]>
Commit | Line | Data |
---|---|---|
2a837de2 MS |
1 | /* Pass to detect and issue warnings for invalid accesses, including |
2 | invalid or mismatched allocation/deallocation calls. | |
3 | ||
7adcbafe | 4 | Copyright (C) 2020-2022 Free Software Foundation, Inc. |
2a837de2 MS |
5 | Contributed by Martin Sebor <msebor@redhat.com>. |
6 | ||
7 | This file is part of GCC. | |
8 | ||
9 | GCC is free software; you can redistribute it and/or modify it under | |
10 | the terms of the GNU General Public License as published by the Free | |
11 | Software Foundation; either version 3, or (at your option) any later | |
12 | version. | |
13 | ||
14 | GCC is distributed in the hope that it will be useful, but WITHOUT ANY | |
15 | WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
16 | FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
17 | for more details. | |
18 | ||
19 | You should have received a copy of the GNU General Public License | |
20 | along with GCC; see the file COPYING3. If not see | |
21 | <http://www.gnu.org/licenses/>. */ | |
22 | ||
b48d4e68 | 23 | #define INCLUDE_STRING |
2a837de2 MS |
24 | #include "config.h" |
25 | #include "system.h" | |
26 | #include "coretypes.h" | |
27 | #include "backend.h" | |
28 | #include "tree.h" | |
29 | #include "gimple.h" | |
30 | #include "tree-pass.h" | |
31 | #include "builtins.h" | |
5a431b60 | 32 | #include "diagnostic.h" |
2a837de2 MS |
33 | #include "ssa.h" |
34 | #include "gimple-pretty-print.h" | |
35 | #include "gimple-ssa-warn-access.h" | |
36 | #include "gimple-ssa-warn-restrict.h" | |
37 | #include "diagnostic-core.h" | |
38 | #include "fold-const.h" | |
39 | #include "gimple-fold.h" | |
40 | #include "gimple-iterator.h" | |
b48d4e68 | 41 | #include "langhooks.h" |
5a431b60 MS |
42 | #include "memmodel.h" |
43 | #include "target.h" | |
2a837de2 MS |
44 | #include "tree-dfa.h" |
45 | #include "tree-ssa.h" | |
46 | #include "tree-cfg.h" | |
47 | #include "tree-object-size.h" | |
81d6cdd3 | 48 | #include "tree-ssa-strlen.h" |
2a837de2 MS |
49 | #include "calls.h" |
50 | #include "cfgloop.h" | |
51 | #include "intl.h" | |
52 | #include "gimple-range.h" | |
53 | #include "stringpool.h" | |
54 | #include "attribs.h" | |
55 | #include "demangle.h" | |
671a2836 | 56 | #include "attr-fnspec.h" |
2a837de2 MS |
57 | #include "pointer-query.h" |
58 | ||
81d6cdd3 MS |
59 | /* Return true if tree node X has an associated location. */ |
60 | ||
61 | static inline location_t | |
62 | has_location (const_tree x) | |
63 | { | |
64 | if (DECL_P (x)) | |
65 | return DECL_SOURCE_LOCATION (x) != UNKNOWN_LOCATION; | |
66 | ||
67 | if (EXPR_P (x)) | |
68 | return EXPR_HAS_LOCATION (x); | |
69 | ||
70 | return false; | |
71 | } | |
72 | ||
73 | /* Return the associated location of STMT. */ | |
74 | ||
75 | static inline location_t | |
76 | get_location (const gimple *stmt) | |
77 | { | |
78 | return gimple_location (stmt); | |
79 | } | |
80 | ||
81 | /* Return the associated location of tree node X. */ | |
82 | ||
83 | static inline location_t | |
84 | get_location (tree x) | |
85 | { | |
86 | if (DECL_P (x)) | |
87 | return DECL_SOURCE_LOCATION (x); | |
88 | ||
89 | if (EXPR_P (x)) | |
90 | return EXPR_LOCATION (x); | |
91 | ||
92 | return UNKNOWN_LOCATION; | |
93 | } | |
94 | ||
95 | /* Overload of the nascent tree function for GIMPLE STMT. */ | |
96 | ||
97 | static inline tree | |
98 | get_callee_fndecl (const gimple *stmt) | |
99 | { | |
100 | return gimple_call_fndecl (stmt); | |
101 | } | |
102 | ||
103 | static inline unsigned | |
104 | call_nargs (const gimple *stmt) | |
105 | { | |
106 | return gimple_call_num_args (stmt); | |
107 | } | |
108 | ||
109 | static inline unsigned | |
110 | call_nargs (const_tree expr) | |
111 | { | |
112 | return call_expr_nargs (expr); | |
113 | } | |
114 | ||
115 | ||
116 | static inline tree | |
117 | call_arg (const gimple *stmt, unsigned argno) | |
118 | { | |
119 | return gimple_call_arg (stmt, argno); | |
120 | } | |
121 | ||
122 | static inline tree | |
123 | call_arg (tree expr, unsigned argno) | |
124 | { | |
125 | return CALL_EXPR_ARG (expr, argno); | |
126 | } | |
127 | ||
2a837de2 MS |
128 | /* For a call EXPR at LOC to a function FNAME that expects a string |
129 | in the argument ARG, issue a diagnostic due to it being a called | |
130 | with an argument that is a character array with no terminating | |
131 | NUL. SIZE is the EXACT size of the array, and BNDRNG the number | |
132 | of characters in which the NUL is expected. Either EXPR or FNAME | |
133 | may be null but noth both. SIZE may be null when BNDRNG is null. */ | |
134 | ||
81d6cdd3 MS |
135 | template <class GimpleOrTree> |
136 | static void | |
137 | warn_string_no_nul (location_t loc, GimpleOrTree expr, const char *fname, | |
138 | tree arg, tree decl, tree size, bool exact, | |
2a837de2 MS |
139 | const wide_int bndrng[2] /* = NULL */) |
140 | { | |
141 | const opt_code opt = OPT_Wstringop_overread; | |
142 | if ((expr && warning_suppressed_p (expr, opt)) | |
143 | || warning_suppressed_p (arg, opt)) | |
144 | return; | |
145 | ||
146 | loc = expansion_point_location_if_in_system_header (loc); | |
147 | bool warned; | |
148 | ||
149 | /* Format the bound range as a string to keep the nuber of messages | |
150 | from exploding. */ | |
151 | char bndstr[80]; | |
152 | *bndstr = 0; | |
153 | if (bndrng) | |
154 | { | |
155 | if (bndrng[0] == bndrng[1]) | |
156 | sprintf (bndstr, "%llu", (unsigned long long) bndrng[0].to_uhwi ()); | |
157 | else | |
158 | sprintf (bndstr, "[%llu, %llu]", | |
159 | (unsigned long long) bndrng[0].to_uhwi (), | |
160 | (unsigned long long) bndrng[1].to_uhwi ()); | |
161 | } | |
162 | ||
163 | const tree maxobjsize = max_object_size (); | |
164 | const wide_int maxsiz = wi::to_wide (maxobjsize); | |
165 | if (expr) | |
166 | { | |
167 | tree func = get_callee_fndecl (expr); | |
168 | if (bndrng) | |
169 | { | |
170 | if (wi::ltu_p (maxsiz, bndrng[0])) | |
171 | warned = warning_at (loc, opt, | |
172 | "%qD specified bound %s exceeds " | |
173 | "maximum object size %E", | |
174 | func, bndstr, maxobjsize); | |
175 | else | |
176 | { | |
177 | bool maybe = wi::to_wide (size) == bndrng[0]; | |
178 | warned = warning_at (loc, opt, | |
179 | exact | |
180 | ? G_("%qD specified bound %s exceeds " | |
181 | "the size %E of unterminated array") | |
182 | : (maybe | |
183 | ? G_("%qD specified bound %s may " | |
184 | "exceed the size of at most %E " | |
185 | "of unterminated array") | |
186 | : G_("%qD specified bound %s exceeds " | |
187 | "the size of at most %E " | |
188 | "of unterminated array")), | |
189 | func, bndstr, size); | |
190 | } | |
191 | } | |
192 | else | |
193 | warned = warning_at (loc, opt, | |
194 | "%qD argument missing terminating nul", | |
195 | func); | |
196 | } | |
197 | else | |
198 | { | |
199 | if (bndrng) | |
200 | { | |
201 | if (wi::ltu_p (maxsiz, bndrng[0])) | |
202 | warned = warning_at (loc, opt, | |
203 | "%qs specified bound %s exceeds " | |
204 | "maximum object size %E", | |
205 | fname, bndstr, maxobjsize); | |
206 | else | |
207 | { | |
208 | bool maybe = wi::to_wide (size) == bndrng[0]; | |
209 | warned = warning_at (loc, opt, | |
210 | exact | |
211 | ? G_("%qs specified bound %s exceeds " | |
212 | "the size %E of unterminated array") | |
213 | : (maybe | |
214 | ? G_("%qs specified bound %s may " | |
215 | "exceed the size of at most %E " | |
216 | "of unterminated array") | |
217 | : G_("%qs specified bound %s exceeds " | |
218 | "the size of at most %E " | |
219 | "of unterminated array")), | |
220 | fname, bndstr, size); | |
221 | } | |
222 | } | |
223 | else | |
224 | warned = warning_at (loc, opt, | |
225 | "%qs argument missing terminating nul", | |
226 | fname); | |
227 | } | |
228 | ||
229 | if (warned) | |
230 | { | |
81d6cdd3 | 231 | inform (get_location (decl), |
2a837de2 MS |
232 | "referenced argument declared here"); |
233 | suppress_warning (arg, opt); | |
234 | if (expr) | |
235 | suppress_warning (expr, opt); | |
236 | } | |
237 | } | |
238 | ||
81d6cdd3 MS |
239 | void |
240 | warn_string_no_nul (location_t loc, gimple *stmt, const char *fname, | |
241 | tree arg, tree decl, tree size /* = NULL_TREE */, | |
242 | bool exact /* = false */, | |
243 | const wide_int bndrng[2] /* = NULL */) | |
244 | { | |
245 | return warn_string_no_nul<gimple *> (loc, stmt, fname, | |
246 | arg, decl, size, exact, bndrng); | |
247 | } | |
248 | ||
249 | void | |
250 | warn_string_no_nul (location_t loc, tree expr, const char *fname, | |
251 | tree arg, tree decl, tree size /* = NULL_TREE */, | |
252 | bool exact /* = false */, | |
253 | const wide_int bndrng[2] /* = NULL */) | |
254 | { | |
255 | return warn_string_no_nul<tree> (loc, expr, fname, | |
256 | arg, decl, size, exact, bndrng); | |
257 | } | |
258 | ||
259 | /* If EXP refers to an unterminated constant character array return | |
260 | the declaration of the object of which the array is a member or | |
261 | element and if SIZE is not null, set *SIZE to the size of | |
262 | the unterminated array and set *EXACT if the size is exact or | |
263 | clear it otherwise. Otherwise return null. */ | |
264 | ||
265 | tree | |
266 | unterminated_array (tree exp, tree *size /* = NULL */, bool *exact /* = NULL */) | |
267 | { | |
268 | /* C_STRLEN will return NULL and set DECL in the info | |
269 | structure if EXP references a unterminated array. */ | |
270 | c_strlen_data lendata = { }; | |
271 | tree len = c_strlen (exp, 1, &lendata); | |
272 | if (len || !lendata.minlen || !lendata.decl) | |
273 | return NULL_TREE; | |
274 | ||
275 | if (!size) | |
276 | return lendata.decl; | |
277 | ||
278 | len = lendata.minlen; | |
279 | if (lendata.off) | |
280 | { | |
281 | /* Constant offsets are already accounted for in LENDATA.MINLEN, | |
282 | but not in a SSA_NAME + CST expression. */ | |
283 | if (TREE_CODE (lendata.off) == INTEGER_CST) | |
284 | *exact = true; | |
285 | else if (TREE_CODE (lendata.off) == PLUS_EXPR | |
286 | && TREE_CODE (TREE_OPERAND (lendata.off, 1)) == INTEGER_CST) | |
287 | { | |
288 | /* Subtract the offset from the size of the array. */ | |
289 | *exact = false; | |
290 | tree temp = TREE_OPERAND (lendata.off, 1); | |
291 | temp = fold_convert (ssizetype, temp); | |
292 | len = fold_build2 (MINUS_EXPR, ssizetype, len, temp); | |
293 | } | |
294 | else | |
295 | *exact = false; | |
296 | } | |
297 | else | |
298 | *exact = true; | |
299 | ||
300 | *size = len; | |
301 | return lendata.decl; | |
302 | } | |
303 | ||
2a837de2 MS |
304 | /* For a call EXPR (which may be null) that expects a string argument |
305 | SRC as an argument, returns false if SRC is a character array with | |
306 | no terminating NUL. When nonnull, BOUND is the number of characters | |
81d6cdd3 MS |
307 | in which to expect the terminating NUL. When EXPR is nonnull also |
308 | issues a warning. */ | |
2a837de2 | 309 | |
81d6cdd3 MS |
310 | template <class GimpleOrTree> |
311 | static bool | |
312 | check_nul_terminated_array (GimpleOrTree expr, tree src, tree bound) | |
2a837de2 MS |
313 | { |
314 | /* The constant size of the array SRC points to. The actual size | |
315 | may be less of EXACT is true, but not more. */ | |
316 | tree size; | |
317 | /* True if SRC involves a non-constant offset into the array. */ | |
318 | bool exact; | |
319 | /* The unterminated constant array SRC points to. */ | |
320 | tree nonstr = unterminated_array (src, &size, &exact); | |
321 | if (!nonstr) | |
322 | return true; | |
323 | ||
324 | /* NONSTR refers to the non-nul terminated constant array and SIZE | |
325 | is the constant size of the array in bytes. EXACT is true when | |
326 | SIZE is exact. */ | |
327 | ||
328 | wide_int bndrng[2]; | |
329 | if (bound) | |
330 | { | |
331 | value_range r; | |
332 | ||
333 | get_global_range_query ()->range_of_expr (r, bound); | |
334 | ||
335 | if (r.kind () != VR_RANGE) | |
336 | return true; | |
337 | ||
338 | bndrng[0] = r.lower_bound (); | |
339 | bndrng[1] = r.upper_bound (); | |
340 | ||
341 | if (exact) | |
342 | { | |
343 | if (wi::leu_p (bndrng[0], wi::to_wide (size))) | |
344 | return true; | |
345 | } | |
346 | else if (wi::lt_p (bndrng[0], wi::to_wide (size), UNSIGNED)) | |
347 | return true; | |
348 | } | |
349 | ||
350 | if (expr) | |
81d6cdd3 | 351 | warn_string_no_nul (get_location (expr), expr, NULL, src, nonstr, |
2a837de2 MS |
352 | size, exact, bound ? bndrng : NULL); |
353 | ||
354 | return false; | |
355 | } | |
356 | ||
81d6cdd3 MS |
357 | bool |
358 | check_nul_terminated_array (gimple *stmt, tree src, tree bound /* = NULL_TREE */) | |
359 | { | |
360 | return check_nul_terminated_array<gimple *>(stmt, src, bound); | |
361 | } | |
2a837de2 | 362 | |
81d6cdd3 MS |
363 | bool |
364 | check_nul_terminated_array (tree expr, tree src, tree bound /* = NULL_TREE */) | |
2a837de2 | 365 | { |
81d6cdd3 MS |
366 | return check_nul_terminated_array<tree>(expr, src, bound); |
367 | } | |
368 | ||
369 | /* Warn about passing a non-string array/pointer to a built-in function | |
370 | that expects a nul-terminated string argument. Returns true if | |
371 | a warning has been issued.*/ | |
372 | ||
373 | template <class GimpleOrTree> | |
374 | static bool | |
375 | maybe_warn_nonstring_arg (tree fndecl, GimpleOrTree exp) | |
376 | { | |
377 | if (!fndecl || !fndecl_built_in_p (fndecl, BUILT_IN_NORMAL)) | |
378 | return false; | |
379 | ||
380 | if (!warn_stringop_overread | |
381 | || warning_suppressed_p (exp, OPT_Wstringop_overread)) | |
382 | return false; | |
383 | ||
384 | /* Avoid clearly invalid calls (more checking done below). */ | |
385 | unsigned nargs = call_nargs (exp); | |
386 | if (!nargs) | |
387 | return false; | |
388 | ||
389 | /* The bound argument to a bounded string function like strncpy. */ | |
390 | tree bound = NULL_TREE; | |
391 | ||
392 | /* The longest known or possible string argument to one of the comparison | |
393 | functions. If the length is less than the bound it is used instead. | |
394 | Since the length is only used for warning and not for code generation | |
395 | disable strict mode in the calls to get_range_strlen below. */ | |
396 | tree maxlen = NULL_TREE; | |
397 | ||
398 | /* It's safe to call "bounded" string functions with a non-string | |
399 | argument since the functions provide an explicit bound for this | |
400 | purpose. The exception is strncat where the bound may refer to | |
401 | either the destination or the source. */ | |
402 | int fncode = DECL_FUNCTION_CODE (fndecl); | |
403 | switch (fncode) | |
404 | { | |
405 | case BUILT_IN_STRCMP: | |
406 | case BUILT_IN_STRNCMP: | |
407 | case BUILT_IN_STRNCASECMP: | |
408 | { | |
409 | /* For these, if one argument refers to one or more of a set | |
410 | of string constants or arrays of known size, determine | |
411 | the range of their known or possible lengths and use it | |
412 | conservatively as the bound for the unbounded function, | |
413 | and to adjust the range of the bound of the bounded ones. */ | |
414 | for (unsigned argno = 0; | |
415 | argno < MIN (nargs, 2) | |
416 | && !(maxlen && TREE_CODE (maxlen) == INTEGER_CST); argno++) | |
417 | { | |
418 | tree arg = call_arg (exp, argno); | |
419 | if (!get_attr_nonstring_decl (arg)) | |
420 | { | |
421 | c_strlen_data lendata = { }; | |
422 | /* Set MAXBOUND to an arbitrary non-null non-integer | |
423 | node as a request to have it set to the length of | |
424 | the longest string in a PHI. */ | |
425 | lendata.maxbound = arg; | |
426 | get_range_strlen (arg, &lendata, /* eltsize = */ 1); | |
427 | maxlen = lendata.maxbound; | |
428 | } | |
429 | } | |
430 | } | |
431 | /* Fall through. */ | |
432 | ||
433 | case BUILT_IN_STRNCAT: | |
434 | case BUILT_IN_STPNCPY: | |
435 | case BUILT_IN_STRNCPY: | |
436 | if (nargs > 2) | |
437 | bound = call_arg (exp, 2); | |
438 | break; | |
439 | ||
440 | case BUILT_IN_STRNDUP: | |
441 | if (nargs < 2) | |
442 | return false; | |
443 | bound = call_arg (exp, 1); | |
444 | break; | |
445 | ||
446 | case BUILT_IN_STRNLEN: | |
447 | { | |
448 | tree arg = call_arg (exp, 0); | |
449 | if (!get_attr_nonstring_decl (arg)) | |
450 | { | |
451 | c_strlen_data lendata = { }; | |
452 | /* Set MAXBOUND to an arbitrary non-null non-integer | |
453 | node as a request to have it set to the length of | |
454 | the longest string in a PHI. */ | |
455 | lendata.maxbound = arg; | |
456 | get_range_strlen (arg, &lendata, /* eltsize = */ 1); | |
457 | maxlen = lendata.maxbound; | |
458 | } | |
459 | if (nargs > 1) | |
460 | bound = call_arg (exp, 1); | |
461 | break; | |
462 | } | |
463 | ||
464 | default: | |
465 | break; | |
466 | } | |
467 | ||
468 | /* Determine the range of the bound argument (if specified). */ | |
469 | tree bndrng[2] = { NULL_TREE, NULL_TREE }; | |
470 | if (bound) | |
471 | { | |
472 | STRIP_NOPS (bound); | |
473 | get_size_range (bound, bndrng); | |
474 | } | |
475 | ||
476 | location_t loc = get_location (exp); | |
477 | ||
478 | if (bndrng[0]) | |
479 | { | |
480 | /* Diagnose excessive bound prior to the adjustment below and | |
481 | regardless of attribute nonstring. */ | |
482 | tree maxobjsize = max_object_size (); | |
483 | if (tree_int_cst_lt (maxobjsize, bndrng[0])) | |
2a837de2 | 484 | { |
81d6cdd3 MS |
485 | bool warned = false; |
486 | if (tree_int_cst_equal (bndrng[0], bndrng[1])) | |
487 | warned = warning_at (loc, OPT_Wstringop_overread, | |
488 | "%qD specified bound %E " | |
489 | "exceeds maximum object size %E", | |
490 | fndecl, bndrng[0], maxobjsize); | |
491 | else | |
492 | warned = warning_at (loc, OPT_Wstringop_overread, | |
493 | "%qD specified bound [%E, %E] " | |
494 | "exceeds maximum object size %E", | |
495 | fndecl, bndrng[0], bndrng[1], | |
496 | maxobjsize); | |
497 | if (warned) | |
498 | suppress_warning (exp, OPT_Wstringop_overread); | |
499 | ||
500 | return warned; | |
501 | } | |
502 | } | |
503 | ||
504 | if (maxlen && !integer_all_onesp (maxlen)) | |
505 | { | |
506 | /* Add one for the nul. */ | |
507 | maxlen = const_binop (PLUS_EXPR, TREE_TYPE (maxlen), maxlen, | |
508 | size_one_node); | |
509 | ||
510 | if (!bndrng[0]) | |
511 | { | |
512 | /* Conservatively use the upper bound of the lengths for | |
513 | both the lower and the upper bound of the operation. */ | |
514 | bndrng[0] = maxlen; | |
515 | bndrng[1] = maxlen; | |
516 | bound = void_type_node; | |
517 | } | |
518 | else if (maxlen) | |
519 | { | |
520 | /* Replace the bound on the operation with the upper bound | |
521 | of the length of the string if the latter is smaller. */ | |
522 | if (tree_int_cst_lt (maxlen, bndrng[0])) | |
523 | bndrng[0] = maxlen; | |
524 | else if (tree_int_cst_lt (maxlen, bndrng[1])) | |
525 | bndrng[1] = maxlen; | |
526 | } | |
527 | } | |
528 | ||
529 | bool any_arg_warned = false; | |
530 | /* Iterate over the built-in function's formal arguments and check | |
531 | each const char* against the actual argument. If the actual | |
532 | argument is declared attribute non-string issue a warning unless | |
533 | the argument's maximum length is bounded. */ | |
534 | function_args_iterator it; | |
535 | function_args_iter_init (&it, TREE_TYPE (fndecl)); | |
536 | ||
537 | for (unsigned argno = 0; ; ++argno, function_args_iter_next (&it)) | |
538 | { | |
539 | /* Avoid iterating past the declared argument in a call | |
540 | to function declared without a prototype. */ | |
541 | if (argno >= nargs) | |
542 | break; | |
543 | ||
544 | tree argtype = function_args_iter_cond (&it); | |
545 | if (!argtype) | |
546 | break; | |
547 | ||
548 | if (TREE_CODE (argtype) != POINTER_TYPE) | |
549 | continue; | |
550 | ||
