | ||
914 | /* Called built-in function code. */ | |
915 | built_in_function fncode; | |
916 | ||
917 | /* Format argument and format string extracted from it. */ | |
918 | tree format; | |
919 | const char *fmtstr; | |
920 | ||
921 | /* The location of the format argument. */ | |
922 | location_t fmtloc; | |
923 | ||
924 | /* The destination object size for __builtin___xxx_chk functions | |
925 | typically determined by __builtin_object_size, or -1 if unknown. */ | |
926 | unsigned HOST_WIDE_INT objsize; | |
927 | ||
928 | /* Number of the first variable argument. */ | |
929 | unsigned HOST_WIDE_INT argidx; | |
930 | ||
931 | /* True for functions like snprintf that specify the size of | |
932 | the destination, false for others like sprintf that don't. */ | |
933 | bool bounded; | |
a27264ed | 934 | |
935 | /* True for bounded functions like snprintf that specify a zero-size | |
936 | buffer as a request to compute the size of output without actually | |
f9325e71 | 937 | writing any. NOWRITE is cleared in response to the %n directive |
938 | which has side-effects similar to writing output. */ | |
a27264ed | 939 | bool nowrite; |
aba01341 | 940 | |
941 | /* Return true if the called function's return value is used. */ | |
942 | bool retval_used () const | |
943 | { | |
944 | return gimple_get_lhs (callstmt); | |
945 | } | |
946 | ||
947 | /* Return the warning option corresponding to the called function. */ | |
948 | int warnopt () const | |
949 | { | |
78cf39ca | 950 | return bounded ? OPT_Wformat_truncation_ : OPT_Wformat_overflow_; |
aba01341 | 951 | } |
c1b65cc2 | 952 | |
953 | /* Return true for calls to file formatted functions. */ | |
954 | bool is_file_func () const | |
955 | { | |
956 | return (fncode == BUILT_IN_FPRINTF | |
957 | || fncode == BUILT_IN_FPRINTF_CHK | |
958 | || fncode == BUILT_IN_FPRINTF_UNLOCKED | |
959 | || fncode == BUILT_IN_VFPRINTF | |
960 | || fncode == BUILT_IN_VFPRINTF_CHK); | |
961 | } | |
962 | ||
963 | /* Return true for calls to string formatted functions. */ | |
964 | bool is_string_func () const | |
965 | { | |
966 | return (fncode == BUILT_IN_SPRINTF | |
967 | || fncode == BUILT_IN_SPRINTF_CHK | |
968 | || fncode == BUILT_IN_SNPRINTF | |
969 | || fncode == BUILT_IN_SNPRINTF_CHK | |
970 | || fncode == BUILT_IN_VSPRINTF | |
971 | || fncode == BUILT_IN_VSPRINTF_CHK | |
972 | || fncode == BUILT_IN_VSNPRINTF | |
973 | || fncode == BUILT_IN_VSNPRINTF_CHK); | |
974 | } | |
b9833bfd | 975 | }; |
976 | ||
26a75cc5 | 977 | /* Return the result of formatting a no-op directive (such as '%n'). */ |
978 | ||
979 | static fmtresult | |
a669405f | 980 | format_none (const directive &, tree, vr_values *) |
26a75cc5 | 981 | { |
982 | fmtresult res (0); | |
26a75cc5 | 983 | return res; |
984 | } | |
985 | ||
b9833bfd | 986 | /* Return the result of formatting the '%%' directive. */ |
987 | ||
988 | static fmtresult | |
a669405f | 989 | format_percent (const directive &, tree, vr_values *) |
b9833bfd | 990 | { |
26a75cc5 | 991 | fmtresult res (1); |
b9833bfd | 992 | return res; |
993 | } | |
994 | ||
995 | ||
6156f076 | 996 | /* Compute intmax_type_node and uintmax_type_node similarly to how |
997 | tree.c builds size_type_node. */ | |
b9833bfd | 998 | |
999 | static void | |
1000 | build_intmax_type_nodes (tree *pintmax, tree *puintmax) | |
1001 | { | |
6156f076 | 1002 | if (strcmp (UINTMAX_TYPE, "unsigned int") == 0) |
b9833bfd | 1003 | { |
1004 | *pintmax = integer_type_node; | |
1005 | *puintmax = unsigned_type_node; | |
1006 | } | |
6156f076 | 1007 | else if (strcmp (UINTMAX_TYPE, "long unsigned int") == 0) |
b9833bfd | 1008 | { |
1009 | *pintmax = long_integer_type_node; | |
1010 | *puintmax = long_unsigned_type_node; | |
1011 | } | |
6156f076 | 1012 | else if (strcmp (UINTMAX_TYPE, "long long unsigned int") == 0) |
b9833bfd | 1013 | { |
1014 | *pintmax = long_long_integer_type_node; | |
1015 | *puintmax = long_long_unsigned_type_node; | |
1016 | } | |
1017 | else | |
1018 | { | |
1019 | for (int i = 0; i < NUM_INT_N_ENTS; i++) | |
1020 | if (int_n_enabled_p[i]) | |
1021 | { | |
1022 | char name[50]; | |
1023 | sprintf (name, "__int%d unsigned", int_n_data[i].bitsize); | |
1024 | ||
6156f076 | 1025 | if (strcmp (name, UINTMAX_TYPE) == 0) |
b9833bfd | 1026 | { |
1027 | *pintmax = int_n_trees[i].signed_type; | |
1028 | *puintmax = int_n_trees[i].unsigned_type; | |
6156f076 | 1029 | return; |
b9833bfd | 1030 | } |
1031 | } | |
6156f076 | 1032 | gcc_unreachable (); |
b9833bfd | 1033 | } |
1034 | } | |
1035 | ||
3319bb15 | 1036 | /* Determine the range [*PMIN, *PMAX] that the expression ARG is |
1037 | in and that is representable in type int. | |
1038 | Return true when the range is a subrange of that of int. | |
1039 | When ARG is null it is as if it had the full range of int. | |
9b0feec7 | 1040 | When ABSOLUTE is true the range reflects the absolute value of |
1041 | the argument. When ABSOLUTE is false, negative bounds of | |
1042 | the determined range are replaced with NEGBOUND. */ | |
1043 | ||
1044 | static bool | |
3319bb15 | 1045 | get_int_range (tree arg, HOST_WIDE_INT *pmin, HOST_WIDE_INT *pmax, |
a669405f | 1046 | bool absolute, HOST_WIDE_INT negbound, |
1047 | class vr_values *vr_values) | |
9b0feec7 | 1048 | { |
3319bb15 | 1049 | /* The type of the result. */ |
1050 | const_tree type = integer_type_node; | |
1051 | ||
9b0feec7 | 1052 | bool knownrange = false; |
1053 | ||
1054 | if (!arg) | |
1055 | { | |
3319bb15 | 1056 | *pmin = tree_to_shwi (TYPE_MIN_VALUE (type)); |
1057 | *pmax = tree_to_shwi (TYPE_MAX_VALUE (type)); | |
9b0feec7 | 1058 | } |
27213f15 | 1059 | else if (TREE_CODE (arg) == INTEGER_CST |
1060 | && TYPE_PRECISION (TREE_TYPE (arg)) <= TYPE_PRECISION (type)) | |
9b0feec7 | 1061 | { |
1062 | /* For a constant argument return its value adjusted as specified | |
1063 | by NEGATIVE and NEGBOUND and return true to indicate that the | |
1064 | result is known. */ | |
1065 | *pmin = tree_fits_shwi_p (arg) ? tree_to_shwi (arg) : tree_to_uhwi (arg); | |
1066 | *pmax = *pmin; | |
1067 | knownrange = true; | |
1068 | } | |
1069 | else | |
1070 | { | |
1071 | /* True if the argument's range cannot be determined. */ | |
1072 | bool unknown = true; | |
1073 | ||
3319bb15 | 1074 | tree argtype = TREE_TYPE (arg); |
9b0feec7 | 1075 | |
3319bb15 | 1076 | /* Ignore invalid arguments with greater precision that that |
1077 | of the expected type (e.g., in sprintf("%*i", 12LL, i)). | |
1078 | They will have been detected and diagnosed by -Wformat and | |
1079 | so it's not important to complicate this code to try to deal | |
1080 | with them again. */ | |
9b0feec7 | 1081 | if (TREE_CODE (arg) == SSA_NAME |
3319bb15 | 1082 | && INTEGRAL_TYPE_P (argtype) |
1083 | && TYPE_PRECISION (argtype) <= TYPE_PRECISION (type)) | |
9b0feec7 | 1084 | { |
1085 | /* Try to determine the range of values of the integer argument. */ | |
3a06a652 | 1086 | value_range *vr = vr_values->get_value_range (arg); |
be44111e | 1087 | if (range_int_cst_p (vr)) |
9b0feec7 | 1088 | { |
1089 | HOST_WIDE_INT type_min | |
3319bb15 | 1090 | = (TYPE_UNSIGNED (argtype) |
1091 | ? tree_to_uhwi (TYPE_MIN_VALUE (argtype)) | |
1092 | : tree_to_shwi (TYPE_MIN_VALUE (argtype))); | |
9b0feec7 | 1093 | |
3319bb15 | 1094 | HOST_WIDE_INT type_max = tree_to_uhwi (TYPE_MAX_VALUE (argtype)); |
9b0feec7 | 1095 | |
be44111e | 1096 | *pmin = TREE_INT_CST_LOW (vr->min ()); |
1097 | *pmax = TREE_INT_CST_LOW (vr->max ()); | |
9b0feec7 | 1098 | |
3319bb15 | 1099 | if (*pmin < *pmax) |
1100 | { | |
1101 | /* Return true if the adjusted range is a subrange of | |
1102 | the full range of the argument's type. *PMAX may | |
1103 | be less than *PMIN when the argument is unsigned | |
1104 | and its upper bound is in excess of TYPE_MAX. In | |
1105 | that (invalid) case disregard the range and use that | |
1106 | of the expected type instead. */ | |
1107 | knownrange = type_min < *pmin || *pmax < type_max; | |
1108 | ||
1109 | unknown = false; | |
1110 | } | |
9b0feec7 | 1111 | } |
1112 | } | |
1113 | ||
1114 | /* Handle an argument with an unknown range as if none had been | |
1115 | provided. */ | |
1116 | if (unknown) | |
a669405f | 1117 | return get_int_range (NULL_TREE, pmin, pmax, absolute, |
1118 | negbound, vr_values); | |
9b0feec7 | 1119 | } |
1120 | ||
1121 | /* Adjust each bound as specified by ABSOLUTE and NEGBOUND. */ | |
1122 | if (absolute) | |
1123 | { | |
1124 | if (*pmin < 0) | |
1125 | { | |
1126 | if (*pmin == *pmax) | |
1127 | *pmin = *pmax = -*pmin; | |
1128 | else | |
1129 | { | |
3319bb15 | 1130 | /* Make sure signed overlow is avoided. */ |
1131 | gcc_assert (*pmin != HOST_WIDE_INT_MIN); | |
1132 | ||
9b0feec7 | 1133 | HOST_WIDE_INT tmp = -*pmin; |
1134 | *pmin = 0; | |
1135 | if (*pmax < tmp) | |
1136 | *pmax = tmp; | |
1137 | } | |
1138 | } | |
1139 | } | |
1140 | else if (*pmin < negbound) | |
1141 | *pmin = negbound; | |
1142 | ||
1143 | return knownrange; | |
1144 | } | |
1145 | ||
514c86c7 | 1146 | /* With the range [*ARGMIN, *ARGMAX] of an integer directive's actual |
1147 | argument, due to the conversion from either *ARGMIN or *ARGMAX to | |
1148 | the type of the directive's formal argument it's possible for both | |
1149 | to result in the same number of bytes or a range of bytes that's | |
1150 | less than the number of bytes that would result from formatting | |
1151 | some other value in the range [*ARGMIN, *ARGMAX]. This can be | |
1152 | determined by checking for the actual argument being in the range | |
1153 | of the type of the directive. If it isn't it must be assumed to | |
1154 | take on the full range of the directive's type. | |
f0775220 | 1155 | Return true when the range has been adjusted to the full range |
1156 | of DIRTYPE, and false otherwise. */ | |
514c86c7 | 1157 | |
1158 | static bool | |
1159 | adjust_range_for_overflow (tree dirtype, tree *argmin, tree *argmax) | |
1160 | { | |
1161 | tree argtype = TREE_TYPE (*argmin); | |
1162 | unsigned argprec = TYPE_PRECISION (argtype); | |
1163 | unsigned dirprec = TYPE_PRECISION (dirtype); | |
1164 | ||
1165 | /* If the actual argument and the directive's argument have the same | |
1166 | precision and sign there can be no overflow and so there is nothing | |
1167 | to adjust. */ | |
1168 | if (argprec == dirprec && TYPE_SIGN (argtype) == TYPE_SIGN (dirtype)) | |
1169 | return false; | |
1170 | ||
1171 | /* The logic below was inspired/lifted from the CONVERT_EXPR_CODE_P | |
1172 | branch in the extract_range_from_unary_expr function in tree-vrp.c. */ | |
1173 | ||
1174 | if (TREE_CODE (*argmin) == INTEGER_CST | |
1175 | && TREE_CODE (*argmax) == INTEGER_CST | |
1176 | && (dirprec >= argprec | |
1177 | || integer_zerop (int_const_binop (RSHIFT_EXPR, | |
1178 | int_const_binop (MINUS_EXPR, | |
1179 | *argmax, | |
1180 | *argmin), | |
1181 | size_int (dirprec))))) | |
1182 | { | |
1183 | *argmin = force_fit_type (dirtype, wi::to_widest (*argmin), 0, false); | |
1184 | *argmax = force_fit_type (dirtype, wi::to_widest (*argmax), 0, false); | |
1185 | ||
1186 | /* If *ARGMIN is still less than *ARGMAX the conversion above | |
1187 | is safe. Otherwise, it has overflowed and would be unsafe. */ | |
1188 | if (tree_int_cst_le (*argmin, *argmax)) | |
1189 | return false; | |
1190 | } | |
1191 | ||
f0775220 | 1192 | *argmin = TYPE_MIN_VALUE (dirtype); |
1193 | *argmax = TYPE_MAX_VALUE (dirtype); | |
514c86c7 | 1194 | return true; |
1195 | } | |
1196 | ||
b9833bfd | 1197 | /* Return a range representing the minimum and maximum number of bytes |
9b0feec7 | 1198 | that the format directive DIR will output for any argument given |
1199 | the WIDTH and PRECISION (extracted from DIR). This function is | |
1200 | used when the directive argument or its value isn't known. */ | |
b9833bfd | 1201 | |
1202 | static fmtresult | |
a669405f | 1203 | format_integer (const directive &dir, tree arg, vr_values *vr_values) |
b9833bfd | 1204 | { |
6156f076 | 1205 | tree intmax_type_node; |
1206 | tree uintmax_type_node; | |
b9833bfd | 1207 | |
76cf0084 | 1208 | /* Base to format the number in. */ |
1209 | int base; | |
1210 | ||
425bd7b1 | 1211 | /* True when a conversion is preceded by a prefix indicating the base |
1212 | of the argument (octal or hexadecimal). */ | |
1213 | bool maybebase = dir.get_flag ('#'); | |
1214 | ||
76cf0084 | 1215 | /* True when a signed conversion is preceded by a sign or space. */ |
1216 | bool maybesign = false; | |
1217 | ||
1218 | /* True for signed conversions (i.e., 'd' and 'i'). */ | |
1219 | bool sign = false; | |
1220 | ||
1221 | switch (dir.specifier) | |
1222 | { | |
1223 | case 'd': | |
1224 | case 'i': | |
1225 | /* Space and '+' are only meaningful for signed conversions. */ | |
1226 | maybesign = dir.get_flag (' ') | dir.get_flag ('+'); | |
1227 | sign = true; | |
1228 | base = 10; | |
1229 | break; | |
1230 | case 'u': | |
1231 | base = 10; | |
1232 | break; | |
1233 | case 'o': | |
1234 | base = 8; | |
1235 | break; | |
1236 | case 'X': | |
1237 | case 'x': | |
1238 | base = 16; | |
1239 | break; | |
1240 | default: | |
1241 | gcc_unreachable (); | |
1242 | } | |
b9833bfd | 1243 | |
1244 | /* The type of the "formal" argument expected by the directive. */ | |
1245 | tree dirtype = NULL_TREE; | |
1246 | ||
1247 | /* Determine the expected type of the argument from the length | |
1248 | modifier. */ | |
26a75cc5 | 1249 | switch (dir.modifier) |
b9833bfd | 1250 | { |
1251 | case FMT_LEN_none: | |
26a75cc5 | 1252 | if (dir.specifier == 'p') |
b9833bfd | 1253 | dirtype = ptr_type_node; |
1254 | else | |
1255 | dirtype = sign ? integer_type_node : unsigned_type_node; | |
1256 | break; | |
1257 | ||
1258 | case FMT_LEN_h: | |
1259 | dirtype = sign ? short_integer_type_node : short_unsigned_type_node; | |
1260 | break; | |
1261 | ||
1262 | case FMT_LEN_hh: | |
1263 | dirtype = sign ? signed_char_type_node : unsigned_char_type_node; | |
1264 | break; | |
1265 | ||
1266 | case FMT_LEN_l: | |
1267 | dirtype = sign ? long_integer_type_node : long_unsigned_type_node; | |
1268 | break; | |
1269 | ||
1270 | case FMT_LEN_L: | |
1271 | case FMT_LEN_ll: | |
ff982ab4 | 1272 | dirtype = (sign |
1273 | ? long_long_integer_type_node | |
1274 | : long_long_unsigned_type_node); | |
b9833bfd | 1275 | break; |
1276 | ||
1277 | case FMT_LEN_z: | |
6156f076 | 1278 | dirtype = signed_or_unsigned_type_for (!sign, size_type_node); |
b9833bfd | 1279 | break; |
1280 | ||
1281 | case FMT_LEN_t: | |
6156f076 | 1282 | dirtype = signed_or_unsigned_type_for (!sign, ptrdiff_type_node); |
b9833bfd | 1283 | break; |
1284 | ||
1285 | case FMT_LEN_j: | |
6156f076 | 1286 | build_intmax_type_nodes (&intmax_type_node, &uintmax_type_node); |
b9833bfd | 1287 | dirtype = sign ? intmax_type_node : uintmax_type_node; |
1288 | break; | |
1289 | ||
1290 | default: | |
6156f076 | 1291 | return fmtresult (); |
b9833bfd | 1292 | } |
1293 | ||
1294 | /* The type of the argument to the directive, either deduced from | |
1295 | the actual non-constant argument if one is known, or from | |
1296 | the directive itself when none has been provided because it's | |
1297 | a va_list. */ | |
1298 | tree argtype = NULL_TREE; | |
1299 | ||
1300 | if (!arg) | |
1301 | { | |
1302 | /* When the argument has not been provided, use the type of | |
1303 | the directive's argument as an approximation. This will | |
1304 | result in false positives for directives like %i with | |
1305 | arguments with smaller precision (such as short or char). */ | |
1306 | argtype = dirtype; | |
1307 | } | |
1308 | else if (TREE_CODE (arg) == INTEGER_CST) | |
1309 | { | |
b9833bfd | 1310 | /* When a constant argument has been provided use its value |
1311 | rather than type to determine the length of the output. */ | |
425bd7b1 | 1312 | fmtresult res; |
7bcd359a | 1313 | |
9b0feec7 | 1314 | if ((dir.prec[0] <= 0 && dir.prec[1] >= 0) && integer_zerop (arg)) |
7bcd359a | 1315 | { |
514c86c7 | 1316 | /* As a special case, a precision of zero with a zero argument |
1317 | results in zero bytes except in base 8 when the '#' flag is | |
1318 | specified, and for signed conversions in base 8 and 10 when | |
7b2c89ef | 1319 | either the space or '+' flag has been specified and it results |
1320 | in just one byte (with width having the normal effect). This | |
1321 | must extend to the case of a specified precision with | |
1322 | an unknown value because it can be zero. */ | |
425bd7b1 | 1323 | res.range.min = ((base == 8 && dir.get_flag ('#')) || maybesign); |
9b0feec7 | 1324 | if (res.range.min == 0 && dir.prec[0] != dir.prec[1]) |
425bd7b1 | 1325 | { |
1326 | res.range.max = 1; | |
1327 | res.range.likely = 1; | |
1328 | } | |
1329 | else | |
1330 | { | |
1331 | res.range.max = res.range.min; | |
1332 | res.range.likely = res.range.min; | |
1333 | } | |
7bcd359a | 1334 | } |
1335 | else | |
1336 | { | |
1337 | /* Convert the argument to the type of the directive. */ | |
1338 | arg = fold_convert (dirtype, arg); | |
b9833bfd | 1339 | |
9b0feec7 | 1340 | res.range.min = tree_digits (arg, base, dir.prec[0], |
425bd7b1 | 1341 | maybesign, maybebase); |
9b0feec7 | 1342 | if (dir.prec[0] == dir.prec[1]) |
425bd7b1 | 1343 | res.range.max = res.range.min; |
9b0feec7 | 1344 | else |
1345 | res.range.max = tree_digits (arg, base, dir.prec[1], | |
1346 | maybesign, maybebase); | |
425bd7b1 | 1347 | res.range.likely = res.range.min; |
debcef5f | 1348 | res.knownrange = true; |
7bcd359a | 1349 | } |
b9833bfd | 1350 | |
425bd7b1 | 1351 | res.range.unlikely = res.range.max; |
1352 | ||
1353 | /* Bump up the counters if WIDTH is greater than LEN. */ | |
1354 | res.adjust_for_width_or_precision (dir.width, dirtype, base, | |
1355 | (sign | maybebase) + (base == 16)); | |
1356 | /* Bump up the counters again if PRECision is greater still. */ | |
1357 | res.adjust_for_width_or_precision (dir.prec, dirtype, base, | |
1358 | (sign | maybebase) + (base == 16)); | |
9b0feec7 | 1359 | |