551 | argtype = TREE_TYPE (argtype); | |
552 | ||
553 | if (TREE_CODE (argtype) != INTEGER_TYPE | |
554 | || !TYPE_READONLY (argtype)) | |
555 | continue; | |
556 | ||
557 | argtype = TYPE_MAIN_VARIANT (argtype); | |
558 | if (argtype != char_type_node) | |
559 | continue; | |
560 | ||
561 | tree callarg = call_arg (exp, argno); | |
562 | if (TREE_CODE (callarg) == ADDR_EXPR) | |
563 | callarg = TREE_OPERAND (callarg, 0); | |
564 | ||
565 | /* See if the destination is declared with attribute "nonstring". */ | |
566 | tree decl = get_attr_nonstring_decl (callarg); | |
567 | if (!decl) | |
568 | continue; | |
569 | ||
570 | /* The maximum number of array elements accessed. */ | |
571 | offset_int wibnd = 0; | |
572 | ||
573 | if (argno && fncode == BUILT_IN_STRNCAT) | |
574 | { | |
575 | /* See if the bound in strncat is derived from the length | |
576 | of the strlen of the destination (as it's expected to be). | |
577 | If so, reset BOUND and FNCODE to trigger a warning. */ | |
578 | tree dstarg = call_arg (exp, 0); | |
579 | if (is_strlen_related_p (dstarg, bound)) | |
580 | { | |
581 | /* The bound applies to the destination, not to the source, | |
582 | so reset these to trigger a warning without mentioning | |
583 | the bound. */ | |
584 | bound = NULL; | |
585 | fncode = 0; | |
586 | } | |
587 | else if (bndrng[1]) | |
588 | /* Use the upper bound of the range for strncat. */ | |
589 | wibnd = wi::to_offset (bndrng[1]); | |
590 | } | |
591 | else if (bndrng[0]) | |
592 | /* Use the lower bound of the range for functions other than | |
593 | strncat. */ | |
594 | wibnd = wi::to_offset (bndrng[0]); | |
595 | ||
596 | /* Determine the size of the argument array if it is one. */ | |
597 | offset_int asize = wibnd; | |
598 | bool known_size = false; | |
599 | tree type = TREE_TYPE (decl); | |
600 | ||
601 | /* Determine the array size. For arrays of unknown bound and | |
602 | pointers reset BOUND to trigger the appropriate warning. */ | |
603 | if (TREE_CODE (type) == ARRAY_TYPE) | |
604 | { | |
605 | if (tree arrbnd = TYPE_DOMAIN (type)) | |
2a837de2 | 606 | { |
81d6cdd3 | 607 | if ((arrbnd = TYPE_MAX_VALUE (arrbnd))) |
2a837de2 | 608 | { |
81d6cdd3 MS |
609 | asize = wi::to_offset (arrbnd) + 1; |
610 | known_size = true; | |
2a837de2 | 611 | } |
2a837de2 | 612 | } |
81d6cdd3 MS |
613 | else if (bound == void_type_node) |
614 | bound = NULL_TREE; | |
615 | } | |
616 | else if (bound == void_type_node) | |
617 | bound = NULL_TREE; | |
618 | ||
619 | /* In a call to strncat with a bound in a range whose lower but | |
620 | not upper bound is less than the array size, reset ASIZE to | |
621 | be the same as the bound and the other variable to trigger | |
622 | the apprpriate warning below. */ | |
623 | if (fncode == BUILT_IN_STRNCAT | |
624 | && bndrng[0] != bndrng[1] | |
625 | && wi::ltu_p (wi::to_offset (bndrng[0]), asize) | |
626 | && (!known_size | |
627 | || wi::ltu_p (asize, wibnd))) | |
628 | { | |
629 | asize = wibnd; | |
630 | bound = NULL_TREE; | |
631 | fncode = 0; | |
632 | } | |
633 | ||
634 | bool warned = false; | |
635 | ||
636 | auto_diagnostic_group d; | |
637 | if (wi::ltu_p (asize, wibnd)) | |
638 | { | |
639 | if (bndrng[0] == bndrng[1]) | |
640 | warned = warning_at (loc, OPT_Wstringop_overread, | |
641 | "%qD argument %i declared attribute " | |
642 | "%<nonstring%> is smaller than the specified " | |
643 | "bound %wu", | |
644 | fndecl, argno + 1, wibnd.to_uhwi ()); | |
645 | else if (wi::ltu_p (asize, wi::to_offset (bndrng[0]))) | |
646 | warned = warning_at (loc, OPT_Wstringop_overread, | |
647 | "%qD argument %i declared attribute " | |
648 | "%<nonstring%> is smaller than " | |
649 | "the specified bound [%E, %E]", | |
650 | fndecl, argno + 1, bndrng[0], bndrng[1]); | |
2a837de2 | 651 | else |
81d6cdd3 MS |
652 | warned = warning_at (loc, OPT_Wstringop_overread, |
653 | "%qD argument %i declared attribute " | |
654 | "%<nonstring%> may be smaller than " | |
655 | "the specified bound [%E, %E]", | |
656 | fndecl, argno + 1, bndrng[0], bndrng[1]); | |
657 | } | |
658 | else if (fncode == BUILT_IN_STRNCAT) | |
659 | ; /* Avoid warning for calls to strncat() when the bound | |
660 | is equal to the size of the non-string argument. */ | |
661 | else if (!bound) | |
662 | warned = warning_at (loc, OPT_Wstringop_overread, | |
663 | "%qD argument %i declared attribute %<nonstring%>", | |
664 | fndecl, argno + 1); | |
2a837de2 | 665 | |
81d6cdd3 MS |
666 | if (warned) |
667 | { | |
668 | inform (DECL_SOURCE_LOCATION (decl), | |
669 | "argument %qD declared here", decl); | |
670 | any_arg_warned = true; | |
2a837de2 | 671 | } |
81d6cdd3 MS |
672 | } |
673 | ||
674 | if (any_arg_warned) | |
675 | suppress_warning (exp, OPT_Wstringop_overread); | |
676 | ||
677 | return any_arg_warned; | |
678 | } | |
679 | ||
680 | bool | |
681 | maybe_warn_nonstring_arg (tree fndecl, gimple *stmt) | |
682 | { | |
683 | return maybe_warn_nonstring_arg<gimple *>(fndecl, stmt); | |
684 | } | |
2a837de2 | 685 | |
81d6cdd3 MS |
686 | |
687 | bool | |
688 | maybe_warn_nonstring_arg (tree fndecl, tree expr) | |
689 | { | |
690 | return maybe_warn_nonstring_arg<tree>(fndecl, expr); | |
2a837de2 MS |
691 | } |
692 | ||
693 | /* Issue a warning OPT for a bounded call EXP with a bound in RANGE | |
694 | accessing an object with SIZE. */ | |
695 | ||
81d6cdd3 MS |
696 | template <class GimpleOrTree> |
697 | static bool | |
698 | maybe_warn_for_bound (opt_code opt, location_t loc, GimpleOrTree exp, tree func, | |
699 | tree bndrng[2], tree size, const access_data *pad) | |
2a837de2 MS |
700 | { |
701 | if (!bndrng[0] || warning_suppressed_p (exp, opt)) | |
702 | return false; | |
703 | ||
704 | tree maxobjsize = max_object_size (); | |
705 | ||
706 | bool warned = false; | |
707 | ||
708 | if (opt == OPT_Wstringop_overread) | |
709 | { | |
710 | bool maybe = pad && pad->src.phi (); | |
820f0940 MS |
711 | if (maybe) |
712 | { | |
713 | /* Issue a "maybe" warning only if the PHI refers to objects | |
714 | at least one of which has more space remaining than the bound. | |
715 | Otherwise, if the bound is greater, use the definitive form. */ | |
716 | offset_int remmax = pad->src.size_remaining (); | |
717 | if (remmax < wi::to_offset (bndrng[0])) | |
718 | maybe = false; | |
719 | } | |
2a837de2 MS |
720 | |
721 | if (tree_int_cst_lt (maxobjsize, bndrng[0])) | |
722 | { | |
723 | if (bndrng[0] == bndrng[1]) | |
724 | warned = (func | |
725 | ? warning_at (loc, opt, | |
726 | (maybe | |
727 | ? G_("%qD specified bound %E may " | |
728 | "exceed maximum object size %E") | |
729 | : G_("%qD specified bound %E " | |
730 | "exceeds maximum object size %E")), | |
731 | func, bndrng[0], maxobjsize) | |
732 | : warning_at (loc, opt, | |
733 | (maybe | |
734 | ? G_("specified bound %E may " | |
735 | "exceed maximum object size %E") | |
736 | : G_("specified bound %E " | |
737 | "exceeds maximum object size %E")), | |
738 | bndrng[0], maxobjsize)); | |
739 | else | |
740 | warned = (func | |
741 | ? warning_at (loc, opt, | |
742 | (maybe | |
743 | ? G_("%qD specified bound [%E, %E] may " | |
744 | "exceed maximum object size %E") | |
745 | : G_("%qD specified bound [%E, %E] " | |
746 | "exceeds maximum object size %E")), | |
747 | func, | |
748 | bndrng[0], bndrng[1], maxobjsize) | |
749 | : warning_at (loc, opt, | |
750 | (maybe | |
751 | ? G_("specified bound [%E, %E] may " | |
752 | "exceed maximum object size %E") | |
753 | : G_("specified bound [%E, %E] " | |
754 | "exceeds maximum object size %E")), | |
755 | bndrng[0], bndrng[1], maxobjsize)); | |
756 | } | |
757 | else if (!size || tree_int_cst_le (bndrng[0], size)) | |
758 | return false; | |
759 | else if (tree_int_cst_equal (bndrng[0], bndrng[1])) | |
760 | warned = (func | |
761 | ? warning_at (loc, opt, | |
762 | (maybe | |
763 | ? G_("%qD specified bound %E may exceed " | |
764 | "source size %E") | |
765 | : G_("%qD specified bound %E exceeds " | |
766 | "source size %E")), | |
767 | func, bndrng[0], size) | |
768 | : warning_at (loc, opt, | |
769 | (maybe | |
770 | ? G_("specified bound %E may exceed " | |
771 | "source size %E") | |
772 | : G_("specified bound %E exceeds " | |
773 | "source size %E")), | |
774 | bndrng[0], size)); | |
775 | else | |
776 | warned = (func | |
777 | ? warning_at (loc, opt, | |
778 | (maybe | |
779 | ? G_("%qD specified bound [%E, %E] may " | |
780 | "exceed source size %E") | |
781 | : G_("%qD specified bound [%E, %E] exceeds " | |
782 | "source size %E")), | |
783 | func, bndrng[0], bndrng[1], size) | |
784 | : warning_at (loc, opt, | |
785 | (maybe | |
786 | ? G_("specified bound [%E, %E] may exceed " | |
787 | "source size %E") | |
788 | : G_("specified bound [%E, %E] exceeds " | |
789 | "source size %E")), | |
790 | bndrng[0], bndrng[1], size)); | |
791 | if (warned) | |
792 | { | |
81d6cdd3 MS |
793 | if (pad && pad->src.ref |
794 | && has_location (pad->src.ref)) | |
795 | inform (get_location (pad->src.ref), | |
796 | "source object allocated here"); | |
2a837de2 MS |
797 | suppress_warning (exp, opt); |
798 | } | |
799 | ||
800 | return warned; | |
801 | } | |
802 | ||
803 | bool maybe = pad && pad->dst.phi (); | |
820f0940 MS |
804 | if (maybe) |
805 | { | |
806 | /* Issue a "maybe" warning only if the PHI refers to objects | |
807 | at least one of which has more space remaining than the bound. | |
808 | Otherwise, if the bound is greater, use the definitive form. */ | |
809 | offset_int remmax = pad->dst.size_remaining (); | |
810 | if (remmax < wi::to_offset (bndrng[0])) | |
811 | maybe = false; | |
812 | } | |
2a837de2 MS |
813 | if (tree_int_cst_lt (maxobjsize, bndrng[0])) |
814 | { | |
815 | if (bndrng[0] == bndrng[1]) | |
816 | warned = (func | |
817 | ? warning_at (loc, opt, | |
818 | (maybe | |
819 | ? G_("%qD specified size %E may " | |
820 | "exceed maximum object size %E") | |
821 | : G_("%qD specified size %E " | |
822 | "exceeds maximum object size %E")), | |
823 | func, bndrng[0], maxobjsize) | |
824 | : warning_at (loc, opt, | |
825 | (maybe | |
826 | ? G_("specified size %E may exceed " | |
827 | "maximum object size %E") | |
828 | : G_("specified size %E exceeds " | |
829 | "maximum object size %E")), | |
830 | bndrng[0], maxobjsize)); | |
831 | else | |
832 | warned = (func | |
833 | ? warning_at (loc, opt, | |
834 | (maybe | |
835 | ? G_("%qD specified size between %E and %E " | |
836 | "may exceed maximum object size %E") | |
837 | : G_("%qD specified size between %E and %E " | |
838 | "exceeds maximum object size %E")), | |
839 | func, bndrng[0], bndrng[1], maxobjsize) | |
840 | : warning_at (loc, opt, | |
841 | (maybe | |
842 | ? G_("specified size between %E and %E " | |
843 | "may exceed maximum object size %E") | |
844 | : G_("specified size between %E and %E " | |
845 | "exceeds maximum object size %E")), | |
846 | bndrng[0], bndrng[1], maxobjsize)); | |
847 | } | |
848 | else if (!size || tree_int_cst_le (bndrng[0], size)) | |
849 | return false; | |
850 | else if (tree_int_cst_equal (bndrng[0], bndrng[1])) | |
851 | warned = (func | |
852 | ? warning_at (loc, opt, | |
853 | (maybe | |
854 | ? G_("%qD specified bound %E may exceed " | |
855 | "destination size %E") | |
856 | : G_("%qD specified bound %E exceeds " | |
857 | "destination size %E")), | |
858 | func, bndrng[0], size) | |
859 | : warning_at (loc, opt, | |
860 | (maybe | |
861 | ? G_("specified bound %E may exceed " | |
862 | "destination size %E") | |
863 | : G_("specified bound %E exceeds " | |
864 | "destination size %E")), | |
865 | bndrng[0], size)); | |
866 | else | |
867 | warned = (func | |
868 | ? warning_at (loc, opt, | |
869 | (maybe | |
870 | ? G_("%qD specified bound [%E, %E] may exceed " | |
871 | "destination size %E") | |
872 | : G_("%qD specified bound [%E, %E] exceeds " | |
873 | "destination size %E")), | |
874 | func, bndrng[0], bndrng[1], size) | |
875 | : warning_at (loc, opt, | |
876 | (maybe | |
877 | ? G_("specified bound [%E, %E] exceeds " | |
878 | "destination size %E") | |
879 | : G_("specified bound [%E, %E] exceeds " | |
880 | "destination size %E")), | |
881 | bndrng[0], bndrng[1], size)); | |
882 | ||
883 | if (warned) | |
884 | { | |
81d6cdd3 MS |
885 | if (pad && pad->dst.ref |
886 | && has_location (pad->dst.ref)) | |
887 | inform (get_location (pad->dst.ref), | |
888 | "destination object allocated here"); | |
2a837de2 MS |
889 | suppress_warning (exp, opt); |
890 | } | |
891 | ||
892 | return warned; | |
893 | } | |
894 | ||
81d6cdd3 MS |
895 | bool |
896 | maybe_warn_for_bound (opt_code opt, location_t loc, gimple *stmt, tree func, | |
897 | tree bndrng[2], tree size, | |
898 | const access_data *pad /* = NULL */) | |
899 | { | |
900 | return maybe_warn_for_bound<gimple *> (opt, loc, stmt, func, bndrng, size, | |
901 | pad); | |
902 | } | |
903 | ||
904 | bool | |
905 | maybe_warn_for_bound (opt_code opt, location_t loc, tree expr, tree func, | |
906 | tree bndrng[2], tree size, | |
907 | const access_data *pad /* = NULL */) | |
908 | { | |
909 | return maybe_warn_for_bound<tree> (opt, loc, expr, func, bndrng, size, pad); | |
910 | } | |
911 | ||
2a837de2 MS |
912 | /* For an expression EXP issue an access warning controlled by option OPT |
913 | with access to a region SIZE bytes in size in the RANGE of sizes. | |
914 | WRITE is true for a write access, READ for a read access, neither for | |
915 | call that may or may not perform an access but for which the range | |
916 | is expected to valid. | |
917 | Returns true when a warning has been issued. */ | |
918 | ||
81d6cdd3 | 919 | template <class GimpleOrTree> |
2a837de2 | 920 | static bool |
81d6cdd3 MS |
921 | warn_for_access (location_t loc, tree func, GimpleOrTree exp, int opt, |
922 | tree range[2], tree size, bool write, bool read, bool maybe) | |
2a837de2 MS |
923 | { |
924 | bool warned = false; | |
925 | ||
926 | if (write && read) | |
927 | { | |
928 | if (tree_int_cst_equal (range[0], range[1])) | |
929 | warned = (func | |
930 | ? warning_n (loc, opt, tree_to_uhwi (range[0]), | |
931 | (maybe | |
932 | ? G_("%qD may access %E byte in a region " | |
933 | "of size %E") | |
934 | : G_("%qD accessing %E byte in a region " | |
935 | "of size %E")), | |
936 | (maybe | |
937 | ? G_ ("%qD may access %E bytes in a region " | |
938 | "of size %E") | |
939 | : G_ ("%qD accessing %E bytes in a region " | |
940 | "of size %E")), | |
941 | func, range[0], size) | |
942 | : warning_n (loc, opt, tree_to_uhwi (range[0]), | |
943 | (maybe | |
944 | ? G_("may access %E byte in a region " | |
945 | "of size %E") | |
946 | : G_("accessing %E byte in a region " | |
947 | "of size %E")), | |
948 | (maybe | |
949 | ? G_("may access %E bytes in a region " | |
950 | "of size %E") | |
951 | : G_("accessing %E bytes in a region " | |
952 | "of size %E")), | |
953 | range[0], size)); | |
954 | else if (tree_int_cst_sign_bit (range[1])) | |
955 | { | |
956 | /* Avoid printing the upper bound if it's invalid. */ | |
957 | warned = (func | |
958 | ? warning_at (loc, opt, | |
959 | (maybe | |
960 | ? G_("%qD may access %E or more bytes " | |
961 | "in a region of size %E") | |
962 | : G_("%qD accessing %E or more bytes " | |
963 | "in a region of size %E")), | |
964 | func, range[0], size) | |
965 | : warning_at (loc, opt, | |
966 | (maybe | |
967 | ? G_("may access %E or more bytes " | |
968 | "in a region of size %E") | |
969 | : G_("accessing %E or more bytes " | |
970 | "in a region of size %E")), | |
971 | range[0], size)); | |
972 | } | |
973 | else | |
974 | warned = (func | |
975 | ? warning_at (loc, opt, | |
976 | (maybe | |
977 | ? G_("%qD may access between %E and %E " | |
978 | "bytes in a region of size %E") | |
979 | : G_("%qD accessing between %E and %E " | |
980 | "bytes in a region of size %E")), | |
981 | func, range[0], range[1], size) | |
982 | : warning_at (loc, opt, | |
983 | (maybe | |
984 | ? G_("may access between %E and %E bytes " | |
985 | "in a region of size %E") | |
986 | : G_("accessing between %E and %E bytes " | |
987 | "in a region of size %E")), | |
988 | range[0], range[1], size)); | |
989 | return warned; | |
990 | } | |
991 | ||
992 | if (write) | |
993 | { | |
994 | if (tree_int_cst_equal (range[0], range[1])) | |
995 | warned = (func | |
996 | ? warning_n (loc, opt, tree_to_uhwi (range[0]), | |
997 | (maybe | |
998 | ? G_("%qD may write %E byte into a region " | |
999 | "of size %E") | |
1000 | : G_("%qD writing %E byte into a region " | |
1001 | "of size %E overflows the destination")), | |
1002 | (maybe | |
1003 | ? G_("%qD may write %E bytes into a region " | |
1004 | "of size %E") | |
1005 | : G_("%qD writing %E bytes into a region " | |
1006 | "of size %E overflows the destination")), | |
1007 | func, range[0], size) | |
1008 | : warning_n (loc, opt, tree_to_uhwi (range[0]), | |
1009 | (maybe | |
1010 | ? G_("may write %E byte into a region " | |
1011 | "of size %E") | |
1012 | : G_("writing %E byte into a region " | |
1013 | "of size %E overflows the destination")), | |
1014 | (maybe | |
1015 | ? G_("may write %E bytes into a region " | |
1016 | "of size %E") | |
1017 | : G_("writing %E bytes into a region " | |
1018 | "of size %E overflows the destination")), | |
1019 | range[0], size)); | |
1020 | else if (tree_int_cst_sign_bit (range[1])) | |
1021 | { | |
1022 | /* Avoid printing the upper bound if it's invalid. */ | |
1023 | warned = (func | |
1024 | ? warning_at (loc, opt, | |
1025 | (maybe | |
1026 | ? G_("%qD may write %E or more bytes " | |
1027 | "into a region of size %E") | |
1028 | : G_("%qD writing %E or more bytes " | |
1029 | "into a region of size %E overflows " | |
1030 | "the destination")), | |
1031 | func, range[0], size) | |
1032 | : warning_at (loc, opt, | |
1033 | (maybe | |
1034 | ? G_("may write %E or more bytes into " | |
1035 | "a region of size %E") | |
1036 | : G_("writing %E or more bytes into " | |
1037 | "a region of size %E overflows " | |
1038 | "the destination")), | |
1039 | range[0], size)); | |
1040 | } | |
1041 | else | |
1042 | warned = (func | |
1043 | ? warning_at (loc, opt, | |
1044 | (maybe | |
1045 | ? G_("%qD may write between %E and %E bytes " | |
1046 | "into a region of size %E") | |
1047 | : G_("%qD writing between %E and %E bytes " | |
1048 | "into a region of size %E overflows " | |
1049 | "the destination")), | |
1050 | func, range[0], range[1], size) | |
1051 | : warning_at (loc, opt, | |
1052 | (maybe | |
1053 | ? G_("may write between %E and %E bytes " | |
1054 | "into a region of size %E") | |
1055 | : G_("writing between %E and %E bytes " | |
1056 | "into a region of size %E overflows " | |
1057 | "the destination")), | |
1058 | range[0], range[1], size)); | |
1059 | return warned; | |
1060 | } | |
1061 | ||
1062 | if (read) | |
1063 | { | |
1064 | if (tree_int_cst_equal (range[0], range[1])) | |
1065 | warned = (func | |
1066 | ? warning_n (loc, OPT_Wstringop_overread, | |
1067 | tree_to_uhwi (range[0]), | |
1068 | (maybe | |
1069 | ? G_("%qD may read %E byte from a region " | |
1070 | "of size %E") | |
1071 | : G_("%qD reading %E byte from a region " | |
1072 | "of size %E")), | |
1073 | (maybe | |
1074 | ? G_("%qD may read %E bytes from a region " | |
1075 | "of size %E") | |
1076 | : G_("%qD reading %E bytes from a region " | |
1077 | "of size %E")), | |
1078 | func, range[0], size) | |
1079 | : warning_n (loc, OPT_Wstringop_overread, | |
1080 | tree_to_uhwi (range[0]), | |
1081 | (maybe | |
1082 | ? G_("may read %E byte from a region " | |
1083 | "of size %E") | |
1084 | : G_("reading %E byte from a region " | |
1085 | "of size %E")), | |
1086 | (maybe | |
1087 | ? G_("may read %E bytes from a region " | |
1088 | "of size %E") | |
1089 | : G_("reading %E bytes from a region " | |
1090 | "of size %E")), | |
1091 | range[0], size)); | |
1092 | else if (tree_int_cst_sign_bit (range[1])) | |
1093 | { | |
1094 | /* Avoid printing the upper bound if it's invalid. */ | |
1095 | warned = (func | |
1096 | ? warning_at (loc, OPT_Wstringop_overread, | |
1097 | (maybe | |
1098 | ? G_("%qD may read %E or more bytes " | |
1099 | "from a region of size %E") | |
1100 | : G_("%qD reading %E or more bytes " | |
1101 | "from a region of size %E")), | |
1102 | func, range[0], size) | |
1103 | : warning_at (loc, OPT_Wstringop_overread, | |
1104 | (maybe | |
1105 | ? G_("may read %E or more bytes " | |
1106 | "from a region of size %E") | |
1107 | : G_("reading %E or more bytes " | |
1108 | "from a region of size %E")), | |
1109 | range[0], size)); | |
1110 | } | |
1111 | else | |
1112 | warned = (func | |
1113 | ? warning_at (loc, OPT_Wstringop_overread, | |
1114 | (maybe | |
1115 | ? G_("%qD may read between %E and %E bytes " | |
1116 | "from a region of size %E") | |
1117 | : G_("%qD reading between %E and %E bytes " | |
1118 | "from a region of size %E")), | |
1119 | func, range[0], range[1], size) | |
1120 | : warning_at (loc, opt, | |
1121 | (maybe | |
1122 | ? G_("may read between %E and %E bytes " | |
1123 | "from a region of size %E") | |
1124 | : G_("reading between %E and %E bytes " | |
1125 | "from a region of size %E")), | |
1126 | range[0], range[1], size)); | |
1127 | ||
1128 | if (warned) | |
1129 | suppress_warning (exp, OPT_Wstringop_overread); | |
1130 | ||
1131 | return warned; | |
1132 | } | |
1133 | ||
1134 | if (tree_int_cst_equal (range[0], range[1]) | |
1135 | || tree_int_cst_sign_bit (range[1])) | |
1136 | warned = (func | |
1137 | ? warning_n (loc, OPT_Wstringop_overread, | |
1138 | tree_to_uhwi (range[0]), | |
1139 | "%qD expecting %E byte in a region of size %E", | |
1140 | "%qD expecting %E bytes in a region of size %E", | |
1141 | func, range[0], size) | |
1142 | : warning_n (loc, OPT_Wstringop_overread, | |
1143 | tree_to_uhwi (range[0]), | |
1144 | "expecting %E byte in a region of size %E", | |
1145 | "expecting %E bytes in a region of size %E", | |
1146 | range[0], size)); | |
1147 | else if (tree_int_cst_sign_bit (range[1])) | |
1148 | { | |
1149 | /* Avoid printing the upper bound if it's invalid. */ | |
1150 | warned = (func | |
1151 | ? warning_at (loc, OPT_Wstringop_overread, | |
1152 | "%qD expecting %E or more bytes in a region " | |
1153 | "of size %E", | |
1154 | func, range[0], size) | |
1155 | : warning_at (loc, OPT_Wstringop_overread, | |
1156 | "expecting %E or more bytes in a region " | |
1157 | "of size %E", | |
1158 | range[0], size)); | |
1159 | } | |
1160 | else | |
1161 | warned = (func | |
1162 | ? warning_at (loc, OPT_Wstringop_overread, | |
1163 | "%qD expecting between %E and %E bytes in " | |
1164 | "a region of size %E", | |
1165 | func, range[0], range[1], size) | |
1166 | : warning_at (loc, OPT_Wstringop_overread, | |
1167 | "expecting between %E and %E bytes in " | |
1168 | "a region of size %E", | |
1169 | range[0], range[1], size)); | |
1170 | ||
1171 | if (warned) | |
1172 | suppress_warning (exp, OPT_Wstringop_overread); | |
1173 | ||
1174 | return warned; | |
1175 | } | |
1176 | ||
81d6cdd3 MS |
1177 | static bool |
1178 | warn_for_access (location_t loc, tree func, gimple *stmt, int opt, | |
1179 | tree range[2], tree size, bool write, bool read, bool maybe) | |
1180 | { | |
1181 | return warn_for_access<gimple *>(loc, func, stmt, opt, range, size, | |
1182 | write, read, maybe); | |
1183 | } | |
1184 | ||
1185 | static bool | |
1186 | warn_for_access (location_t loc, tree func, tree expr, int opt, | |
1187 | tree range[2], tree size, bool write, bool read, bool maybe) | |
1188 | { | |
1189 | return warn_for_access<tree>(loc, func, expr, opt, range, size, | |
1190 | write, read, maybe); | |
1191 | } | |
1192 | ||
2a837de2 MS |
1193 | /* Helper to set RANGE to the range of BOUND if it's nonnull, bounded |
1194 | by BNDRNG if nonnull and valid. */ | |
1195 | ||
b48d4e68 | 1196 | static void |
9a27acc3 | 1197 | get_size_range (range_query *query, tree bound, gimple *stmt, tree range[2], |
ece28da9 | 1198 | const offset_int bndrng[2]) |
2a837de2 MS |
1199 | { |
1200 | if (bound) | |
9a27acc3 | 1201 | get_size_range (query, bound, stmt, range); |
2a837de2 MS |
1202 | |
1203 | if (!bndrng || (bndrng[0] == 0 && bndrng[1] == HOST_WIDE_INT_M1U)) | |
1204 | return; | |
1205 | ||
1206 | if (range[0] && TREE_CODE (range[0]) == INTEGER_CST) | |
1207 | { | |
1208 | offset_int r[] = | |
1209 | { wi::to_offset (range[0]), wi::to_offset (range[1]) }; | |
1210 | if (r[0] < bndrng[0]) | |
1211 | range[0] = wide_int_to_tree (sizetype, bndrng[0]); | |
1212 | if (bndrng[1] < r[1]) | |
1213 | range[1] = wide_int_to_tree (sizetype, bndrng[1]); | |
1214 | } | |
1215 | else | |
1216 | { | |
1217 | range[0] = wide_int_to_tree (sizetype, bndrng[0]); | |
1218 | range[1] = wide_int_to_tree (sizetype, bndrng[1]); | |
1219 | } | |
1220 | } | |
1221 | ||
1222 | /* Try to verify that the sizes and lengths of the arguments to a string | |
1223 | manipulation function given by EXP are within valid bounds and that | |
1224 | the operation does not lead to buffer overflow or read past the end. | |
1225 | Arguments other than EXP may be null. When non-null, the arguments | |
1226 | have the following meaning: | |
1227 | DST is the destination of a copy call or NULL otherwise. | |
1228 | SRC is the source of a copy call or NULL otherwise. | |
1229 | DSTWRITE is the number of bytes written into the destination obtained | |
1230 | from the user-supplied size argument to the function (such as in | |
1231 | memcpy(DST, SRCs, DSTWRITE) or strncpy(DST, DRC, DSTWRITE). | |
1232 | MAXREAD is the user-supplied bound on the length of the source sequence | |
1233 | (such as in strncat(d, s, N). It specifies the upper limit on the number | |
1234 | of bytes to write. If NULL, it's taken to be the same as DSTWRITE. | |
1235 | SRCSTR is the source string (such as in strcpy(DST, SRC)) when the | |
1236 | expression EXP is a string function call (as opposed to a memory call | |
1237 | like memcpy). As an exception, SRCSTR can also be an integer denoting | |
1238 | the precomputed size of the source string or object (for functions like | |
1239 | memcpy). | |
1240 | DSTSIZE is the size of the destination object. | |
1241 | ||
1242 | When DSTWRITE is null LEN is checked to verify that it doesn't exceed | |
1243 | SIZE_MAX. | |
1244 | ||
1245 | WRITE is true for write accesses, READ is true for reads. Both are | |
1246 | false for simple size checks in calls to functions that neither read | |
1247 | from nor write to the region. | |
1248 | ||
1249 | When nonnull, PAD points to a more detailed description of the access. | |
1250 | ||
1251 | If the call is successfully verified as safe return true, otherwise | |
1252 | return false. */ | |
1253 | ||
81d6cdd3 MS |
1254 | template <class GimpleOrTree> |
1255 | static bool | |
1256 | check_access (GimpleOrTree exp, tree dstwrite, | |
2a837de2 | 1257 | tree maxread, tree srcstr, tree dstsize, |
9a27acc3 MS |
1258 | access_mode mode, const access_data *pad, |
1259 | range_query *rvals) | |
2a837de2 MS |
1260 | { |
1261 | /* The size of the largest object is half the address space, or | |
1262 | PTRDIFF_MAX. (This is way too permissive.) */ | |
1263 | tree maxobjsize = max_object_size (); | |
1264 | ||
1265 | /* Either an approximate/minimum the length of the source string for | |
1266 | string functions or the size of the source object for raw memory | |
1267 | functions. */ | |
1268 | tree slen = NULL_TREE; | |
1269 | ||
1270 | /* The range of the access in bytes; first set to the write access | |
1271 | for functions that write and then read for those that also (or | |
1272 | just) read. */ | |
1273 | tree range[2] = { NULL_TREE, NULL_TREE }; | |
1274 | ||
1275 | /* Set to true when the exact number of bytes written by a string | |
1276 | function like strcpy is not known and the only thing that is | |
1277 | known is that it must be at least one (for the terminating nul). */ | |
1278 | bool at_least_one = false; | |
1279 | if (srcstr) | |
1280 | { | |
1281 | /* SRCSTR is normally a pointer to string but as a special case | |
1282 | it can be an integer denoting the length of a string. */ | |
1283 | if (POINTER_TYPE_P (TREE_TYPE (srcstr))) | |
1284 | { | |
1285 | if (!check_nul_terminated_array (exp, srcstr, maxread)) | |
81d6cdd3 MS |
1286 | /* Return if the array is not nul-terminated and a warning |
1287 | has been issued. */ | |
2a837de2 | 1288 | return false; |
81d6cdd3 | 1289 | |
2a837de2 MS |
1290 | /* Try to determine the range of lengths the source string |
1291 | refers to. If it can be determined and is less than | |
1292 | the upper bound given by MAXREAD add one to it for | |
1293 | the terminating nul. Otherwise, set it to one for | |
1294 | the same reason, or to MAXREAD as appropriate. */ | |
1295 | c_strlen_data lendata = { }; | |
1296 | get_range_strlen (srcstr, &lendata, /* eltsize = */ 1); | |
1297 | range[0] = lendata.minlen; | |
1298 | range[1] = lendata.maxbound ? lendata.maxbound : lendata.maxlen; | |
1299 | if (range[0] | |
1300 | && TREE_CODE (range[0]) == INTEGER_CST | |
1301 | && TREE_CODE (range[1]) == INTEGER_CST | |
1302 | && (!maxread || TREE_CODE (maxread) == INTEGER_CST)) | |
1303 | { | |
1304 | if (maxread && tree_int_cst_le (maxread, range[0])) | |
1305 | range[0] = range[1] = maxread; | |
1306 | else | |
1307 | range[0] = fold_build2 (PLUS_EXPR, size_type_node, | |
1308 | range[0], size_one_node); | |
1309 | ||
1310 | if (maxread && tree_int_cst_le (maxread, range[1])) | |
1311 | range[1] = maxread; | |
1312 | else if (!integer_all_onesp (range[1])) | |
1313 | range[1] = fold_build2 (PLUS_EXPR, size_type_node, | |
1314 | range[1], size_one_node); | |
1315 | ||
1316 | slen = range[0]; | |
1317 | } | |
1318 | else | |
1319 | { | |
1320 | at_least_one = true; | |
1321 | slen = size_one_node; | |
1322 | } | |
1323 | } | |
1324 | else | |
1325 | slen = srcstr; | |
1326 | } | |
1327 | ||
1328 | if (!dstwrite && !maxread) | |
1329 | { | |
1330 | /* When the only available piece of data is the object size | |
1331 | there is nothing to do. */ | |
1332 | if (!slen) | |
1333 | return true; | |
1334 | ||
1335 | /* Otherwise, when the length of the source sequence is known | |
1336 | (as with strlen), set DSTWRITE to it. */ | |
1337 | if (!range[0]) | |
1338 | dstwrite = slen; | |
1339 | } | |
1340 | ||
1341 | if (!dstsize) | |
1342 | dstsize = maxobjsize; | |
1343 | ||
f9379fcb | 1344 | /* Set RANGE to that of DSTWRITE if non-null, bounded by PAD->DST_BNDRNG |
2a837de2 | 1345 | if valid. */ |
9a27acc3 | 1346 | gimple *stmt = pad ? pad->stmt : nullptr; |
f9379fcb | 1347 | get_size_range (rvals, dstwrite, stmt, range, pad ? pad->dst_bndrng : NULL); |
2a837de2 MS |
1348 | |
1349 | tree func = get_callee_fndecl (exp); | |
1350 | /* Read vs write access by built-ins can be determined from the const | |
1351 | qualifiers on the pointer argument. In the absence of attribute | |
1352 | access, non-const qualified pointer arguments to user-defined | |
1353 | functions are assumed to both read and write the objects. */ | |
1354 | const bool builtin = func ? fndecl_built_in_p (func) : false; | |
1355 | ||
1356 | /* First check the number of bytes to be written against the maximum | |
1357 | object size. */ | |
1358 | if (range[0] | |
1359 | && TREE_CODE (range[0]) == INTEGER_CST | |
1360 | && tree_int_cst_lt (maxobjsize, range[0])) | |
1361 | { | |
81d6cdd3 | 1362 | location_t loc = get_location (exp); |
2a837de2 MS |
1363 | maybe_warn_for_bound (OPT_Wstringop_overflow_, loc, exp, func, range, |
1364 | NULL_TREE, pad); | |
1365 | return false; | |
1366 | } | |
1367 | ||
1368 | /* The number of bytes to write is "exact" if DSTWRITE is non-null, | |
1369 | constant, and in range of unsigned HOST_WIDE_INT. */ | |
1370 | bool exactwrite = dstwrite && tree_fits_uhwi_p (dstwrite); | |
1371 | ||
1372 | /* Next check the number of bytes to be written against the destination | |
1373 | object size. */ | |
1374 | if (range[0] || !exactwrite || integer_all_onesp (dstwrite)) | |
1375 | { | |
1376 | if (range[0] | |
1377 | && TREE_CODE (range[0]) == INTEGER_CST | |
1378 | && ((tree_fits_uhwi_p (dstsize) | |
1379 | && tree_int_cst_lt (dstsize, range[0])) | |
1380 | || (dstwrite | |
1381 | && tree_fits_uhwi_p (dstwrite) | |
1382 | && tree_int_cst_lt (dstwrite, range[0])))) | |
1383 | { | |
1384 | const opt_code opt = OPT_Wstringop_overflow_; | |
1385 | if (warning_suppressed_p (exp, opt) | |
1386 | || (pad && pad->dst.ref | |
1387 | && warning_suppressed_p (pad->dst.ref, opt))) | |
1388 | return false; | |
1389 | ||
81d6cdd3 | 1390 | location_t loc = get_location (exp); |
2a837de2 MS |
1391 | bool warned = false; |
1392 | if (dstwrite == slen && at_least_one) | |
1393 | { | |
1394 | /* This is a call to strcpy with a destination of 0 size | |
1395 | and a source of unknown length. The call will write | |
1396 | at least one byte past the end of the destination. */ | |
1397 | warned = (func | |
1398 | ? warning_at (loc, opt, | |
1399 | "%qD writing %E or more bytes into " | |
1400 | "a region of size %E overflows " | |
1401 | "the destination", | |
1402 | func, range[0], dstsize) | |
1403 | : warning_at (loc, opt, | |
1404 | "writing %E or more bytes into " | |
1405 | "a region of size %E overflows " | |
1406 | "the destination", | |
1407 | range[0], dstsize)); | |
1408 | } | |
1409 | else | |
1410 | { | |
1411 | const bool read | |
1412 | = mode == access_read_only || mode == access_read_write; | |
1413 | const bool write | |
1414 | = mode == access_write_only || mode == access_read_write; | |
1415 | const bool maybe = pad && pad->dst.parmarray; | |
1416 | warned = warn_for_access (loc, func, exp, | |
1417 | OPT_Wstringop_overflow_, | |
1418 | range, dstsize, | |
1419 | write, read && !builtin, maybe); | |
1420 | } | |
1421 | ||
1422 | if (warned) | |
1423 | { | |
1424 | suppress_warning (exp, OPT_Wstringop_overflow_); | |
1425 | if (pad) | |
1426 | pad->dst.inform_access (pad->mode); | |
1427 | } | |
1428 | ||
1429 | /* Return error when an overflow has been detected. */ | |
1430 | return false; | |
1431 | } | |
1432 | } | |
1433 | ||
1434 | /* Check the maximum length of the source sequence against the size | |
1435 | of the destination object if known, or against the maximum size | |
1436 | of an object. */ | |
1437 | if (maxread) | |
1438 | { | |
f9379fcb | 1439 | /* Set RANGE to that of MAXREAD, bounded by PAD->SRC_BNDRNG if |
2a837de2 | 1440 | PAD is nonnull and BNDRNG is valid. */ |
f9379fcb | 1441 | get_size_range (rvals, maxread, stmt, range, pad ? pad->src_bndrng : NULL); |
2a837de2 | 1442 | |
81d6cdd3 | 1443 | location_t loc = get_location (exp); |
2a837de2 MS |
1444 | tree size = dstsize; |
1445 | if (pad && pad->mode == access_read_only) | |
820f0940 | 1446 | size = wide_int_to_tree (sizetype, pad->src.size_remaining ()); |
2a837de2 MS |
1447 | |
1448 | if (range[0] && maxread && tree_fits_uhwi_p (size)) | |
1449 | { | |
1450 | if (tree_int_cst_lt (maxobjsize, range[0])) | |
1451 | { | |
1452 | maybe_warn_for_bound (OPT_Wstringop_overread, loc, exp, func, | |
1453 | range, size, pad); | |
1454 | return false; | |
1455 | } | |
1456 | ||
1457 | if (size != maxobjsize && tree_int_cst_lt (size, range[0])) | |
1458 | { | |
1459 | opt_code opt = (dstwrite || mode != access_read_only | |
1460 | ? OPT_Wstringop_overflow_ | |
1461 | : OPT_Wstringop_overread); | |
1462 | maybe_warn_for_bound (opt, loc, exp, func, range, size, pad); | |
1463 | return false; | |
1464 | } | |
1465 | } | |
1466 | ||
1467 | maybe_warn_nonstring_arg (func, exp); | |
1468 | } | |
1469 | ||
1470 | /* Check for reading past the end of SRC. */ | |
1471 | bool overread = (slen | |
1472 | && slen == srcstr | |
1473 | && dstwrite | |
1474 | && range[0] | |
1475 | && TREE_CODE (slen) == INTEGER_CST | |
1476 | && tree_int_cst_lt (slen, range[0])); | |
1477 | /* If none is determined try to get a better answer based on the details | |
1478 | in PAD. */ | |
1479 | if (!overread | |
1480 | && pad | |
1481 | && pad->src.sizrng[1] >= 0 | |
1482 | && pad->src.offrng[0] >= 0 | |
1483 | && (pad->src.offrng[1] < 0 | |
1484 | || pad->src.offrng[0] <= pad->src.offrng[1])) | |
1485 | { | |
f9379fcb | 1486 | /* Set RANGE to that of MAXREAD, bounded by PAD->SRC_BNDRNG if |
2a837de2 | 1487 | PAD is nonnull and BNDRNG is valid. */ |
f9379fcb | 1488 | get_size_range (rvals, maxread, stmt, range, pad ? pad->src_bndrng : NULL); |
2a837de2 | 1489 | /* Set OVERREAD for reads starting just past the end of an object. */ |
f9379fcb MS |
1490 | overread = pad->src.sizrng[1] - pad->src.offrng[0] < pad->src_bndrng[0]; |
1491 | range[0] = wide_int_to_tree (sizetype, pad->src_bndrng[0]); | |
2a837de2 MS |
1492 | slen = size_zero_node; |
1493 | } | |
1494 | ||
1495 | if (overread) | |
1496 | { | |
1497 | const opt_code opt = OPT_Wstringop_overread; | |
1498 | if (warning_suppressed_p (exp, opt) | |
1499 | || (srcstr && warning_suppressed_p (srcstr, opt)) | |
1500 | || (pad && pad->src.ref | |
1501 | && warning_suppressed_p (pad->src.ref, opt))) | |
1502 | return false; | |
1503 | ||
81d6cdd3 | 1504 | location_t loc = get_location (exp); |
2a837de2 MS |
1505 | const bool read |
1506 | = mode == access_read_only || mode == access_read_write; | |
1507 | const bool maybe = pad && pad->dst.parmarray; | |
1508 | if (warn_for_access (loc, func, exp, opt, range, slen, false, read, | |
1509 | maybe)) | |
1510 | { | |
1511 | suppress_warning (exp, opt); | |
1512 | if (pad) | |
1513 | pad->src.inform_access (access_read_only); | |
1514 | } | |
1515 | return false; | |
1516 | } | |
1517 | ||
1518 | return true; | |
1519 | } | |
1520 | ||
9a27acc3 | 1521 | static bool |
81d6cdd3 MS |
1522 | check_access (gimple *stmt, tree dstwrite, |
1523 | tree maxread, tree srcstr, tree dstsize, | |
9a27acc3 MS |
1524 | access_mode mode, const access_data *pad, |
1525 | range_query *rvals) | |
81d6cdd3 | 1526 | { |
9a27acc3 MS |
1527 | return check_access<gimple *> (stmt, dstwrite, maxread, srcstr, dstsize, |
1528 | mode, pad, rvals); | |
81d6cdd3 MS |
1529 | } |
1530 | ||
1531 | bool | |
1532 | check_access (tree expr, tree dstwrite, | |
1533 | tree maxread, tree srcstr, tree dstsize, | |
1534 | access_mode mode, const access_data *pad /* = NULL */) | |
1535 | { | |
9a27acc3 MS |
1536 | return check_access<tree> (expr, dstwrite, maxread, srcstr, dstsize, |
1537 | mode, pad, nullptr); | |
81d6cdd3 MS |
1538 | } |
1539 | ||
2a837de2 MS |
1540 | /* Return true if STMT is a call to an allocation function. Unless |
1541 | ALL_ALLOC is set, consider only functions that return dynmamically | |
1542 | allocated objects. Otherwise return true even for all forms of | |
1543 | alloca (including VLA). */ | |
1544 | ||
1545 | static bool | |
1546 | fndecl_alloc_p (tree fndecl, bool all_alloc) | |
1547 | { | |
1548 | if (!fndecl) | |
1549 | return false; | |
1550 | ||
1551 | /* A call to operator new isn't recognized as one to a built-in. */ | |
1552 | if (DECL_IS_OPERATOR_NEW_P (fndecl)) | |
1553 | return true; | |
1554 | ||
1555 | if (fndecl_built_in_p (fndecl, BUILT_IN_NORMAL)) | |
1556 | { | |
1557 | switch (DECL_FUNCTION_CODE (fndecl)) | |
1558 | { | |
1559 | case BUILT_IN_ALLOCA: | |
1560 | case BUILT_IN_ALLOCA_WITH_ALIGN: | |
1561 | return all_alloc; | |
1562 | case BUILT_IN_ALIGNED_ALLOC: | |
1563 | case BUILT_IN_CALLOC: | |
1564 | case BUILT_IN_GOMP_ALLOC: | |
1565 | case BUILT_IN_MALLOC: | |