b9833bfd | 1360 | return res; |
1361 | } | |
305149ce | 1362 | else if (INTEGRAL_TYPE_P (TREE_TYPE (arg)) |
b9833bfd | 1363 | || TREE_CODE (TREE_TYPE (arg)) == POINTER_TYPE) |
f2b9ddff | 1364 | /* Determine the type of the provided non-constant argument. */ |
1365 | argtype = TREE_TYPE (arg); | |
b9833bfd | 1366 | else |
f2b9ddff | 1367 | /* Don't bother with invalid arguments since they likely would |
1368 | have already been diagnosed, and disable any further checking | |
1369 | of the format string by returning [-1, -1]. */ | |
1370 | return fmtresult (); | |
b9833bfd | 1371 | |
c62d63d4 | 1372 | fmtresult res; |
b9833bfd | 1373 | |
1374 | /* Using either the range the non-constant argument is in, or its | |
1375 | type (either "formal" or actual), create a range of values that | |
1376 | constrain the length of output given the warning level. */ | |
1377 | tree argmin = NULL_TREE; | |
1378 | tree argmax = NULL_TREE; | |
1379 | ||
57330dbd | 1380 | if (arg |
1381 | && TREE_CODE (arg) == SSA_NAME | |
305149ce | 1382 | && INTEGRAL_TYPE_P (argtype)) |
b9833bfd | 1383 | { |
1384 | /* Try to determine the range of values of the integer argument | |
1385 | (range information is not available for pointers). */ | |
7368576a | 1386 | value_range *vr = vr_values->get_value_range (arg); |
be44111e | 1387 | if (range_int_cst_p (vr)) |
b9833bfd | 1388 | { |
be44111e | 1389 | argmin = vr->min (); |
1390 | argmax = vr->max (); | |
514c86c7 | 1391 | |
1392 | /* Set KNOWNRANGE if the argument is in a known subrange | |
7b2c89ef | 1393 | of the directive's type and neither width nor precision |
1394 | is unknown. (KNOWNRANGE may be reset below). */ | |
514c86c7 | 1395 | res.knownrange |
7b2c89ef | 1396 | = ((!tree_int_cst_equal (TYPE_MIN_VALUE (dirtype), argmin) |
1397 | || !tree_int_cst_equal (TYPE_MAX_VALUE (dirtype), argmax)) | |
1398 | && dir.known_width_and_precision ()); | |
514c86c7 | 1399 | |
1400 | res.argmin = argmin; | |
1401 | res.argmax = argmax; | |
b9833bfd | 1402 | } |
be44111e | 1403 | else if (vr->kind () == VR_ANTI_RANGE) |
b9833bfd | 1404 | { |
1405 | /* Handle anti-ranges if/when bug 71690 is resolved. */ | |
1406 | } | |
be44111e | 1407 | else if (vr->varying_p () || vr->undefined_p ()) |
b9833bfd | 1408 | { |
1409 | /* The argument here may be the result of promoting the actual | |
1410 | argument to int. Try to determine the type of the actual | |
3c57b79b | 1411 | argument before promotion and narrow down its range that |
b9833bfd | 1412 | way. */ |
1413 | gimple *def = SSA_NAME_DEF_STMT (arg); | |
3c57b79b | 1414 | if (is_gimple_assign (def)) |
b9833bfd | 1415 | { |
1416 | tree_code code = gimple_assign_rhs_code (def); | |
c62d63d4 | 1417 | if (code == INTEGER_CST) |
1418 | { | |
1419 | arg = gimple_assign_rhs1 (def); | |
a669405f | 1420 | return format_integer (dir, arg, vr_values); |
c62d63d4 | 1421 | } |
1422 | ||
b9833bfd | 1423 | if (code == NOP_EXPR) |
f2b9ddff | 1424 | { |
1425 | tree type = TREE_TYPE (gimple_assign_rhs1 (def)); | |
305149ce | 1426 | if (INTEGRAL_TYPE_P (type) |
f2b9ddff | 1427 | || TREE_CODE (type) == POINTER_TYPE) |
1428 | argtype = type; | |
1429 | } | |
b9833bfd | 1430 | } |
1431 | } | |
1432 | } | |
1433 | ||
1434 | if (!argmin) | |
1435 | { | |
f0775220 | 1436 | if (TREE_CODE (argtype) == POINTER_TYPE) |
b9833bfd | 1437 | { |
f0775220 | 1438 | argmin = build_int_cst (pointer_sized_int_node, 0); |
1439 | argmax = build_all_ones_cst (pointer_sized_int_node); | |
b9833bfd | 1440 | } |
1441 | else | |
1442 | { | |
f0775220 | 1443 | argmin = TYPE_MIN_VALUE (argtype); |
1444 | argmax = TYPE_MAX_VALUE (argtype); | |
b9833bfd | 1445 | } |
514c86c7 | 1446 | } |
1447 | ||
1448 | /* Clear KNOWNRANGE if the range has been adjusted to the maximum | |
1449 | of the directive. If it has been cleared then since ARGMIN and/or | |
1450 | ARGMAX have been adjusted also adjust the corresponding ARGMIN and | |
1451 | ARGMAX in the result to include in diagnostics. */ | |
1452 | if (adjust_range_for_overflow (dirtype, &argmin, &argmax)) | |
1453 | { | |
1454 | res.knownrange = false; | |
1455 | res.argmin = argmin; | |
1456 | res.argmax = argmax; | |
1457 | } | |
1458 | ||
f0775220 | 1459 | /* Recursively compute the minimum and maximum from the known range. */ |
1460 | if (TYPE_UNSIGNED (dirtype) || tree_int_cst_sgn (argmin) >= 0) | |
514c86c7 | 1461 | { |
f0775220 | 1462 | /* For unsigned conversions/directives or signed when |
1463 | the minimum is positive, use the minimum and maximum to compute | |
1464 | the shortest and longest output, respectively. */ | |
a669405f | 1465 | res.range.min = format_integer (dir, argmin, vr_values).range.min; |
1466 | res.range.max = format_integer (dir, argmax, vr_values).range.max; | |
514c86c7 | 1467 | } |
f0775220 | 1468 | else if (tree_int_cst_sgn (argmax) < 0) |
514c86c7 | 1469 | { |
f0775220 | 1470 | /* For signed conversions/directives if maximum is negative, |
1471 | use the minimum as the longest output and maximum as the | |
1472 | shortest output. */ | |
a669405f | 1473 | res.range.min = format_integer (dir, argmax, vr_values).range.min; |
1474 | res.range.max = format_integer (dir, argmin, vr_values).range.max; | |
514c86c7 | 1475 | } |
f0775220 | 1476 | else |
b9833bfd | 1477 | { |
f0775220 | 1478 | /* Otherwise, 0 is inside of the range and minimum negative. Use 0 |
1479 | as the shortest output and for the longest output compute the | |
1480 | length of the output of both minimum and maximum and pick the | |
1481 | longer. */ | |
a669405f | 1482 | unsigned HOST_WIDE_INT max1 |
1483 | = format_integer (dir, argmin, vr_values).range.max; | |
1484 | unsigned HOST_WIDE_INT max2 | |
1485 | = format_integer (dir, argmax, vr_values).range.max; | |
1486 | res.range.min | |
1487 | = format_integer (dir, integer_zero_node, vr_values).range.min; | |
f0775220 | 1488 | res.range.max = MAX (max1, max2); |
b9833bfd | 1489 | } |
1490 | ||
3ac1f210 | 1491 | /* If the range is known, use the maximum as the likely length. */ |
300d15eb | 1492 | if (res.knownrange) |
1493 | res.range.likely = res.range.max; | |
1494 | else | |
1495 | { | |
3ac1f210 | 1496 | /* Otherwise, use the minimum. Except for the case where for %#x or |
1497 | %#o the minimum is just for a single value in the range (0) and | |
1498 | for all other values it is something longer, like 0x1 or 01. | |
1499 | Use the length for value 1 in that case instead as the likely | |
1500 | length. */ | |
300d15eb | 1501 | res.range.likely = res.range.min; |
3ac1f210 | 1502 | if (maybebase |
1503 | && base != 10 | |
1504 | && (tree_int_cst_sgn (argmin) < 0 || tree_int_cst_sgn (argmax) > 0)) | |
300d15eb | 1505 | { |
1506 | if (res.range.min == 1) | |
1507 | res.range.likely += base == 8 ? 1 : 2; | |
1508 | else if (res.range.min == 2 | |
1509 | && base == 16 | |
1510 | && (dir.width[0] == 2 || dir.prec[0] == 2)) | |
1511 | ++res.range.likely; | |
1512 | } | |
1513 | } | |
1514 | ||
425bd7b1 | 1515 | res.range.unlikely = res.range.max; |
1516 | res.adjust_for_width_or_precision (dir.width, dirtype, base, | |
1517 | (sign | maybebase) + (base == 16)); | |
1518 | res.adjust_for_width_or_precision (dir.prec, dirtype, base, | |
1519 | (sign | maybebase) + (base == 16)); | |
1520 | ||
b9833bfd | 1521 | return res; |
1522 | } | |
1523 | ||
84960375 | 1524 | /* Return the number of bytes that a format directive consisting of FLAGS, |
1525 | PRECision, format SPECification, and MPFR rounding specifier RNDSPEC, | |
1526 | would result for argument X under ideal conditions (i.e., if PREC | |
1527 | weren't excessive). MPFR 3.1 allocates large amounts of memory for | |
1528 | values of PREC with large magnitude and can fail (see MPFR bug #21056). | |
1529 | This function works around those problems. */ | |
1530 | ||
1531 | static unsigned HOST_WIDE_INT | |
1532 | get_mpfr_format_length (mpfr_ptr x, const char *flags, HOST_WIDE_INT prec, | |
1533 | char spec, char rndspec) | |
1534 | { | |
1535 | char fmtstr[40]; | |
1536 | ||
1537 | HOST_WIDE_INT len = strlen (flags); | |
1538 | ||
1539 | fmtstr[0] = '%'; | |
1540 | memcpy (fmtstr + 1, flags, len); | |
1541 | memcpy (fmtstr + 1 + len, ".*R", 3); | |
1542 | fmtstr[len + 4] = rndspec; | |
1543 | fmtstr[len + 5] = spec; | |
1544 | fmtstr[len + 6] = '\0'; | |
1545 | ||
4c43afbf | 1546 | spec = TOUPPER (spec); |
1547 | if (spec == 'E' || spec == 'F') | |
1548 | { | |
1549 | /* For %e, specify the precision explicitly since mpfr_sprintf | |
1550 | does its own thing just to be different (see MPFR bug 21088). */ | |
1551 | if (prec < 0) | |
1552 | prec = 6; | |
1553 | } | |
1554 | else | |
1555 | { | |
1556 | /* Avoid passing negative precisions with larger magnitude to MPFR | |
1557 | to avoid exposing its bugs. (A negative precision is supposed | |
1558 | to be ignored.) */ | |
1559 | if (prec < 0) | |
1560 | prec = -1; | |
1561 | } | |
84960375 | 1562 | |
1563 | HOST_WIDE_INT p = prec; | |
1564 | ||
7b2c89ef | 1565 | if (spec == 'G' && !strchr (flags, '#')) |
84960375 | 1566 | { |
7b2c89ef | 1567 | /* For G/g without the pound flag, precision gives the maximum number |
1568 | of significant digits which is bounded by LDBL_MAX_10_EXP, or, for | |
1569 | a 128 bit IEEE extended precision, 4932. Using twice as much here | |
1570 | should be more than sufficient for any real format. */ | |
84960375 | 1571 | if ((IEEE_MAX_10_EXP * 2) < prec) |
1572 | prec = IEEE_MAX_10_EXP * 2; | |
1573 | p = prec; | |
1574 | } | |
1575 | else | |
1576 | { | |
1577 | /* Cap precision arbitrarily at 1KB and add the difference | |
1578 | (if any) to the MPFR result. */ | |
f84f68b2 | 1579 | if (prec > 1024) |
84960375 | 1580 | p = 1024; |
1581 | } | |
1582 | ||
1583 | len = mpfr_snprintf (NULL, 0, fmtstr, (int)p, x); | |
1584 | ||
1585 | /* Handle the unlikely (impossible?) error by returning more than | |
1586 | the maximum dictated by the function's return type. */ | |
1587 | if (len < 0) | |
1588 | return target_dir_max () + 1; | |
1589 | ||
1590 | /* Adjust the return value by the difference. */ | |
1591 | if (p < prec) | |
1592 | len += prec - p; | |
1593 | ||
1594 | return len; | |
1595 | } | |
1596 | ||
b9833bfd | 1597 | /* Return the number of bytes to format using the format specifier |
4c43afbf | 1598 | SPEC and the precision PREC the largest value in the real floating |
1599 | TYPE. */ | |
b9833bfd | 1600 | |
84960375 | 1601 | static unsigned HOST_WIDE_INT |
1602 | format_floating_max (tree type, char spec, HOST_WIDE_INT prec) | |
b9833bfd | 1603 | { |
1604 | machine_mode mode = TYPE_MODE (type); | |
1605 | ||
1606 | /* IBM Extended mode. */ | |
1607 | if (MODE_COMPOSITE_P (mode)) | |
1608 | mode = DFmode; | |
1609 | ||
1610 | /* Get the real type format desription for the target. */ | |
1611 | const real_format *rfmt = REAL_MODE_FORMAT (mode); | |
1612 | REAL_VALUE_TYPE rv; | |
1613 | ||
26a75cc5 | 1614 | real_maxval (&rv, 0, mode); |
b9833bfd | 1615 | |
1616 | /* Convert the GCC real value representation with the precision | |
1617 | of the real type to the mpfr_t format with the GCC default | |
1618 | round-to-nearest mode. */ | |
1619 | mpfr_t x; | |
1620 | mpfr_init2 (x, rfmt->p); | |
17a58f8a | 1621 | mpfr_from_real (x, &rv, GMP_RNDN); |
b9833bfd | 1622 | |
c62d63d4 | 1623 | /* Return a value one greater to account for the leading minus sign. */ |
c1d579d6 | 1624 | unsigned HOST_WIDE_INT r |
1625 | = 1 + get_mpfr_format_length (x, "", prec, spec, 'D'); | |
1626 | mpfr_clear (x); | |
1627 | return r; | |
b9833bfd | 1628 | } |
1629 | ||
1630 | /* Return a range representing the minimum and maximum number of bytes | |
63e30ce7 | 1631 | that the directive DIR will output for any argument. PREC gives |
1632 | the adjusted precision range to account for negative precisions | |
1633 | meaning the default 6. This function is used when the directive | |
1634 | argument or its value isn't known. */ | |
b9833bfd | 1635 | |
1636 | static fmtresult | |
63e30ce7 | 1637 | format_floating (const directive &dir, const HOST_WIDE_INT prec[2]) |
b9833bfd | 1638 | { |
1639 | tree type; | |
b9833bfd | 1640 | |
26a75cc5 | 1641 | switch (dir.modifier) |
b9833bfd | 1642 | { |
21ce832f | 1643 | case FMT_LEN_l: |
b9833bfd | 1644 | case FMT_LEN_none: |
1645 | type = double_type_node; | |
1646 | break; | |
1647 | ||
1648 | case FMT_LEN_L: | |
1649 | type = long_double_type_node; | |
b9833bfd | 1650 | break; |
1651 | ||
1652 | case FMT_LEN_ll: | |
1653 | type = long_double_type_node; | |
b9833bfd | 1654 | break; |
1655 | ||
1656 | default: | |
c62d63d4 | 1657 | return fmtresult (); |
b9833bfd | 1658 | } |
1659 | ||
1660 | /* The minimum and maximum number of bytes produced by the directive. */ | |
c62d63d4 | 1661 | fmtresult res; |
b9833bfd | 1662 | |
425bd7b1 | 1663 | /* The minimum output as determined by flags. It's always at least 1. |
1664 | When plus or space are set the output is preceded by either a sign | |
1665 | or a space. */ | |
63e30ce7 | 1666 | unsigned flagmin = (1 /* for the first digit */ |
1667 | + (dir.get_flag ('+') | dir.get_flag (' '))); | |
b9833bfd | 1668 | |
b35bf93a | 1669 | /* The minimum is 3 for "inf" and "nan" for all specifiers, plus 1 |
1670 | for the plus sign/space with the '+' and ' ' flags, respectively, | |
1671 | unless reduced below. */ | |
1672 | res.range.min = 2 + flagmin; | |
1673 | ||
425bd7b1 | 1674 | /* When the pound flag is set the decimal point is included in output |
1675 | regardless of precision. Whether or not a decimal point is included | |
1676 | otherwise depends on the specification and precision. */ | |
1677 | bool radix = dir.get_flag ('#'); | |
b9833bfd | 1678 | |
26a75cc5 | 1679 | switch (dir.specifier) |
b9833bfd | 1680 | { |
1681 | case 'A': | |
1682 | case 'a': | |
1683 | { | |
425bd7b1 | 1684 | HOST_WIDE_INT minprec = 6 + !radix /* decimal point */; |
9b0feec7 | 1685 | if (dir.prec[0] <= 0) |
425bd7b1 | 1686 | minprec = 0; |
9b0feec7 | 1687 | else if (dir.prec[0] > 0) |
1688 | minprec = dir.prec[0] + !radix /* decimal point */; | |
425bd7b1 | 1689 | |
b35bf93a | 1690 | res.range.likely = (2 /* 0x */ |
1691 | + flagmin | |
1692 | + radix | |
1693 | + minprec | |
1694 | + 3 /* p+0 */); | |
425bd7b1 | 1695 | |
63e30ce7 | 1696 | res.range.max = format_floating_max (type, 'a', prec[1]); |
425bd7b1 | 1697 | |
1698 | /* The unlikely maximum accounts for the longest multibyte | |
1699 | decimal point character. */ | |
9b0feec7 | 1700 | res.range.unlikely = res.range.max; |
63e30ce7 | 1701 | if (dir.prec[1] > 0) |
9b0feec7 | 1702 | res.range.unlikely += target_mb_len_max () - 1; |
4c43afbf | 1703 | |
b9833bfd | 1704 | break; |
1705 | } | |
1706 | ||
1707 | case 'E': | |
1708 | case 'e': | |
1709 | { | |
63e30ce7 | 1710 | /* Minimum output attributable to precision and, when it's |
1711 | non-zero, decimal point. */ | |
1712 | HOST_WIDE_INT minprec = prec[0] ? prec[0] + !radix : 0; | |
1713 | ||
b35bf93a | 1714 | /* The likely minimum output is "[-+]1.234567e+00" regardless |
b9833bfd | 1715 | of the value of the actual argument. */ |
b35bf93a | 1716 | res.range.likely = (flagmin |
1717 | + radix | |
1718 | + minprec | |
1719 | + 2 /* e+ */ + 2); | |
425bd7b1 | 1720 | |
63e30ce7 | 1721 | res.range.max = format_floating_max (type, 'e', prec[1]); |
425bd7b1 | 1722 | |
1723 | /* The unlikely maximum accounts for the longest multibyte | |
1724 | decimal point character. */ | |
9b0feec7 | 1725 | if (dir.prec[0] != dir.prec[1] |
1726 | || dir.prec[0] == -1 || dir.prec[0] > 0) | |
425bd7b1 | 1727 | res.range.unlikely = res.range.max + target_mb_len_max () -1; |
1728 | else | |
1729 | res.range.unlikely = res.range.max; | |
b9833bfd | 1730 | break; |
1731 | } | |
1732 | ||
1733 | case 'F': | |
1734 | case 'f': | |
1735 | { | |
63e30ce7 | 1736 | /* Minimum output attributable to precision and, when it's non-zero, |
1737 | decimal point. */ | |
1738 | HOST_WIDE_INT minprec = prec[0] ? prec[0] + !radix : 0; | |
1739 | ||
b35bf93a | 1740 | /* For finite numbers (i.e., not infinity or NaN) the lower bound |
1741 | when precision isn't specified is 8 bytes ("1.23456" since | |
1742 | precision is taken to be 6). When precision is zero, the lower | |
1743 | bound is 1 byte (e.g., "1"). Otherwise, when precision is greater | |
1744 | than zero, then the lower bound is 2 plus precision (plus flags). | |
1745 | But in all cases, the lower bound is no greater than 3. */ | |
1746 | unsigned HOST_WIDE_INT min = flagmin + radix + minprec; | |
1747 | if (min < res.range.min) | |
1748 | res.range.min = min; | |
425bd7b1 | 1749 | |
1750 | /* Compute the upper bound for -TYPE_MAX. */ | |
63e30ce7 | 1751 | res.range.max = format_floating_max (type, 'f', prec[1]); |
425bd7b1 | 1752 | |
7b2c89ef | 1753 | /* The minimum output with unknown precision is a single byte |
1754 | (e.g., "0") but the more likely output is 3 bytes ("0.0"). */ | |
1755 | if (dir.prec[0] < 0 && dir.prec[1] > 0) | |
1756 | res.range.likely = 3; | |
1757 | else | |
b35bf93a | 1758 | res.range.likely = min; |
425bd7b1 | 1759 | |
1760 | /* The unlikely maximum accounts for the longest multibyte | |
1761 | decimal point character. */ | |
9b0feec7 | 1762 | if (dir.prec[0] != dir.prec[1] |
1763 | || dir.prec[0] == -1 || dir.prec[0] > 0) | |
425bd7b1 | 1764 | res.range.unlikely = res.range.max + target_mb_len_max () - 1; |
b9833bfd | 1765 | break; |
1766 | } | |
4c43afbf | 1767 | |
b9833bfd | 1768 | case 'G': |
1769 | case 'g': | |
1770 | { | |
4c43afbf | 1771 | /* The %g output depends on precision and the exponent of |
1772 | the argument. Since the value of the argument isn't known | |
1773 | the lower bound on the range of bytes (not counting flags | |
7b2c89ef | 1774 | or width) is 1 plus radix (i.e., either "0" or "0." for |
1775 | "%g" and "%#g", respectively, with a zero argument). */ | |
b35bf93a | 1776 | unsigned HOST_WIDE_INT min = flagmin + radix; |
1777 | if (min < res.range.min) | |
1778 | res.range.min = min; | |
7b2c89ef | 1779 | |
1780 | char spec = 'g'; | |