1566 | case BUILT_IN_REALLOC: | |
1567 | case BUILT_IN_STRDUP: | |
1568 | case BUILT_IN_STRNDUP: | |
1569 | return true; | |
1570 | default: | |
1571 | break; | |
1572 | } | |
1573 | } | |
1574 | ||
1575 | /* A function is considered an allocation function if it's declared | |
1576 | with attribute malloc with an argument naming its associated | |
1577 | deallocation function. */ | |
1578 | tree attrs = DECL_ATTRIBUTES (fndecl); | |
1579 | if (!attrs) | |
1580 | return false; | |
1581 | ||
1582 | for (tree allocs = attrs; | |
1583 | (allocs = lookup_attribute ("malloc", allocs)); | |
1584 | allocs = TREE_CHAIN (allocs)) | |
1585 | { | |
1586 | tree args = TREE_VALUE (allocs); | |
1587 | if (!args) | |
1588 | continue; | |
1589 | ||
1590 | if (TREE_VALUE (args)) | |
1591 | return true; | |
1592 | } | |
1593 | ||
1594 | return false; | |
1595 | } | |
1596 | ||
1597 | /* Return true if STMT is a call to an allocation function. A wrapper | |
1598 | around fndecl_alloc_p. */ | |
1599 | ||
1600 | static bool | |
1601 | gimple_call_alloc_p (gimple *stmt, bool all_alloc = false) | |
1602 | { | |
1603 | return fndecl_alloc_p (gimple_call_fndecl (stmt), all_alloc); | |
1604 | } | |
1605 | ||
1606 | /* Return true if DELC doesn't refer to an operator delete that's | |
1607 | suitable to call with a pointer returned from the operator new | |
1608 | described by NEWC. */ | |
1609 | ||
1610 | static bool | |
1611 | new_delete_mismatch_p (const demangle_component &newc, | |
1612 | const demangle_component &delc) | |
1613 | { | |
1614 | if (newc.type != delc.type) | |
1615 | return true; | |
1616 | ||
1617 | switch (newc.type) | |
1618 | { | |
1619 | case DEMANGLE_COMPONENT_NAME: | |
1620 | { | |
1621 | int len = newc.u.s_name.len; | |
1622 | const char *news = newc.u.s_name.s; | |
1623 | const char *dels = delc.u.s_name.s; | |
1624 | if (len != delc.u.s_name.len || memcmp (news, dels, len)) | |
1625 | return true; | |
1626 | ||
1627 | if (news[len] == 'n') | |
1628 | { | |
1629 | if (news[len + 1] == 'a') | |
1630 | return dels[len] != 'd' || dels[len + 1] != 'a'; | |
1631 | if (news[len + 1] == 'w') | |
1632 | return dels[len] != 'd' || dels[len + 1] != 'l'; | |
1633 | } | |
1634 | return false; | |
1635 | } | |
1636 | ||
1637 | case DEMANGLE_COMPONENT_OPERATOR: | |
1638 | /* Operator mismatches are handled above. */ | |
1639 | return false; | |
1640 | ||
1641 | case DEMANGLE_COMPONENT_EXTENDED_OPERATOR: | |
1642 | if (newc.u.s_extended_operator.args != delc.u.s_extended_operator.args) | |
1643 | return true; | |
1644 | return new_delete_mismatch_p (*newc.u.s_extended_operator.name, | |
1645 | *delc.u.s_extended_operator.name); | |
1646 | ||
1647 | case DEMANGLE_COMPONENT_FIXED_TYPE: | |
1648 | if (newc.u.s_fixed.accum != delc.u.s_fixed.accum | |
1649 | || newc.u.s_fixed.sat != delc.u.s_fixed.sat) | |
1650 | return true; | |
1651 | return new_delete_mismatch_p (*newc.u.s_fixed.length, | |
1652 | *delc.u.s_fixed.length); | |
1653 | ||
1654 | case DEMANGLE_COMPONENT_CTOR: | |
1655 | if (newc.u.s_ctor.kind != delc.u.s_ctor.kind) | |
1656 | return true; | |
1657 | return new_delete_mismatch_p (*newc.u.s_ctor.name, | |
1658 | *delc.u.s_ctor.name); | |
1659 | ||
1660 | case DEMANGLE_COMPONENT_DTOR: | |
1661 | if (newc.u.s_dtor.kind != delc.u.s_dtor.kind) | |
1662 | return true; | |
1663 | return new_delete_mismatch_p (*newc.u.s_dtor.name, | |
1664 | *delc.u.s_dtor.name); | |
1665 | ||
1666 | case DEMANGLE_COMPONENT_BUILTIN_TYPE: | |
1667 | { | |
1668 | /* The demangler API provides no better way to compare built-in | |
1669 | types except to by comparing their demangled names. */ | |
1670 | size_t nsz, dsz; | |
1671 | demangle_component *pnc = const_cast<demangle_component *>(&newc); | |
1672 | demangle_component *pdc = const_cast<demangle_component *>(&delc); | |
1673 | char *nts = cplus_demangle_print (0, pnc, 16, &nsz); | |
1674 | char *dts = cplus_demangle_print (0, pdc, 16, &dsz); | |
1675 | if (!nts != !dts) | |
1676 | return true; | |
1677 | bool mismatch = strcmp (nts, dts); | |
1678 | free (nts); | |
1679 | free (dts); | |
1680 | return mismatch; | |
1681 | } | |
1682 | ||
1683 | case DEMANGLE_COMPONENT_SUB_STD: | |
1684 | if (newc.u.s_string.len != delc.u.s_string.len) | |
1685 | return true; | |
1686 | return memcmp (newc.u.s_string.string, delc.u.s_string.string, | |
1687 | newc.u.s_string.len); | |
1688 | ||
1689 | case DEMANGLE_COMPONENT_FUNCTION_PARAM: | |
1690 | case DEMANGLE_COMPONENT_TEMPLATE_PARAM: | |
1691 | return newc.u.s_number.number != delc.u.s_number.number; | |
1692 | ||
1693 | case DEMANGLE_COMPONENT_CHARACTER: | |
1694 | return newc.u.s_character.character != delc.u.s_character.character; | |
1695 | ||
1696 | case DEMANGLE_COMPONENT_DEFAULT_ARG: | |
1697 | case DEMANGLE_COMPONENT_LAMBDA: | |
1698 | if (newc.u.s_unary_num.num != delc.u.s_unary_num.num) | |
1699 | return true; | |
1700 | return new_delete_mismatch_p (*newc.u.s_unary_num.sub, | |
1701 | *delc.u.s_unary_num.sub); | |
1702 | default: | |
1703 | break; | |
1704 | } | |
1705 | ||
1706 | if (!newc.u.s_binary.left != !delc.u.s_binary.left) | |
1707 | return true; | |
1708 | ||
1709 | if (!newc.u.s_binary.left) | |
1710 | return false; | |
1711 | ||
1712 | if (new_delete_mismatch_p (*newc.u.s_binary.left, *delc.u.s_binary.left) | |
1713 | || !newc.u.s_binary.right != !delc.u.s_binary.right) | |
1714 | return true; | |
1715 | ||
1716 | if (newc.u.s_binary.right) | |
1717 | return new_delete_mismatch_p (*newc.u.s_binary.right, | |
1718 | *delc.u.s_binary.right); | |
1719 | return false; | |
1720 | } | |
1721 | ||
1722 | /* Return true if DELETE_DECL is an operator delete that's not suitable | |
1723 | to call with a pointer returned fron NEW_DECL. */ | |
1724 | ||
1725 | static bool | |
1726 | new_delete_mismatch_p (tree new_decl, tree delete_decl) | |
1727 | { | |
1728 | tree new_name = DECL_ASSEMBLER_NAME (new_decl); | |
1729 | tree delete_name = DECL_ASSEMBLER_NAME (delete_decl); | |
1730 | ||
1731 | /* valid_new_delete_pair_p() returns a conservative result (currently | |
1732 | it only handles global operators). A true result is reliable but | |
96194a07 MS |
1733 | a false result doesn't necessarily mean the operators don't match |
1734 | unless CERTAIN is set. */ | |
1735 | bool certain; | |
1736 | if (valid_new_delete_pair_p (new_name, delete_name, &certain)) | |
2a837de2 | 1737 | return false; |
96194a07 MS |
1738 | /* CERTAIN is set when the negative result is certain. */ |
1739 | if (certain) | |
1740 | return true; | |
2a837de2 MS |
1741 | |
1742 | /* For anything not handled by valid_new_delete_pair_p() such as member | |
1743 | operators compare the individual demangled components of the mangled | |
1744 | name. */ | |
1745 | const char *new_str = IDENTIFIER_POINTER (new_name); | |
1746 | const char *del_str = IDENTIFIER_POINTER (delete_name); | |
1747 | ||
1748 | void *np = NULL, *dp = NULL; | |
1749 | demangle_component *ndc = cplus_demangle_v3_components (new_str, 0, &np); | |
1750 | demangle_component *ddc = cplus_demangle_v3_components (del_str, 0, &dp); | |
1751 | bool mismatch = new_delete_mismatch_p (*ndc, *ddc); | |
1752 | free (np); | |
1753 | free (dp); | |
1754 | return mismatch; | |
1755 | } | |
1756 | ||
1757 | /* ALLOC_DECL and DEALLOC_DECL are pair of allocation and deallocation | |
1758 | functions. Return true if the latter is suitable to deallocate objects | |
1759 | allocated by calls to the former. */ | |
1760 | ||
1761 | static bool | |
1762 | matching_alloc_calls_p (tree alloc_decl, tree dealloc_decl) | |
1763 | { | |
1764 | /* Set to alloc_kind_t::builtin if ALLOC_DECL is associated with | |
1765 | a built-in deallocator. */ | |
1766 | enum class alloc_kind_t { none, builtin, user } | |
1767 | alloc_dealloc_kind = alloc_kind_t::none; | |
1768 | ||
1769 | if (DECL_IS_OPERATOR_NEW_P (alloc_decl)) | |
1770 | { | |
1771 | if (DECL_IS_OPERATOR_DELETE_P (dealloc_decl)) | |
1772 | /* Return true iff both functions are of the same array or | |
1773 | singleton form and false otherwise. */ | |
1774 | return !new_delete_mismatch_p (alloc_decl, dealloc_decl); | |
1775 | ||
1776 | /* Return false for deallocation functions that are known not | |
1777 | to match. */ | |
1778 | if (fndecl_built_in_p (dealloc_decl, BUILT_IN_FREE) | |
1779 | || fndecl_built_in_p (dealloc_decl, BUILT_IN_REALLOC)) | |
1780 | return false; | |
1781 | /* Otherwise proceed below to check the deallocation function's | |
1782 | "*dealloc" attributes to look for one that mentions this operator | |
1783 | new. */ | |
1784 | } | |
1785 | else if (fndecl_built_in_p (alloc_decl, BUILT_IN_NORMAL)) | |
1786 | { | |
1787 | switch (DECL_FUNCTION_CODE (alloc_decl)) | |
1788 | { | |
1789 | case BUILT_IN_ALLOCA: | |
1790 | case BUILT_IN_ALLOCA_WITH_ALIGN: | |
1791 | return false; | |
1792 | ||
1793 | case BUILT_IN_ALIGNED_ALLOC: | |
1794 | case BUILT_IN_CALLOC: | |
1795 | case BUILT_IN_GOMP_ALLOC: | |
1796 | case BUILT_IN_MALLOC: | |
1797 | case BUILT_IN_REALLOC: | |
1798 | case BUILT_IN_STRDUP: | |
1799 | case BUILT_IN_STRNDUP: | |
1800 | if (DECL_IS_OPERATOR_DELETE_P (dealloc_decl)) | |
1801 | return false; | |
1802 | ||
1803 | if (fndecl_built_in_p (dealloc_decl, BUILT_IN_FREE) | |
1804 | || fndecl_built_in_p (dealloc_decl, BUILT_IN_REALLOC)) | |
1805 | return true; | |
1806 | ||
1807 | alloc_dealloc_kind = alloc_kind_t::builtin; | |
1808 | break; | |
1809 | ||
1810 | default: | |
1811 | break; | |
1812 | } | |
1813 | } | |
1814 | ||
1815 | /* Set if DEALLOC_DECL both allocates and deallocates. */ | |
1816 | alloc_kind_t realloc_kind = alloc_kind_t::none; | |
1817 | ||
1818 | if (fndecl_built_in_p (dealloc_decl, BUILT_IN_NORMAL)) | |
1819 | { | |
1820 | built_in_function dealloc_code = DECL_FUNCTION_CODE (dealloc_decl); | |
1821 | if (dealloc_code == BUILT_IN_REALLOC) | |
1822 | realloc_kind = alloc_kind_t::builtin; | |
1823 | ||
1824 | for (tree amats = DECL_ATTRIBUTES (alloc_decl); | |
1825 | (amats = lookup_attribute ("malloc", amats)); | |
1826 | amats = TREE_CHAIN (amats)) | |
1827 | { | |
1828 | tree args = TREE_VALUE (amats); | |
1829 | if (!args) | |
1830 | continue; | |
1831 | ||
1832 | tree fndecl = TREE_VALUE (args); | |
1833 | if (!fndecl || !DECL_P (fndecl)) | |
1834 | continue; | |
1835 | ||
1836 | if (fndecl_built_in_p (fndecl, BUILT_IN_NORMAL) | |
1837 | && dealloc_code == DECL_FUNCTION_CODE (fndecl)) | |
1838 | return true; | |
1839 | } | |
1840 | } | |
1841 | ||
1842 | const bool alloc_builtin = fndecl_built_in_p (alloc_decl, BUILT_IN_NORMAL); | |
1843 | alloc_kind_t realloc_dealloc_kind = alloc_kind_t::none; | |
1844 | ||
1845 | /* If DEALLOC_DECL has an internal "*dealloc" attribute scan the list | |
1846 | of its associated allocation functions for ALLOC_DECL. | |
1847 | If the corresponding ALLOC_DECL is found they're a matching pair, | |
1848 | otherwise they're not. | |
1849 | With DDATS set to the Deallocator's *Dealloc ATtributes... */ | |
1850 | for (tree ddats = DECL_ATTRIBUTES (dealloc_decl); | |
1851 | (ddats = lookup_attribute ("*dealloc", ddats)); | |
1852 | ddats = TREE_CHAIN (ddats)) | |
1853 | { | |
1854 | tree args = TREE_VALUE (ddats); | |
1855 | if (!args) | |
1856 | continue; | |
1857 | ||
1858 | tree alloc = TREE_VALUE (args); | |
1859 | if (!alloc) | |
1860 | continue; | |
1861 | ||
1862 | if (alloc == DECL_NAME (dealloc_decl)) | |
1863 | realloc_kind = alloc_kind_t::user; | |
1864 | ||
1865 | if (DECL_P (alloc)) | |
1866 | { | |
1867 | gcc_checking_assert (fndecl_built_in_p (alloc, BUILT_IN_NORMAL)); | |
1868 | ||
1869 | switch (DECL_FUNCTION_CODE (alloc)) | |
1870 | { | |
1871 | case BUILT_IN_ALIGNED_ALLOC: | |
1872 | case BUILT_IN_CALLOC: | |
1873 | case BUILT_IN_GOMP_ALLOC: | |
1874 | case BUILT_IN_MALLOC: | |
1875 | case BUILT_IN_REALLOC: | |
1876 | case BUILT_IN_STRDUP: | |
1877 | case BUILT_IN_STRNDUP: | |
1878 | realloc_dealloc_kind = alloc_kind_t::builtin; | |
1879 | break; | |
1880 | default: | |
1881 | break; | |
1882 | } | |
1883 | ||
1884 | if (!alloc_builtin) | |
1885 | continue; | |
1886 | ||
1887 | if (DECL_FUNCTION_CODE (alloc) != DECL_FUNCTION_CODE (alloc_decl)) | |
1888 | continue; | |
1889 | ||
1890 | return true; | |
1891 | } | |
1892 | ||
1893 | if (alloc == DECL_NAME (alloc_decl)) | |
1894 | return true; | |
1895 | } | |
1896 | ||
1897 | if (realloc_kind == alloc_kind_t::none) | |
1898 | return false; | |
1899 | ||
1900 | hash_set<tree> common_deallocs; | |
1901 | /* Special handling for deallocators. Iterate over both the allocator's | |
1902 | and the reallocator's associated deallocator functions looking for | |
1903 | the first one in common. If one is found, the de/reallocator is | |
1904 | a match for the allocator even though the latter isn't directly | |
1905 | associated with the former. This simplifies declarations in system | |
1906 | headers. | |
1907 | With AMATS set to the Allocator's Malloc ATtributes, | |
1908 | and RMATS set to Reallocator's Malloc ATtributes... */ | |
1909 | for (tree amats = DECL_ATTRIBUTES (alloc_decl), | |
1910 | rmats = DECL_ATTRIBUTES (dealloc_decl); | |
1911 | (amats = lookup_attribute ("malloc", amats)) | |
1912 | || (rmats = lookup_attribute ("malloc", rmats)); | |
1913 | amats = amats ? TREE_CHAIN (amats) : NULL_TREE, | |
1914 | rmats = rmats ? TREE_CHAIN (rmats) : NULL_TREE) | |
1915 | { | |
1916 | if (tree args = amats ? TREE_VALUE (amats) : NULL_TREE) | |
1917 | if (tree adealloc = TREE_VALUE (args)) | |
1918 | { | |
1919 | if (DECL_P (adealloc) | |
1920 | && fndecl_built_in_p (adealloc, BUILT_IN_NORMAL)) | |
1921 | { | |
1922 | built_in_function fncode = DECL_FUNCTION_CODE (adealloc); | |
1923 | if (fncode == BUILT_IN_FREE || fncode == BUILT_IN_REALLOC) | |
1924 | { | |
1925 | if (realloc_kind == alloc_kind_t::builtin) | |
1926 | return true; | |
1927 | alloc_dealloc_kind = alloc_kind_t::builtin; | |
1928 | } | |
1929 | continue; | |
1930 | } | |
1931 | ||
1932 | common_deallocs.add (adealloc); | |
1933 | } | |
1934 | ||
1935 | if (tree args = rmats ? TREE_VALUE (rmats) : NULL_TREE) | |
1936 | if (tree ddealloc = TREE_VALUE (args)) | |
1937 | { | |
1938 | if (DECL_P (ddealloc) | |
1939 | && fndecl_built_in_p (ddealloc, BUILT_IN_NORMAL)) | |
1940 | { | |
1941 | built_in_function fncode = DECL_FUNCTION_CODE (ddealloc); | |
1942 | if (fncode == BUILT_IN_FREE || fncode == BUILT_IN_REALLOC) | |
1943 | { | |
1944 | if (alloc_dealloc_kind == alloc_kind_t::builtin) | |
1945 | return true; | |
1946 | realloc_dealloc_kind = alloc_kind_t::builtin; | |
1947 | } | |
1948 | continue; | |
1949 | } | |
1950 | ||
1951 | if (common_deallocs.add (ddealloc)) | |
1952 | return true; | |
1953 | } | |
1954 | } | |
1955 | ||
1956 | /* Succeed only if ALLOC_DECL and the reallocator DEALLOC_DECL share | |
1957 | a built-in deallocator. */ | |
1958 | return (alloc_dealloc_kind == alloc_kind_t::builtin | |
1959 | && realloc_dealloc_kind == alloc_kind_t::builtin); | |
1960 | } | |
1961 | ||
1962 | /* Return true if DEALLOC_DECL is a function suitable to deallocate | |
1963 | objectes allocated by the ALLOC call. */ | |
1964 | ||
1965 | static bool | |
1966 | matching_alloc_calls_p (gimple *alloc, tree dealloc_decl) | |
1967 | { | |
1968 | tree alloc_decl = gimple_call_fndecl (alloc); | |
1969 | if (!alloc_decl) | |
1970 | return true; | |
1971 | ||
1972 | return matching_alloc_calls_p (alloc_decl, dealloc_decl); | |
1973 | } | |
1974 | ||
1975 | /* Diagnose a call EXP to deallocate a pointer referenced by AREF if it | |
1976 | includes a nonzero offset. Such a pointer cannot refer to the beginning | |
1977 | of an allocated object. A negative offset may refer to it only if | |
1978 | the target pointer is unknown. */ | |
1979 | ||
1980 | static bool | |
1981 | warn_dealloc_offset (location_t loc, gimple *call, const access_ref &aref) | |
1982 | { | |
1983 | if (aref.deref || aref.offrng[0] <= 0 || aref.offrng[1] <= 0) | |
1984 | return false; | |
1985 | ||
1986 | tree dealloc_decl = gimple_call_fndecl (call); | |
1987 | if (!dealloc_decl) | |
1988 | return false; | |
1989 | ||
1990 | if (DECL_IS_OPERATOR_DELETE_P (dealloc_decl) | |
1991 | && !DECL_IS_REPLACEABLE_OPERATOR (dealloc_decl)) | |
1992 | { | |
1993 | /* A call to a user-defined operator delete with a pointer plus offset | |
1994 | may be valid if it's returned from an unknown function (i.e., one | |
1995 | that's not operator new). */ | |
1996 | if (TREE_CODE (aref.ref) == SSA_NAME) | |
1997 | { | |
1998 | gimple *def_stmt = SSA_NAME_DEF_STMT (aref.ref); | |
1999 | if (is_gimple_call (def_stmt)) | |
2000 | { | |
2001 | tree alloc_decl = gimple_call_fndecl (def_stmt); | |
2002 | if (!alloc_decl || !DECL_IS_OPERATOR_NEW_P (alloc_decl)) | |
2003 | return false; | |
2004 | } | |
2005 | } | |
2006 | } | |
2007 | ||
2008 | char offstr[80]; | |
2009 | offstr[0] = '\0'; | |
2010 | if (wi::fits_shwi_p (aref.offrng[0])) | |
2011 | { | |
2012 | if (aref.offrng[0] == aref.offrng[1] | |
2013 | || !wi::fits_shwi_p (aref.offrng[1])) | |
2014 | sprintf (offstr, " %lli", | |
2015 | (long long)aref.offrng[0].to_shwi ()); | |
2016 | else | |
2017 | sprintf (offstr, " [%lli, %lli]", | |
2018 | (long long)aref.offrng[0].to_shwi (), | |
2019 | (long long)aref.offrng[1].to_shwi ()); | |
2020 | } | |
2021 | ||
2022 | if (!warning_at (loc, OPT_Wfree_nonheap_object, | |
2023 | "%qD called on pointer %qE with nonzero offset%s", | |
2024 | dealloc_decl, aref.ref, offstr)) | |
2025 | return false; | |
2026 | ||
2027 | if (DECL_P (aref.ref)) | |
81d6cdd3 | 2028 | inform (get_location (aref.ref), "declared here"); |
2a837de2 MS |
2029 | else if (TREE_CODE (aref.ref) == SSA_NAME) |
2030 | { | |
2031 | gimple *def_stmt = SSA_NAME_DEF_STMT (aref.ref); | |
2032 | if (is_gimple_call (def_stmt)) | |
2033 | { | |
81d6cdd3 | 2034 | location_t def_loc = get_location (def_stmt); |
2a837de2 MS |
2035 | tree alloc_decl = gimple_call_fndecl (def_stmt); |
2036 | if (alloc_decl) | |
2037 | inform (def_loc, | |
2038 | "returned from %qD", alloc_decl); | |
2039 | else if (tree alloc_fntype = gimple_call_fntype (def_stmt)) | |
2040 | inform (def_loc, | |
2041 | "returned from %qT", alloc_fntype); | |
2042 | else | |
2043 | inform (def_loc, "obtained here"); | |
2044 | } | |
2045 | } | |
2046 | ||
2047 | return true; | |
2048 | } | |
2049 | ||
2a837de2 MS |
2050 | namespace { |
2051 | ||
2052 | const pass_data pass_data_waccess = { | |
2053 | GIMPLE_PASS, | |
2054 | "waccess", | |
2055 | OPTGROUP_NONE, | |
2056 | TV_NONE, | |
2057 | PROP_cfg, /* properties_required */ | |
2058 | 0, /* properties_provided */ | |
2059 | 0, /* properties_destroyed */ | |
2060 | 0, /* properties_start */ | |
2061 | 0, /* properties_finish */ | |
2062 | }; | |
2063 | ||
2064 | /* Pass to detect invalid accesses. */ | |
2065 | class pass_waccess : public gimple_opt_pass | |
2066 | { | |
2067 | public: | |
b48d4e68 MS |
2068 | pass_waccess (gcc::context *); |
2069 | ||
2070 | ~pass_waccess (); | |
2a837de2 MS |
2071 | |
2072 | opt_pass *clone () { return new pass_waccess (m_ctxt); } | |
2073 | ||
2074 | virtual bool gate (function *); | |
671a2836 | 2075 | |
2a837de2 MS |
2076 | virtual unsigned int execute (function *); |
2077 | ||
ece28da9 MS |
2078 | private: |
2079 | /* Not copyable or assignable. */ | |
2080 | pass_waccess (pass_waccess &) = delete; | |
2081 | void operator= (pass_waccess &) = delete; | |
2082 | ||
88b504b7 MS |
2083 | /* Check a call to an atomic built-in function. */ |
2084 | bool check_atomic_builtin (gcall *); | |
2085 | ||
81d6cdd3 MS |
2086 | /* Check a call to a built-in function. */ |
2087 | bool check_builtin (gcall *); | |
2088 | ||
671a2836 MS |
2089 | /* Check a call to an ordinary function for invalid accesses. */ |
2090 | bool check_call_access (gcall *); | |
b48d4e68 | 2091 | |
81d6cdd3 | 2092 | /* Check statements in a basic block. */ |
671a2836 | 2093 | void check_block (basic_block); |
81d6cdd3 MS |
2094 | |
2095 | /* Check a call to a function. */ | |
671a2836 | 2096 | void check_call (gcall *); |
2a837de2 | 2097 | |
ece28da9 MS |
2098 | /* Check a call to the named built-in function. */ |
2099 | void check_alloca (gcall *); | |
2100 | void check_alloc_size_call (gcall *); | |
2101 | void check_strcat (gcall *); | |
2102 | void check_strncat (gcall *); | |
2103 | void check_stxcpy (gcall *); | |
2104 | void check_stxncpy (gcall *); | |
2105 | void check_strncmp (gcall *); | |
2106 | void check_memop_access (gimple *, tree, tree, tree); | |
9a27acc3 | 2107 | void check_read_access (gimple *, tree, tree = NULL_TREE, int = 1); |
ece28da9 MS |
2108 | |
2109 | void maybe_check_dealloc_call (gcall *); | |
2110 | void maybe_check_access_sizes (rdwr_map *, tree, tree, gimple *); | |
5a431b60 MS |
2111 | bool maybe_warn_memmodel (gimple *, tree, tree, const unsigned char *); |
2112 | void check_atomic_memmodel (gimple *, tree, tree, const unsigned char *); | |
b48d4e68 | 2113 | |
671a2836 MS |
2114 | /* Check for uses of indeterminate pointers. */ |
2115 | void check_pointer_uses (gimple *, tree); | |
2116 | ||
2117 | /* Return the argument that a call returns. */ | |
2118 | tree gimple_call_return_arg (gcall *); | |
2119 | ||
2120 | void warn_invalid_pointer (tree, gimple *, gimple *, bool, bool = false); | |
2121 | ||
2122 | /* Return true if use follows an invalidating statement. */ | |
2123 | bool use_after_inval_p (gimple *, gimple *); | |
2124 | ||
b48d4e68 MS |
2125 | /* A pointer_query object and its cache to store information about |
2126 | pointers and their targets in. */ | |
ece28da9 MS |
2127 | pointer_query m_ptr_qry; |
2128 | pointer_query::cache_type m_var_cache; | |
671a2836 MS |
2129 | |
2130 | /* A bit is set for each basic block whose statements have been assigned | |
2131 | valid UIDs. */ | |
2132 | bitmap m_bb_uids_set; | |
2133 | /* The current function. */ | |
2134 | function *m_func; | |
2a837de2 MS |
2135 | }; |
2136 | ||
b48d4e68 MS |
2137 | /* Construct the pass. */ |
2138 | ||
2139 | pass_waccess::pass_waccess (gcc::context *ctxt) | |
2140 | : gimple_opt_pass (pass_data_waccess, ctxt), | |
ece28da9 | 2141 | m_ptr_qry (NULL, &m_var_cache), |
671a2836 MS |
2142 | m_var_cache (), |
2143 | m_bb_uids_set (), | |
2144 | m_func () | |
b48d4e68 MS |
2145 | { |
2146 | } | |
2147 | ||
2148 | /* Release pointer_query cache. */ | |
2149 | ||
2150 | pass_waccess::~pass_waccess () | |
2151 | { | |
ece28da9 | 2152 | m_ptr_qry.flush_cache (); |
b48d4e68 MS |
2153 | } |
2154 | ||
2a837de2 MS |
2155 | /* Return true when any checks performed by the pass are enabled. */ |
2156 | ||
2157 | bool | |
2158 | pass_waccess::gate (function *) | |
2159 | { | |
2160 | return (warn_free_nonheap_object | |
2161 | || warn_mismatched_alloc | |
2162 | || warn_mismatched_new_delete); | |
2163 | } | |
2164 | ||
b48d4e68 MS |
2165 | /* Initialize ALLOC_OBJECT_SIZE_LIMIT based on the -Walloc-size-larger-than= |
2166 | setting if the option is specified, or to the maximum object size if it | |
2167 | is not. Return the initialized value. */ | |
2168 | ||
2169 | static tree | |
2170 | alloc_max_size (void) | |
2171 | { | |
2172 | HOST_WIDE_INT limit = warn_alloc_size_limit; | |
2173 | if (limit == HOST_WIDE_INT_MAX) | |
2174 | limit = tree_to_shwi (TYPE_MAX_VALUE (ptrdiff_type_node)); | |
2175 | ||
2176 | return build_int_cst (size_type_node, limit); | |
2177 | } | |
2178 | ||
2179 | /* Diagnose a call EXP to function FN decorated with attribute alloc_size | |
2180 | whose argument numbers given by IDX with values given by ARGS exceed | |
2181 | the maximum object size or cause an unsigned oveflow (wrapping) when | |
2182 | multiplied. FN is null when EXP is a call via a function pointer. | |
2183 | When ARGS[0] is null the function does nothing. ARGS[1] may be null | |
2184 | for functions like malloc, and non-null for those like calloc that | |
2185 | are decorated with a two-argument attribute alloc_size. */ | |
2186 | ||
2187 | void | |
2188 | maybe_warn_alloc_args_overflow (gimple *stmt, const tree args[2], | |
2189 | const int idx[2]) | |
2190 | { | |
2191 | /* The range each of the (up to) two arguments is known to be in. */ | |
2192 | tree argrange[2][2] = { { NULL_TREE, NULL_TREE }, { NULL_TREE, NULL_TREE } }; | |
2193 | ||
2194 | /* Maximum object size set by -Walloc-size-larger-than= or SIZE_MAX / 2. */ | |
2195 | tree maxobjsize = alloc_max_size (); | |
2196 | ||
2197 | location_t loc = get_location (stmt); | |
2198 | ||
2199 | tree fn = gimple_call_fndecl (stmt); | |
2200 | tree fntype = fn ? TREE_TYPE (fn) : gimple_call_fntype (stmt); | |
2201 | bool warned = false; | |
2202 | ||
2203 | /* Validate each argument individually. */ | |
2204 | for (unsigned i = 0; i != 2 && args[i]; ++i) | |
2205 | { | |
2206 | if (TREE_CODE (args[i]) == INTEGER_CST) | |
2207 | { | |
2208 | argrange[i][0] = args[i]; | |
2209 | argrange[i][1] = args[i]; | |
2210 | ||
2211 | if (tree_int_cst_lt (args[i], integer_zero_node)) | |
2212 | { | |
2213 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2214 | "argument %i value %qE is negative", | |
2215 | idx[i] + 1, args[i]); | |
2216 | } | |
2217 | else if (integer_zerop (args[i])) | |
2218 | { | |
2219 | /* Avoid issuing -Walloc-zero for allocation functions other | |
2220 | than __builtin_alloca that are declared with attribute | |
2221 | returns_nonnull because there's no portability risk. This | |
2222 | avoids warning for such calls to libiberty's xmalloc and | |
2223 | friends. | |
2224 | Also avoid issuing the warning for calls to function named | |
2225 | "alloca". */ | |
2226 | if (fn && fndecl_built_in_p (fn, BUILT_IN_ALLOCA) | |
2227 | ? IDENTIFIER_LENGTH (DECL_NAME (fn)) != 6 | |
2228 | : !lookup_attribute ("returns_nonnull", | |
2229 | TYPE_ATTRIBUTES (fntype))) | |
2230 | warned = warning_at (loc, OPT_Walloc_zero, | |
2231 | "argument %i value is zero", | |
2232 | idx[i] + 1); | |
2233 | } | |
2234 | else if (tree_int_cst_lt (maxobjsize, args[i])) | |
2235 | { | |
2236 | /* G++ emits calls to ::operator new[](SIZE_MAX) in C++98 | |
2237 | mode and with -fno-exceptions as a way to indicate array | |
2238 | size overflow. There's no good way to detect C++98 here | |
2239 | so avoid diagnosing these calls for all C++ modes. */ | |
2240 | if (i == 0 | |
2241 | && fn | |
2242 | && !args[1] | |
2243 | && lang_GNU_CXX () | |
2244 | && DECL_IS_OPERATOR_NEW_P (fn) | |
2245 | && integer_all_onesp (args[i])) | |
2246 | continue; | |
2247 | ||
2248 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2249 | "argument %i value %qE exceeds " | |
2250 | "maximum object size %E", | |
2251 | idx[i] + 1, args[i], maxobjsize); | |
2252 | } | |
2253 | } | |
2254 | else if (TREE_CODE (args[i]) == SSA_NAME | |
2255 | && get_size_range (args[i], argrange[i])) | |
2256 | { | |
2257 | /* Verify that the argument's range is not negative (including | |
2258 | upper bound of zero). */ | |
2259 | if (tree_int_cst_lt (argrange[i][0], integer_zero_node) | |
2260 | && tree_int_cst_le (argrange[i][1], integer_zero_node)) | |
2261 | { | |
2262 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2263 | "argument %i range [%E, %E] is negative", | |
2264 | idx[i] + 1, | |
2265 | argrange[i][0], argrange[i][1]); | |
2266 | } | |
2267 | else if (tree_int_cst_lt (maxobjsize, argrange[i][0])) | |
2268 | { | |
2269 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2270 | "argument %i range [%E, %E] exceeds " | |
2271 | "maximum object size %E", | |
2272 | idx[i] + 1, | |
2273 | argrange[i][0], argrange[i][1], | |
2274 | maxobjsize); | |
2275 | } | |
2276 | } | |
2277 | } | |
2278 | ||
b3aa3288 | 2279 | if (!argrange[0][0]) |
b48d4e68 MS |
2280 | return; |
2281 | ||
2282 | /* For a two-argument alloc_size, validate the product of the two | |
2283 | arguments if both of their values or ranges are known. */ | |
2284 | if (!warned && tree_fits_uhwi_p (argrange[0][0]) | |
2285 | && argrange[1][0] && tree_fits_uhwi_p (argrange[1][0]) | |
2286 | && !integer_onep (argrange[0][0]) | |
2287 | && !integer_onep (argrange[1][0])) | |
2288 | { | |
2289 | /* Check for overflow in the product of a function decorated with | |
2290 | attribute alloc_size (X, Y). */ | |
2291 | unsigned szprec = TYPE_PRECISION (size_type_node); | |
2292 | wide_int x = wi::to_wide (argrange[0][0], szprec); | |
2293 | wide_int y = wi::to_wide (argrange[1][0], szprec); | |
2294 | ||
2295 | wi::overflow_type vflow; | |
2296 | wide_int prod = wi::umul (x, y, &vflow); | |
2297 | ||
2298 | if (vflow) | |
2299 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2300 | "product %<%E * %E%> of arguments %i and %i " | |
2301 | "exceeds %<SIZE_MAX%>", | |
2302 | argrange[0][0], argrange[1][0], | |
2303 | idx[0] + 1, idx[1] + 1); | |
2304 | else if (wi::ltu_p (wi::to_wide (maxobjsize, szprec), prod)) | |
2305 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2306 | "product %<%E * %E%> of arguments %i and %i " | |
2307 | "exceeds maximum object size %E", | |
2308 | argrange[0][0], argrange[1][0], | |
2309 | idx[0] + 1, idx[1] + 1, | |
2310 | maxobjsize); | |
2311 | ||
2312 | if (warned) | |
2313 | { | |
2314 | /* Print the full range of each of the two arguments to make | |
2315 | it clear when it is, in fact, in a range and not constant. */ | |
2316 | if (argrange[0][0] != argrange [0][1]) | |
2317 | inform (loc, "argument %i in the range [%E, %E]", | |
2318 | idx[0] + 1, argrange[0][0], argrange[0][1]); | |
2319 | if (argrange[1][0] != argrange [1][1]) | |
2320 | inform (loc, "argument %i in the range [%E, %E]", | |
2321 | idx[1] + 1, argrange[1][0], argrange[1][1]); | |
2322 | } | |
2323 | } | |
2324 | ||
2325 | if (warned && fn) | |
2326 | { | |
2327 | location_t fnloc = DECL_SOURCE_LOCATION (fn); | |
2328 | ||
2329 | if (DECL_IS_UNDECLARED_BUILTIN (fn)) | |
2330 | inform (loc, | |
2331 | "in a call to built-in allocation function %qD", fn); | |
2332 | else | |
2333 | inform (fnloc, | |
2334 | "in a call to allocation function %qD declared here", fn); | |
2335 | } | |
2336 | } | |
2337 | ||
2338 | /* Check a call to an alloca function for an excessive size. */ | |
2339 | ||
ece28da9 MS |
2340 | void |
2341 | pass_waccess::check_alloca (gcall *stmt) | |
b48d4e68 MS |
2342 | { |
2343 | if ((warn_vla_limit >= HOST_WIDE_INT_MAX | |
2344 | && warn_alloc_size_limit < warn_vla_limit) | |
2345 | || (warn_alloca_limit >= HOST_WIDE_INT_MAX | |
2346 | && warn_alloc_size_limit < warn_alloca_limit)) | |
2347 | { | |
2348 | /* -Walloca-larger-than and -Wvla-larger-than settings of less | |
2349 | than HWI_MAX override the more general -Walloc-size-larger-than | |
2350 | so unless either of the former options is smaller than the last | |
2351 | one (wchich would imply that the call was already checked), check | |
2352 | the alloca arguments for overflow. */ | |
2353 | const tree alloc_args[] = { call_arg (stmt, 0), NULL_TREE }; | |
2354 | const int idx[] = { 0, -1 }; | |
2355 | maybe_warn_alloc_args_overflow (stmt, alloc_args, idx); | |
2356 | } | |
2357 | } | |
2358 | ||
2359 | /* Check a call to an allocation function for an excessive size. */ | |
2360 | ||
ece28da9 MS |
2361 | void |
2362 | pass_waccess::check_alloc_size_call (gcall *stmt) | |
b48d4e68 | 2363 | { |
b48d4e68 MS |
2364 | tree fndecl = gimple_call_fndecl (stmt); |
2365 | if (fndecl && gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) | |
2366 | { | |
2367 | /* Alloca is handled separately. */ | |
2368 | switch (DECL_FUNCTION_CODE (fndecl)) | |
2369 | { | |
2370 | case BUILT_IN_ALLOCA: | |
2371 | case BUILT_IN_ALLOCA_WITH_ALIGN: | |
2372 | case BUILT_IN_ALLOCA_WITH_ALIGN_AND_MAX: | |
2373 | return; | |
2374 | default: | |
2375 | break; | |
2376 | } | |
2377 | } | |
2378 | ||
2379 | tree fntype = gimple_call_fntype (stmt); | |
2380 | tree fntypeattrs = TYPE_ATTRIBUTES (fntype); | |
2381 | ||
2382 | tree alloc_size = lookup_attribute ("alloc_size", fntypeattrs); | |
2383 | if (!alloc_size) | |
2384 | return; | |
2385 | ||
2386 | /* Extract attribute alloc_size from the type of the called expression | |
2387 | (which could be a function or a function pointer) and if set, store | |
2388 | the indices of the corresponding arguments in ALLOC_IDX, and then | |
2389 | the actual argument(s) at those indices in ALLOC_ARGS. */ | |
2390 | int idx[2] = { -1, -1 }; | |
2391 | tree alloc_args[] = { NULL_TREE, NULL_TREE }; | |
eacdfaf7 | 2392 | unsigned nargs = gimple_call_num_args (stmt); |
b48d4e68 MS |
2393 | |
2394 | tree args = TREE_VALUE (alloc_size); | |
2395 | idx[0] = TREE_INT_CST_LOW (TREE_VALUE (args)) - 1; | |
eacdfaf7 JJ |
2396 | /* Avoid invalid calls to functions without a prototype. */ |
2397 | if ((unsigned) idx[0] >= nargs) | |
2398 | return; | |
b48d4e68 MS |
2399 | alloc_args[0] = call_arg (stmt, idx[0]); |
2400 | if (TREE_CHAIN (args)) | |
2401 | { | |
2402 | idx[1] = TREE_INT_CST_LOW (TREE_VALUE (TREE_CHAIN (args))) - 1; | |
eacdfaf7 JJ |
2403 | if ((unsigned) idx[1] >= nargs) |
2404 | return; | |
b48d4e68 MS |
2405 | alloc_args[1] = call_arg (stmt, idx[1]); |
2406 | } | |
2407 | ||
2408 | maybe_warn_alloc_args_overflow (stmt, alloc_args, idx); | |
2409 | } | |
2410 | ||
81d6cdd3 MS |
2411 | /* Check a call STMT to strcat() for overflow and warn if it does. */ |
2412 | ||
ece28da9 MS |
2413 | void |
2414 | pass_waccess::check_strcat (gcall *stmt) | |
81d6cdd3 | 2415 | { |
b48d4e68 | 2416 | if (!warn_stringop_overflow && !warn_stringop_overread) |
81d6cdd3 MS |
2417 | return; |
2418 | ||
2419 | tree dest = call_arg (stmt, 0); | |
2420 | tree src = call_arg (stmt, 1); | |
2421 | ||
2422 | /* There is no way here to determine the length of the string in | |
2423 | the destination to which the SRC string is being appended so | |
2424 | just diagnose cases when the souce string is longer than | |
2425 | the destination object. */ | |
9a27acc3 MS |
2426 | access_data data (m_ptr_qry.rvals, stmt, access_read_write, NULL_TREE, |
2427 | true, NULL_TREE, true); | |
81d6cdd3 | 2428 | const int ost = warn_stringop_overflow ? warn_stringop_overflow - 1 : 1; |
9a27acc3 MS |
2429 | compute_objsize (src, stmt, ost, &data.src, &m_ptr_qry); |
2430 | tree destsize = compute_objsize (dest, stmt, ost, &data.dst, &m_ptr_qry); | |
81d6cdd3 MS |
2431 | |
2432 | check_access (stmt, /*dstwrite=*/NULL_TREE, /*maxread=*/NULL_TREE, | |
9a27acc3 | 2433 | src, destsize, data.mode, &data, m_ptr_qry.rvals); |
81d6cdd3 MS |
2434 | } |
2435 | ||
2436 | /* Check a call STMT to strcat() for overflow and warn if it does. */ | |
2437 | ||
ece28da9 MS |
2438 | void |
2439 | pass_waccess::check_strncat (gcall *stmt) | |
81d6cdd3 | 2440 | { |
b48d4e68 | 2441 | if (!warn_stringop_overflow && !warn_stringop_overread) |
81d6cdd3 MS |
2442 | return; |
2443 | ||
2444 | tree dest = call_arg (stmt, 0); | |
2445 | tree src = call_arg (stmt, 1); | |
2446 | /* The upper bound on the number of bytes to write. */ | |
2447 | tree maxread = call_arg (stmt, 2); | |
2448 | ||
2449 | /* Detect unterminated source (only). */ | |
2450 | if (!check_nul_terminated_array (stmt, src, maxread)) | |
2451 | return; | |
2452 | ||
2453 | /* The length of the source sequence. */ | |
2454 | tree slen = c_strlen (src, 1); | |
2455 | ||
2456 | /* Try to determine the range of lengths that the source expression | |
2457 | refers to. Since the lengths are only used for warning and not | |
2458 | for code generation disable strict mode below. */ | |
2459 | tree maxlen = slen; | |
2460 | if (!maxlen) | |
2461 | { | |
2462 | c_strlen_data lendata = { }; | |
2463 | get_range_strlen (src, &lendata, /* eltsize = */ 1); | |
2464 | maxlen = lendata.maxbound; | |
2465 | } | |
2466 | ||
9a27acc3 | 2467 | access_data data (m_ptr_qry.rvals, stmt, access_read_write); |
81d6cdd3 MS |
2468 | /* Try to verify that the destination is big enough for the shortest |
2469 | string. First try to determine the size of the destination object | |
2470 | into which the source is being copied. */ | |
ece28da9 | 2471 | const int ost = warn_stringop_overflow - 1; |
9a27acc3 | 2472 | tree destsize = compute_objsize (dest, stmt, ost, &data.dst, &m_ptr_qry); |
81d6cdd3 MS |
2473 | |
2474 | /* Add one for the terminating nul. */ | |
2475 | tree srclen = (maxlen | |
2476 | ? fold_build2 (PLUS_EXPR, size_type_node, maxlen, | |
2477 | size_one_node) | |
2478 | : NULL_TREE); | |
2479 | ||
2480 | /* The strncat function copies at most MAXREAD bytes and always appends | |
2481 | the terminating nul so the specified upper bound should never be equal | |
2482 | to (or greater than) the size of the destination. */ | |
2483 | if (tree_fits_uhwi_p (maxread) && tree_fits_uhwi_p (destsize) | |
2484 | && tree_int_cst_equal (destsize, maxread)) | |
2485 | { | |
2486 | location_t loc = get_location (stmt); | |
2487 | warning_at (loc, OPT_Wstringop_overflow_, | |
2488 | "%qD specified bound %E equals destination size", | |
2489 | get_callee_fndecl (stmt), maxread); | |
2490 | ||
2491 | return; | |
2492 | } | |
2493 | ||
2494 | if (!srclen | |
2495 | || (maxread && tree_fits_uhwi_p (maxread) | |
2496 | && tree_fits_uhwi_p (srclen) | |
2497 | && tree_int_cst_lt (maxread, srclen))) | |
2498 | srclen = maxread; | |
2499 | ||
2500 | check_access (stmt, /*dstwrite=*/NULL_TREE, maxread, srclen, | |
9a27acc3 | 2501 | destsize, data.mode, &data, m_ptr_qry.rvals); |
81d6cdd3 MS |
2502 | } |
2503 | ||
2504 | /* Check a call STMT to stpcpy() or strcpy() for overflow and warn | |
2505 | if it does. */ | |
2506 | ||
ece28da9 MS |
2507 | void |
2508 | pass_waccess::check_stxcpy (gcall *stmt) | |
81d6cdd3 MS |
2509 | { |
2510 | tree dst = call_arg (stmt, 0); | |
2511 | tree src = call_arg (stmt, 1); | |
2512 | ||
2513 | tree size; | |
2514 | bool exact; | |
2515 | if (tree nonstr = unterminated_array (src, &size, &exact)) | |
2516 | { | |
2517 | /* NONSTR refers to the non-nul terminated constant array. */ | |
2518 | warn_string_no_nul (get_location (stmt), stmt, NULL, src, nonstr, | |
2519 | size, exact); | |
2520 | return; | |
2521 | } | |
2522 | ||
2523 | if (warn_stringop_overflow) | |
2524 | { | |
9a27acc3 MS |
2525 | access_data data (m_ptr_qry.rvals, stmt, access_read_write, NULL_TREE, |
2526 | true, NULL_TREE, true); | |
81d6cdd3 | 2527 | const int ost = warn_stringop_overflow ? warn_stringop_overflow - 1 : 1; |
9a27acc3 MS |
2528 | compute_objsize (src, stmt, ost, &data.src, &m_ptr_qry); |
2529 | tree dstsize = compute_objsize (dst, stmt, ost, &data.dst, &m_ptr_qry); | |
81d6cdd3 MS |
2530 | check_access (stmt, /*dstwrite=*/ NULL_TREE, |
2531 | /*maxread=*/ NULL_TREE, /*srcstr=*/ src, | |
9a27acc3 | 2532 | dstsize, data.mode, &data, m_ptr_qry.rvals); |
81d6cdd3 MS |
2533 | } |
2534 | ||
2535 | /* Check to see if the argument was declared attribute nonstring | |
2536 | and if so, issue a warning since at this point it's not known | |
2537 | to be nul-terminated. */ | |
2538 | tree fndecl = get_callee_fndecl (stmt); | |
2539 | maybe_warn_nonstring_arg (fndecl, stmt); | |
2540 | } | |
2541 | ||
2542 | /* Check a call STMT to stpncpy() or strncpy() for overflow and warn | |
2543 | if it does. */ | |
2544 | ||
ece28da9 MS |
2545 | void |
2546 | pass_waccess::check_stxncpy (gcall *stmt) | |
81d6cdd3 MS |
2547 | { |
2548 | if (!warn_stringop_overflow) | |
2549 | return; | |
2550 | ||
2551 | tree dst = call_arg (stmt, 0); | |
2552 | tree src = call_arg (stmt, 1); | |
2553 | /* The number of bytes to write (not the maximum). */ | |
2554 | tree len = call_arg (stmt, 2); | |