1781 | HOST_WIDE_INT maxprec = dir.prec[1]; | |
1782 | if (radix && maxprec) | |
1783 | { | |
1784 | /* When the pound flag (radix) is set, trailing zeros aren't | |
1785 | trimmed and so the longest output is the same as for %e, | |
1786 | except with precision minus 1 (as specified in C11). */ | |
1787 | spec = 'e'; | |
1788 | if (maxprec > 0) | |
1789 | --maxprec; | |
1790 | else if (maxprec < 0) | |
1791 | maxprec = 5; | |
1792 | } | |
63e30ce7 | 1793 | else |
1794 | maxprec = prec[1]; | |
7b2c89ef | 1795 | |
1796 | res.range.max = format_floating_max (type, spec, maxprec); | |
1797 | ||
1798 | /* The likely output is either the maximum computed above | |
1799 | minus 1 (assuming the maximum is positive) when precision | |
1800 | is known (or unspecified), or the same minimum as for %e | |
1801 | (which is computed for a non-negative argument). Unlike | |
1802 | for the other specifiers above the likely output isn't | |
1803 | the minimum because for %g that's 1 which is unlikely. */ | |
1804 | if (dir.prec[1] < 0 | |
1805 | || (unsigned HOST_WIDE_INT)dir.prec[1] < target_int_max ()) | |
1806 | res.range.likely = res.range.max - 1; | |
1807 | else | |
1808 | { | |
1809 | HOST_WIDE_INT minprec = 6 + !radix /* decimal point */; | |
1810 | res.range.likely = (flagmin | |
1811 | + radix | |
1812 | + minprec | |
1813 | + 2 /* e+ */ + 2); | |
1814 | } | |
425bd7b1 | 1815 | |
1816 | /* The unlikely maximum accounts for the longest multibyte | |
1817 | decimal point character. */ | |
1818 | res.range.unlikely = res.range.max + target_mb_len_max () - 1; | |
b9833bfd | 1819 | break; |
1820 | } | |
1821 | ||
1822 | default: | |
c62d63d4 | 1823 | return fmtresult (); |
b9833bfd | 1824 | } |
1825 | ||
425bd7b1 | 1826 | /* Bump up the byte counters if WIDTH is greater. */ |
1827 | res.adjust_for_width_or_precision (dir.width); | |
b9833bfd | 1828 | return res; |
1829 | } | |
1830 | ||
1831 | /* Return a range representing the minimum and maximum number of bytes | |
9b0feec7 | 1832 | that the directive DIR will write on output for the floating argument |
1833 | ARG. */ | |
b9833bfd | 1834 | |
1835 | static fmtresult | |
a669405f | 1836 | format_floating (const directive &dir, tree arg, vr_values *) |
b9833bfd | 1837 | { |
9b0feec7 | 1838 | HOST_WIDE_INT prec[] = { dir.prec[0], dir.prec[1] }; |
4f2bedf8 | 1839 | tree type = (dir.modifier == FMT_LEN_L || dir.modifier == FMT_LEN_ll |
1840 | ? long_double_type_node : double_type_node); | |
b9833bfd | 1841 | |
7b2c89ef | 1842 | /* For an indeterminate precision the lower bound must be assumed |
1843 | to be zero. */ | |
425bd7b1 | 1844 | if (TOUPPER (dir.specifier) == 'A') |
b9833bfd | 1845 | { |
7b2c89ef | 1846 | /* Get the number of fractional decimal digits needed to represent |
1847 | the argument without a loss of accuracy. */ | |
7b2c89ef | 1848 | unsigned fmtprec |
1849 | = REAL_MODE_FORMAT (TYPE_MODE (type))->p; | |
1850 | ||
1851 | /* The precision of the IEEE 754 double format is 53. | |
1852 | The precision of all other GCC binary double formats | |
1853 | is 56 or less. */ | |
1854 | unsigned maxprec = fmtprec <= 56 ? 13 : 15; | |
1855 | ||
425bd7b1 | 1856 | /* For %a, leave the minimum precision unspecified to let |
1857 | MFPR trim trailing zeros (as it and many other systems | |
1858 | including Glibc happen to do) and set the maximum | |
1859 | precision to reflect what it would be with trailing zeros | |
1860 | present (as Solaris and derived systems do). */ | |
7b2c89ef | 1861 | if (dir.prec[1] < 0) |
425bd7b1 | 1862 | { |
7b2c89ef | 1863 | /* Both bounds are negative implies that precision has |
1864 | not been specified. */ | |
1865 | prec[0] = maxprec; | |
1866 | prec[1] = -1; | |
1867 | } | |
1868 | else if (dir.prec[0] < 0) | |
1869 | { | |
1870 | /* With a negative lower bound and a non-negative upper | |
1871 | bound set the minimum precision to zero and the maximum | |
1872 | to the greater of the maximum precision (i.e., with | |
1873 | trailing zeros present) and the specified upper bound. */ | |
1874 | prec[0] = 0; | |
1875 | prec[1] = dir.prec[1] < maxprec ? maxprec : dir.prec[1]; | |
1876 | } | |
1877 | } | |
1878 | else if (dir.prec[0] < 0) | |
1879 | { | |
1880 | if (dir.prec[1] < 0) | |
1881 | { | |
1882 | /* A precision in a strictly negative range is ignored and | |
1883 | the default of 6 is used instead. */ | |
1884 | prec[0] = prec[1] = 6; | |
1885 | } | |
1886 | else | |
1887 | { | |
1888 | /* For a precision in a partly negative range, the lower bound | |
1889 | must be assumed to be zero and the new upper bound is the | |
1890 | greater of 6 (the default precision used when the specified | |
1891 | precision is negative) and the upper bound of the specified | |
1892 | range. */ | |
1893 | prec[0] = 0; | |
1894 | prec[1] = dir.prec[1] < 6 ? 6 : dir.prec[1]; | |
425bd7b1 | 1895 | } |
b9833bfd | 1896 | } |
1897 | ||
4f2bedf8 | 1898 | if (!arg |
1899 | || TREE_CODE (arg) != REAL_CST | |
1900 | || !useless_type_conversion_p (type, TREE_TYPE (arg))) | |
63e30ce7 | 1901 | return format_floating (dir, prec); |
1902 | ||
26a75cc5 | 1903 | /* The minimum and maximum number of bytes produced by the directive. */ |
1904 | fmtresult res; | |
b9833bfd | 1905 | |
26a75cc5 | 1906 | /* Get the real type format desription for the target. */ |
1907 | const REAL_VALUE_TYPE *rvp = TREE_REAL_CST_PTR (arg); | |
1908 | const real_format *rfmt = REAL_MODE_FORMAT (TYPE_MODE (TREE_TYPE (arg))); | |
1909 | ||
b35bf93a | 1910 | if (!real_isfinite (rvp)) |
1911 | { | |
1912 | /* The format for Infinity and NaN is "[-]inf"/"[-]infinity" | |
1913 | and "[-]nan" with the choice being implementation-defined | |
1914 | but not locale dependent. */ | |
1915 | bool sign = dir.get_flag ('+') || real_isneg (rvp); | |
1916 | res.range.min = 3 + sign; | |
1917 | ||
1918 | res.range.likely = res.range.min; | |
1919 | res.range.max = res.range.min; | |
d3abe5e0 | 1920 | /* The unlikely maximum is "[-/+]infinity" or "[-/+][qs]nan". |
1921 | For NaN, the C/POSIX standards specify two formats: | |
1922 | "[-/+]nan" | |
1923 | and | |
1924 | "[-/+]nan(n-char-sequence)" | |
1925 | No known printf implementation outputs the latter format but AIX | |
1926 | outputs QNaN and SNaN for quiet and signalling NaN, respectively, | |
1927 | so the unlikely maximum reflects that. */ | |
1928 | res.range.unlikely = sign + (real_isinf (rvp) ? 8 : 4); | |
b35bf93a | 1929 | |
1930 | /* The range for infinity and NaN is known unless either width | |
1931 | or precision is unknown. Width has the same effect regardless | |
1932 | of whether the argument is finite. Precision is either ignored | |
1933 | (e.g., Glibc) or can have an effect on the short vs long format | |
1934 | such as inf/infinity (e.g., Solaris). */ | |
1935 | res.knownrange = dir.known_width_and_precision (); | |
1936 | ||
1937 | /* Adjust the range for width but ignore precision. */ | |
1938 | res.adjust_for_width_or_precision (dir.width); | |
1939 | ||
1940 | return res; | |
1941 | } | |
1942 | ||
26a75cc5 | 1943 | char fmtstr [40]; |
1944 | char *pfmt = fmtstr; | |
b9833bfd | 1945 | |
26a75cc5 | 1946 | /* Append flags. */ |
1947 | for (const char *pf = "-+ #0"; *pf; ++pf) | |
1948 | if (dir.get_flag (*pf)) | |
1949 | *pfmt++ = *pf; | |
b9833bfd | 1950 | |
26a75cc5 | 1951 | *pfmt = '\0'; |
b9833bfd | 1952 | |
26a75cc5 | 1953 | { |
1954 | /* Set up an array to easily iterate over. */ | |
1955 | unsigned HOST_WIDE_INT* const minmax[] = { | |
1956 | &res.range.min, &res.range.max | |
1957 | }; | |
b9833bfd | 1958 | |
26a75cc5 | 1959 | for (int i = 0; i != sizeof minmax / sizeof *minmax; ++i) |
4c43afbf | 1960 | { |
26a75cc5 | 1961 | /* Convert the GCC real value representation with the precision |
1962 | of the real type to the mpfr_t format rounding down in the | |
1963 | first iteration that computes the minimm and up in the second | |
1964 | that computes the maximum. This order is arbibtrary because | |
1965 | rounding in either direction can result in longer output. */ | |
1966 | mpfr_t mpfrval; | |
1967 | mpfr_init2 (mpfrval, rfmt->p); | |
4c7d2cb4 | 1968 | mpfr_from_real (mpfrval, rvp, i ? GMP_RNDU : GMP_RNDD); |
26a75cc5 | 1969 | |
1970 | /* Use the MPFR rounding specifier to round down in the first | |
1971 | iteration and then up. In most but not all cases this will | |
1972 | result in the same number of bytes. */ | |
1973 | char rndspec = "DU"[i]; | |
1974 | ||
1975 | /* Format it and store the result in the corresponding member | |
1976 | of the result struct. */ | |
425bd7b1 | 1977 | *minmax[i] = get_mpfr_format_length (mpfrval, fmtstr, prec[i], |
1978 | dir.specifier, rndspec); | |
c1d579d6 | 1979 | mpfr_clear (mpfrval); |
4c43afbf | 1980 | } |
26a75cc5 | 1981 | } |
4c43afbf | 1982 | |
26a75cc5 | 1983 | /* Make sure the minimum is less than the maximum (MPFR rounding |
1984 | in the call to mpfr_snprintf can result in the reverse. */ | |
1985 | if (res.range.max < res.range.min) | |
1986 | { | |
1987 | unsigned HOST_WIDE_INT tmp = res.range.min; | |
1988 | res.range.min = res.range.max; | |
1989 | res.range.max = tmp; | |
1990 | } | |
c62d63d4 | 1991 | |
7b2c89ef | 1992 | /* The range is known unless either width or precision is unknown. */ |
1993 | res.knownrange = dir.known_width_and_precision (); | |
1994 | ||
1995 | /* For the same floating point constant, unless width or precision | |
1996 | is unknown, use the longer output as the likely maximum since | |
1997 | with round to nearest either is equally likely. Otheriwse, when | |
1998 | precision is unknown, use the greater of the minimum and 3 as | |
1999 | the likely output (for "0.0" since zero precision is unlikely). */ | |
2000 | if (res.knownrange) | |
2001 | res.range.likely = res.range.max; | |
2002 | else if (res.range.min < 3 | |
2003 | && dir.prec[0] < 0 | |
2004 | && (unsigned HOST_WIDE_INT)dir.prec[1] == target_int_max ()) | |
2005 | res.range.likely = 3; | |
2006 | else | |
2007 | res.range.likely = res.range.min; | |
425bd7b1 | 2008 | |
425bd7b1 | 2009 | res.range.unlikely = res.range.max; |
2010 | ||
2011 | if (res.range.max > 2 && (prec[0] != 0 || prec[1] != 0)) | |
26a75cc5 | 2012 | { |
425bd7b1 | 2013 | /* Unless the precision is zero output longer than 2 bytes may |
2014 | include the decimal point which must be a single character | |
2015 | up to MB_LEN_MAX in length. This is overly conservative | |
2016 | since in some conversions some constants result in no decimal | |
2017 | point (e.g., in %g). */ | |
2018 | res.range.unlikely += target_mb_len_max () - 1; | |
b9833bfd | 2019 | } |
2020 | ||
425bd7b1 | 2021 | res.adjust_for_width_or_precision (dir.width); |
26a75cc5 | 2022 | return res; |
b9833bfd | 2023 | } |
2024 | ||
2025 | /* Return a FMTRESULT struct set to the lengths of the shortest and longest | |
2026 | strings referenced by the expression STR, or (-1, -1) when not known. | |
2027 | Used by the format_string function below. */ | |
2028 | ||
2029 | static fmtresult | |
893c4605 | 2030 | get_string_length (tree str, unsigned eltsize) |
b9833bfd | 2031 | { |
2032 | if (!str) | |
c62d63d4 | 2033 | return fmtresult (); |
b9833bfd | 2034 | |
b9833bfd | 2035 | /* Determine the length of the shortest and longest string referenced |
2036 | by STR. Strings of unknown lengths are bounded by the sizes of | |
2037 | arrays that subexpressions of STR may refer to. Pointers that | |
14c286b1 | 2038 | aren't known to point any such arrays result in LENDATA.MAXLEN |
2039 | set to SIZE_MAX. */ | |
2040 | c_strlen_data lendata = { }; | |
4db23c18 | 2041 | get_range_strlen (str, &lendata, eltsize); |
14c286b1 | 2042 | |
2043 | /* Return the default result when nothing is known about the string. */ | |
2044 | if (integer_all_onesp (lendata.maxbound) | |
2045 | && integer_all_onesp (lendata.maxlen)) | |
2046 | return fmtresult (); | |
b9833bfd | 2047 | |
14c286b1 | 2048 | HOST_WIDE_INT min |
2049 | = (tree_fits_uhwi_p (lendata.minlen) | |
2050 | ? tree_to_uhwi (lendata.minlen) | |
2051 | : 0); | |
2052 | ||
2053 | HOST_WIDE_INT max | |
2054 | = (tree_fits_uhwi_p (lendata.maxbound) | |
2055 | ? tree_to_uhwi (lendata.maxbound) | |
2056 | : HOST_WIDE_INT_M1U); | |
2057 | ||
4db23c18 | 2058 | const bool unbounded = integer_all_onesp (lendata.maxlen); |
14c286b1 | 2059 | |
2060 | /* Set the max/likely counters to unbounded when a minimum is known | |
2061 | but the maximum length isn't bounded. This implies that STR is | |
2062 | a conditional expression involving a string of known length and | |
2063 | and an expression of unknown/unbounded length. */ | |
2064 | if (min | |
2065 | && (unsigned HOST_WIDE_INT)min < HOST_WIDE_INT_M1U | |
2066 | && unbounded) | |
2067 | max = HOST_WIDE_INT_M1U; | |
2068 | ||
2069 | /* get_range_strlen() returns the target value of SIZE_MAX for | |
2070 | strings of unknown length. Bump it up to HOST_WIDE_INT_M1U | |
2071 | which may be bigger. */ | |
2072 | if ((unsigned HOST_WIDE_INT)min == target_size_max ()) | |
2073 | min = HOST_WIDE_INT_M1U; | |
2074 | if ((unsigned HOST_WIDE_INT)max == target_size_max ()) | |
2075 | max = HOST_WIDE_INT_M1U; | |
2076 | ||
2077 | fmtresult res (min, max); | |
2078 | res.nonstr = lendata.decl; | |
2079 | ||
2080 | /* Set RES.KNOWNRANGE to true if and only if all strings referenced | |
2081 | by STR are known to be bounded (though not necessarily by their | |
2082 | actual length but perhaps by their maximum possible length). */ | |
2083 | if (res.range.max < target_int_max ()) | |
b9833bfd | 2084 | { |
14c286b1 | 2085 | res.knownrange = true; |
2086 | /* When the the length of the longest string is known and not | |
2087 | excessive use it as the likely length of the string(s). */ | |
2088 | res.range.likely = res.range.max; | |
2089 | } | |
2090 | else | |
2091 | { | |
2092 | /* When the upper bound is unknown (it can be zero or excessive) | |
2093 | set the likely length to the greater of 1 and the length of | |
2094 | the shortest string and reset the lower bound to zero. */ | |
2095 | res.range.likely = res.range.min ? res.range.min : warn_level > 1; | |
2096 | res.range.min = 0; | |
b9833bfd | 2097 | } |
2098 | ||
14c286b1 | 2099 | res.range.unlikely = unbounded ? HOST_WIDE_INT_MAX : res.range.max; |
2100 | ||
2101 | return res; | |
b9833bfd | 2102 | } |
2103 | ||
2104 | /* Return the minimum and maximum number of characters formatted | |
26a75cc5 | 2105 | by the '%c' format directives and its wide character form for |
2106 | the argument ARG. ARG can be null (for functions such as | |
2107 | vsprinf). */ | |
b9833bfd | 2108 | |
2109 | static fmtresult | |
a669405f | 2110 | format_character (const directive &dir, tree arg, vr_values *vr_values) |
b9833bfd | 2111 | { |
c62d63d4 | 2112 | fmtresult res; |
b9833bfd | 2113 | |
425bd7b1 | 2114 | res.knownrange = true; |
2115 | ||
17d7e9ff | 2116 | if (dir.specifier == 'C' |
2117 | || dir.modifier == FMT_LEN_l) | |
425bd7b1 | 2118 | { |
425bd7b1 | 2119 | /* A wide character can result in as few as zero bytes. */ |
2120 | res.range.min = 0; | |
2121 | ||
9b0feec7 | 2122 | HOST_WIDE_INT min, max; |
a669405f | 2123 | if (get_int_range (arg, &min, &max, false, 0, vr_values)) |
425bd7b1 | 2124 | { |
9b0feec7 | 2125 | if (min == 0 && max == 0) |
2126 | { | |
2127 | /* The NUL wide character results in no bytes. */ | |
2128 | res.range.max = 0; | |
2129 | res.range.likely = 0; | |
2130 | res.range.unlikely = 0; | |
2131 | } | |
17d7e9ff | 2132 | else if (min >= 0 && min < 128) |
9b0feec7 | 2133 | { |
17d7e9ff | 2134 | /* Be conservative if the target execution character set |
2135 | is not a 1-to-1 mapping to the source character set or | |
2136 | if the source set is not ASCII. */ | |
2137 | bool one_2_one_ascii | |
2138 | = (target_to_host_charmap[0] == 1 && target_to_host ('a') == 97); | |
2139 | ||
9b0feec7 | 2140 | /* A wide character in the ASCII range most likely results |
2141 | in a single byte, and only unlikely in up to MB_LEN_MAX. */ | |
17d7e9ff | 2142 | res.range.max = one_2_one_ascii ? 1 : target_mb_len_max ();; |
9b0feec7 | 2143 | res.range.likely = 1; |
2144 | res.range.unlikely = target_mb_len_max (); | |
17d7e9ff | 2145 | res.mayfail = !one_2_one_ascii; |
9b0feec7 | 2146 | } |
2147 | else | |
2148 | { | |
2149 | /* A wide character outside the ASCII range likely results | |
2150 | in up to two bytes, and only unlikely in up to MB_LEN_MAX. */ | |
2151 | res.range.max = target_mb_len_max (); | |
2152 | res.range.likely = 2; | |
2153 | res.range.unlikely = res.range.max; | |
17d7e9ff | 2154 | /* Converting such a character may fail. */ |
2155 | res.mayfail = true; | |
9b0feec7 | 2156 | } |
425bd7b1 | 2157 | } |
2158 | else | |
2159 | { | |
9b0feec7 | 2160 | /* An unknown wide character is treated the same as a wide |
2161 | character outside the ASCII range. */ | |
425bd7b1 | 2162 | res.range.max = target_mb_len_max (); |
2163 | res.range.likely = 2; | |
2164 | res.range.unlikely = res.range.max; | |
17d7e9ff | 2165 | res.mayfail = true; |
425bd7b1 | 2166 | } |
26a75cc5 | 2167 | } |
2168 | else | |
2169 | { | |
2170 | /* A plain '%c' directive. Its ouput is exactly 1. */ | |
2171 | res.range.min = res.range.max = 1; | |
9b0feec7 | 2172 | res.range.likely = res.range.unlikely = 1; |
26a75cc5 | 2173 | res.knownrange = true; |
26a75cc5 | 2174 | } |
2175 | ||
425bd7b1 | 2176 | /* Bump up the byte counters if WIDTH is greater. */ |
2177 | return res.adjust_for_width_or_precision (dir.width); | |
26a75cc5 | 2178 | } |
2179 | ||
2180 | /* Return the minimum and maximum number of characters formatted | |
9b0feec7 | 2181 | by the '%s' format directive and its wide character form for |
2182 | the argument ARG. ARG can be null (for functions such as | |
2183 | vsprinf). */ | |
26a75cc5 | 2184 | |
2185 | static fmtresult | |
a669405f | 2186 | format_string (const directive &dir, tree arg, vr_values *) |
26a75cc5 | 2187 | { |
2188 | fmtresult res; | |
b9833bfd | 2189 | |
26a75cc5 | 2190 | /* Compute the range the argument's length can be in. */ |
3c487f08 | 2191 | int count_by = 1; |
2192 | if (dir.specifier == 'S' || dir.modifier == FMT_LEN_l) | |
2193 | { | |
2194 | /* Get a node for a C type that will be the same size | |
2195 | as a wchar_t on the target. */ | |
2196 | tree node = get_typenode_from_name (MODIFIED_WCHAR_TYPE); | |
2197 | ||
2198 | /* Now that we have a suitable node, get the number of | |
2199 | bytes it occupies. */ | |
2200 | count_by = int_size_in_bytes (node); | |
2201 | gcc_checking_assert (count_by == 2 || count_by == 4); | |
2202 | } | |
2203 | ||
893c4605 | 2204 | fmtresult slen = get_string_length (arg, count_by); |
974e2c47 | 2205 | if (slen.range.min == slen.range.max |
2206 | && slen.range.min < HOST_WIDE_INT_MAX) | |
b9833bfd | 2207 | { |
425bd7b1 | 2208 | /* The argument is either a string constant or it refers |
2209 | to one of a number of strings of the same length. */ | |
b9833bfd | 2210 | |
26a75cc5 | 2211 | /* A '%s' directive with a string argument with constant length. */ |
2212 | res.range = slen.range; | |
b9833bfd | 2213 | |
17d7e9ff | 2214 | if (dir.specifier == 'S' |
2215 | || dir.modifier == FMT_LEN_l) | |
26a75cc5 | 2216 | { |
425bd7b1 | 2217 | /* In the worst case the length of output of a wide string S |
2218 | is bounded by MB_LEN_MAX * wcslen (S). */ | |
2219 | res.range.max *= target_mb_len_max (); | |
2220 | res.range.unlikely = res.range.max; | |
2221 | /* It's likely that the the total length is not more that | |
2222 | 2 * wcslen (S).*/ | |
2223 | res.range.likely = res.range.min * 2; | |
b9833bfd | 2224 | |
f84f68b2 | 2225 | if (dir.prec[1] >= 0 |
9b0feec7 | 2226 | && (unsigned HOST_WIDE_INT)dir.prec[1] < res.range.max) |
425bd7b1 | 2227 | { |
9b0feec7 | 2228 | res.range.max = dir.prec[1]; |
2229 | res.range.likely = dir.prec[1]; | |
2230 | res.range.unlikely = dir.prec[1]; | |
425bd7b1 | 2231 | } |
b9833bfd | 2232 | |
9b0feec7 | 2233 | if (dir.prec[0] < 0 && dir.prec[1] > -1) |
2234 | res.range.min = 0; | |
f84f68b2 | 2235 | else if (dir.prec[0] >= 0) |
9b0feec7 | 2236 | res.range.likely = dir.prec[0]; |
2237 | ||
425bd7b1 | 2238 | /* Even a non-empty wide character string need not convert into |
2239 | any bytes. */ | |
2240 | res.range.min = 0; | |
17d7e9ff | 2241 | |
2242 | /* A non-empty wide character conversion may fail. */ | |
2243 | if (slen.range.max > 0) | |
2244 | res.mayfail = true; | |
26a75cc5 | 2245 | } |
425bd7b1 | 2246 | else |
26a75cc5 | 2247 | { |
425bd7b1 | 2248 | res.knownrange = true; |
2249 | ||
9b0feec7 | 2250 | if (dir.prec[0] < 0 && dir.prec[1] > -1) |
425bd7b1 | 2251 | res.range.min = 0; |
9b0feec7 | 2252 | else if ((unsigned HOST_WIDE_INT)dir.prec[0] < res.range.min) |
2253 | res.range.min = dir.prec[0]; | |
2254 | ||
2255 | if ((unsigned HOST_WIDE_INT)dir.prec[1] < res.range.max) | |
425bd7b1 | 2256 | { |
9b0feec7 | 2257 | res.range.max = dir.prec[1]; |
2258 | res.range.likely = dir.prec[1]; | |
2259 | res.range.unlikely = dir.prec[1]; | |
425bd7b1 | 2260 | } |
26a75cc5 | 2261 | } |
2262 | } | |
2263 | else if (arg && integer_zerop (arg)) | |
2264 | { | |
2265 | /* Handle null pointer argument. */ | |
b9833bfd | 2266 | |
26a75cc5 | 2267 | fmtresult res (0); |
2268 | res.nullp = true; | |
2269 | return res; | |
2270 | } | |
2271 | else | |
2272 | { | |
d9922b2c | 2273 | /* For a '%s' and '%ls' directive with a non-constant string (either |
2274 | one of a number of strings of known length or an unknown string) | |
2275 | the minimum number of characters is lesser of PRECISION[0] and | |
2276 | the length of the shortest known string or zero, and the maximum | |
2277 | is the lessser of the length of the longest known string or | |
2278 | PTRDIFF_MAX and PRECISION[1]. The likely length is either | |
2279 | the minimum at level 1 and the greater of the minimum and 1 | |
2280 | at level 2. This result is adjust upward for width (if it's | |
2281 | specified). */ | |
2282 | ||
17d7e9ff | 2283 | if (dir.specifier == 'S' |
2284 | || dir.modifier == FMT_LEN_l) | |
d9922b2c | 2285 | { |
2286 | /* A wide character converts to as few as zero bytes. */ | |
2287 | slen.range.min = 0; | |
2288 | if (slen.range.max < target_int_max ()) | |
2289 | slen.range.max *= target_mb_len_max (); | |
2290 | ||
2291 | if (slen.range.likely < target_int_max ()) | |
2292 | slen.range.likely *= 2; | |
2293 | ||
2294 | if (slen.range.likely < target_int_max ()) | |
2295 | slen.range.unlikely *= target_mb_len_max (); | |
17d7e9ff | 2296 | |
2297 | /* A non-empty wide character conversion may fail. */ | |
2298 | if (slen.range.max > 0) | |
2299 | res.mayfail = true; | |
d9922b2c | 2300 | } |
2301 | ||
2302 | res.range = slen.range; | |
b9833bfd | 2303 | |
f84f68b2 | 2304 | if (dir.prec[0] >= 0) |
26a75cc5 | 2305 | { |
d9922b2c | 2306 | /* Adjust the minimum to zero if the string length is unknown, |
2307 | or at most the lower bound of the precision otherwise. */ | |
26a75cc5 | 2308 | if (slen.range.min >= target_int_max ()) |
d9922b2c | 2309 | res.range.min = 0; |
9b0feec7 | 2310 | else if ((unsigned HOST_WIDE_INT)dir.prec[0] < slen.range.min) |
d9922b2c | 2311 | res.range.min = dir.prec[0]; |
26a75cc5 | 2312 | |
d9922b2c | 2313 | /* Make both maxima no greater than the upper bound of precision. */ |
9b0feec7 | 2314 | if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.max |
26a75cc5 | 2315 | || slen.range.max >= target_int_max ()) |
425bd7b1 | 2316 | { |
d9922b2c | 2317 | res.range.max = dir.prec[1]; |
2318 | res.range.unlikely = dir.prec[1]; | |
425bd7b1 | 2319 | } |
d9922b2c | 2320 | |
2321 | /* If precision is constant, set the likely counter to the lesser | |
2322 | of it and the maximum string length. Otherwise, if the lower | |
2323 | bound of precision is greater than zero, set the likely counter | |
2324 | to the minimum. Otherwise set it to zero or one based on | |
2325 | the warning level. */ | |
2326 | if (dir.prec[0] == dir.prec[1]) | |
2327 | res.range.likely | |
2328 | = ((unsigned HOST_WIDE_INT)dir.prec[0] < slen.range.max | |
2329 | ? dir.prec[0] : slen.range.max); | |
2330 | else if (dir.prec[0] > 0) | |
2331 | res.range.likely = res.range.min; | |
2332 | else | |
2333 | res.range.likely = warn_level > 1; | |
2334 | } | |
2335 | else if (dir.prec[1] >= 0) | |
2336 | { | |
2337 | res.range.min = 0; | |
2338 | if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.max) | |
2339 | res.range.max = dir.prec[1]; | |
2340 | res.range.likely = dir.prec[1] ? warn_level > 1 : 0; | |
14c286b1 | 2341 | if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.unlikely) |
2342 | res.range.unlikely = dir.prec[1]; | |
26a75cc5 | 2343 | } |
2344 | else if (slen.range.min >= target_int_max ()) | |
2345 | { | |
d9922b2c | 2346 | res.range.min = 0; |
2347 | res.range.max = HOST_WIDE_INT_MAX; | |
2348 | /* At level 1 strings of unknown length are assumed to be | |
425bd7b1 | 2349 | empty, while at level 1 they are assumed to be one byte |
2350 | long. */ | |
d9922b2c | 2351 | res.range.likely = warn_level > 1; |
14c286b1 | 2352 | res.range.unlikely = HOST_WIDE_INT_MAX; |
d9922b2c | 2353 | } |
2354 | else | |
2355 | { | |
2356 | /* A string of unknown length unconstrained by precision is | |
2357 | assumed to be empty at level 1 and just one character long | |
2358 | at higher levels. */ | |
2359 | if (res.range.likely >= target_int_max ()) | |
2360 | res.range.likely = warn_level > 1; | |
b9833bfd | 2361 | } |
2362 | } | |
2363 | ||
f1625820 | 2364 | /* If the argument isn't a nul-terminated string and the number |
2365 | of bytes on output isn't bounded by precision, set NONSTR. */ | |
2366 | if (slen.nonstr && slen.range.min < (unsigned HOST_WIDE_INT)dir.prec[0]) | |
2367 | res.nonstr = slen.nonstr; | |
2368 | ||
425bd7b1 | 2369 | /* Bump up the byte counters if WIDTH is greater. */ |
2370 | return res.adjust_for_width_or_precision (dir.width); | |
2371 | } | |
2372 | ||
2373 | /* Format plain string (part of the format string itself). */ | |
2374 | ||
2375 | static fmtresult | |
a669405f | 2376 | format_plain (const directive &dir, tree, vr_values *) |
425bd7b1 | 2377 | { |
2378 | fmtresult res (dir.len); | |
2379 | return res; | |
2380 | } | |
2381 | ||
2382 | /* Return true if the RESULT of a directive in a call describe by INFO | |
2383 | should be diagnosed given the AVAILable space in the destination. */ | |
2384 | ||
2385 | static bool | |
9d8823fc | 2386 | should_warn_p (const sprintf_dom_walker::call_info &info, |
425bd7b1 | 2387 | const result_range &avail, const result_range &result) |
2388 | { | |
2389 | if (result.max <= avail.min) | |
2390 | { | |
2391 | /* The least amount of space remaining in the destination is big | |
2392 | enough for the longest output. */ | |
2393 | return false; | |
2394 | } | |
2395 | ||
2396 | if (info.bounded) | |
7bcd359a | 2397 | { |
f84f68b2 | 2398 | if (warn_format_trunc == 1 && result.min <= avail.max |
425bd7b1 | 2399 | && info.retval_used ()) |
2400 | { | |
2401 | /* The likely amount of space remaining in the destination is big | |
2402 | enough for the least output and the return value is used. */ | |
2403 | return false; | |
2404 | } | |
b9833bfd | 2405 | |
f84f68b2 | 2406 | if (warn_format_trunc == 1 && result.likely <= avail.likely |
425bd7b1 | 2407 | && !info.retval_used ()) |
2408 | { | |
2409 | /* The likely amount of space remaining in the destination is big | |
2410 | enough for the likely output and the return value is unused. */ | |
2411 | return false; | |
2412 | } | |
b9833bfd | 2413 | |
425bd7b1 | 2414 | if (warn_format_trunc == 2 |
2415 | && result.likely <= avail.min | |
2416 | && (result.max <= avail.min | |
2417 | || result.max > HOST_WIDE_INT_MAX)) | |
2418 | { | |
2419 | /* The minimum amount of space remaining in the destination is big | |
2420 | enough for the longest output. */ | |
2421 | return false; | |
2422 | } | |
7bcd359a | 2423 | } |
425bd7b1 | 2424 | else |
2425 | { | |
f84f68b2 | 2426 | if (warn_level == 1 && result.likely <= avail.likely) |
425bd7b1 | 2427 | { |
2428 | /* The likely amount of space remaining in the destination is big | |
2429 | enough for the likely output. */ | |
2430 | return false; | |
2431 | } | |
b9833bfd | 2432 | |
425bd7b1 | 2433 | if (warn_level == 2 |
2434 | && result.likely <= avail.min | |
2435 | && (result.max <= avail.min | |
2436 | || result.max > HOST_WIDE_INT_MAX)) | |
2437 | { | |
2438 | /* The minimum amount of space remaining in the destination is big | |
2439 | enough for the longest output. */ | |
2440 | return false; | |
2441 | } | |
2442 | } | |
c62d63d4 | 2443 | |
425bd7b1 | 2444 | return true; |
b9833bfd | 2445 | } |
2446 | ||
76cf0084 | 2447 | /* At format string location describe by DIRLOC in a call described |
2448 | by INFO, issue a warning for a directive DIR whose output may be | |
2449 | in excess of the available space AVAIL_RANGE in the destination | |
2450 | given the formatting result FMTRES. This function does nothing | |
2451 | except decide whether to issue a warning for a possible write | |
2452 | past the end or truncation and, if so, format the warning. | |
2453 | Return true if a warning has been issued. */ | |
2454 | ||
2455 | static bool | |
3a010afa | 2456 | maybe_warn (substring_loc &dirloc, location_t argloc, |
9d8823fc | 2457 | const sprintf_dom_walker::call_info &info, |
425bd7b1 | 2458 | const result_range &avail_range, const result_range &res, |
76cf0084 | 2459 | const directive &dir) |
2460 | { | |
425bd7b1 | 2461 | if (!should_warn_p (info, avail_range, res)) |
2462 | return false; | |
2463 | ||
2464 | /* A warning will definitely be issued below. */ | |
2465 | ||
2466 | /* The maximum byte count to reference in the warning. Larger counts | |
2467 | imply that the upper bound is unknown (and could be anywhere between | |
2468 | RES.MIN + 1 and SIZE_MAX / 2) are printed as "N or more bytes" rather | |
2469 | than "between N and X" where X is some huge number. */ | |
2470 | unsigned HOST_WIDE_INT maxbytes = target_dir_max (); | |
76cf0084 | 2471 | |
425bd7b1 | 2472 | /* True when there is enough room in the destination for the least |
2473 | amount of a directive's output but not enough for its likely or | |
2474 | maximum output. */ | |
2475 | bool maybe = (res.min <= avail_range.max | |
2476 | && (avail_range.min < res.likely | |
2477 | || (res.max < HOST_WIDE_INT_MAX | |
2478 | && avail_range.min < res.max))); | |
2479 | ||
722889f9 | 2480 | /* Buffer for the directive in the host character set (used when |
2481 | the source character set is different). */ | |
2482 | char hostdir[32]; | |
2483 | ||
425bd7b1 | 2484 | if (avail_range.min == avail_range.max) |
76cf0084 | 2485 | { |
425bd7b1 | 2486 | /* The size of the destination region is exact. */ |
2487 | unsigned HOST_WIDE_INT navail = avail_range.max; | |
2488 | ||
722889f9 | 2489 | if (target_to_host (*dir.beg) != '%') |
76cf0084 | 2490 | { |
425bd7b1 | 2491 | /* For plain character directives (i.e., the format string itself) |
2492 | but not others, point the caret at the first character that's | |
2493 | past the end of the destination. */ | |
9574b6e7 | 2494 | if (navail < dir.len) |
2495 | dirloc.set_caret_index (dirloc.get_caret_idx () + navail); | |
76cf0084 | 2496 | } |
425bd7b1 | 2497 | |
2498 | if (*dir.beg == '\0') | |
76cf0084 | 2499 | { |
425bd7b1 | 2500 | /* This is the terminating nul. */ |
2501 | gcc_assert (res.min == 1 && res.min == res.max); | |
2502 | ||
3a010afa | 2503 | return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (), |
7ac1c1d7 | 2504 | info.bounded |
2505 | ? (maybe | |
2506 | ? G_("%qE output may be truncated before the " | |
2507 | "last format character") | |
2508 | : G_("%qE output truncated before the last " | |
2509 | "format character")) | |
2510 | : (maybe | |
2511 | ? G_("%qE may write a terminating nul past the " | |
2512 | "end of the destination") | |
2513 | : G_("%qE writing a terminating nul past the " | |
2514 | "end of the destination")), | |
2515 | info.func); | |
425bd7b1 | 2516 | } |
2517 | ||
2518 | if (res.min == res.max) | |
2519 | { | |
7ac1c1d7 | 2520 | const char *d = target_to_host (hostdir, sizeof hostdir, dir.beg); |
2521 | if (!info.bounded) | |
2522 | return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min, | |
2523 | "%<%.*s%> directive writing %wu byte into a " | |
2524 | "region of size %wu", | |
2525 | "%<%.*s%> directive writing %wu bytes into a " | |
2526 | "region of size %wu", | |
2527 | (int) dir.len, d, res.min, navail); | |
2528 | else if (maybe) | |
2529 | return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min, | |
2530 | "%<%.*s%> directive output may be truncated " | |
2531 | "writing %wu byte into a region of size %wu", | |
2532 | "%<%.*s%> directive output may be truncated " | |
2533 | "writing %wu bytes into a region of size %wu", | |
2534 | (int) dir.len, d, res.min, navail); | |
2535 | else | |
2536 | return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min, | |
2537 | "%<%.*s%> directive output truncated writing " | |
2538 | "%wu byte into a region of size %wu", | |
2539 | "%<%.*s%> directive output truncated writing " | |
2540 | "%wu bytes into a region of size %wu", | |
2541 | (int) dir.len, d, res.min, navail); | |
425bd7b1 | 2542 | } |
f84f68b2 | 2543 | if (res.min == 0 && res.max < maxbytes) |
7ac1c1d7 | 2544 | return fmtwarn (dirloc, argloc, NULL, |
2545 | info.warnopt (), | |
2546 | info.bounded | |
2547 | ? (maybe | |
2548 | ? G_("%<%.*s%> directive output may be truncated " | |
2549 | "writing up to %wu bytes into a region of " | |
2550 | "size %wu") | |
2551 | : G_("%<%.*s%> directive output truncated writing " | |
2552 | "up to %wu bytes into a region of size %wu")) | |
2553 | : G_("%<%.*s%> directive writing up to %wu bytes " | |
2554 | "into a region of size %wu"), (int) dir.len, | |
2555 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2556 | res.max, navail); | |
425bd7b1 | 2557 | |
f84f68b2 | 2558 | if (res.min == 0 && maxbytes <= res.max) |
7ac1c1d7 | 2559 | /* This is a special case to avoid issuing the potentially |
2560 | confusing warning: | |
2561 | writing 0 or more bytes into a region of size 0. */ | |
2562 | return fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2563 | info.bounded | |
2564 | ? (maybe | |
2565 | ? G_("%<%.*s%> directive output may be truncated " | |
2566 | "writing likely %wu or more bytes into a " | |
2567 | "region of size %wu") | |
2568 | : G_("%<%.*s%> directive output truncated writing " | |
2569 | "likely %wu or more bytes into a region of " | |
2570 | "size %wu")) | |
2571 | : G_("%<%.*s%> directive writing likely %wu or more " | |
2572 | "bytes into a region of size %wu"), (int) dir.len, | |
2573 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2574 | res.likely, navail); | |
425bd7b1 | 2575 | |
2576 | if (res.max < maxbytes) | |
7ac1c1d7 | 2577 | return fmtwarn (dirloc, argloc, NULL, info.warnopt (), |
2578 | info.bounded | |
2579 | ? (maybe | |
2580 | ? G_("%<%.*s%> directive output may be truncated " | |
2581 | "writing between %wu and %wu bytes into a " | |
2582 | "region of size %wu") | |
2583 | : G_("%<%.*s%> directive output truncated " | |
2584 | "writing between %wu and %wu bytes into a " | |
2585 | "region of size %wu")) | |
2586 | : G_("%<%.*s%> directive writing between %wu and " | |
2587 | "%wu bytes into a region of size %wu"), | |
2588 | (int) dir.len, | |
2589 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2590 | res.min, res.max, navail); | |
2591 | ||
2592 | return fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2593 | info.bounded | |
2594 | ? (maybe | |
2595 | ? G_("%<%.*s%> directive output may be truncated " | |
2596 | "writing %wu or more bytes into a region of " | |
2597 | "size %wu") | |
2598 | : G_("%<%.*s%> directive output truncated writing " | |
2599 | "%wu or more bytes into a region of size %wu")) | |
2600 | : G_("%<%.*s%> directive writing %wu or more bytes " | |
2601 | "into a region of size %wu"), (int) dir.len, | |