2555 | ||
9a27acc3 MS |
2556 | access_data data (m_ptr_qry.rvals, stmt, access_read_write, len, true, len, |
2557 | true); | |
81d6cdd3 | 2558 | const int ost = warn_stringop_overflow ? warn_stringop_overflow - 1 : 1; |
9a27acc3 MS |
2559 | compute_objsize (src, stmt, ost, &data.src, &m_ptr_qry); |
2560 | tree dstsize = compute_objsize (dst, stmt, ost, &data.dst, &m_ptr_qry); | |
81d6cdd3 | 2561 | |
9a27acc3 MS |
2562 | check_access (stmt, /*dstwrite=*/len, /*maxread=*/len, src, dstsize, |
2563 | data.mode, &data, m_ptr_qry.rvals); | |
81d6cdd3 MS |
2564 | } |
2565 | ||
2566 | /* Check a call STMT to stpncpy() or strncpy() for overflow and warn | |
2567 | if it does. */ | |
2568 | ||
ece28da9 MS |
2569 | void |
2570 | pass_waccess::check_strncmp (gcall *stmt) | |
81d6cdd3 MS |
2571 | { |
2572 | if (!warn_stringop_overread) | |
2573 | return; | |
2574 | ||
2575 | tree arg1 = call_arg (stmt, 0); | |
2576 | tree arg2 = call_arg (stmt, 1); | |
2577 | tree bound = call_arg (stmt, 2); | |
2578 | ||
2579 | /* First check each argument separately, considering the bound. */ | |
2580 | if (!check_nul_terminated_array (stmt, arg1, bound) | |
2581 | || !check_nul_terminated_array (stmt, arg2, bound)) | |
2582 | return; | |
2583 | ||
2584 | /* A strncmp read from each argument is constrained not just by | |
2585 | the bound but also by the length of the shorter string. Specifying | |
2586 | a bound that's larger than the size of either array makes no sense | |
2587 | and is likely a bug. When the length of neither of the two strings | |
2588 | is known but the sizes of both of the arrays they are stored in is, | |
2589 | issue a warning if the bound is larger than than the size of | |
2590 | the larger of the two arrays. */ | |
2591 | ||
2592 | c_strlen_data lendata1{ }, lendata2{ }; | |
2593 | tree len1 = c_strlen (arg1, 1, &lendata1); | |
2594 | tree len2 = c_strlen (arg2, 1, &lendata2); | |
2595 | ||
9a27acc3 MS |
2596 | if (len1 && TREE_CODE (len1) != INTEGER_CST) |
2597 | len1 = NULL_TREE; | |
2598 | if (len2 && TREE_CODE (len2) != INTEGER_CST) | |
2599 | len2 = NULL_TREE; | |
2600 | ||
81d6cdd3 MS |
2601 | if (len1 && len2) |
2602 | /* If the length of both arguments was computed they must both be | |
2603 | nul-terminated and no further checking is necessary regardless | |
2604 | of the bound. */ | |
2605 | return; | |
2606 | ||
2607 | /* Check to see if the argument was declared with attribute nonstring | |
2608 | and if so, issue a warning since at this point it's not known to be | |
2609 | nul-terminated. */ | |
2610 | if (maybe_warn_nonstring_arg (get_callee_fndecl (stmt), stmt)) | |
2611 | return; | |
2612 | ||
9a27acc3 MS |
2613 | access_data adata1 (m_ptr_qry.rvals, stmt, access_read_only, NULL_TREE, false, |
2614 | bound, true); | |
2615 | access_data adata2 (m_ptr_qry.rvals, stmt, access_read_only, NULL_TREE, false, | |
2616 | bound, true); | |
81d6cdd3 MS |
2617 | |
2618 | /* Determine the range of the bound first and bail if it fails; it's | |
2619 | cheaper than computing the size of the objects. */ | |
2620 | tree bndrng[2] = { NULL_TREE, NULL_TREE }; | |
f9379fcb | 2621 | get_size_range (m_ptr_qry.rvals, bound, stmt, bndrng, adata1.src_bndrng); |
81d6cdd3 MS |
2622 | if (!bndrng[0] || integer_zerop (bndrng[0])) |
2623 | return; | |
2624 | ||
2625 | if (len1 && tree_int_cst_lt (len1, bndrng[0])) | |
2626 | bndrng[0] = len1; | |
2627 | if (len2 && tree_int_cst_lt (len2, bndrng[0])) | |
2628 | bndrng[0] = len2; | |
2629 | ||
2630 | /* compute_objsize almost never fails (and ultimately should never | |
2631 | fail). Don't bother to handle the rare case when it does. */ | |
9a27acc3 MS |
2632 | if (!compute_objsize (arg1, stmt, 1, &adata1.src, &m_ptr_qry) |
2633 | || !compute_objsize (arg2, stmt, 1, &adata2.src, &m_ptr_qry)) | |
81d6cdd3 MS |
2634 | return; |
2635 | ||
2636 | /* Compute the size of the remaining space in each array after | |
2637 | subtracting any offset into it. */ | |
2638 | offset_int rem1 = adata1.src.size_remaining (); | |
2639 | offset_int rem2 = adata2.src.size_remaining (); | |
2640 | ||
2641 | /* Cap REM1 and REM2 at the other if the other's argument is known | |
2642 | to be an unterminated array, either because there's no space | |
2643 | left in it after adding its offset or because it's constant and | |
2644 | has no nul. */ | |
2645 | if (rem1 == 0 || (rem1 < rem2 && lendata1.decl)) | |
2646 | rem2 = rem1; | |
2647 | else if (rem2 == 0 || (rem2 < rem1 && lendata2.decl)) | |
2648 | rem1 = rem2; | |
2649 | ||
2650 | /* Point PAD at the array to reference in the note if a warning | |
2651 | is issued. */ | |
2652 | access_data *pad = len1 ? &adata2 : &adata1; | |
2653 | offset_int maxrem = wi::max (rem1, rem2, UNSIGNED); | |
2654 | if (lendata1.decl || lendata2.decl | |
2655 | || maxrem < wi::to_offset (bndrng[0])) | |
2656 | { | |
2657 | /* Warn when either argument isn't nul-terminated or the maximum | |
2658 | remaining space in the two arrays is less than the bound. */ | |
2659 | tree func = get_callee_fndecl (stmt); | |
2660 | location_t loc = gimple_location (stmt); | |
2661 | maybe_warn_for_bound (OPT_Wstringop_overread, loc, stmt, func, | |
2662 | bndrng, wide_int_to_tree (sizetype, maxrem), | |
2663 | pad); | |
2664 | } | |
2665 | } | |
2666 | ||
ece28da9 MS |
2667 | /* Determine and check the sizes of the source and the destination |
2668 | of calls to __builtin_{bzero,memcpy,mempcpy,memset} calls. STMT is | |
2669 | the call statement, DEST is the destination argument, SRC is the source | |
2670 | argument or null, and SIZE is the number of bytes being accessed. Use | |
2671 | Object Size type-0 regardless of the OPT_Wstringop_overflow_ setting. | |
2672 | Return true on success (no overflow or invalid sizes), false otherwise. */ | |
2673 | ||
2674 | void | |
2675 | pass_waccess::check_memop_access (gimple *stmt, tree dest, tree src, tree size) | |
2676 | { | |
2677 | /* For functions like memset and memcpy that operate on raw memory | |
2678 | try to determine the size of the largest source and destination | |
2679 | object using type-0 Object Size regardless of the object size | |
2680 | type specified by the option. */ | |
9a27acc3 | 2681 | access_data data (m_ptr_qry.rvals, stmt, access_read_write); |
ece28da9 | 2682 | tree srcsize |
9a27acc3 MS |
2683 | = src ? compute_objsize (src, stmt, 0, &data.src, &m_ptr_qry) : NULL_TREE; |
2684 | tree dstsize = compute_objsize (dest, stmt, 0, &data.dst, &m_ptr_qry); | |
2685 | ||
2686 | check_access (stmt, size, /*maxread=*/NULL_TREE, srcsize, dstsize, | |
2687 | data.mode, &data, m_ptr_qry.rvals); | |
2688 | } | |
2689 | ||
2690 | /* A convenience wrapper for check_access to check access by a read-only | |
2691 | function like puts or strcmp. */ | |
2692 | ||
2693 | void | |
2694 | pass_waccess::check_read_access (gimple *stmt, tree src, | |
2695 | tree bound /* = NULL_TREE */, | |
2696 | int ost /* = 1 */) | |
2697 | { | |
2698 | if (!warn_stringop_overread) | |
2699 | return; | |
2700 | ||
2701 | if (bound && !useless_type_conversion_p (size_type_node, TREE_TYPE (bound))) | |
2702 | bound = fold_convert (size_type_node, bound); | |
2703 | ||
2704 | tree fndecl = get_callee_fndecl (stmt); | |
2705 | maybe_warn_nonstring_arg (fndecl, stmt); | |
ece28da9 | 2706 | |
9a27acc3 MS |
2707 | access_data data (m_ptr_qry.rvals, stmt, access_read_only, NULL_TREE, |
2708 | false, bound, true); | |
2709 | compute_objsize (src, stmt, ost, &data.src, &m_ptr_qry); | |
2710 | check_access (stmt, /*dstwrite=*/ NULL_TREE, /*maxread=*/ bound, | |
2711 | /*srcstr=*/ src, /*dstsize=*/ NULL_TREE, data.mode, | |
2712 | &data, m_ptr_qry.rvals); | |
ece28da9 MS |
2713 | } |
2714 | ||
5a431b60 MS |
2715 | /* Return true if memory model ORD is constant in the context of STMT and |
2716 | set *CSTVAL to the constant value. Otherwise return false. Warn for | |
2717 | invalid ORD. */ | |
2718 | ||
2719 | bool | |
2720 | memmodel_to_uhwi (tree ord, gimple *stmt, unsigned HOST_WIDE_INT *cstval) | |
2721 | { | |
2722 | unsigned HOST_WIDE_INT val; | |
2723 | ||
2724 | if (TREE_CODE (ord) == INTEGER_CST) | |
2725 | { | |
2726 | if (!tree_fits_uhwi_p (ord)) | |
2727 | return false; | |
2728 | val = tree_to_uhwi (ord); | |
2729 | } | |
2730 | else | |
2731 | { | |
2732 | /* Use the range query to determine constant values in the absence | |
2733 | of constant proppagation (such as at -O0). */ | |
2734 | value_range rng; | |
2735 | if (!get_range_query (cfun)->range_of_expr (rng, ord, stmt) | |
2736 | || !rng.constant_p () | |
2737 | || !rng.singleton_p (&ord)) | |
2738 | return false; | |
2739 | ||
2740 | wide_int lob = rng.lower_bound (); | |
2741 | if (!wi::fits_uhwi_p (lob)) | |
2742 | return false; | |
2743 | ||
2744 | val = lob.to_shwi (); | |
2745 | } | |
2746 | ||
2747 | if (targetm.memmodel_check) | |
2748 | /* This might warn for an invalid VAL but return a conservatively | |
2749 | valid result. */ | |
2750 | val = targetm.memmodel_check (val); | |
2751 | else if (val & ~MEMMODEL_MASK) | |
2752 | { | |
2753 | tree fndecl = gimple_call_fndecl (stmt); | |
2754 | location_t loc = gimple_location (stmt); | |
2755 | loc = expansion_point_location_if_in_system_header (loc); | |
2756 | ||
2757 | warning_at (loc, OPT_Winvalid_memory_model, | |
2758 | "unknown architecture specifier in memory model " | |
2759 | "%wi for %qD", val, fndecl); | |
2760 | return false; | |
2761 | } | |
2762 | ||
2763 | *cstval = val; | |
2764 | ||
2765 | return true; | |
2766 | } | |
2767 | ||
2768 | /* Valid memory model for each set of atomic built-in functions. */ | |
2769 | ||
2770 | struct memmodel_pair | |
2771 | { | |
2772 | memmodel modval; | |
2773 | const char* modname; | |
2774 | ||
2775 | #define MEMMODEL_PAIR(val, str) \ | |
2776 | { MEMMODEL_ ## val, "memory_order_" str } | |
2777 | }; | |
2778 | ||
2779 | /* Valid memory models in the order of increasing strength. */ | |
2780 | ||
2781 | static const memmodel_pair memory_models[] = | |
2782 | { MEMMODEL_PAIR (RELAXED, "relaxed"), | |
2783 | MEMMODEL_PAIR (SEQ_CST, "seq_cst"), | |
2784 | MEMMODEL_PAIR (ACQUIRE, "acquire"), | |
2785 | MEMMODEL_PAIR (CONSUME, "consume"), | |
2786 | MEMMODEL_PAIR (RELEASE, "release"), | |
2787 | MEMMODEL_PAIR (ACQ_REL, "acq_rel") | |
2788 | }; | |
2789 | ||
2790 | /* Return the name of the memory model VAL. */ | |
2791 | ||
2792 | static const char* | |
2793 | memmodel_name (unsigned HOST_WIDE_INT val) | |
2794 | { | |
2795 | val = memmodel_base (val); | |
2796 | ||
2797 | for (unsigned i = 0; i != sizeof memory_models / sizeof *memory_models; ++i) | |
2798 | { | |
2799 | if (val == memory_models[i].modval) | |
2800 | return memory_models[i].modname; | |
2801 | } | |
2802 | return NULL; | |
2803 | } | |
2804 | ||
2805 | /* Indices of valid MEMORY_MODELS above for corresponding atomic operations. */ | |
2806 | static const unsigned char load_models[] = { 0, 1, 2, 3, UCHAR_MAX }; | |
2807 | static const unsigned char store_models[] = { 0, 1, 4, UCHAR_MAX }; | |
2808 | static const unsigned char xchg_models[] = { 0, 1, 3, 4, 5, UCHAR_MAX }; | |
2809 | static const unsigned char flag_clr_models[] = { 0, 1, 4, UCHAR_MAX }; | |
2810 | static const unsigned char all_models[] = { 0, 1, 2, 3, 4, 5, UCHAR_MAX }; | |
2811 | ||
2812 | /* Check the success memory model argument ORD_SUCS to the call STMT to | |
2813 | an atomic function and warn if it's invalid. If nonnull, also check | |
2814 | the failure memory model ORD_FAIL and warn if it's invalid. Return | |
2815 | true if a warning has been issued. */ | |
2816 | ||
2817 | bool | |
2818 | pass_waccess::maybe_warn_memmodel (gimple *stmt, tree ord_sucs, | |
2819 | tree ord_fail, const unsigned char *valid) | |
2820 | { | |
2821 | unsigned HOST_WIDE_INT sucs, fail = 0; | |
2822 | if (!memmodel_to_uhwi (ord_sucs, stmt, &sucs) | |
2823 | || (ord_fail && !memmodel_to_uhwi (ord_fail, stmt, &fail))) | |
2824 | return false; | |
2825 | ||
2826 | bool is_valid = false; | |
2827 | if (valid) | |
2828 | for (unsigned i = 0; valid[i] != UCHAR_MAX; ++i) | |
2829 | { | |
2830 | memmodel model = memory_models[valid[i]].modval; | |
2831 | if (memmodel_base (sucs) == model) | |
2832 | { | |
2833 | is_valid = true; | |
2834 | break; | |
2835 | } | |
2836 | } | |
2837 | else | |
2838 | is_valid = true; | |
2839 | ||
2840 | tree fndecl = gimple_call_fndecl (stmt); | |
2841 | location_t loc = gimple_location (stmt); | |
2842 | loc = expansion_point_location_if_in_system_header (loc); | |
2843 | ||
2844 | if (!is_valid) | |
2845 | { | |
2846 | bool warned = false; | |
2847 | if (const char *modname = memmodel_name (sucs)) | |
2848 | warned = warning_at (loc, OPT_Winvalid_memory_model, | |
2849 | "invalid memory model %qs for %qD", | |
2850 | modname, fndecl); | |
2851 | else | |
2852 | warned = warning_at (loc, OPT_Winvalid_memory_model, | |
2853 | "invalid memory model %wi for %qD", | |
2854 | sucs, fndecl); | |
2855 | ||
2856 | if (!warned) | |
2857 | return false; | |
2858 | ||
2859 | /* Print a note with the valid memory models. */ | |
2860 | pretty_printer pp; | |
2861 | pp_show_color (&pp) = pp_show_color (global_dc->printer); | |
2862 | for (unsigned i = 0; valid[i] != UCHAR_MAX; ++i) | |
2863 | { | |
2864 | const char *modname = memory_models[valid[i]].modname; | |
194f712f | 2865 | pp_printf (&pp, "%s%qs", i ? ", " : "", modname); |
5a431b60 MS |
2866 | } |
2867 | ||
2868 | inform (loc, "valid models are %s", pp_formatted_text (&pp)); | |
2869 | return true; | |
2870 | } | |
2871 | ||
2872 | if (!ord_fail) | |
2873 | return false; | |
2874 | ||
2875 | if (fail == MEMMODEL_RELEASE || fail == MEMMODEL_ACQ_REL) | |
2876 | if (const char *failname = memmodel_name (fail)) | |
2877 | { | |
2878 | /* If both memory model arguments are valid but their combination | |
2879 | is not, use their names in the warning. */ | |
2880 | if (!warning_at (loc, OPT_Winvalid_memory_model, | |
2881 | "invalid failure memory model %qs for %qD", | |
2882 | failname, fndecl)) | |
2883 | return false; | |
2884 | ||
2885 | inform (loc, | |
2886 | "valid failure models are %qs, %qs, %qs, %qs", | |
2887 | "memory_order_relaxed", "memory_order_seq_cst", | |
2888 | "memory_order_acquire", "memory_order_consume"); | |
2889 | return true; | |
2890 | } | |
2891 | ||
2892 | if (memmodel_base (fail) <= memmodel_base (sucs)) | |
2893 | return false; | |
2894 | ||
2895 | if (const char *sucsname = memmodel_name (sucs)) | |
2896 | if (const char *failname = memmodel_name (fail)) | |
2897 | { | |
2898 | /* If both memory model arguments are valid but their combination | |
2899 | is not, use their names in the warning. */ | |
2900 | if (!warning_at (loc, OPT_Winvalid_memory_model, | |
2901 | "failure memory model %qs cannot be stronger " | |
2902 | "than success memory model %qs for %qD", | |
2903 | failname, sucsname, fndecl)) | |
2904 | return false; | |
2905 | ||
2906 | /* Print a note with the valid failure memory models which are | |
2907 | those with a value less than or equal to the success mode. */ | |
2908 | char buf[120]; | |
2909 | *buf = '\0'; | |
2910 | for (unsigned i = 0; | |
2911 | memory_models[i].modval <= memmodel_base (sucs); ++i) | |
2912 | { | |
2913 | if (*buf) | |
2914 | strcat (buf, ", "); | |
2915 | ||
2916 | const char *modname = memory_models[valid[i]].modname; | |
2917 | sprintf (buf + strlen (buf), "'%s'", modname); | |
2918 | } | |
2919 | ||
2920 | inform (loc, "valid models are %s", buf); | |
2921 | return true; | |
2922 | } | |
2923 | ||
2924 | /* If either memory model argument value is invalid use the numerical | |
2925 | value of both in the message. */ | |
2926 | return warning_at (loc, OPT_Winvalid_memory_model, | |
2927 | "failure memory model %wi cannot be stronger " | |
2928 | "than success memory model %wi for %qD", | |
2929 | fail, sucs, fndecl); | |
2930 | } | |
2931 | ||
2932 | /* Wrapper for the above. */ | |
2933 | ||
2934 | void | |
2935 | pass_waccess::check_atomic_memmodel (gimple *stmt, tree ord_sucs, | |
2936 | tree ord_fail, const unsigned char *valid) | |
2937 | { | |
2938 | if (warning_suppressed_p (stmt, OPT_Winvalid_memory_model)) | |
2939 | return; | |
2940 | ||
2941 | if (maybe_warn_memmodel (stmt, ord_sucs, ord_fail, valid)) | |
2942 | return; | |
2943 | ||
2944 | suppress_warning (stmt, OPT_Winvalid_memory_model); | |
2945 | } | |
9a27acc3 | 2946 | |
88b504b7 MS |
2947 | /* Check a call STMT to an atomic or sync built-in. */ |
2948 | ||
2949 | bool | |
2950 | pass_waccess::check_atomic_builtin (gcall *stmt) | |
2951 | { | |
2952 | tree callee = gimple_call_fndecl (stmt); | |
2953 | if (!callee) | |
2954 | return false; | |
2955 | ||
2956 | /* The size in bytes of the access by the function, and the number | |
2957 | of the second argument to check (if any). */ | |
2958 | unsigned bytes = 0, arg2 = UINT_MAX; | |
5a431b60 MS |
2959 | unsigned sucs_arg = UINT_MAX, fail_arg = UINT_MAX; |
2960 | /* Points to the array of indices of valid memory models. */ | |
2961 | const unsigned char *pvalid_models = NULL; | |
88b504b7 MS |
2962 | |
2963 | switch (DECL_FUNCTION_CODE (callee)) | |
2964 | { | |
2965 | #define BUILTIN_ACCESS_SIZE_FNSPEC(N) \ | |
5a431b60 | 2966 | BUILT_IN_SYNC_FETCH_AND_ADD_ ## N: \ |
88b504b7 MS |
2967 | case BUILT_IN_SYNC_FETCH_AND_SUB_ ## N: \ |
2968 | case BUILT_IN_SYNC_FETCH_AND_OR_ ## N: \ | |
2969 | case BUILT_IN_SYNC_FETCH_AND_AND_ ## N: \ | |
2970 | case BUILT_IN_SYNC_FETCH_AND_XOR_ ## N: \ | |
2971 | case BUILT_IN_SYNC_FETCH_AND_NAND_ ## N: \ | |
2972 | case BUILT_IN_SYNC_ADD_AND_FETCH_ ## N: \ | |
2973 | case BUILT_IN_SYNC_SUB_AND_FETCH_ ## N: \ | |
2974 | case BUILT_IN_SYNC_OR_AND_FETCH_ ## N: \ | |
2975 | case BUILT_IN_SYNC_AND_AND_FETCH_ ## N: \ | |
2976 | case BUILT_IN_SYNC_XOR_AND_FETCH_ ## N: \ | |
2977 | case BUILT_IN_SYNC_NAND_AND_FETCH_ ## N: \ | |
2978 | case BUILT_IN_SYNC_LOCK_TEST_AND_SET_ ## N: \ | |
2979 | case BUILT_IN_SYNC_BOOL_COMPARE_AND_SWAP_ ## N: \ | |
2980 | case BUILT_IN_SYNC_VAL_COMPARE_AND_SWAP_ ## N: \ | |
2981 | case BUILT_IN_SYNC_LOCK_RELEASE_ ## N: \ | |
5a431b60 MS |
2982 | bytes = N; \ |
2983 | break; \ | |
2984 | case BUILT_IN_ATOMIC_LOAD_ ## N: \ | |
2985 | pvalid_models = load_models; \ | |
2986 | sucs_arg = 1; \ | |
2987 | /* FALLTHROUGH */ \ | |
88b504b7 | 2988 | case BUILT_IN_ATOMIC_STORE_ ## N: \ |
5a431b60 MS |
2989 | if (!pvalid_models) \ |
2990 | pvalid_models = store_models; \ | |
2991 | /* FALLTHROUGH */ \ | |
88b504b7 MS |
2992 | case BUILT_IN_ATOMIC_ADD_FETCH_ ## N: \ |
2993 | case BUILT_IN_ATOMIC_SUB_FETCH_ ## N: \ | |
2994 | case BUILT_IN_ATOMIC_AND_FETCH_ ## N: \ | |
2995 | case BUILT_IN_ATOMIC_NAND_FETCH_ ## N: \ | |
2996 | case BUILT_IN_ATOMIC_XOR_FETCH_ ## N: \ | |
2997 | case BUILT_IN_ATOMIC_OR_FETCH_ ## N: \ | |
2998 | case BUILT_IN_ATOMIC_FETCH_ADD_ ## N: \ | |
2999 | case BUILT_IN_ATOMIC_FETCH_SUB_ ## N: \ | |
3000 | case BUILT_IN_ATOMIC_FETCH_AND_ ## N: \ | |
3001 | case BUILT_IN_ATOMIC_FETCH_NAND_ ## N: \ | |
3002 | case BUILT_IN_ATOMIC_FETCH_OR_ ## N: \ | |
3003 | case BUILT_IN_ATOMIC_FETCH_XOR_ ## N: \ | |
3004 | bytes = N; \ | |
5a431b60 MS |
3005 | if (sucs_arg == UINT_MAX) \ |
3006 | sucs_arg = 2; \ | |
3007 | if (!pvalid_models) \ | |
3008 | pvalid_models = all_models; \ | |
3009 | break; \ | |
3010 | case BUILT_IN_ATOMIC_EXCHANGE_ ## N: \ | |
3011 | bytes = N; \ | |
3012 | sucs_arg = 3; \ | |
3013 | pvalid_models = xchg_models; \ | |
88b504b7 MS |
3014 | break; \ |
3015 | case BUILT_IN_ATOMIC_COMPARE_EXCHANGE_ ## N: \ | |
3016 | bytes = N; \ | |
5a431b60 MS |
3017 | sucs_arg = 4; \ |
3018 | fail_arg = 5; \ | |
3019 | pvalid_models = all_models; \ | |
88b504b7 MS |
3020 | arg2 = 1 |