722889f9 | 2602 | target_to_host (hostdir, sizeof hostdir, dir.beg), |
425bd7b1 | 2603 | res.min, navail); |
76cf0084 | 2604 | } |
2605 | ||
425bd7b1 | 2606 | /* The size of the destination region is a range. */ |
2607 | ||
722889f9 | 2608 | if (target_to_host (*dir.beg) != '%') |
425bd7b1 | 2609 | { |
2610 | unsigned HOST_WIDE_INT navail = avail_range.max; | |
2611 | ||
2612 | /* For plain character directives (i.e., the format string itself) | |
2613 | but not others, point the caret at the first character that's | |
2614 | past the end of the destination. */ | |
9574b6e7 | 2615 | if (navail < dir.len) |
2616 | dirloc.set_caret_index (dirloc.get_caret_idx () + navail); | |
425bd7b1 | 2617 | } |
2618 | ||
2619 | if (*dir.beg == '\0') | |
2620 | { | |
2621 | gcc_assert (res.min == 1 && res.min == res.max); | |
2622 | ||
7ac1c1d7 | 2623 | return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (), |
2624 | info.bounded | |
2625 | ? (maybe | |
2626 | ? G_("%qE output may be truncated before the last " | |
2627 | "format character") | |
2628 | : G_("%qE output truncated before the last format " | |
2629 | "character")) | |
2630 | : (maybe | |
2631 | ? G_("%qE may write a terminating nul past the end " | |
2632 | "of the destination") | |
2633 | : G_("%qE writing a terminating nul past the end " | |
2634 | "of the destination")), info.func); | |
425bd7b1 | 2635 | } |
2636 | ||
2637 | if (res.min == res.max) | |
2638 | { | |
7ac1c1d7 | 2639 | const char *d = target_to_host (hostdir, sizeof hostdir, dir.beg); |
2640 | if (!info.bounded) | |
2641 | return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min, | |
2642 | "%<%.*s%> directive writing %wu byte into a region " | |
2643 | "of size between %wu and %wu", | |
2644 | "%<%.*s%> directive writing %wu bytes into a region " | |
2645 | "of size between %wu and %wu", (int) dir.len, d, | |
2646 | res.min, avail_range.min, avail_range.max); | |
2647 | else if (maybe) | |
2648 | return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min, | |
2649 | "%<%.*s%> directive output may be truncated writing " | |
2650 | "%wu byte into a region of size between %wu and %wu", | |
2651 | "%<%.*s%> directive output may be truncated writing " | |
2652 | "%wu bytes into a region of size between %wu and " | |
2653 | "%wu", (int) dir.len, d, res.min, avail_range.min, | |
2654 | avail_range.max); | |
2655 | else | |
2656 | return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min, | |
2657 | "%<%.*s%> directive output truncated writing %wu " | |
2658 | "byte into a region of size between %wu and %wu", | |
2659 | "%<%.*s%> directive output truncated writing %wu " | |
2660 | "bytes into a region of size between %wu and %wu", | |
2661 | (int) dir.len, d, res.min, avail_range.min, | |
2662 | avail_range.max); | |
425bd7b1 | 2663 | } |
2664 | ||
f84f68b2 | 2665 | if (res.min == 0 && res.max < maxbytes) |
7ac1c1d7 | 2666 | return fmtwarn (dirloc, argloc, NULL, info.warnopt (), |
2667 | info.bounded | |
2668 | ? (maybe | |
2669 | ? G_("%<%.*s%> directive output may be truncated " | |
2670 | "writing up to %wu bytes into a region of size " | |
2671 | "between %wu and %wu") | |
2672 | : G_("%<%.*s%> directive output truncated writing " | |
2673 | "up to %wu bytes into a region of size between " | |
2674 | "%wu and %wu")) | |
2675 | : G_("%<%.*s%> directive writing up to %wu bytes " | |
2676 | "into a region of size between %wu and %wu"), | |
2677 | (int) dir.len, | |
2678 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2679 | res.max, avail_range.min, avail_range.max); | |
425bd7b1 | 2680 | |
f84f68b2 | 2681 | if (res.min == 0 && maxbytes <= res.max) |
7ac1c1d7 | 2682 | /* This is a special case to avoid issuing the potentially confusing |
2683 | warning: | |
2684 | writing 0 or more bytes into a region of size between 0 and N. */ | |
2685 | return fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2686 | info.bounded | |
2687 | ? (maybe | |
2688 | ? G_("%<%.*s%> directive output may be truncated " | |
2689 | "writing likely %wu or more bytes into a region " | |
2690 | "of size between %wu and %wu") | |
2691 | : G_("%<%.*s%> directive output truncated writing " | |
2692 | "likely %wu or more bytes into a region of size " | |
2693 | "between %wu and %wu")) | |
2694 | : G_("%<%.*s%> directive writing likely %wu or more bytes " | |
2695 | "into a region of size between %wu and %wu"), | |
2696 | (int) dir.len, | |
2697 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2698 | res.likely, avail_range.min, avail_range.max); | |
425bd7b1 | 2699 | |
2700 | if (res.max < maxbytes) | |
7ac1c1d7 | 2701 | return fmtwarn (dirloc, argloc, NULL, info.warnopt (), |
2702 | info.bounded | |
2703 | ? (maybe | |
2704 | ? G_("%<%.*s%> directive output may be truncated " | |
2705 | "writing between %wu and %wu bytes into a region " | |
2706 | "of size between %wu and %wu") | |
2707 | : G_("%<%.*s%> directive output truncated writing " | |
2708 | "between %wu and %wu bytes into a region of size " | |
2709 | "between %wu and %wu")) | |
2710 | : G_("%<%.*s%> directive writing between %wu and " | |
2711 | "%wu bytes into a region of size between %wu and " | |
2712 | "%wu"), (int) dir.len, | |
2713 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2714 | res.min, res.max, avail_range.min, avail_range.max); | |
2715 | ||
2716 | return fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2717 | info.bounded | |
2718 | ? (maybe | |
2719 | ? G_("%<%.*s%> directive output may be truncated writing " | |
2720 | "%wu or more bytes into a region of size between " | |
2721 | "%wu and %wu") | |
2722 | : G_("%<%.*s%> directive output truncated writing " | |
2723 | "%wu or more bytes into a region of size between " | |
2724 | "%wu and %wu")) | |
2725 | : G_("%<%.*s%> directive writing %wu or more bytes " | |
2726 | "into a region of size between %wu and %wu"), | |
2727 | (int) dir.len, | |
722889f9 | 2728 | target_to_host (hostdir, sizeof hostdir, dir.beg), |
2729 | res.min, avail_range.min, avail_range.max); | |
76cf0084 | 2730 | } |
2731 | ||
9b0feec7 | 2732 | /* Compute the length of the output resulting from the directive DIR |
2733 | in a call described by INFO and update the overall result of the call | |
2734 | in *RES. Return true if the directive has been handled. */ | |
b9833bfd | 2735 | |
26a75cc5 | 2736 | static bool |
9d8823fc | 2737 | format_directive (const sprintf_dom_walker::call_info &info, |
a669405f | 2738 | format_result *res, const directive &dir, |
2739 | class vr_values *vr_values) | |
b9833bfd | 2740 | { |
2741 | /* Offset of the beginning of the directive from the beginning | |
2742 | of the format string. */ | |
9b0feec7 | 2743 | size_t offset = dir.beg - info.fmtstr; |
2744 | size_t start = offset; | |
2745 | size_t length = offset + dir.len - !!dir.len; | |
b9833bfd | 2746 | |
2747 | /* Create a location for the whole directive from the % to the format | |
2748 | specifier. */ | |
2749 | substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format), | |
9b0feec7 | 2750 | offset, start, length); |
b9833bfd | 2751 | |
3a010afa | 2752 | /* Also get the location of the argument if possible. |
b9833bfd | 2753 | This doesn't work for integer literals or function calls. */ |
3a010afa | 2754 | location_t argloc = UNKNOWN_LOCATION; |
2755 | if (dir.arg) | |
2756 | argloc = EXPR_LOCATION (dir.arg); | |
b9833bfd | 2757 | |
2758 | /* Bail when there is no function to compute the output length, | |
2759 | or when minimum length checking has been disabled. */ | |
425bd7b1 | 2760 | if (!dir.fmtfunc || res->range.min >= HOST_WIDE_INT_MAX) |
26a75cc5 | 2761 | return false; |
b9833bfd | 2762 | |
9b0feec7 | 2763 | /* Compute the range of lengths of the formatted output. */ |
a669405f | 2764 | fmtresult fmtres = dir.fmtfunc (dir, dir.arg, vr_values); |
b9833bfd | 2765 | |
c62d63d4 | 2766 | /* Record whether the output of all directives is known to be |
2767 | bounded by some maximum, implying that their arguments are | |
2768 | either known exactly or determined to be in a known range | |
2769 | or, for strings, limited by the upper bounds of the arrays | |
2770 | they refer to. */ | |
2771 | res->knownrange &= fmtres.knownrange; | |
b9833bfd | 2772 | |
c62d63d4 | 2773 | if (!fmtres.knownrange) |
b9833bfd | 2774 | { |
c62d63d4 | 2775 | /* Only when the range is known, check it against the host value |
84960375 | 2776 | of INT_MAX + (the number of bytes of the "%.*Lf" directive with |
2777 | INT_MAX precision, which is the longest possible output of any | |
2778 | single directive). That's the largest valid byte count (though | |
2779 | not valid call to a printf-like function because it can never | |
2780 | return such a count). Otherwise, the range doesn't correspond | |
2781 | to known values of the argument. */ | |
2782 | if (fmtres.range.max > target_dir_max ()) | |
c62d63d4 | 2783 | { |
2784 | /* Normalize the MAX counter to avoid having to deal with it | |
2785 | later. The counter can be less than HOST_WIDE_INT_M1U | |
2786 | when compiling for an ILP32 target on an LP64 host. */ | |
2787 | fmtres.range.max = HOST_WIDE_INT_M1U; | |
2788 | /* Disable exact and maximum length checking after a failure | |
2789 | to determine the maximum number of characters (for example | |
2790 | for wide characters or wide character strings) but continue | |
2791 | tracking the minimum number of characters. */ | |
425bd7b1 | 2792 | res->range.max = HOST_WIDE_INT_M1U; |
c62d63d4 | 2793 | } |
2794 | ||
84960375 | 2795 | if (fmtres.range.min > target_dir_max ()) |
c62d63d4 | 2796 | { |
2797 | /* Disable exact length checking after a failure to determine | |
2798 | even the minimum number of characters (it shouldn't happen | |
2799 | except in an error) but keep tracking the minimum and maximum | |
2800 | number of characters. */ | |
26a75cc5 | 2801 | return true; |
c62d63d4 | 2802 | } |
b9833bfd | 2803 | } |
2804 | ||
722889f9 | 2805 | /* Buffer for the directive in the host character set (used when |
2806 | the source character set is different). */ | |
2807 | char hostdir[32]; | |
2808 | ||
425bd7b1 | 2809 | int dirlen = dir.len; |
2810 | ||
519bbccd | 2811 | if (fmtres.nullp) |
2812 | { | |
3a010afa | 2813 | fmtwarn (dirloc, argloc, NULL, info.warnopt (), |
7b2ced2f | 2814 | "%G%<%.*s%> directive argument is null", |
2815 | info.callstmt, dirlen, | |
2816 | target_to_host (hostdir, sizeof hostdir, dir.beg)); | |
519bbccd | 2817 | |
2818 | /* Don't bother processing the rest of the format string. */ | |
2819 | res->warned = true; | |
425bd7b1 | 2820 | res->range.min = HOST_WIDE_INT_M1U; |
2821 | res->range.max = HOST_WIDE_INT_M1U; | |
26a75cc5 | 2822 | return false; |
519bbccd | 2823 | } |
2824 | ||
b9833bfd | 2825 | /* Compute the number of available bytes in the destination. There |
2826 | must always be at least one byte of space for the terminating | |
2827 | NUL that's appended after the format string has been processed. */ | |
425bd7b1 | 2828 | result_range avail_range = bytes_remaining (info.objsize, *res); |
b9833bfd | 2829 | |
76cf0084 | 2830 | bool warned = res->warned; |
2831 | ||
2832 | if (!warned) | |
3a010afa | 2833 | warned = maybe_warn (dirloc, argloc, info, avail_range, |
76cf0084 | 2834 | fmtres.range, dir); |
2835 | ||
425bd7b1 | 2836 | /* Bump up the total maximum if it isn't too big. */ |
2837 | if (res->range.max < HOST_WIDE_INT_MAX | |
2838 | && fmtres.range.max < HOST_WIDE_INT_MAX) | |
2839 | res->range.max += fmtres.range.max; | |
b9833bfd | 2840 | |
425bd7b1 | 2841 | /* Raise the total unlikely maximum by the larger of the maximum |
af4ec936 | 2842 | and the unlikely maximum. */ |
2843 | unsigned HOST_WIDE_INT save = res->range.unlikely; | |
425bd7b1 | 2844 | if (fmtres.range.max < fmtres.range.unlikely) |
2845 | res->range.unlikely += fmtres.range.unlikely; | |
b9833bfd | 2846 | else |
425bd7b1 | 2847 | res->range.unlikely += fmtres.range.max; |
2848 | ||
af4ec936 | 2849 | if (res->range.unlikely < save) |
2850 | res->range.unlikely = HOST_WIDE_INT_M1U; | |
2851 | ||
425bd7b1 | 2852 | res->range.min += fmtres.range.min; |
2853 | res->range.likely += fmtres.range.likely; | |
b9833bfd | 2854 | |
2855 | /* Has the minimum directive output length exceeded the maximum | |
2856 | of 4095 bytes required to be supported? */ | |
2857 | bool minunder4k = fmtres.range.min < 4096; | |
425bd7b1 | 2858 | bool maxunder4k = fmtres.range.max < 4096; |
17d7e9ff | 2859 | /* Clear POSUNDER4K in the overall result if the maximum has exceeded |
2860 | the 4k (this is necessary to avoid the return value optimization | |
425bd7b1 | 2861 | that may not be safe in the maximum case). */ |
2862 | if (!maxunder4k) | |
17d7e9ff | 2863 | res->posunder4k = false; |
2864 | /* Also clear POSUNDER4K if the directive may fail. */ | |
2865 | if (fmtres.mayfail) | |
2866 | res->posunder4k = false; | |
b9833bfd | 2867 | |
425bd7b1 | 2868 | if (!warned |
2869 | /* Only warn at level 2. */ | |
c9281ef8 | 2870 | && warn_level > 1 |
c1b65cc2 | 2871 | /* Only warn for string functions. */ |
2872 | && info.is_string_func () | |
425bd7b1 | 2873 | && (!minunder4k |
2874 | || (!maxunder4k && fmtres.range.max < HOST_WIDE_INT_MAX))) | |
b9833bfd | 2875 | { |
2876 | /* The directive output may be longer than the maximum required | |
2877 | to be handled by an implementation according to 7.21.6.1, p15 | |
2878 | of C11. Warn on this only at level 2 but remember this and | |
2879 | prevent folding the return value when done. This allows for | |
2880 | the possibility of the actual libc call failing due to ENOMEM | |
c1b65cc2 | 2881 | (like Glibc does with very large precision or width). |
2882 | Issue the "may exceed" warning only for string functions and | |
2883 | not for fprintf or printf. */ | |
b9833bfd | 2884 | |
2885 | if (fmtres.range.min == fmtres.range.max) | |
7ac1c1d7 | 2886 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), |
514c86c7 | 2887 | "%<%.*s%> directive output of %wu bytes exceeds " |
7ac1c1d7 | 2888 | "minimum required size of 4095", dirlen, |
722889f9 | 2889 | target_to_host (hostdir, sizeof hostdir, dir.beg), |
2890 | fmtres.range.min); | |
c1b65cc2 | 2891 | else if (!minunder4k) |
2892 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2893 | "%<%.*s%> directive output between %wu and %wu " | |
2894 | "bytes exceeds minimum required size of 4095", | |
2895 | dirlen, | |
2896 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2897 | fmtres.range.min, fmtres.range.max); | |
2898 | else if (!info.retval_used () && info.is_string_func ()) | |
7ac1c1d7 | 2899 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), |
c1b65cc2 | 2900 | "%<%.*s%> directive output between %wu and %wu " |
2901 | "bytes may exceed minimum required size of " | |
2902 | "4095", | |
7ac1c1d7 | 2903 | dirlen, |
2904 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2905 | fmtres.range.min, fmtres.range.max); | |
b9833bfd | 2906 | } |
2907 | ||
425bd7b1 | 2908 | /* Has the likely and maximum directive output exceeded INT_MAX? */ |
2909 | bool likelyximax = *dir.beg && res->range.likely > target_int_max (); | |
af4ec936 | 2910 | /* Don't consider the maximum to be in excess when it's the result |
2911 | of a string of unknown length (i.e., whose maximum has been set | |
2912 | to be greater than or equal to HOST_WIDE_INT_MAX. */ | |
2913 | bool maxximax = (*dir.beg | |
2914 | && res->range.max > target_int_max () | |
2915 | && res->range.max < HOST_WIDE_INT_MAX); | |
b9833bfd | 2916 | |
514c86c7 | 2917 | if (!warned |
425bd7b1 | 2918 | /* Warn for the likely output size at level 1. */ |
2919 | && (likelyximax | |
2920 | /* But only warn for the maximum at level 2. */ | |
c9281ef8 | 2921 | || (warn_level > 1 |
425bd7b1 | 2922 | && maxximax |
2923 | && fmtres.range.max < HOST_WIDE_INT_MAX))) | |
b9833bfd | 2924 | { |
c1b65cc2 | 2925 | if (fmtres.range.min > target_int_max ()) |
2926 | { | |
2927 | /* The directive output exceeds INT_MAX bytes. */ | |
2928 | if (fmtres.range.min == fmtres.range.max) | |
2929 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2930 | "%<%.*s%> directive output of %wu bytes exceeds " | |
2931 | "%<INT_MAX%>", dirlen, | |
2932 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2933 | fmtres.range.min); | |
2934 | else | |
2935 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2936 | "%<%.*s%> directive output between %wu and " | |
2937 | "%wu bytes exceeds %<INT_MAX%>", dirlen, | |
2938 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2939 | fmtres.range.min, fmtres.range.max); | |
2940 | } | |
2941 | else if (res->range.min > target_int_max ()) | |
2942 | { | |
2943 | /* The directive output is under INT_MAX but causes the result | |
2944 | to exceed INT_MAX bytes. */ | |
2945 | if (fmtres.range.min == fmtres.range.max) | |
2946 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2947 | "%<%.*s%> directive output of %wu bytes causes " | |
2948 | "result to exceed %<INT_MAX%>", dirlen, | |
2949 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2950 | fmtres.range.min); | |
2951 | else | |
2952 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2953 | "%<%.*s%> directive output between %wu and " | |
2954 | "%wu bytes causes result to exceed %<INT_MAX%>", | |
2955 | dirlen, | |
2956 | target_to_host (hostdir, sizeof hostdir, dir.beg), | |
2957 | fmtres.range.min, fmtres.range.max); | |
2958 | } | |
2959 | else if ((!info.retval_used () || !info.bounded) | |
2960 | && (info.is_string_func ())) | |
2961 | /* Warn for calls to string functions that either aren't bounded | |
2962 | (sprintf) or whose return value isn't used. */ | |
7ac1c1d7 | 2963 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), |
c1b65cc2 | 2964 | "%<%.*s%> directive output between %wu and " |
2965 | "%wu bytes may cause result to exceed " | |
2966 | "%<INT_MAX%>", dirlen, | |
7ac1c1d7 | 2967 | target_to_host (hostdir, sizeof hostdir, dir.beg), |
2968 | fmtres.range.min, fmtres.range.max); | |
b9833bfd | 2969 | } |
514c86c7 | 2970 | |
f1625820 | 2971 | if (!warned && fmtres.nonstr) |
2972 | { | |
2973 | warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (), | |
2974 | "%<%.*s%> directive argument is not a nul-terminated " | |
2975 | "string", | |
2976 | dirlen, | |
2977 | target_to_host (hostdir, sizeof hostdir, dir.beg)); | |
2978 | if (warned && DECL_P (fmtres.nonstr)) | |
2979 | inform (DECL_SOURCE_LOCATION (fmtres.nonstr), | |
2980 | "referenced argument declared here"); | |
2981 | return false; | |
2982 | } | |
2983 | ||
425bd7b1 | 2984 | if (warned && fmtres.range.min < fmtres.range.likely |
2985 | && fmtres.range.likely < fmtres.range.max) | |
f4e3e4b1 | 2986 | inform_n (info.fmtloc, fmtres.range.likely, |
504b0b7d | 2987 | "assuming directive output of %wu byte", |
2988 | "assuming directive output of %wu bytes", | |
425bd7b1 | 2989 | fmtres.range.likely); |
425bd7b1 | 2990 | |
514c86c7 | 2991 | if (warned && fmtres.argmin) |
2992 | { | |
2993 | if (fmtres.argmin == fmtres.argmax) | |
2994 | inform (info.fmtloc, "directive argument %qE", fmtres.argmin); | |
2995 | else if (fmtres.knownrange) | |
2996 | inform (info.fmtloc, "directive argument in the range [%E, %E]", | |
2997 | fmtres.argmin, fmtres.argmax); | |
2998 | else | |
2999 | inform (info.fmtloc, | |
3000 | "using the range [%E, %E] for directive argument", | |
3001 | fmtres.argmin, fmtres.argmax); | |
3002 | } | |
3003 | ||
3004 | res->warned |= warned; | |
76cf0084 | 3005 | |
c1b65cc2 | 3006 | if (!dir.beg[0] && res->warned) |
b9833bfd | 3007 | { |
b9833bfd | 3008 | location_t callloc = gimple_location (info.callstmt); |
3009 | ||
425bd7b1 | 3010 | unsigned HOST_WIDE_INT min = res->range.min; |
3011 | unsigned HOST_WIDE_INT max = res->range.max; | |
b9833bfd | 3012 | |
c1b65cc2 | 3013 | if (info.objsize < HOST_WIDE_INT_MAX) |
3014 | { | |
3015 | /* If a warning has been issued for buffer overflow or truncation | |
3016 | help the user figure out how big a buffer they need. */ | |
3017 | ||
3018 | if (min == max) | |
b3ed1c3c | 3019 | inform_n (callloc, min, |
3020 | "%qE output %wu byte into a destination of size %wu", | |
3021 | "%qE output %wu bytes into a destination of size %wu", | |
3022 | info.func, min, info.objsize); | |
c1b65cc2 | 3023 | else if (max < HOST_WIDE_INT_MAX) |
3024 | inform (callloc, | |
3025 | "%qE output between %wu and %wu bytes into " | |
3026 | "a destination of size %wu", | |
3027 | info.func, min, max, info.objsize); | |
3028 | else if (min < res->range.likely && res->range.likely < max) | |
3029 | inform (callloc, | |
3030 | "%qE output %wu or more bytes (assuming %wu) into " | |
3031 | "a destination of size %wu", | |
3032 | info.func, min, res->range.likely, info.objsize); | |
3033 | else | |
3034 | inform (callloc, | |
3035 | "%qE output %wu or more bytes into a destination of size " | |
3036 | "%wu", | |
3037 | info.func, min, info.objsize); | |
3038 | } | |
3039 | else if (!info.is_string_func ()) | |
3040 | { | |
3041 | /* If the warning is for a file function function like fprintf | |
3042 | of printf with no destination size just print the computed | |
3043 | result. */ | |
3044 | if (min == max) | |
b3ed1c3c | 3045 | inform_n (callloc, min, |
3046 | "%qE output %wu byte", "%qE output %wu bytes", | |
3047 | info.func, min); | |
c1b65cc2 | 3048 | else if (max < HOST_WIDE_INT_MAX) |
3049 | inform (callloc, | |
3050 | "%qE output between %wu and %wu bytes", | |
3051 | info.func, min, max); | |
3052 | else if (min < res->range.likely && res->range.likely < max) | |
3053 | inform (callloc, | |
3054 | "%qE output %wu or more bytes (assuming %wu)", | |
3055 | info.func, min, res->range.likely); | |
3056 | else | |
3057 | inform (callloc, | |
3058 | "%qE output %wu or more bytes", | |
3059 | info.func, min); | |
3060 | } | |
b9833bfd | 3061 | } |
3062 | ||
425bd7b1 | 3063 | if (dump_file && *dir.beg) |
b9833bfd | 3064 | { |
cb442e51 | 3065 | fprintf (dump_file, |
3066 | " Result: " | |
3067 | HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ", " | |
3068 | HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC " (" | |
3069 | HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ", " | |
3070 | HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ")\n", | |
3071 | fmtres.range.min, fmtres.range.likely, | |
3072 | fmtres.range.max, fmtres.range.unlikely, | |
3073 | res->range.min, res->range.likely, | |
3074 | res->range.max, res->range.unlikely); | |
b9833bfd | 3075 | } |
425bd7b1 | 3076 | |
3077 | return true; | |
b9833bfd | 3078 | } |
3079 | ||
26a75cc5 | 3080 | /* Parse a format directive in function call described by INFO starting |
3081 | at STR and populate DIR structure. Bump up *ARGNO by the number of | |
3082 | arguments extracted for the directive. Return the length of | |
3083 | the directive. */ | |
b9833bfd | 3084 | |
26a75cc5 | 3085 | static size_t |
9d8823fc | 3086 | parse_directive (sprintf_dom_walker::call_info &info, |
26a75cc5 | 3087 | directive &dir, format_result *res, |
a669405f | 3088 | const char *str, unsigned *argno, |
3089 | vr_values *vr_values) | |
b9833bfd | 3090 | { |
722889f9 | 3091 | const char *pcnt = strchr (str, target_percent); |
26a75cc5 | 3092 | dir.beg = str; |
b9833bfd | 3093 | |
26a75cc5 | 3094 | if (size_t len = pcnt ? pcnt - str : *str ? strlen (str) : 1) |
3095 | { | |
3096 | /* This directive is either a plain string or the terminating nul | |
3097 | (which isn't really a directive but it simplifies things to | |
3098 | handle it as if it were). */ | |
3099 | dir.len = len; | |
425bd7b1 | 3100 | dir.fmtfunc = format_plain; |
b9833bfd | 3101 | |
26a75cc5 | 3102 | if (dump_file) |
3103 | { | |
cb442e51 | 3104 | fprintf (dump_file, " Directive %u at offset " |
3105 | HOST_WIDE_INT_PRINT_UNSIGNED ": \"%.*s\", " | |
3106 | "length = " HOST_WIDE_INT_PRINT_UNSIGNED "\n", | |
e452d2eb | 3107 | dir.dirno, |
cb442e51 | 3108 | (unsigned HOST_WIDE_INT)(size_t)(dir.beg - info.fmtstr), |
49464683 | 3109 | (int)dir.len, dir.beg, (unsigned HOST_WIDE_INT) dir.len); |
26a75cc5 | 3110 | } |
3111 | ||
3112 | return len - !*str; | |
3113 | } | |
b9833bfd | 3114 | |
26a75cc5 | 3115 | const char *pf = pcnt + 1; |
3116 | ||
3117 | /* POSIX numbered argument index or zero when none. */ | |
722889f9 | 3118 | HOST_WIDE_INT dollar = 0; |
26a75cc5 | 3119 | |
3120 | /* With and precision. -1 when not specified, HOST_WIDE_INT_MIN | |
3121 | when given by a va_list argument, and a non-negative value | |
3122 | when specified in the format string itself. */ | |
3123 | HOST_WIDE_INT width = -1; | |
3124 | HOST_WIDE_INT precision = -1; | |
b9833bfd | 3125 | |
722889f9 | 3126 | /* Pointers to the beginning of the width and precision decimal |
3127 | string (if any) within the directive. */ | |
3128 | const char *pwidth = 0; | |
3129 | const char *pprec = 0; | |
3130 | ||
3131 | /* When the value of the decimal string that specifies width or | |
3132 | precision is out of range, points to the digit that causes | |
3133 | the value to exceed the limit. */ | |
3134 | const char *werange = NULL; | |
3135 | const char *perange = NULL; | |
3136 | ||
26a75cc5 | 3137 | /* Width specified via the asterisk. Need not be INTEGER_CST. |
3138 | For vararg functions set to void_node. */ | |
3139 | tree star_width = NULL_TREE; | |
3140 | ||
3141 | /* Width specified via the asterisk. Need not be INTEGER_CST. | |
3142 | For vararg functions set to void_node. */ | |
3143 | tree star_precision = NULL_TREE; | |
3144 | ||
722889f9 | 3145 | if (ISDIGIT (target_to_host (*pf))) |
b9833bfd | 3146 | { |
26a75cc5 | 3147 | /* This could be either a POSIX positional argument, the '0' |
3148 | flag, or a width, depending on what follows. Store it as | |
3149 | width and sort it out later after the next character has | |
3150 | been seen. */ | |
722889f9 | 3151 | pwidth = pf; |
1d4fa533 | 3152 | width = target_strtowi (&pf, &werange); |
26a75cc5 | 3153 | } |
722889f9 | 3154 | else if (target_to_host (*pf) == '*') |
26a75cc5 | 3155 | { |
3156 | /* Similarly to the block above, this could be either a POSIX | |
3157 | positional argument or a width, depending on what follows. */ | |
3158 | if (*argno < gimple_call_num_args (info.callstmt)) | |
3159 | star_width = gimple_call_arg (info.callstmt, (*argno)++); | |
3160 | else | |
3161 | star_width = void_node; | |
3162 | ++pf; | |
3163 | } | |
b9833bfd | 3164 | |
722889f9 | 3165 | if (target_to_host (*pf) == '$') |
26a75cc5 | 3166 | { |
3167 | /* Handle the POSIX dollar sign which references the 1-based | |
3168 | positional argument number. */ | |
3169 | if (width != -1) | |
3170 | dollar = width + info.argidx; | |
3171 | else if (star_width | |
27213f15 | 3172 | && TREE_CODE (star_width) == INTEGER_CST |
3173 | && (TYPE_PRECISION (TREE_TYPE (star_width)) | |
3174 | <= TYPE_PRECISION (integer_type_node))) | |
26a75cc5 | 3175 | dollar = width + tree_to_shwi (star_width); |
b9833bfd | 3176 | |
26a75cc5 | 3177 | /* Bail when the numbered argument is out of range (it will |
3178 | have already been diagnosed by -Wformat). */ | |
3179 | if (dollar == 0 | |
722889f9 | 3180 | || dollar == (int)info.argidx |
26a75cc5 | 3181 | || dollar > gimple_call_num_args (info.callstmt)) |
3182 | return false; | |
3183 | ||
3184 | --dollar; | |
b9833bfd | 3185 | |
26a75cc5 | 3186 | star_width = NULL_TREE; |
3187 | width = -1; | |
3188 | ++pf; | |
3189 | } | |
b9833bfd | 3190 | |
26a75cc5 | 3191 | if (dollar || !star_width) |
3192 | { | |
3193 | if (width != -1) | |
b9833bfd | 3194 | { |
26a75cc5 | 3195 | if (width == 0) |
3196 | { | |
3197 | /* The '0' that has been interpreted as a width above is | |
3198 | actually a flag. Reset HAVE_WIDTH, set the '0' flag, | |
3199 | and continue processing other flags. */ | |
3200 | width = -1; | |
3201 | dir.set_flag ('0'); | |
3202 | } | |
3203 | else if (!dollar) | |
3204 | { | |
3205 | /* (Non-zero) width has been seen. The next character | |
3206 | is either a period or a digit. */ | |
3207 | goto start_precision; | |
3208 | } | |
b9833bfd | 3209 | } |
26a75cc5 | 3210 | /* When either '$' has been seen, or width has not been seen, |
3211 | the next field is the optional flags followed by an optional | |
3212 | width. */ | |
3213 | for ( ; ; ) { | |
722889f9 | 3214 | switch (target_to_host (*pf)) |
26a75cc5 | 3215 | { |
3216 | case ' ': | |
3217 | case '0': | |
3218 | case '+': | |
3219 | case '-': | |
3220 | case '#': | |
722889f9 | 3221 | dir.set_flag (target_to_host (*pf++)); |
26a75cc5 | 3222 | break; |
3223 | ||
3224 | default: | |
3225 | goto start_width; | |
3226 | } | |
3227 | } | |
b9833bfd | 3228 | |
26a75cc5 | 3229 | start_width: |
722889f9 | 3230 | if (ISDIGIT (target_to_host (*pf))) |
b9833bfd | 3231 | { |
722889f9 | 3232 | werange = 0; |
3233 | pwidth = pf; | |
1d4fa533 | 3234 | width = target_strtowi (&pf, &werange); |
b9833bfd | 3235 | } |
722889f9 | 3236 | else if (target_to_host (*pf) == '*') |
b9833bfd | 3237 | { |
26a75cc5 | 3238 | if (*argno < gimple_call_num_args (info.callstmt)) |
3239 | star_width = gimple_call_arg (info.callstmt, (*argno)++); | |
4c43afbf | 3240 | else |
26a75cc5 | 3241 | { |
3242 | /* This is (likely) a va_list. It could also be an invalid | |
3243 | call with insufficient arguments. */ | |
3244 | star_width = void_node; | |
3245 | } | |
b9833bfd | 3246 | ++pf; |
3247 | } | |
722889f9 | 3248 | else if (target_to_host (*pf) == '\'') |
b9833bfd | 3249 | { |
26a75cc5 | 3250 | /* The POSIX apostrophe indicating a numeric grouping |
3251 | in the current locale. Even though it's possible to | |
3252 | estimate the upper bound on the size of the output | |
3253 | based on the number of digits it probably isn't worth | |
3254 | continuing. */ | |
3255 | return 0; | |
3256 | } | |
3257 | } | |
b9833bfd | 3258 | |
26a75cc5 | 3259 | start_precision: |
722889f9 | 3260 | if (target_to_host (*pf) == '.') |
26a75cc5 | 3261 | { |
3262 | ++pf; | |
b9833bfd | 3263 | |
722889f9 | 3264 | if (ISDIGIT (target_to_host (*pf))) |
26a75cc5 | 3265 | { |
722889f9 | 3266 | pprec = pf; |
1d4fa533 | 3267 | precision = target_strtowi (&pf, &perange); |
b9833bfd | 3268 | } |
722889f9 | 3269 | else if (target_to_host (*pf) == '*') |
b9833bfd | 3270 | { |
26a75cc5 | 3271 | if (*argno < gimple_call_num_args (info.callstmt)) |
3272 | star_precision = gimple_call_arg (info.callstmt, (*argno)++); | |
3273 | else | |
b9833bfd | 3274 | { |
26a75cc5 | 3275 | /* This is (likely) a va_list. It could also be an invalid |
3276 | call with insufficient arguments. */ | |
3277 | star_precision = void_node; | |
b9833bfd | 3278 | } |
26a75cc5 | 3279 | ++pf; |
b9833bfd | 3280 | } |
26a75cc5 | 3281 | else |
3282 | { | |
3283 | /* The decimal precision or the asterisk are optional. | |
3284 | When neither is dirified it's taken to be zero. */ | |
3285 | precision = 0; | |
3286 | } | |
3287 | } | |
b9833bfd | 3288 | |
722889f9 | 3289 | switch (target_to_host (*pf)) |
26a75cc5 | 3290 | { |
3291 | case 'h': | |
722889f9 | 3292 | if (target_to_host (pf[1]) == 'h') |
b9833bfd | 3293 | { |
3294 | ++pf; | |
26a75cc5 | 3295 | dir.modifier = FMT_LEN_hh; |
b9833bfd | 3296 | } |
26a75cc5 | 3297 | else |
3298 | dir.modifier = FMT_LEN_h; | |
3299 | ++pf; | |
3300 | break; | |
3301 | ||
3302 | case 'j': | |
3303 | dir.modifier = FMT_LEN_j; | |
3304 | ++pf; | |
3305 | break; | |
b9833bfd | 3306 | |
26a75cc5 | 3307 | case 'L': |
3308 | dir.modifier = FMT_LEN_L; | |
3309 | ++pf; | |
3310 | break; | |
3311 | ||
3312 | case 'l': | |
722889f9 | 3313 | if (target_to_host (pf[1]) == 'l') |
b9833bfd | 3314 | { |
b9833bfd | 3315 | ++pf; |
26a75cc5 | 3316 | dir.modifier = FMT_LEN_ll; |
3317 | } | |
3318 | else | |
3319 | dir.modifier = FMT_LEN_l; | |
3320 | ++pf; | |
3321 | break; | |
b9833bfd | 3322 | |
26a75cc5 | 3323 | case 't': |
3324 | dir.modifier = FMT_LEN_t; | |
3325 | ++pf; | |
3326 | break; | |
b9833bfd | 3327 | |
26a75cc5 | 3328 | case 'z': |
3329 | dir.modifier = FMT_LEN_z; | |
3330 | ++pf; | |
3331 | break; | |
3332 | } | |
b9833bfd | 3333 | |
722889f9 | 3334 | switch (target_to_host (*pf)) |
26a75cc5 | 3335 | { |
3336 | /* Handle a sole '%' character the same as "%%" but since it's | |
3337 | undefined prevent the result from being folded. */ | |
3338 | case '\0': | |
3339 | --pf; | |
425bd7b1 | 3340 | res->range.min = res->range.max = HOST_WIDE_INT_M1U; |
26a75cc5 | 3341 | /* FALLTHRU */ |
3342 | case '%': | |
3343 | dir.fmtfunc = format_percent; | |
3344 | break; | |
b9833bfd | 3345 | |
26a75cc5 | 3346 | case 'a': |
3347 | case 'A': | |
3348 | case 'e': | |
3349 | case 'E': | |
3350 | case 'f': | |
3351 | case 'F': | |
3352 | case 'g': | |
3353 | case 'G': | |
3354 | res->floating = true; | |
3355 | dir.fmtfunc = format_floating; | |
3356 | break; | |
b9833bfd | 3357 | |
26a75cc5 | 3358 | case 'd': |
3359 | case 'i': | |
3360 | case 'o': | |
3361 | case 'u': | |
3362 | case 'x': | |
3363 | case 'X': | |
3364 | dir.fmtfunc = format_integer; | |
3365 | break; | |
3366 | ||
3367 | case 'p': | |
3368 | /* The %p output is implementation-defined. It's possible | |
3369 | to determine this format but due to extensions (edirially | |
3370 | those of the Linux kernel -- see bug 78512) the first %p | |
3371 | in the format string disables any further processing. */ | |
3372 | return false; | |
3373 | ||
3374 | case 'n': | |
3375 | /* %n has side-effects even when nothing is actually printed to | |
3376 | any buffer. */ | |
3377 | info.nowrite = false; | |
3378 | dir.fmtfunc = format_none; | |
3379 | break; | |
3380 | ||
17d7e9ff | 3381 | case 'C': |
26a75cc5 | 3382 | case 'c': |
17d7e9ff | 3383 | /* POSIX wide character and C/POSIX narrow character. */ |
26a75cc5 | 3384 | dir.fmtfunc = format_character; |
3385 | break; | |
3386 | ||
3387 | case 'S': | |
3388 | case 's': | |
17d7e9ff | 3389 | /* POSIX wide string and C/POSIX narrow character string. */ |
26a75cc5 | 3390 | dir.fmtfunc = format_string; |
3391 | break; | |
3392 | ||
3393 | default: | |
3394 | /* Unknown conversion specification. */ | |
3395 | return 0; | |
3396 | } | |
3397 | ||
722889f9 | 3398 | dir.specifier = target_to_host (*pf++); |
3399 | ||
3400 | /* Store the length of the format directive. */ | |
3401 | dir.len = pf - pcnt; | |
3402 | ||
3403 | /* Buffer for the directive in the host character set (used when | |
3404 | the source character set is different). */ | |
3405 | char hostdir[32]; | |
26a75cc5 | 3406 | |
3407 | if (star_width) | |
3408 | { | |
3319bb15 | 3409 | if (INTEGRAL_TYPE_P (TREE_TYPE (star_width))) |
a669405f | 3410 | dir.set_width (star_width, vr_values); |
26a75cc5 | 3411 | else |
3412 | { | |
3413 | /* Width specified by a va_list takes on the range [0, -INT_MIN] | |
3414 | (width is the absolute value of that specified). */ | |
9b0feec7 | 3415 | dir.width[0] = 0; |
3416 | dir.width[1] = target_int_max () + 1; | |
b9833bfd | 3417 | } |
26a75cc5 | 3418 | } |
3419 | else | |
722889f9 | 3420 | { |
1d4fa533 | 3421 | if (width == HOST_WIDE_INT_MAX && werange) |
722889f9 | 3422 | { |
3423 | size_t begin = dir.beg - info.fmtstr + (pwidth - pcnt); | |
3424 | size_t caret = begin + (werange - pcnt); | |
3425 | size_t end = pf - info.fmtstr - 1; | |
3426 | ||
3427 | /* Create a location for the width part of the directive, | |
3428 | pointing the caret at the first out-of-range digit. */ | |
3429 | substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format), | |
3430 | caret, begin, end); | |
3431 | ||
7ac1c1d7 | 3432 | fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (), |
3433 | "%<%.*s%> directive width out of range", (int) dir.len, | |
3434 | target_to_host (hostdir, sizeof hostdir, dir.beg)); | |
722889f9 | 3435 | } |
3436 | ||
3437 | dir.set_width (width); | |
3438 | } | |
b9833bfd | 3439 | |
26a75cc5 | 3440 | if (star_precision) |
3441 | { | |
3319bb15 | 3442 | if (INTEGRAL_TYPE_P (TREE_TYPE (star_precision))) |
a669405f | 3443 | dir.set_precision (star_precision, vr_values); |