3021 | ||
3022 | case BUILTIN_ACCESS_SIZE_FNSPEC (1); | |
3023 | break; | |
3024 | case BUILTIN_ACCESS_SIZE_FNSPEC (2); | |
3025 | break; | |
3026 | case BUILTIN_ACCESS_SIZE_FNSPEC (4); | |
3027 | break; | |
3028 | case BUILTIN_ACCESS_SIZE_FNSPEC (8); | |
3029 | break; | |
3030 | case BUILTIN_ACCESS_SIZE_FNSPEC (16); | |
3031 | break; | |
3032 | ||
5a431b60 MS |
3033 | case BUILT_IN_ATOMIC_CLEAR: |
3034 | sucs_arg = 1; | |
3035 | pvalid_models = flag_clr_models; | |
3036 | break; | |
3037 | ||
88b504b7 MS |
3038 | default: |
3039 | return false; | |
3040 | } | |
3041 | ||
5a431b60 MS |
3042 | unsigned nargs = gimple_call_num_args (stmt); |
3043 | if (sucs_arg < nargs) | |
3044 | { | |
3045 | tree ord_sucs = gimple_call_arg (stmt, sucs_arg); | |
3046 | tree ord_fail = NULL_TREE; | |
3047 | if (fail_arg < nargs) | |
3048 | ord_fail = gimple_call_arg (stmt, fail_arg); | |
3049 | check_atomic_memmodel (stmt, ord_sucs, ord_fail, pvalid_models); | |
3050 | } | |
3051 | ||
3052 | if (!bytes) | |
3053 | return true; | |
3054 | ||
88b504b7 MS |
3055 | tree size = build_int_cstu (sizetype, bytes); |
3056 | tree dst = gimple_call_arg (stmt, 0); | |
3057 | check_memop_access (stmt, dst, NULL_TREE, size); | |
3058 | ||
3059 | if (arg2 != UINT_MAX) | |
3060 | { | |
3061 | tree dst = gimple_call_arg (stmt, arg2); | |
3062 | check_memop_access (stmt, dst, NULL_TREE, size); | |
3063 | } | |
3064 | ||
3065 | return true; | |
3066 | } | |
3067 | ||
81d6cdd3 MS |
3068 | /* Check call STMT to a built-in function for invalid accesses. Return |
3069 | true if a call has been handled. */ | |
3070 | ||
3071 | bool | |
3072 | pass_waccess::check_builtin (gcall *stmt) | |
3073 | { | |
3074 | tree callee = gimple_call_fndecl (stmt); | |
3075 | if (!callee) | |
3076 | return false; | |
3077 | ||
3078 | switch (DECL_FUNCTION_CODE (callee)) | |
3079 | { | |
b48d4e68 MS |
3080 | case BUILT_IN_ALLOCA: |
3081 | case BUILT_IN_ALLOCA_WITH_ALIGN: | |
3082 | case BUILT_IN_ALLOCA_WITH_ALIGN_AND_MAX: | |
3083 | check_alloca (stmt); | |
3084 | return true; | |
3085 | ||
9a27acc3 MS |
3086 | case BUILT_IN_EXECL: |
3087 | case BUILT_IN_EXECLE: | |
3088 | case BUILT_IN_EXECLP: | |
3089 | case BUILT_IN_EXECV: | |
3090 | case BUILT_IN_EXECVE: | |
3091 | case BUILT_IN_EXECVP: | |
3092 | check_read_access (stmt, call_arg (stmt, 0)); | |
3093 | return true; | |
3094 | ||
671a2836 MS |
3095 | case BUILT_IN_FREE: |
3096 | case BUILT_IN_REALLOC: | |
3097 | { | |
3098 | tree arg = call_arg (stmt, 0); | |
3099 | if (TREE_CODE (arg) == SSA_NAME) | |
3100 | check_pointer_uses (stmt, arg); | |
3101 | } | |
3102 | return true; | |
3103 | ||
81d6cdd3 MS |
3104 | case BUILT_IN_GETTEXT: |
3105 | case BUILT_IN_PUTS: | |
3106 | case BUILT_IN_PUTS_UNLOCKED: | |
3107 | case BUILT_IN_STRDUP: | |
3108 | check_read_access (stmt, call_arg (stmt, 0)); | |
3109 | return true; | |
3110 | ||
3111 | case BUILT_IN_INDEX: | |
3112 | case BUILT_IN_RINDEX: | |
3113 | case BUILT_IN_STRCHR: | |
3114 | case BUILT_IN_STRRCHR: | |
3115 | case BUILT_IN_STRLEN: | |
3116 | check_read_access (stmt, call_arg (stmt, 0)); | |
3117 | return true; | |
3118 | ||
3119 | case BUILT_IN_FPUTS: | |
3120 | case BUILT_IN_FPUTS_UNLOCKED: | |
3121 | check_read_access (stmt, call_arg (stmt, 0)); | |
3122 | return true; | |
3123 | ||
3124 | case BUILT_IN_STRNDUP: | |
3125 | case BUILT_IN_STRNLEN: | |
9a27acc3 MS |
3126 | { |
3127 | tree str = call_arg (stmt, 0); | |
3128 | tree len = call_arg (stmt, 1); | |
3129 | check_read_access (stmt, str, len); | |
3130 | return true; | |
3131 | } | |
81d6cdd3 MS |
3132 | |
3133 | case BUILT_IN_STRCAT: | |
3134 | check_strcat (stmt); | |
3135 | return true; | |
3136 | ||
3137 | case BUILT_IN_STRNCAT: | |
3138 | check_strncat (stmt); | |
3139 | return true; | |
3140 | ||
3141 | case BUILT_IN_STPCPY: | |
3142 | case BUILT_IN_STRCPY: | |
3143 | check_stxcpy (stmt); | |
3144 | return true; | |
3145 | ||
3146 | case BUILT_IN_STPNCPY: | |
3147 | case BUILT_IN_STRNCPY: | |
3148 | check_stxncpy (stmt); | |
3149 | return true; | |
3150 | ||
3151 | case BUILT_IN_STRCASECMP: | |
3152 | case BUILT_IN_STRCMP: | |
3153 | case BUILT_IN_STRPBRK: | |
3154 | case BUILT_IN_STRSPN: | |
3155 | case BUILT_IN_STRCSPN: | |
3156 | case BUILT_IN_STRSTR: | |
3157 | check_read_access (stmt, call_arg (stmt, 0)); | |
3158 | check_read_access (stmt, call_arg (stmt, 1)); | |
3159 | return true; | |
3160 | ||
3161 | case BUILT_IN_STRNCASECMP: | |
3162 | case BUILT_IN_STRNCMP: | |
3163 | check_strncmp (stmt); | |
3164 | return true; | |
3165 | ||
3166 | case BUILT_IN_MEMCMP: | |
3167 | { | |
3168 | tree a1 = call_arg (stmt, 0); | |
3169 | tree a2 = call_arg (stmt, 1); | |
3170 | tree len = call_arg (stmt, 2); | |
3171 | check_read_access (stmt, a1, len, 0); | |
3172 | check_read_access (stmt, a2, len, 0); | |
3173 | return true; | |
3174 | } | |
3175 | ||
3176 | case BUILT_IN_MEMCPY: | |
3177 | case BUILT_IN_MEMPCPY: | |
3178 | case BUILT_IN_MEMMOVE: | |
3179 | { | |
3180 | tree dst = call_arg (stmt, 0); | |
3181 | tree src = call_arg (stmt, 1); | |
3182 | tree len = call_arg (stmt, 2); | |
3183 | check_memop_access (stmt, dst, src, len); | |
3184 | return true; | |
3185 | } | |
3186 | ||
3187 | case BUILT_IN_MEMCHR: | |
3188 | { | |
3189 | tree src = call_arg (stmt, 0); | |
3190 | tree len = call_arg (stmt, 2); | |
3191 | check_read_access (stmt, src, len, 0); | |
3192 | return true; | |
3193 | } | |
3194 | ||
3195 | case BUILT_IN_MEMSET: | |
3196 | { | |
3197 | tree dst = call_arg (stmt, 0); | |
3198 | tree len = call_arg (stmt, 2); | |
3199 | check_memop_access (stmt, dst, NULL_TREE, len); | |
3200 | return true; | |
3201 | } | |
3202 | ||
3203 | default: | |
88b504b7 MS |
3204 | if (check_atomic_builtin (stmt)) |
3205 | return true; | |
3206 | break; | |
81d6cdd3 | 3207 | } |
671a2836 | 3208 | |
88b504b7 | 3209 | return false; |
81d6cdd3 MS |
3210 | } |
3211 | ||
b48d4e68 MS |
3212 | /* Returns the type of the argument ARGNO to function with type FNTYPE |
3213 | or null when the typoe cannot be determined or no such argument exists. */ | |
3214 | ||
3215 | static tree | |
3216 | fntype_argno_type (tree fntype, unsigned argno) | |
3217 | { | |
3218 | if (!prototype_p (fntype)) | |
3219 | return NULL_TREE; | |
3220 | ||
3221 | tree argtype; | |
3222 | function_args_iterator it; | |
3223 | FOREACH_FUNCTION_ARGS (fntype, argtype, it) | |
3224 | if (argno-- == 0) | |
3225 | return argtype; | |
3226 | ||
3227 | return NULL_TREE; | |
3228 | } | |
3229 | ||
3230 | /* Helper to append the "human readable" attribute access specification | |
3231 | described by ACCESS to the array ATTRSTR with size STRSIZE. Used in | |
3232 | diagnostics. */ | |
3233 | ||
3234 | static inline void | |
3235 | append_attrname (const std::pair<int, attr_access> &access, | |
3236 | char *attrstr, size_t strsize) | |
3237 | { | |
3238 | if (access.second.internal_p) | |
3239 | return; | |
3240 | ||
3241 | tree str = access.second.to_external_string (); | |
3242 | gcc_assert (strsize >= (size_t) TREE_STRING_LENGTH (str)); | |
3243 | strcpy (attrstr, TREE_STRING_POINTER (str)); | |
3244 | } | |
3245 | ||
3246 | /* Iterate over attribute access read-only, read-write, and write-only | |
3247 | arguments and diagnose past-the-end accesses and related problems | |
3248 | in the function call EXP. */ | |
3249 | ||
ece28da9 MS |
3250 | void |
3251 | pass_waccess::maybe_check_access_sizes (rdwr_map *rwm, tree fndecl, tree fntype, | |
3252 | gimple *stmt) | |
b48d4e68 MS |
3253 | { |
3254 | auto_diagnostic_group adg; | |
3255 | ||
3256 | /* Set if a warning has been issued for any argument (used to decide | |
3257 | whether to emit an informational note at the end). */ | |
3258 | opt_code opt_warned = no_warning; | |
3259 | ||
3260 | /* A string describing the attributes that the warnings issued by this | |
3261 | function apply to. Used to print one informational note per function | |
3262 | call, rather than one per warning. That reduces clutter. */ | |
3263 | char attrstr[80]; | |
3264 | attrstr[0] = 0; | |
3265 | ||
3266 | for (rdwr_map::iterator it = rwm->begin (); it != rwm->end (); ++it) | |
3267 | { | |
3268 | std::pair<int, attr_access> access = *it; | |
3269 | ||
3270 | /* Get the function call arguments corresponding to the attribute's | |
3271 | positional arguments. When both arguments have been specified | |
3272 | there will be two entries in *RWM, one for each. They are | |
3273 | cross-referenced by their respective argument numbers in | |
3274 | ACCESS.PTRARG and ACCESS.SIZARG. */ | |
3275 | const int ptridx = access.second.ptrarg; | |
3276 | const int sizidx = access.second.sizarg; | |
3277 | ||
3278 | gcc_assert (ptridx != -1); | |
3279 | gcc_assert (access.first == ptridx || access.first == sizidx); | |
3280 | ||
3281 | /* The pointer is set to null for the entry corresponding to | |
3282 | the size argument. Skip it. It's handled when the entry | |
3283 | corresponding to the pointer argument comes up. */ | |
3284 | if (!access.second.ptr) | |
3285 | continue; | |
3286 | ||
3287 | tree ptrtype = fntype_argno_type (fntype, ptridx); | |
ea9e0d6c MS |
3288 | if (!ptrtype) |
3289 | /* A function with a prototype was redeclared without one and | |
3290 | the protype has been lost. See pr102759. Avoid dealing | |
3291 | with this pathological case. */ | |
3292 | return; | |
3293 | ||
b48d4e68 MS |
3294 | tree argtype = TREE_TYPE (ptrtype); |
3295 | ||
ea9e0d6c MS |
3296 | /* The size of the access by the call in elements. */ |
3297 | tree access_nelts; | |
b48d4e68 MS |
3298 | if (sizidx == -1) |
3299 | { | |
3300 | /* If only the pointer attribute operand was specified and | |
3301 | not size, set SIZE to the greater of MINSIZE or size of | |
3302 | one element of the pointed to type to detect smaller | |
3303 | objects (null pointers are diagnosed in this case only | |
3304 | if the pointer is also declared with attribute nonnull. */ | |
3305 | if (access.second.minsize | |
3306 | && access.second.minsize != HOST_WIDE_INT_M1U) | |
ea9e0d6c | 3307 | access_nelts = build_int_cstu (sizetype, access.second.minsize); |
9eeca99c MS |
3308 | else if (VOID_TYPE_P (argtype) && access.second.mode == access_none) |
3309 | /* Treat access mode none on a void* argument as expecting | |
3310 | as little as zero bytes. */ | |
3311 | access_nelts = size_zero_node; | |
b48d4e68 | 3312 | else |
ea9e0d6c | 3313 | access_nelts = size_one_node; |
b48d4e68 MS |
3314 | } |
3315 | else | |
ea9e0d6c | 3316 | access_nelts = rwm->get (sizidx)->size; |
b48d4e68 MS |
3317 | |
3318 | /* Format the value or range to avoid an explosion of messages. */ | |
3319 | char sizstr[80]; | |
3320 | tree sizrng[2] = { size_zero_node, build_all_ones_cst (sizetype) }; | |
ea9e0d6c | 3321 | if (get_size_range (m_ptr_qry.rvals, access_nelts, stmt, sizrng, 1)) |
b48d4e68 MS |
3322 | { |
3323 | char *s0 = print_generic_expr_to_str (sizrng[0]); | |
3324 | if (tree_int_cst_equal (sizrng[0], sizrng[1])) | |
3325 | { | |
3326 | gcc_checking_assert (strlen (s0) < sizeof sizstr); | |
3327 | strcpy (sizstr, s0); | |
3328 | } | |
3329 | else | |
3330 | { | |
3331 | char *s1 = print_generic_expr_to_str (sizrng[1]); | |
3332 | gcc_checking_assert (strlen (s0) + strlen (s1) | |
3333 | < sizeof sizstr - 4); | |
6b8b9596 | 3334 | sprintf (sizstr, "[%.37s, %.37s]", s0, s1); |
b48d4e68 MS |
3335 | free (s1); |
3336 | } | |
3337 | free (s0); | |
3338 | } | |
3339 | else | |
3340 | *sizstr = '\0'; | |
3341 | ||
3342 | /* Set if a warning has been issued for the current argument. */ | |
3343 | opt_code arg_warned = no_warning; | |
3344 | location_t loc = get_location (stmt); | |
3345 | tree ptr = access.second.ptr; | |
3346 | if (*sizstr | |
3347 | && tree_int_cst_sgn (sizrng[0]) < 0 | |
3348 | && tree_int_cst_sgn (sizrng[1]) < 0) | |
3349 | { | |
3350 | /* Warn about negative sizes. */ | |
3351 | if (access.second.internal_p) | |
3352 | { | |
3353 | const std::string argtypestr | |
3354 | = access.second.array_as_string (ptrtype); | |
3355 | ||
3356 | if (warning_at (loc, OPT_Wstringop_overflow_, | |
3357 | "bound argument %i value %s is " | |
3358 | "negative for a variable length array " | |
3359 | "argument %i of type %s", | |
3360 | sizidx + 1, sizstr, | |
3361 | ptridx + 1, argtypestr.c_str ())) | |
3362 | arg_warned = OPT_Wstringop_overflow_; | |
3363 | } | |
3364 | else if (warning_at (loc, OPT_Wstringop_overflow_, | |
3365 | "argument %i value %s is negative", | |
3366 | sizidx + 1, sizstr)) | |
3367 | arg_warned = OPT_Wstringop_overflow_; | |
3368 | ||
3369 | if (arg_warned != no_warning) | |
3370 | { | |
3371 | append_attrname (access, attrstr, sizeof attrstr); | |
3372 | /* Remember a warning has been issued and avoid warning | |
3373 | again below for the same attribute. */ | |
3374 | opt_warned = arg_warned; | |
3375 | continue; | |
3376 | } | |
3377 | } | |
3378 | ||
ea9e0d6c MS |
3379 | /* The size of the access by the call in bytes. */ |
3380 | tree access_size = NULL_TREE; | |
b48d4e68 MS |
3381 | if (tree_int_cst_sgn (sizrng[0]) >= 0) |
3382 | { | |
3383 | if (COMPLETE_TYPE_P (argtype)) | |
3384 | { | |
3385 | /* Multiply ACCESS_SIZE by the size of the type the pointer | |
3386 | argument points to. If it's incomplete the size is used | |
3387 | as is. */ | |
3388 | if (tree argsize = TYPE_SIZE_UNIT (argtype)) | |
3389 | if (TREE_CODE (argsize) == INTEGER_CST) | |
3390 | { | |
3391 | const int prec = TYPE_PRECISION (sizetype); | |
3392 | wide_int minsize = wi::to_wide (sizrng[0], prec); | |
3393 | minsize *= wi::to_wide (argsize, prec); | |
3394 | access_size = wide_int_to_tree (sizetype, minsize); | |
3395 | } | |
3396 | } | |
ea9e0d6c MS |
3397 | else |
3398 | access_size = access_nelts; | |
b48d4e68 | 3399 | } |
b48d4e68 MS |
3400 | |
3401 | if (integer_zerop (ptr)) | |
3402 | { | |
3403 | if (sizidx >= 0 && tree_int_cst_sgn (sizrng[0]) > 0) | |
3404 | { | |
3405 | /* Warn about null pointers with positive sizes. This is | |
3406 | different from also declaring the pointer argument with | |
3407 | attribute nonnull when the function accepts null pointers | |
3408 | only when the corresponding size is zero. */ | |
3409 | if (access.second.internal_p) | |
3410 | { | |
3411 | const std::string argtypestr | |
3412 | = access.second.array_as_string (ptrtype); | |
3413 | ||
3414 | if (warning_at (loc, OPT_Wnonnull, | |
3415 | "argument %i of variable length " | |
3416 | "array %s is null but " | |
3417 | "the corresponding bound argument " | |
3418 | "%i value is %s", | |
3419 | ptridx + 1, argtypestr.c_str (), | |
3420 | sizidx + 1, sizstr)) | |
3421 | arg_warned = OPT_Wnonnull; | |
3422 | } | |
3423 | else if (warning_at (loc, OPT_Wnonnull, | |
3424 | "argument %i is null but " | |
3425 | "the corresponding size argument " | |
3426 | "%i value is %s", | |
3427 | ptridx + 1, sizidx + 1, sizstr)) | |
3428 | arg_warned = OPT_Wnonnull; | |
3429 | } | |
3430 | else if (access_size && access.second.static_p) | |
3431 | { | |
3432 | /* Warn about null pointers for [static N] array arguments | |
3433 | but do not warn for ordinary (i.e., nonstatic) arrays. */ | |
3434 | if (warning_at (loc, OPT_Wnonnull, | |
3435 | "argument %i to %<%T[static %E]%> " | |
3436 | "is null where non-null expected", | |
3437 | ptridx + 1, argtype, access_size)) | |
3438 | arg_warned = OPT_Wnonnull; | |
3439 | } | |
3440 | ||
3441 | if (arg_warned != no_warning) | |
3442 | { | |
3443 | append_attrname (access, attrstr, sizeof attrstr); | |
3444 | /* Remember a warning has been issued and avoid warning | |
3445 | again below for the same attribute. */ | |
3446 | opt_warned = OPT_Wnonnull; | |
3447 | continue; | |
3448 | } | |
3449 | } | |
3450 | ||
9a27acc3 MS |
3451 | access_data data (m_ptr_qry.rvals, stmt, access.second.mode, |
3452 | NULL_TREE, false, NULL_TREE, false); | |
b48d4e68 MS |
3453 | access_ref* const pobj = (access.second.mode == access_write_only |
3454 | ? &data.dst : &data.src); | |
9a27acc3 | 3455 | tree objsize = compute_objsize (ptr, stmt, 1, pobj, &m_ptr_qry); |
b48d4e68 MS |
3456 | |
3457 | /* The size of the destination or source object. */ | |
3458 | tree dstsize = NULL_TREE, srcsize = NULL_TREE; | |
3459 | if (access.second.mode == access_read_only | |
3460 | || access.second.mode == access_none) | |
3461 | { | |
3462 | /* For a read-only argument there is no destination. For | |
3463 | no access, set the source as well and differentiate via | |
3464 | the access flag below. */ | |
3465 | srcsize = objsize; | |
3466 | if (access.second.mode == access_read_only | |
3467 | || access.second.mode == access_none) | |
3468 | { | |
3469 | /* For a read-only attribute there is no destination so | |
3470 | clear OBJSIZE. This emits "reading N bytes" kind of | |
3471 | diagnostics instead of the "writing N bytes" kind, | |
3472 | unless MODE is none. */ | |
3473 | objsize = NULL_TREE; | |
3474 | } | |
3475 | } | |
3476 | else | |
3477 | dstsize = objsize; | |
3478 | ||
3479 | /* Clear the no-warning bit in case it was set by check_access | |
3480 | in a prior iteration so that accesses via different arguments | |
3481 | are diagnosed. */ | |
3482 | suppress_warning (stmt, OPT_Wstringop_overflow_, false); | |
3483 | access_mode mode = data.mode; | |
3484 | if (mode == access_deferred) | |
3485 | mode = TYPE_READONLY (argtype) ? access_read_only : access_read_write; | |
3486 | check_access (stmt, access_size, /*maxread=*/ NULL_TREE, srcsize, | |
9a27acc3 | 3487 | dstsize, mode, &data, m_ptr_qry.rvals); |
b48d4e68 MS |
3488 | |
3489 | if (warning_suppressed_p (stmt, OPT_Wstringop_overflow_)) | |
3490 | opt_warned = OPT_Wstringop_overflow_; | |
3491 | if (opt_warned != no_warning) | |
3492 | { | |
3493 | if (access.second.internal_p) | |
ea9e0d6c MS |
3494 | { |
3495 | unsigned HOST_WIDE_INT nelts = | |
3496 | access_nelts ? access.second.minsize : HOST_WIDE_INT_M1U; | |
3497 | tree arrtype = build_printable_array_type (argtype, nelts); | |
3498 | inform (loc, "referencing argument %u of type %qT", | |
3499 | ptridx + 1, arrtype); | |
3500 | } | |
b48d4e68 MS |
3501 | else |
3502 | /* If check_access issued a warning above, append the relevant | |
3503 | attribute to the string. */ | |
3504 | append_attrname (access, attrstr, sizeof attrstr); | |
3505 | } | |
3506 | } | |
3507 | ||
3508 | if (*attrstr) | |
3509 | { | |
3510 | if (fndecl) | |
3511 | inform (get_location (fndecl), | |
3512 | "in a call to function %qD declared with attribute %qs", | |
3513 | fndecl, attrstr); | |
3514 | else | |
3515 | inform (get_location (stmt), | |
3516 | "in a call with type %qT and attribute %qs", | |
3517 | fntype, attrstr); | |
3518 | } | |
3519 | else if (opt_warned != no_warning) | |
3520 | { | |
3521 | if (fndecl) | |
3522 | inform (get_location (fndecl), | |
3523 | "in a call to function %qD", fndecl); | |
3524 | else | |
3525 | inform (get_location (stmt), | |
3526 | "in a call with type %qT", fntype); | |
3527 | } | |
3528 | ||
3529 | /* Set the bit in case if was cleared and not set above. */ | |
3530 | if (opt_warned != no_warning) | |
3531 | suppress_warning (stmt, opt_warned); | |
3532 | } | |
3533 | ||
3534 | /* Check call STMT to an ordinary (non-built-in) function for invalid | |
3535 | accesses. Return true if a call has been handled. */ | |
3536 | ||
3537 | bool | |
671a2836 | 3538 | pass_waccess::check_call_access (gcall *stmt) |
b48d4e68 MS |
3539 | { |
3540 | tree fntype = gimple_call_fntype (stmt); | |
3541 | if (!fntype) | |
3542 | return false; | |
3543 | ||
3544 | tree fntypeattrs = TYPE_ATTRIBUTES (fntype); | |
3545 | if (!fntypeattrs) | |
3546 | return false; | |
3547 | ||
3548 | /* Map of attribute accewss specifications for function arguments. */ | |