26a75cc5 | 3444 | else |
b9833bfd | 3445 | { |
26a75cc5 | 3446 | /* Precision specified by a va_list takes on the range [-1, INT_MAX] |
3447 | (unlike width, negative precision is ignored). */ | |
9b0feec7 | 3448 | dir.prec[0] = -1; |
3449 | dir.prec[1] = target_int_max (); | |
26a75cc5 | 3450 | } |
3451 | } | |
3452 | else | |
722889f9 | 3453 | { |
1d4fa533 | 3454 | if (precision == HOST_WIDE_INT_MAX && perange) |
722889f9 | 3455 | { |
3456 | size_t begin = dir.beg - info.fmtstr + (pprec - pcnt) - 1; | |
3457 | size_t caret = dir.beg - info.fmtstr + (perange - pcnt) - 1; | |
3458 | size_t end = pf - info.fmtstr - 2; | |
3459 | ||
3460 | /* Create a location for the precision part of the directive, | |
3461 | including the leading period, pointing the caret at the first | |
3462 | out-of-range digit . */ | |
3463 | substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format), | |
3464 | caret, begin, end); | |
3465 | ||
7ac1c1d7 | 3466 | fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (), |
3467 | "%<%.*s%> directive precision out of range", (int) dir.len, | |
3468 | target_to_host (hostdir, sizeof hostdir, dir.beg)); | |
722889f9 | 3469 | } |
3470 | ||
3471 | dir.set_precision (precision); | |
3472 | } | |
b9833bfd | 3473 | |
26a75cc5 | 3474 | /* Extract the argument if the directive takes one and if it's |
3475 | available (e.g., the function doesn't take a va_list). Treat | |
3476 | missing arguments the same as va_list, even though they will | |
3477 | have likely already been diagnosed by -Wformat. */ | |
3478 | if (dir.specifier != '%' | |
3479 | && *argno < gimple_call_num_args (info.callstmt)) | |
3480 | dir.arg = gimple_call_arg (info.callstmt, dollar ? dollar : (*argno)++); | |
b9833bfd | 3481 | |
26a75cc5 | 3482 | if (dump_file) |
3483 | { | |
cb442e51 | 3484 | fprintf (dump_file, |
3485 | " Directive %u at offset " HOST_WIDE_INT_PRINT_UNSIGNED | |
3486 | ": \"%.*s\"", | |
3487 | dir.dirno, | |
3488 | (unsigned HOST_WIDE_INT)(size_t)(dir.beg - info.fmtstr), | |
26a75cc5 | 3489 | (int)dir.len, dir.beg); |
3490 | if (star_width) | |
9b0feec7 | 3491 | { |
3492 | if (dir.width[0] == dir.width[1]) | |
cb442e51 | 3493 | fprintf (dump_file, ", width = " HOST_WIDE_INT_PRINT_DEC, |
3494 | dir.width[0]); | |
9b0feec7 | 3495 | else |
cb442e51 | 3496 | fprintf (dump_file, |
3497 | ", width in range [" HOST_WIDE_INT_PRINT_DEC | |
3498 | ", " HOST_WIDE_INT_PRINT_DEC "]", | |
3499 | dir.width[0], dir.width[1]); | |
9b0feec7 | 3500 | } |
b9833bfd | 3501 | |
26a75cc5 | 3502 | if (star_precision) |
9b0feec7 | 3503 | { |
3504 | if (dir.prec[0] == dir.prec[1]) | |
cb442e51 | 3505 | fprintf (dump_file, ", precision = " HOST_WIDE_INT_PRINT_DEC, |
3506 | dir.prec[0]); | |
9b0feec7 | 3507 | else |
cb442e51 | 3508 | fprintf (dump_file, |
3509 | ", precision in range [" HOST_WIDE_INT_PRINT_DEC | |
3510 | HOST_WIDE_INT_PRINT_DEC "]", | |
3511 | dir.prec[0], dir.prec[1]); | |
9b0feec7 | 3512 | } |
26a75cc5 | 3513 | fputc ('\n', dump_file); |
3514 | } | |
3515 | ||
3516 | return dir.len; | |
3517 | } | |
3518 | ||
3519 | /* Compute the length of the output resulting from the call to a formatted | |
3520 | output function described by INFO and store the result of the call in | |
3521 | *RES. Issue warnings for detected past the end writes. Return true | |
3522 | if the complete format string has been processed and *RES can be relied | |
3523 | on, false otherwise (e.g., when a unknown or unhandled directive was seen | |
3524 | that caused the processing to be terminated early). */ | |
3525 | ||
3526 | bool | |
9d8823fc | 3527 | sprintf_dom_walker::compute_format_length (call_info &info, |
4d02592b | 3528 | format_result *res) |
26a75cc5 | 3529 | { |
76cf0084 | 3530 | if (dump_file) |
3531 | { | |
3532 | location_t callloc = gimple_location (info.callstmt); | |
3533 | fprintf (dump_file, "%s:%i: ", | |
3534 | LOCATION_FILE (callloc), LOCATION_LINE (callloc)); | |
3535 | print_generic_expr (dump_file, info.func, dump_flags); | |
3536 | ||
cb442e51 | 3537 | fprintf (dump_file, |
3538 | ": objsize = " HOST_WIDE_INT_PRINT_UNSIGNED | |
3539 | ", fmtstr = \"%s\"\n", | |
3540 | info.objsize, info.fmtstr); | |
76cf0084 | 3541 | } |
3542 | ||
9b0feec7 | 3543 | /* Reset the minimum and maximum byte counters. */ |
425bd7b1 | 3544 | res->range.min = res->range.max = 0; |
26a75cc5 | 3545 | |
3546 | /* No directive has been seen yet so the length of output is bounded | |
17d7e9ff | 3547 | by the known range [0, 0] (with no conversion resulting in a failure |
3548 | or producing more than 4K bytes) until determined otherwise. */ | |
26a75cc5 | 3549 | res->knownrange = true; |
26a75cc5 | 3550 | res->floating = false; |
3551 | res->warned = false; | |
3552 | ||
3553 | /* 1-based directive counter. */ | |
3554 | unsigned dirno = 1; | |
3555 | ||
3556 | /* The variadic argument counter. */ | |
3557 | unsigned argno = info.argidx; | |
3558 | ||
3559 | for (const char *pf = info.fmtstr; ; ++dirno) | |
3560 | { | |
3561 | directive dir = directive (); | |
3562 | dir.dirno = dirno; | |
b9833bfd | 3563 | |
a669405f | 3564 | size_t n = parse_directive (info, dir, res, pf, &argno, |
3565 | evrp_range_analyzer.get_vr_values ()); | |
b9833bfd | 3566 | |
425bd7b1 | 3567 | /* Return failure if the format function fails. */ |
a669405f | 3568 | if (!format_directive (info, res, dir, |
3569 | evrp_range_analyzer.get_vr_values ())) | |
425bd7b1 | 3570 | return false; |
b9833bfd | 3571 | |
26a75cc5 | 3572 | /* Return success the directive is zero bytes long and it's |
3573 | the last think in the format string (i.e., it's the terminating | |
3574 | nul, which isn't really a directive but handling it as one makes | |
3575 | things simpler). */ | |
3576 | if (!n) | |
3577 | return *pf == '\0'; | |
b9833bfd | 3578 | |
26a75cc5 | 3579 | pf += n; |
b9833bfd | 3580 | } |
72d5639d | 3581 | |
425bd7b1 | 3582 | /* The complete format string was processed (with or without warnings). */ |
72d5639d | 3583 | return true; |
b9833bfd | 3584 | } |
3585 | ||
3586 | /* Return the size of the object referenced by the expression DEST if | |
c1b65cc2 | 3587 | available, or the maximum possible size otherwise. */ |
b9833bfd | 3588 | |
3589 | static unsigned HOST_WIDE_INT | |
3590 | get_destination_size (tree dest) | |
3591 | { | |
c1b65cc2 | 3592 | /* When there is no destination return the maximum. */ |
7b2ced2f | 3593 | if (!dest) |
c1b65cc2 | 3594 | return HOST_WIDE_INT_MAX; |
7b2ced2f | 3595 | |
76cf0084 | 3596 | /* Initialize object size info before trying to compute it. */ |
3597 | init_object_sizes (); | |
3598 | ||
b9833bfd | 3599 | /* Use __builtin_object_size to determine the size of the destination |
3600 | object. When optimizing, determine the smallest object (such as | |
3601 | a member array as opposed to the whole enclosing object), otherwise | |
3602 | use type-zero object size to determine the size of the enclosing | |
3603 | object (the function fails without optimization in this type). */ | |
bd94fe4f | 3604 | int ost = optimize > 0; |
b9833bfd | 3605 | unsigned HOST_WIDE_INT size; |
3606 | if (compute_builtin_object_size (dest, ost, &size)) | |
3607 | return size; | |
3608 | ||
c1b65cc2 | 3609 | return HOST_WIDE_INT_MAX; |
b9833bfd | 3610 | } |
3611 | ||
53e0530a | 3612 | /* Return true if the call described by INFO with result RES safe to |
3613 | optimize (i.e., no undefined behavior), and set RETVAL to the range | |
3614 | of its return values. */ | |
b9833bfd | 3615 | |
df259a3b | 3616 | static bool |
9d8823fc | 3617 | is_call_safe (const sprintf_dom_walker::call_info &info, |
53e0530a | 3618 | const format_result &res, bool under4k, |
3619 | unsigned HOST_WIDE_INT retval[2]) | |
b9833bfd | 3620 | { |
17d7e9ff | 3621 | if (under4k && !res.posunder4k) |
53e0530a | 3622 | return false; |
974e2c47 | 3623 | |
425bd7b1 | 3624 | /* The minimum return value. */ |
53e0530a | 3625 | retval[0] = res.range.min; |
974e2c47 | 3626 | |
425bd7b1 | 3627 | /* The maximum return value is in most cases bounded by RES.RANGE.MAX |
3628 | but in cases involving multibyte characters could be as large as | |
3629 | RES.RANGE.UNLIKELY. */ | |
53e0530a | 3630 | retval[1] |
425bd7b1 | 3631 | = res.range.unlikely < res.range.max ? res.range.max : res.range.unlikely; |
974e2c47 | 3632 | |
3633 | /* Adjust the number of bytes which includes the terminating nul | |
3634 | to reflect the return value of the function which does not. | |
3635 | Because the valid range of the function is [INT_MIN, INT_MAX], | |
3636 | a valid range before the adjustment below is [0, INT_MAX + 1] | |
3637 | (the functions only return negative values on error or undefined | |
3638 | behavior). */ | |
53e0530a | 3639 | if (retval[0] <= target_int_max () + 1) |
3640 | --retval[0]; | |
3641 | if (retval[1] <= target_int_max () + 1) | |
3642 | --retval[1]; | |
974e2c47 | 3643 | |
b9833bfd | 3644 | /* Avoid the return value optimization when the behavior of the call |
3645 | is undefined either because any directive may have produced 4K or | |
3646 | more of output, or the return value exceeds INT_MAX, or because | |
3647 | the output overflows the destination object (but leave it enabled | |
3648 | when the function is bounded because then the behavior is well- | |
3649 | defined). */ | |
53e0530a | 3650 | if (retval[0] == retval[1] |
3651 | && (info.bounded || retval[0] < info.objsize) | |
3652 | && retval[0] <= target_int_max ()) | |
3653 | return true; | |
3654 | ||
3655 | if ((info.bounded || retval[1] < info.objsize) | |
3656 | && (retval[0] < target_int_max () | |
3657 | && retval[1] < target_int_max ())) | |
3658 | return true; | |
3659 | ||
3660 | if (!under4k && (info.bounded || retval[0] < info.objsize)) | |
3661 | return true; | |
3662 | ||
3663 | return false; | |
3664 | } | |
3665 | ||
3666 | /* Given a suitable result RES of a call to a formatted output function | |
3667 | described by INFO, substitute the result for the return value of | |
3668 | the call. The result is suitable if the number of bytes it represents | |
3669 | is known and exact. A result that isn't suitable for substitution may | |
3670 | have its range set to the range of return values, if that is known. | |
3671 | Return true if the call is removed and gsi_next should not be performed | |
3672 | in the caller. */ | |
3673 | ||
3674 | static bool | |
3675 | try_substitute_return_value (gimple_stmt_iterator *gsi, | |
9d8823fc | 3676 | const sprintf_dom_walker::call_info &info, |
53e0530a | 3677 | const format_result &res) |
3678 | { | |
3679 | tree lhs = gimple_get_lhs (info.callstmt); | |
3680 | ||
3681 | /* Set to true when the entire call has been removed. */ | |
3682 | bool removed = false; | |
3683 | ||
3684 | /* The minimum and maximum return value. */ | |
3685 | unsigned HOST_WIDE_INT retval[2]; | |
3686 | bool safe = is_call_safe (info, res, true, retval); | |
3687 | ||
3688 | if (safe | |
3689 | && retval[0] == retval[1] | |
418624fa | 3690 | /* Not prepared to handle possibly throwing calls here; they shouldn't |
3691 | appear in non-artificial testcases, except when the __*_chk routines | |
3692 | are badly declared. */ | |
3693 | && !stmt_ends_bb_p (info.callstmt)) | |
b9833bfd | 3694 | { |
5f17d3c4 | 3695 | tree cst = build_int_cst (lhs ? TREE_TYPE (lhs) : integer_type_node, |
3696 | retval[0]); | |
a27264ed | 3697 | |
5f17d3c4 | 3698 | if (lhs == NULL_TREE && info.nowrite) |
974e2c47 | 3699 | { |
3700 | /* Remove the call to the bounded function with a zero size | |
3701 | (e.g., snprintf(0, 0, "%i", 123)) if there is no lhs. */ | |
3702 | unlink_stmt_vdef (info.callstmt); | |
3703 | gsi_remove (gsi, true); | |
3704 | removed = true; | |
3705 | } | |
3706 | else if (info.nowrite) | |
a27264ed | 3707 | { |
3708 | /* Replace the call to the bounded function with a zero size | |
3709 | (e.g., snprintf(0, 0, "%i", 123) with the constant result | |
974e2c47 | 3710 | of the function. */ |
a27264ed | 3711 | if (!update_call_from_tree (gsi, cst)) |
3712 | gimplify_and_update_call_from_tree (gsi, cst); | |
3713 | gimple *callstmt = gsi_stmt (*gsi); | |
3714 | update_stmt (callstmt); | |
3715 | } | |
974e2c47 | 3716 | else if (lhs) |
a27264ed | 3717 | { |
3718 | /* Replace the left-hand side of the call with the constant | |
974e2c47 | 3719 | result of the formatted function. */ |
a27264ed | 3720 | gimple_call_set_lhs (info.callstmt, NULL_TREE); |
3721 | gimple *g = gimple_build_assign (lhs, cst); | |
3722 | gsi_insert_after (gsi, g, GSI_NEW_STMT); | |
3723 | update_stmt (info.callstmt); | |
3724 | } | |
b9833bfd | 3725 | |
3726 | if (dump_file) | |
3727 | { | |
974e2c47 | 3728 | if (removed) |
3729 | fprintf (dump_file, " Removing call statement."); | |
3730 | else | |
3731 | { | |
3732 | fprintf (dump_file, " Substituting "); | |
3733 | print_generic_expr (dump_file, cst, dump_flags); | |
3734 | fprintf (dump_file, " for %s.\n", | |
3735 | info.nowrite ? "statement" : "return value"); | |
3736 | } | |
b9833bfd | 3737 | } |
3738 | } | |
5f17d3c4 | 3739 | else if (lhs && types_compatible_p (TREE_TYPE (lhs), integer_type_node)) |
df259a3b | 3740 | { |
974e2c47 | 3741 | bool setrange = false; |
b9833bfd | 3742 | |
53e0530a | 3743 | if (safe |
3744 | && (info.bounded || retval[1] < info.objsize) | |
3745 | && (retval[0] < target_int_max () | |
3746 | && retval[1] < target_int_max ())) | |
b9833bfd | 3747 | { |
3748 | /* If the result is in a valid range bounded by the size of | |
3749 | the destination set it so that it can be used for subsequent | |
3750 | optimizations. */ | |
3751 | int prec = TYPE_PRECISION (integer_type_node); | |
3752 | ||
53e0530a | 3753 | wide_int min = wi::shwi (retval[0], prec); |
3754 | wide_int max = wi::shwi (retval[1], prec); | |
974e2c47 | 3755 | set_range_info (lhs, VR_RANGE, min, max); |
3756 | ||
3757 | setrange = true; | |
b9833bfd | 3758 | } |
3759 | ||
3760 | if (dump_file) | |
3761 | { | |
3762 | const char *inbounds | |
53e0530a | 3763 | = (retval[0] < info.objsize |
3764 | ? (retval[1] < info.objsize | |
b9833bfd | 3765 | ? "in" : "potentially out-of") |
3766 | : "out-of"); | |
3767 | ||
974e2c47 | 3768 | const char *what = setrange ? "Setting" : "Discarding"; |
53e0530a | 3769 | if (retval[0] != retval[1]) |
b9833bfd | 3770 | fprintf (dump_file, |
cb442e51 | 3771 | " %s %s-bounds return value range [" |
3772 | HOST_WIDE_INT_PRINT_UNSIGNED ", " | |
3773 | HOST_WIDE_INT_PRINT_UNSIGNED "].\n", | |
3774 | what, inbounds, retval[0], retval[1]); | |
b9833bfd | 3775 | else |
cb442e51 | 3776 | fprintf (dump_file, " %s %s-bounds return value " |
3777 | HOST_WIDE_INT_PRINT_UNSIGNED ".\n", | |
3778 | what, inbounds, retval[0]); | |
b9833bfd | 3779 | } |
3780 | } | |
df259a3b | 3781 | |
76cf0084 | 3782 | if (dump_file) |
3783 | fputc ('\n', dump_file); | |
3784 | ||
3785 | return removed; | |
b9833bfd | 3786 | } |
3787 | ||
53e0530a | 3788 | /* Try to simplify a s{,n}printf call described by INFO with result |
3789 | RES by replacing it with a simpler and presumably more efficient | |
3790 | call (such as strcpy). */ | |
3791 | ||
3792 | static bool | |
3793 | try_simplify_call (gimple_stmt_iterator *gsi, | |
9d8823fc | 3794 | const sprintf_dom_walker::call_info &info, |
53e0530a | 3795 | const format_result &res) |
3796 | { | |
3797 | unsigned HOST_WIDE_INT dummy[2]; | |
3798 | if (!is_call_safe (info, res, info.retval_used (), dummy)) | |
3799 | return false; | |
3800 | ||
3801 | switch (info.fncode) | |
3802 | { | |
3803 | case BUILT_IN_SNPRINTF: | |
3804 | return gimple_fold_builtin_snprintf (gsi); | |
3805 | ||
3806 | case BUILT_IN_SPRINTF: | |
3807 | return gimple_fold_builtin_sprintf (gsi); | |
3808 | ||
3809 | default: | |
3810 | ; | |
3811 | } | |
3812 | ||
3813 | return false; | |
3814 | } | |
3815 | ||
7b2ced2f | 3816 | /* Return the zero-based index of the format string argument of a printf |
3817 | like function and set *IDX_ARGS to the first format argument. When | |
3818 | no such index exists return UINT_MAX. */ | |
3819 | ||
3820 | static unsigned | |
3821 | get_user_idx_format (tree fndecl, unsigned *idx_args) | |
3822 | { | |
3823 | tree attrs = lookup_attribute ("format", DECL_ATTRIBUTES (fndecl)); | |
3824 | if (!attrs) | |
3825 | attrs = lookup_attribute ("format", TYPE_ATTRIBUTES (TREE_TYPE (fndecl))); | |
3826 | ||
3827 | if (!attrs) | |
3828 | return UINT_MAX; | |
3829 | ||
3830 | attrs = TREE_VALUE (attrs); | |
3831 | ||
3832 | tree archetype = TREE_VALUE (attrs); | |
3833 | if (strcmp ("printf", IDENTIFIER_POINTER (archetype))) | |
3834 | return UINT_MAX; | |
3835 | ||
3836 | attrs = TREE_CHAIN (attrs); | |
3837 | tree fmtarg = TREE_VALUE (attrs); | |
3838 | ||
3839 | attrs = TREE_CHAIN (attrs); | |
3840 | tree elliparg = TREE_VALUE (attrs); | |
3841 | ||
3842 | /* Attribute argument indices are 1-based but we use zero-based. */ | |
3843 | *idx_args = tree_to_uhwi (elliparg) - 1; | |
3844 | return tree_to_uhwi (fmtarg) - 1; | |
3845 | } | |
3846 | ||
b9833bfd | 3847 | /* Determine if a GIMPLE CALL is to one of the sprintf-like built-in |
df259a3b | 3848 | functions and if so, handle it. Return true if the call is removed |
3849 | and gsi_next should not be performed in the caller. */ | |
b9833bfd | 3850 | |
df259a3b | 3851 | bool |
9d8823fc | 3852 | sprintf_dom_walker::handle_gimple_call (gimple_stmt_iterator *gsi) |
b9833bfd | 3853 | { |
3854 | call_info info = call_info (); | |
3855 | ||
a27264ed | 3856 | info.callstmt = gsi_stmt (*gsi); |
7b2ced2f | 3857 | info.func = gimple_call_fndecl (info.callstmt); |
3858 | if (!info.func) | |
df259a3b | 3859 | return false; |
b9833bfd | 3860 | |
7b2ced2f | 3861 | /* Format string argument number (valid for all functions). */ |
3862 | unsigned idx_format = UINT_MAX; | |
499fa2c1 | 3863 | if (gimple_call_builtin_p (info.callstmt, BUILT_IN_NORMAL)) |
3864 | info.fncode = DECL_FUNCTION_CODE (info.func); | |
3865 | else | |
7b2ced2f | 3866 | { |
3867 | unsigned idx_args; | |
3868 | idx_format = get_user_idx_format (info.func, &idx_args); | |
499fa2c1 | 3869 | if (idx_format == UINT_MAX |
3870 | || idx_format >= gimple_call_num_args (info.callstmt) | |
3871 | || idx_args > gimple_call_num_args (info.callstmt) | |
3872 | || !POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (info.callstmt, | |
3873 | idx_format)))) | |
7b2ced2f | 3874 | return false; |
499fa2c1 | 3875 | info.fncode = BUILT_IN_NONE; |
7b2ced2f | 3876 | info.argidx = idx_args; |
3877 | } | |
3878 | ||
b9833bfd | 3879 | /* The size of the destination as in snprintf(dest, size, ...). */ |
3880 | unsigned HOST_WIDE_INT dstsize = HOST_WIDE_INT_M1U; | |
3881 | ||
3882 | /* The size of the destination determined by __builtin_object_size. */ | |
3883 | unsigned HOST_WIDE_INT objsize = HOST_WIDE_INT_M1U; | |
3884 | ||
7b2ced2f | 3885 | /* Zero-based buffer size argument number (snprintf and vsnprintf). */ |
3886 | unsigned idx_dstsize = UINT_MAX; | |
b9833bfd | 3887 | |
3888 | /* Object size argument number (snprintf_chk and vsnprintf_chk). */ | |
7b2ced2f | 3889 | unsigned idx_objsize = UINT_MAX; |
b9833bfd | 3890 | |
7b2ced2f | 3891 | /* Destinaton argument number (valid for sprintf functions only). */ |
3892 | unsigned idx_dstptr = 0; | |
b9833bfd | 3893 | |
3894 | switch (info.fncode) | |
3895 | { | |
7b2ced2f | 3896 | case BUILT_IN_NONE: |
3897 | // User-defined function with attribute format (printf). | |
3898 | idx_dstptr = -1; | |
3899 | break; | |
3900 | ||
3901 | case BUILT_IN_FPRINTF: | |
3902 | // Signature: | |
3903 | // __builtin_fprintf (FILE*, format, ...) | |
3904 | idx_format = 1; | |
3905 | info.argidx = 2; | |
3906 | idx_dstptr = -1; | |
3907 | break; | |
3908 | ||
3909 | case BUILT_IN_FPRINTF_CHK: | |
3910 | // Signature: | |
3911 | // __builtin_fprintf_chk (FILE*, ost, format, ...) | |
3912 | idx_format = 2; | |
3913 | info.argidx = 3; | |
3914 | idx_dstptr = -1; | |
3915 | break; | |
3916 | ||
3917 | case BUILT_IN_FPRINTF_UNLOCKED: | |
3918 | // Signature: | |
3919 | // __builtin_fprintf_unnlocked (FILE*, format, ...) | |
3920 | idx_format = 1; | |
3921 | info.argidx = 2; | |
3922 | idx_dstptr = -1; | |
3923 | break; | |
3924 | ||
3925 | case BUILT_IN_PRINTF: | |
3926 | // Signature: | |
3927 | // __builtin_printf (format, ...) | |
3928 | idx_format = 0; | |
3929 | info.argidx = 1; | |
3930 | idx_dstptr = -1; | |
3931 | break; | |
3932 | ||
3933 | case BUILT_IN_PRINTF_CHK: | |
3934 | // Signature: | |
c1b65cc2 | 3935 | // __builtin_printf_chk (ost, format, ...) |
7b2ced2f | 3936 | idx_format = 1; |
3937 | info.argidx = 2; | |
3938 | idx_dstptr = -1; | |
3939 | break; | |
3940 | ||
3941 | case BUILT_IN_PRINTF_UNLOCKED: | |
3942 | // Signature: | |
3943 | // __builtin_printf (format, ...) | |
3944 | idx_format = 0; | |
3945 | info.argidx = 1; | |
3946 | idx_dstptr = -1; | |
3947 | break; | |
3948 | ||
b9833bfd | 3949 | case BUILT_IN_SPRINTF: |
3950 | // Signature: | |
3951 | // __builtin_sprintf (dst, format, ...) | |
3952 | idx_format = 1; | |
3953 | info.argidx = 2; | |
3954 | break; | |
3955 | ||
3c57b79b | 3956 | case BUILT_IN_SPRINTF_CHK: |
3957 | // Signature: | |
3958 | // __builtin___sprintf_chk (dst, ost, objsize, format, ...) | |
3959 | idx_objsize = 2; | |
3960 | idx_format = 3; | |
3961 | info.argidx = 4; | |
3962 | break; | |
3963 | ||
b9833bfd | 3964 | case BUILT_IN_SNPRINTF: |
3965 | // Signature: | |
3966 | // __builtin_snprintf (dst, size, format, ...) | |
3967 | idx_dstsize = 1; | |
3968 | idx_format = 2; | |
3969 | info.argidx = 3; | |
3970 | info.bounded = true; | |
3971 | break; | |
3972 | ||
3973 | case BUILT_IN_SNPRINTF_CHK: | |
3974 | // Signature: | |
3c57b79b | 3975 | // __builtin___snprintf_chk (dst, size, ost, objsize, format, ...) |
b9833bfd | 3976 | idx_dstsize = 1; |
3977 | idx_objsize = 3; | |
3978 | idx_format = 4; | |
3979 | info.argidx = 5; | |
3980 | info.bounded = true; | |
3981 | break; | |
3982 | ||
7b2ced2f | 3983 | case BUILT_IN_VFPRINTF: |
3984 | // Signature: | |
3985 | // __builtin_vprintf (FILE*, format, va_list) | |
3986 | idx_format = 1; | |
3987 | info.argidx = -1; | |
3988 | idx_dstptr = -1; | |
3989 | break; | |
3990 | ||
3991 | case BUILT_IN_VFPRINTF_CHK: | |
3992 | // Signature: | |
3993 | // __builtin___vfprintf_chk (FILE*, ost, format, va_list) | |
3994 | idx_format = 2; | |
3995 | info.argidx = -1; | |
3996 | idx_dstptr = -1; | |
3997 | break; | |
3998 | ||
3999 | case BUILT_IN_VPRINTF: | |
4000 | // Signature: | |
4001 | // __builtin_vprintf (format, va_list) | |
4002 | idx_format = 0; | |
4003 | info.argidx = -1; | |
4004 | idx_dstptr = -1; | |
4005 | break; | |
4006 | ||
4007 | case BUILT_IN_VPRINTF_CHK: | |
4008 | // Signature: | |
4009 | // __builtin___vprintf_chk (ost, format, va_list) | |
4010 | idx_format = 1; | |
4011 | info.argidx = -1; | |
4012 | idx_dstptr = -1; | |
4013 | break; | |
4014 | ||
b9833bfd | 4015 | case BUILT_IN_VSNPRINTF: |
4016 | // Signature: | |
4017 | // __builtin_vsprintf (dst, size, format, va) | |
4018 | idx_dstsize = 1; | |
4019 | idx_format = 2; | |
4020 | info.argidx = -1; | |
4021 | info.bounded = true; | |
4022 | break; | |
4023 | ||
4024 | case BUILT_IN_VSNPRINTF_CHK: | |
4025 | // Signature: | |
4026 | // __builtin___vsnprintf_chk (dst, size, ost, objsize, format, va) | |
4027 | idx_dstsize = 1; | |
3e822015 | 4028 | idx_objsize = 3; |
4029 | idx_format = 4; | |
b9833bfd | 4030 | info.argidx = -1; |
4031 | info.bounded = true; | |
4032 | break; | |
4033 | ||
4034 | case BUILT_IN_VSPRINTF: | |
4035 | // Signature: | |
4036 | // __builtin_vsprintf (dst, format, va) | |
4037 | idx_format = 1; | |
4038 | info.argidx = -1; | |
4039 | break; | |
4040 | ||
4041 | case BUILT_IN_VSPRINTF_CHK: | |
4042 | // Signature: | |
4043 | // __builtin___vsprintf_chk (dst, ost, objsize, format, va) | |
4044 | idx_format = 3; | |
4045 | idx_objsize = 2; | |
4046 | info.argidx = -1; | |
4047 | break; | |
4048 | ||
4049 | default: | |
df259a3b | 4050 | return false; |
b9833bfd | 4051 | } |
4052 | ||
76cf0084 | 4053 | /* Set the global warning level for this function. */ |
4054 | warn_level = info.bounded ? warn_format_trunc : warn_format_overflow; | |
4055 | ||
7b2ced2f | 4056 | /* For all string functions the first argument is a pointer to |
4057 | the destination. */ | |
4058 | tree dstptr = (idx_dstptr < gimple_call_num_args (info.callstmt) | |
4059 | ? gimple_call_arg (info.callstmt, 0) : NULL_TREE); | |
519bbccd | 4060 | |
b9833bfd | 4061 | info.format = gimple_call_arg (info.callstmt, idx_format); |
4062 | ||
0529b8f5 | 4063 | /* True when the destination size is constant as opposed to the lower |
4064 | or upper bound of a range. */ | |
4065 | bool dstsize_cst_p = true; | |
2ecb854b | 4066 | bool posunder4k = true; |
0529b8f5 | 4067 | |
7b2ced2f | 4068 | if (idx_dstsize == UINT_MAX) |
b9833bfd | 4069 | { |
7bcd359a | 4070 | /* For non-bounded functions like sprintf, determine the size |
4071 | of the destination from the object or pointer passed to it | |
4072 | as the first argument. */ | |
519bbccd | 4073 | dstsize = get_destination_size (dstptr); |
b9833bfd | 4074 | } |
4075 | else if (tree size = gimple_call_arg (info.callstmt, idx_dstsize)) | |
4076 | { | |
4077 | /* For bounded functions try to get the size argument. */ | |
4078 | ||
4079 | if (TREE_CODE (size) == INTEGER_CST) | |
4080 | { | |
4081 | dstsize = tree_to_uhwi (size); | |
c62d63d4 | 4082 | /* No object can be larger than SIZE_MAX bytes (half the address |
5aef8938 | 4083 | space) on the target. |
7bcd359a | 4084 | The functions are defined only for output of at most INT_MAX |
4085 | bytes. Specifying a bound in excess of that limit effectively | |
4086 | defeats the bounds checking (and on some implementations such | |
4087 | as Solaris cause the function to fail with EINVAL). */ | |
5aef8938 | 4088 | if (dstsize > target_size_max () / 2) |
4089 | { | |
4090 | /* Avoid warning if -Wstringop-overflow is specified since | |
4091 | it also warns for the same thing though only for the | |
4092 | checking built-ins. */ | |
7b2ced2f | 4093 | if ((idx_objsize == UINT_MAX |
5aef8938 | 4094 | || !warn_stringop_overflow)) |
aba01341 | 4095 | warning_at (gimple_location (info.callstmt), info.warnopt (), |
5aef8938 | 4096 | "specified bound %wu exceeds maximum object size " |
4097 | "%wu", | |
4098 | dstsize, target_size_max () / 2); | |
2ecb854b | 4099 | /* POSIX requires snprintf to fail if DSTSIZE is greater |
4100 | than INT_MAX. Even though not all POSIX implementations | |
4101 | conform to the requirement, avoid folding in this case. */ | |
4102 | posunder4k = false; | |
5aef8938 | 4103 | } |
7bcd359a | 4104 | else if (dstsize > target_int_max ()) |
2ecb854b | 4105 | { |
4106 | warning_at (gimple_location (info.callstmt), info.warnopt (), | |
4107 | "specified bound %wu exceeds %<INT_MAX%>", | |
4108 | dstsize); | |
4109 | /* POSIX requires snprintf to fail if DSTSIZE is greater | |
4110 | than INT_MAX. Avoid folding in that case. */ | |
4111 | posunder4k = false; | |
4112 | } | |
b9833bfd | 4113 | } |
4114 | else if (TREE_CODE (size) == SSA_NAME) | |
4115 | { | |
4116 | /* Try to determine the range of values of the argument | |
0529b8f5 | 4117 | and use the greater of the two at level 1 and the smaller |
4118 | of them at level 2. */ | |
d1524944 | 4119 | value_range *vr = evrp_range_analyzer.get_value_range (size); |
be44111e | 4120 | if (range_int_cst_p (vr)) |
2ecb854b | 4121 | { |
4122 | unsigned HOST_WIDE_INT minsize = TREE_INT_CST_LOW (vr->min ()); | |
4123 | unsigned HOST_WIDE_INT maxsize = TREE_INT_CST_LOW (vr->max ()); | |
4124 | dstsize = warn_level < 2 ? maxsize : minsize; | |
4125 | ||
4126 | if (minsize > target_int_max ()) | |
4127 | warning_at (gimple_location (info.callstmt), info.warnopt (), | |
4128 | "specified bound range [%wu, %wu] exceeds " | |
4129 | "%<INT_MAX%>", | |
4130 | minsize, maxsize); | |
4131 | ||
4132 | /* POSIX requires snprintf to fail if DSTSIZE is greater | |
4133 | than INT_MAX. Avoid folding if that's possible. */ | |
4134 | if (maxsize > target_int_max ()) | |
4135 | posunder4k = false; | |
4136 | } | |
4137 | else if (vr->varying_p ()) | |
4138 | { | |
4139 | /* POSIX requires snprintf to fail if DSTSIZE is greater | |
4140 | than INT_MAX. Since SIZE's range is unknown, avoid | |
4141 | folding. */ | |
4142 | posunder4k = false; | |
4143 | } | |
0529b8f5 | 4144 | |
4145 | /* The destination size is not constant. If the function is | |
4146 | bounded (e.g., snprintf) a lower bound of zero doesn't | |
4147 | necessarily imply it can be eliminated. */ | |
4148 | dstsize_cst_p = false; | |
b9833bfd | 4149 | } |
4150 | } | |
4151 | ||
7b2ced2f | 4152 | if (idx_objsize != UINT_MAX) |
df259a3b | 4153 | if (tree size = gimple_call_arg (info.callstmt, idx_objsize)) |
4154 | if (tree_fits_uhwi_p (size)) | |
4155 | objsize = tree_to_uhwi (size); | |
b9833bfd | 4156 | |
4157 | if (info.bounded && !dstsize) | |
4158 | { | |
4159 | /* As a special case, when the explicitly specified destination | |
4160 | size argument (to a bounded function like snprintf) is zero | |
4161 | it is a request to determine the number of bytes on output | |
4162 | without actually producing any. Pretend the size is | |
4163 | unlimited in this case. */ | |
4164 | info.objsize = HOST_WIDE_INT_MAX; | |
0529b8f5 | 4165 | info.nowrite = dstsize_cst_p; |
b9833bfd | 4166 | } |
4167 | else | |
4168 | { | |
519bbccd | 4169 | /* For calls to non-bounded functions or to those of bounded |
4170 | functions with a non-zero size, warn if the destination | |
4171 | pointer is null. */ | |
7b2ced2f | 4172 | if (dstptr && integer_zerop (dstptr)) |
519bbccd | 4173 | { |
4174 | /* This is diagnosed with -Wformat only when the null is a constant | |
4175 | pointer. The warning here diagnoses instances where the pointer | |
4176 | is not constant. */ | |
4177 | location_t loc = gimple_location (info.callstmt); | |
4178 | warning_at (EXPR_LOC_OR_LOC (dstptr, loc), | |
7b2ced2f | 4179 | info.warnopt (), "%Gnull destination pointer", |
4180 | info.callstmt); | |
df259a3b | 4181 | return false; |
519bbccd | 4182 | } |
4183 | ||
b9833bfd | 4184 | /* Set the object size to the smaller of the two arguments |
4185 | of both have been specified and they're not equal. */ | |
4186 | info.objsize = dstsize < objsize ? dstsize : objsize; | |
4187 | ||
4188 | if (info.bounded | |
5aef8938 | 4189 | && dstsize < target_size_max () / 2 && objsize < dstsize |
4190 | /* Avoid warning if -Wstringop-overflow is specified since | |
4191 | it also warns for the same thing though only for the | |
4192 | checking built-ins. */ | |
7b2ced2f | 4193 | && (idx_objsize == UINT_MAX |
5aef8938 | 4194 | || !warn_stringop_overflow)) |
b9833bfd | 4195 | { |
aba01341 | 4196 | warning_at (gimple_location (info.callstmt), info.warnopt (), |
5aef8938 | 4197 | "specified bound %wu exceeds the size %wu " |
b9833bfd | 4198 | "of the destination object", dstsize, objsize); |
4199 | } | |
4200 | } | |
4201 | ||
7b2ced2f | 4202 | /* Determine if the format argument may be null and warn if not |
4203 | and if the argument is null. */ | |
4204 | if (integer_zerop (info.format) | |
4205 | && gimple_call_builtin_p (info.callstmt, BUILT_IN_NORMAL)) | |
b9833bfd | 4206 | { |
519bbccd | 4207 | location_t loc = gimple_location (info.callstmt); |
4208 | warning_at (EXPR_LOC_OR_LOC (info.format, loc), | |
7b2ced2f | 4209 | info.warnopt (), "%Gnull format string", |
4210 | info.callstmt); | |
df259a3b | 4211 | return false; |
b9833bfd | 4212 | } |
4213 | ||
4214 | info.fmtstr = get_format_string (info.format, &info.fmtloc); | |
4215 | if (!info.fmtstr) | |
df259a3b | 4216 | return false; |
b9833bfd | 4217 | |
4218 | /* The result is the number of bytes output by the formatted function, | |
4219 | including the terminating NUL. */ | |
4220 | format_result res = format_result (); | |
72d5639d | 4221 | |
7b2ced2f | 4222 | /* I/O functions with no destination argument (i.e., all forms of fprintf |
4223 | and printf) may fail under any conditions. Others (i.e., all forms of | |
4224 | sprintf) may only fail under specific conditions determined for each | |
4225 | directive. Clear POSUNDER4K for the former set of functions and set | |
4226 | it to true for the latter (it can only be cleared later, but it is | |
4227 | never set to true again). */ | |
2ecb854b | 4228 | res.posunder4k = posunder4k && dstptr; |
7b2ced2f | 4229 | |
72d5639d | 4230 | bool success = compute_format_length (info, &res); |
f1625820 | 4231 | if (res.warned) |
4232 | gimple_set_no_warning (info.callstmt, true); | |
b9833bfd | 4233 | |
4234 | /* When optimizing and the printf return value optimization is enabled, | |
4235 | attempt to substitute the computed result for the return value of | |
4236 | the call. Avoid this optimization when -frounding-math is in effect | |
4237 | and the format string contains a floating point directive. */ | |
53e0530a | 4238 | bool call_removed = false; |
4239 | if (success && optimize > 0) | |
4240 | { | |
4241 | /* Save a copy of the iterator pointing at the call. The iterator | |
4242 | may change to point past the call in try_substitute_return_value | |
4243 | but the original value is needed in try_simplify_call. */ | |
4244 | gimple_stmt_iterator gsi_call = *gsi; | |
76cf0084 | 4245 | |
53e0530a | 4246 | if (flag_printf_return_value |
4247 | && (!flag_rounding_math || !res.floating)) | |
4248 | call_removed = try_substitute_return_value (gsi, info, res); | |
4249 | ||
4250 | if (!call_removed) | |
4251 | try_simplify_call (&gsi_call, info, res); | |
4252 | } | |
4253 | ||
4254 | return call_removed; | |
b9833bfd | 4255 | } |
4256 | ||
9d8823fc | 4257 | edge |
4258 | sprintf_dom_walker::before_dom_children (basic_block bb) | |
4259 | { | |
4d02592b | 4260 | evrp_range_analyzer.enter (bb); |
9d8823fc | 4261 | for (gimple_stmt_iterator si = gsi_start_bb (bb); !gsi_end_p (si); ) |
4262 | { | |
4263 | /* Iterate over statements, looking for function calls. */ | |
4264 | gimple *stmt = gsi_stmt (si); | |
4265 | ||
4d02592b | 4266 | /* First record ranges generated by this statement. */ |
4267 | evrp_range_analyzer.record_ranges_from_stmt (stmt, false); | |
4268 | ||
9d8823fc | 4269 | if (is_gimple_call (stmt) && handle_gimple_call (&si)) |
4270 | /* If handle_gimple_call returns true, the iterator is | |
4271 | already pointing to the next statement. */ | |
4272 | continue; | |
4273 | ||
4274 | gsi_next (&si); | |
4275 | } | |
4276 | return NULL; | |
4277 | } | |
4278 | ||
4d02592b | 4279 | void |
4280 | sprintf_dom_walker::after_dom_children (basic_block bb) | |
4281 | { | |
4282 | evrp_range_analyzer.leave (bb); | |
4283 | } | |
4284 | ||
b9833bfd | 4285 | /* Execute the pass for function FUN. */ |
4286 | ||
4287 | unsigned int | |
4288 | pass_sprintf_length::execute (function *fun) | |
4289 | { | |
722889f9 | 4290 | init_target_to_host_charmap (); |
4291 | ||
9d8823fc | 4292 | calculate_dominance_info (CDI_DOMINATORS); |
22287fcd | 4293 | bool use_scev = optimize > 0 && flag_printf_return_value; |
4294 | if (use_scev) | |
4295 | { | |
4296 | loop_optimizer_init (LOOPS_NORMAL); | |
4297 | scev_initialize (); | |
4298 | } | |
df259a3b | 4299 | |
9d8823fc | 4300 | sprintf_dom_walker sprintf_dom_walker; |
4301 | sprintf_dom_walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun)); | |
b9833bfd | 4302 | |
22287fcd | 4303 | if (use_scev) |
4304 | { | |
4305 | scev_finalize (); | |
4306 | loop_optimizer_finalize (); | |
4307 | } | |
4308 | ||
76cf0084 | 4309 | /* Clean up object size info. */ |
d17f89dd | 4310 | fini_object_sizes (); |
b9833bfd | 4311 | return 0; |
4312 | } | |
4313 | ||
4314 | } /* Unnamed namespace. */ | |
4315 | ||
4316 | /* Return a pointer to a pass object newly constructed from the context | |
4317 | CTXT. */ | |
4318 | ||
4319 | gimple_opt_pass * | |
4320 | make_pass_sprintf_length (gcc::context *ctxt) | |
4321 | { | |
4322 | return new pass_sprintf_length (ctxt); | |
4323 | } |