3549 | rdwr_map rdwr_idx; | |
3550 | init_attr_rdwr_indices (&rdwr_idx, fntypeattrs); | |
3551 | ||
3552 | unsigned nargs = call_nargs (stmt); | |
3553 | for (unsigned i = 0; i != nargs; ++i) | |
3554 | { | |
3555 | tree arg = call_arg (stmt, i); | |
3556 | ||
3557 | /* Save the actual argument that corresponds to the access attribute | |
3558 | operand for later processing. */ | |
3559 | if (attr_access *access = rdwr_idx.get (i)) | |
3560 | { | |
3561 | if (POINTER_TYPE_P (TREE_TYPE (arg))) | |
3562 | { | |
3563 | access->ptr = arg; | |
3564 | // A nonnull ACCESS->SIZE contains VLA bounds. */ | |
3565 | } | |
3566 | else | |
3567 | { | |
3568 | access->size = arg; | |
3569 | gcc_assert (access->ptr == NULL_TREE); | |
3570 | } | |
3571 | } | |
3572 | } | |
3573 | ||
3574 | /* Check attribute access arguments. */ | |
3575 | tree fndecl = gimple_call_fndecl (stmt); | |
ece28da9 | 3576 | maybe_check_access_sizes (&rdwr_idx, fndecl, fntype, stmt); |
b48d4e68 MS |
3577 | |
3578 | check_alloc_size_call (stmt); | |
3579 | return true; | |
3580 | } | |
3581 | ||
3582 | /* Check arguments in a call STMT for attribute nonstring. */ | |
3583 | ||
3584 | static void | |
3585 | check_nonstring_args (gcall *stmt) | |
3586 | { | |
3587 | tree fndecl = gimple_call_fndecl (stmt); | |
3588 | ||
3589 | /* Detect passing non-string arguments to functions expecting | |
3590 | nul-terminated strings. */ | |
3591 | maybe_warn_nonstring_arg (fndecl, stmt); | |
3592 | } | |
3593 | ||
ece28da9 MS |
3594 | /* Issue a warning if a deallocation function such as free, realloc, |
3595 | or C++ operator delete is called with an argument not returned by | |
3596 | a matching allocation function such as malloc or the corresponding | |
3597 | form of C++ operatorn new. */ | |
3598 | ||
3599 | void | |
3600 | pass_waccess::maybe_check_dealloc_call (gcall *call) | |
3601 | { | |
3602 | tree fndecl = gimple_call_fndecl (call); | |
3603 | if (!fndecl) | |
3604 | return; | |
3605 | ||
3606 | unsigned argno = fndecl_dealloc_argno (fndecl); | |
3607 | if ((unsigned) call_nargs (call) <= argno) | |
3608 | return; | |
3609 | ||
3610 | tree ptr = gimple_call_arg (call, argno); | |
3611 | if (integer_zerop (ptr)) | |
3612 | return; | |
3613 | ||
3614 | access_ref aref; | |
9a27acc3 | 3615 | if (!compute_objsize (ptr, call, 0, &aref, &m_ptr_qry)) |
ece28da9 MS |
3616 | return; |
3617 | ||
3618 | tree ref = aref.ref; | |
3619 | if (integer_zerop (ref)) | |
3620 | return; | |
3621 | ||
3622 | tree dealloc_decl = fndecl; | |
3623 | location_t loc = gimple_location (call); | |
3624 | ||
3625 | if (DECL_P (ref) || EXPR_P (ref)) | |
3626 | { | |
3627 | /* Diagnose freeing a declared object. */ | |
3628 | if (aref.ref_declared () | |
3629 | && warning_at (loc, OPT_Wfree_nonheap_object, | |
3630 | "%qD called on unallocated object %qD", | |
3631 | dealloc_decl, ref)) | |
3632 | { | |
3633 | inform (get_location (ref), "declared here"); | |
3634 | return; | |
3635 | } | |
3636 | ||
3637 | /* Diagnose freeing a pointer that includes a positive offset. | |
3638 | Such a pointer cannot refer to the beginning of an allocated | |
3639 | object. A negative offset may refer to it. */ | |
3640 | if (aref.sizrng[0] != aref.sizrng[1] | |
3641 | && warn_dealloc_offset (loc, call, aref)) | |
3642 | return; | |
3643 | } | |
3644 | else if (CONSTANT_CLASS_P (ref)) | |
3645 | { | |
3646 | if (warning_at (loc, OPT_Wfree_nonheap_object, | |
3647 | "%qD called on a pointer to an unallocated " | |
3648 | "object %qE", dealloc_decl, ref)) | |
3649 | { | |
3650 | if (TREE_CODE (ptr) == SSA_NAME) | |
3651 | { | |
3652 | gimple *def_stmt = SSA_NAME_DEF_STMT (ptr); | |
3653 | if (is_gimple_assign (def_stmt)) | |
3654 | { | |
3655 | location_t loc = gimple_location (def_stmt); | |
3656 | inform (loc, "assigned here"); | |
3657 | } | |
3658 | } | |
3659 | return; | |
3660 | } | |
3661 | } | |
3662 | else if (TREE_CODE (ref) == SSA_NAME) | |
3663 | { | |
3664 | /* Also warn if the pointer argument refers to the result | |
3665 | of an allocation call like alloca or VLA. */ | |
3666 | gimple *def_stmt = SSA_NAME_DEF_STMT (ref); | |
3667 | if (!def_stmt) | |
3668 | return; | |
3669 | ||
3670 | if (is_gimple_call (def_stmt)) | |
3671 | { | |
3672 | bool warned = false; | |
3673 | if (gimple_call_alloc_p (def_stmt)) | |
3674 | { | |
3675 | if (matching_alloc_calls_p (def_stmt, dealloc_decl)) | |
3676 | { | |
3677 | if (warn_dealloc_offset (loc, call, aref)) | |
3678 | return; | |
3679 | } | |
3680 | else | |
3681 | { | |
3682 | tree alloc_decl = gimple_call_fndecl (def_stmt); | |
3683 | const opt_code opt = | |
3684 | (DECL_IS_OPERATOR_NEW_P (alloc_decl) | |
3685 | || DECL_IS_OPERATOR_DELETE_P (dealloc_decl) | |
3686 | ? OPT_Wmismatched_new_delete | |
3687 | : OPT_Wmismatched_dealloc); | |
3688 | warned = warning_at (loc, opt, | |
3689 | "%qD called on pointer returned " | |
3690 | "from a mismatched allocation " | |
3691 | "function", dealloc_decl); | |
3692 | } | |
3693 | } | |
3694 | else if (gimple_call_builtin_p (def_stmt, BUILT_IN_ALLOCA) | |
3695 | || gimple_call_builtin_p (def_stmt, | |
3696 | BUILT_IN_ALLOCA_WITH_ALIGN)) | |
3697 | warned = warning_at (loc, OPT_Wfree_nonheap_object, | |
3698 | "%qD called on pointer to " | |
3699 | "an unallocated object", | |
3700 | dealloc_decl); | |
3701 | else if (warn_dealloc_offset (loc, call, aref)) | |
3702 | return; | |
3703 | ||
3704 | if (warned) | |
3705 | { | |
3706 | tree fndecl = gimple_call_fndecl (def_stmt); | |
3707 | inform (gimple_location (def_stmt), | |
3708 | "returned from %qD", fndecl); | |
3709 | return; | |
3710 | } | |
3711 | } | |
3712 | else if (gimple_nop_p (def_stmt)) | |
3713 | { | |
3714 | ref = SSA_NAME_VAR (ref); | |
3715 | /* Diagnose freeing a pointer that includes a positive offset. */ | |
3716 | if (TREE_CODE (ref) == PARM_DECL | |
3717 | && !aref.deref | |
3718 | && aref.sizrng[0] != aref.sizrng[1] | |
3719 | && aref.offrng[0] > 0 && aref.offrng[1] > 0 | |
3720 | && warn_dealloc_offset (loc, call, aref)) | |
3721 | return; | |
3722 | } | |
3723 | } | |
3724 | } | |
3725 | ||
671a2836 MS |
3726 | /* Return true if either USE_STMT's basic block (that of a pointer's use) |
3727 | is dominated by INVAL_STMT's (that of a pointer's invalidating statement, | |
3728 | or if they're in the same block, USE_STMT follows INVAL_STMT. */ | |
3729 | ||
3730 | bool | |
3731 | pass_waccess::use_after_inval_p (gimple *inval_stmt, gimple *use_stmt) | |
3732 | { | |
3733 | basic_block inval_bb = gimple_bb (inval_stmt); | |
3734 | basic_block use_bb = gimple_bb (use_stmt); | |
3735 | ||
3736 | if (inval_bb != use_bb) | |
3737 | return dominated_by_p (CDI_DOMINATORS, use_bb, inval_bb); | |
3738 | ||
3739 | if (bitmap_set_bit (m_bb_uids_set, inval_bb->index)) | |
3740 | /* The first time this basic block is visited assign increasing ids | |
3741 | to consecutive statements in it. Use the ids to determine which | |
3742 | precedes which. This avoids the linear traversal on subsequent | |
3743 | visits to the same block. */ | |
3744 | for (auto si = gsi_start_bb (inval_bb); !gsi_end_p (si); | |
3745 | gsi_next_nondebug (&si)) | |
3746 | { | |
3747 | gimple *stmt = gsi_stmt (si); | |
3748 | unsigned uid = inc_gimple_stmt_max_uid (m_func); | |
3749 | gimple_set_uid (stmt, uid); | |
3750 | } | |
3751 | ||
3752 | return gimple_uid (inval_stmt) < gimple_uid (use_stmt); | |
3753 | } | |
3754 | ||
3755 | /* Issue a warning for the USE_STMT of pointer PTR rendered invalid | |
3756 | by INVAL_STMT. PTR may be null when it's been optimized away. | |
3757 | MAYBE is true to issue the "maybe" kind of warning. EQUALITY is | |
3758 | true when the pointer is used in an equality expression. */ | |
3759 | ||
3760 | void | |
3761 | pass_waccess::warn_invalid_pointer (tree ptr, gimple *use_stmt, | |
3762 | gimple *inval_stmt, | |
3763 | bool maybe, | |
3764 | bool equality /* = false */) | |
3765 | { | |
3766 | /* Avoid printing the unhelpful "<unknown>" in the diagnostics. */ | |
3767 | if (ptr && TREE_CODE (ptr) == SSA_NAME | |
3768 | && (!SSA_NAME_VAR (ptr) || DECL_ARTIFICIAL (SSA_NAME_VAR (ptr)))) | |
3769 | ptr = NULL_TREE; | |
3770 | ||
3771 | location_t use_loc = gimple_location (use_stmt); | |
3772 | if (use_loc == UNKNOWN_LOCATION) | |
3773 | { | |
3774 | use_loc = cfun->function_end_locus; | |
3775 | if (!ptr) | |
3776 | /* Avoid issuing a warning with no context other than | |
3777 | the function. That would make it difficult to debug | |
3778 | in any but very simple cases. */ | |
3779 | return; | |
3780 | } | |
3781 | ||
3782 | if (is_gimple_call (inval_stmt)) | |
3783 | { | |
3784 | if ((equality && warn_use_after_free < 3) | |
3785 | || (maybe && warn_use_after_free < 2) | |
3786 | || warning_suppressed_p (use_stmt, OPT_Wuse_after_free)) | |
3787 | return; | |
3788 | ||
3789 | const tree inval_decl = gimple_call_fndecl (inval_stmt); | |
3790 | ||
3791 | if ((ptr && warning_at (use_loc, OPT_Wuse_after_free, | |
3792 | (maybe | |
3793 | ? G_("pointer %qE may be used after %qD") | |
3794 | : G_("pointer %qE used after %qD")), | |
3795 | ptr, inval_decl)) | |
3796 | || (!ptr && warning_at (use_loc, OPT_Wuse_after_free, | |
3797 | (maybe | |
3798 | ? G_("pointer may be used after %qD") | |
3799 | : G_("pointer used after %qD")), | |
3800 | inval_decl))) | |
3801 | { | |
3802 | location_t loc = gimple_location (inval_stmt); | |
3803 | inform (loc, "call to %qD here", inval_decl); | |
3804 | suppress_warning (use_stmt, OPT_Wuse_after_free); | |
3805 | } | |
3806 | return; | |
3807 | } | |
3808 | } | |
3809 | ||
3810 | /* If STMT is a call to either the standard realloc or to a user-defined | |
3811 | reallocation function returns its LHS and set *PTR to the reallocated | |
3812 | pointer. Otherwise return null. */ | |
3813 | ||
3814 | static tree | |
3815 | get_realloc_lhs (gimple *stmt, tree *ptr) | |
3816 | { | |
3817 | if (gimple_call_builtin_p (stmt, BUILT_IN_REALLOC)) | |
3818 | { | |
3819 | *ptr = gimple_call_arg (stmt, 0); | |
3820 | return gimple_call_lhs (stmt); | |
3821 | } | |
3822 | ||
3823 | gcall *call = dyn_cast<gcall *>(stmt); | |
3824 | if (!call) | |
3825 | return NULL_TREE; | |
3826 | ||
3827 | tree fnattr = NULL_TREE; | |
3828 | tree fndecl = gimple_call_fndecl (call); | |
3829 | if (fndecl) | |
3830 | fnattr = DECL_ATTRIBUTES (fndecl); | |
3831 | else | |
3832 | { | |
3833 | tree fntype = gimple_call_fntype (stmt); | |
3834 | if (!fntype) | |
3835 | return NULL_TREE; | |
3836 | fnattr = TYPE_ATTRIBUTES (fntype); | |
3837 | } | |
3838 | ||
3839 | if (!fnattr) | |
3840 | return NULL_TREE; | |
3841 | ||
3842 | for (tree ats = fnattr; (ats = lookup_attribute ("*dealloc", ats)); | |
3843 | ats = TREE_CHAIN (ats)) | |
3844 | { | |
3845 | tree args = TREE_VALUE (ats); | |
3846 | if (!args) | |
3847 | continue; | |
3848 | ||
3849 | tree alloc = TREE_VALUE (args); | |
3850 | if (!alloc) | |
3851 | continue; | |
3852 | ||
3853 | if (alloc == DECL_NAME (fndecl)) | |
3854 | { | |
3855 | unsigned argno = 0; | |
3856 | if (tree index = TREE_CHAIN (args)) | |
3857 | argno = TREE_INT_CST_LOW (TREE_VALUE (index)) - 1; | |
3858 | *ptr = gimple_call_arg (stmt, argno); | |
3859 | return gimple_call_lhs (stmt); | |
3860 | } | |
3861 | } | |
3862 | ||
3863 | return NULL_TREE; | |
3864 | } | |
3865 | ||
3866 | /* Warn if STMT is a call to a deallocation function that's not a match | |
3867 | for the REALLOC_STMT call. Return true if warned. */ | |
3868 | ||
3869 | static bool | |
3870 | maybe_warn_mismatched_realloc (tree ptr, gimple *realloc_stmt, gimple *stmt) | |
3871 | { | |
3872 | if (!is_gimple_call (stmt)) | |
3873 | return false; | |
3874 | ||
3875 | tree fndecl = gimple_call_fndecl (stmt); | |
3876 | if (!fndecl) | |
3877 | return false; | |
3878 | ||
3879 | unsigned argno = fndecl_dealloc_argno (fndecl); | |
3880 | if (call_nargs (stmt) <= argno) | |
3881 | return false; | |
3882 | ||
3883 | if (matching_alloc_calls_p (realloc_stmt, fndecl)) | |
3884 | return false; | |
3885 | ||
3886 | /* Avoid printing the unhelpful "<unknown>" in the diagnostics. */ | |
3887 | if (ptr && TREE_CODE (ptr) == SSA_NAME | |
3888 | && (!SSA_NAME_VAR (ptr) || DECL_ARTIFICIAL (SSA_NAME_VAR (ptr)))) | |
3889 | ptr = NULL_TREE; | |
3890 | ||
3891 | location_t loc = gimple_location (stmt); | |
3892 | tree realloc_decl = gimple_call_fndecl (realloc_stmt); | |
3893 | tree dealloc_decl = gimple_call_fndecl (stmt); | |
3894 | if (ptr && !warning_at (loc, OPT_Wmismatched_dealloc, | |
3895 | "%qD called on pointer %qE passed to mismatched " | |
3896 | "allocation function %qD", | |
3897 | dealloc_decl, ptr, realloc_decl)) | |
3898 | return false; | |
3899 | if (!ptr && !warning_at (loc, OPT_Wmismatched_dealloc, | |
3900 | "%qD called on a pointer passed to mismatched " | |
3901 | "reallocation function %qD", | |
3902 | dealloc_decl, realloc_decl)) | |
3903 | return false; | |
3904 | ||
3905 | inform (gimple_location (realloc_stmt), | |
3906 | "call to %qD", realloc_decl); | |
3907 | return true; | |
3908 | } | |
3909 | ||
3910 | /* Return true if P and Q point to the same object, and false if they | |
3911 | either don't or their relationship cannot be determined. */ | |
3912 | ||
3913 | static bool | |
3914 | pointers_related_p (gimple *stmt, tree p, tree q, pointer_query &qry) | |
3915 | { | |
3916 | if (!ptr_derefs_may_alias_p (p, q)) | |
3917 | return false; | |
3918 | ||
3919 | /* TODO: Work harder to rule out relatedness. */ | |
3920 | access_ref pref, qref; | |
3921 | if (!qry.get_ref (p, stmt, &pref, 0) | |
3922 | || !qry.get_ref (q, stmt, &qref, 0)) | |
3923 | return true; | |
3924 | ||
3925 | return pref.ref == qref.ref; | |
3926 | } | |
3927 | ||
3928 | /* For a STMT either a call to a deallocation function or a clobber, warn | |
3929 | for uses of the pointer PTR it was called with (including its copies | |
3930 | or others derived from it by pointer arithmetic). */ | |
3931 | ||
3932 | void | |
3933 | pass_waccess::check_pointer_uses (gimple *stmt, tree ptr) | |
3934 | { | |
3935 | gcc_assert (TREE_CODE (ptr) == SSA_NAME); | |
3936 | ||
3937 | const bool check_dangling = !is_gimple_call (stmt); | |
3938 | basic_block stmt_bb = gimple_bb (stmt); | |
3939 | ||
3940 | /* If STMT is a reallocation function set to the reallocated pointer | |
3941 | and the LHS of the call, respectively. */ | |
3942 | tree realloc_ptr = NULL_TREE; | |
3943 | tree realloc_lhs = get_realloc_lhs (stmt, &realloc_ptr); | |
3944 | ||
3945 | auto_bitmap visited; | |
3946 | ||
3947 | auto_vec<tree> pointers; | |
3948 | pointers.safe_push (ptr); | |
3949 | ||
3950 | /* Starting with PTR, iterate over POINTERS added by the loop, and | |
3951 | either warn for their uses in basic blocks dominated by the STMT | |
3952 | or in statements that follow it in the same basic block, or add | |
3953 | them to POINTERS if they point into the same object as PTR (i.e., | |
3954 | are obtained by pointer arithmetic on PTR). */ | |
3955 | for (unsigned i = 0; i != pointers.length (); ++i) | |
3956 | { | |
3957 | tree ptr = pointers[i]; | |
3958 | if (TREE_CODE (ptr) == SSA_NAME | |
3959 | && !bitmap_set_bit (visited, SSA_NAME_VERSION (ptr))) | |
3960 | /* Avoid revisiting the same pointer. */ | |
3961 | continue; | |
3962 | ||
3963 | use_operand_p use_p; | |
3964 | imm_use_iterator iter; | |
3965 | FOR_EACH_IMM_USE_FAST (use_p, iter, ptr) | |
3966 | { | |
3967 | gimple *use_stmt = USE_STMT (use_p); | |
3968 | if (use_stmt == stmt || is_gimple_debug (use_stmt)) | |
3969 | continue; | |
3970 | ||
3971 | if (realloc_lhs) | |
3972 | { | |
3973 | /* Check to see if USE_STMT is a mismatched deallocation | |
3974 | call for the pointer passed to realloc. That's a bug | |
3975 | regardless of the pointer's value and so warn. */ | |
3976 | if (maybe_warn_mismatched_realloc (*use_p->use, stmt, use_stmt)) | |
3977 | continue; | |
3978 | ||
3979 | /* Pointers passed to realloc that are used in basic blocks | |
3980 | where the realloc call is known to have failed are valid. | |
3981 | Ignore pointers that nothing is known about. Those could | |
3982 | have escaped along with their nullness. */ | |
3983 | value_range vr; | |
3984 | if (m_ptr_qry.rvals->range_of_expr (vr, realloc_lhs, use_stmt)) | |
3985 | { | |
3986 | if (vr.zero_p ()) | |
3987 | continue; | |
3988 | ||
3989 | if (!pointers_related_p (stmt, ptr, realloc_ptr, m_ptr_qry)) | |
3990 | continue; | |
3991 | } | |
3992 | } | |
3993 | ||
3994 | if (check_dangling | |
3995 | && gimple_code (use_stmt) == GIMPLE_RETURN) | |
3996 | /* Avoid interfering with -Wreturn-local-addr (which runs only | |
3997 | with optimization enabled so it won't diagnose cases that | |
3998 | would be caught here when optimization is disabled). */ | |
3999 | continue; | |
4000 | ||
4001 | bool equality = false; | |
4002 | if (is_gimple_assign (use_stmt)) | |
4003 | { | |
4004 | tree_code code = gimple_assign_rhs_code (use_stmt); | |
4005 | equality = code == EQ_EXPR || code == NE_EXPR; | |
4006 | } | |
4007 | else if (gcond *cond = dyn_cast<gcond *>(use_stmt)) | |
4008 | { | |
4009 | tree_code code = gimple_cond_code (cond); | |
4010 | equality = code == EQ_EXPR || code == NE_EXPR; | |
4011 | } | |
4012 | ||
4013 | /* Warn if USE_STMT is dominated by the deallocation STMT. | |
4014 | Otherwise, add the pointer to POINTERS so that the uses | |
4015 | of any other pointers derived from it can be checked. */ | |
4016 | if (use_after_inval_p (stmt, use_stmt)) | |
4017 | { | |
4018 | /* TODO: Handle PHIs but careful of false positives. */ | |
4019 | if (gimple_code (use_stmt) != GIMPLE_PHI) | |
4020 | { | |
4021 | basic_block use_bb = gimple_bb (use_stmt); | |
4022 | bool this_maybe | |
4023 | = !dominated_by_p (CDI_POST_DOMINATORS, use_bb, stmt_bb); | |
4024 | warn_invalid_pointer (*use_p->use, use_stmt, stmt, | |
4025 | this_maybe, equality); | |
4026 | continue; | |
4027 | } | |
4028 | } | |
4029 | ||
4030 | if (is_gimple_assign (use_stmt)) | |
4031 | { | |
4032 | tree lhs = gimple_assign_lhs (use_stmt); | |
4033 | if (TREE_CODE (lhs) == SSA_NAME) | |
4034 | { | |
4035 | tree_code rhs_code = gimple_assign_rhs_code (use_stmt); | |
4036 | if (rhs_code == POINTER_PLUS_EXPR || rhs_code == SSA_NAME) | |
4037 | pointers.safe_push (lhs); | |
4038 | } | |
4039 | continue; | |
4040 | } | |
4041 | ||
4042 | if (gcall *call = dyn_cast <gcall *>(use_stmt)) | |
4043 | { | |
4044 | if (gimple_call_return_arg (call)) | |
4045 | if (tree lhs = gimple_call_lhs (call)) | |
4046 | if (TREE_CODE (lhs) == SSA_NAME) | |
4047 | pointers.safe_push (lhs); | |
4048 | continue; | |
4049 | } | |
4050 | } | |
4051 | } | |
4052 | } | |
4053 | ||
2a837de2 MS |
4054 | /* Check call STMT for invalid accesses. */ |
4055 | ||
4056 | void | |
671a2836 | 4057 | pass_waccess::check_call (gcall *stmt) |
2a837de2 | 4058 | { |
b48d4e68 MS |
4059 | if (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) |
4060 | check_builtin (stmt); | |
81d6cdd3 | 4061 | |
671a2836 MS |
4062 | if (tree callee = gimple_call_fndecl (stmt)) |
4063 | { | |
4064 | /* Check for uses of the pointer passed to either a standard | |
4065 | or a user-defined deallocation function. */ | |
4066 | unsigned argno = fndecl_dealloc_argno (callee); | |
4067 | if (argno < (unsigned) call_nargs (stmt)) | |
4068 | { | |
4069 | tree arg = call_arg (stmt, argno); | |
4070 | if (TREE_CODE (arg) == SSA_NAME) | |
4071 | check_pointer_uses (stmt, arg); | |
4072 | } | |
4073 | } | |
b48d4e68 | 4074 | |
671a2836 | 4075 | check_call_access (stmt); |
b48d4e68 | 4076 | |
671a2836 | 4077 | maybe_check_dealloc_call (stmt); |
b48d4e68 | 4078 | check_nonstring_args (stmt); |
2a837de2 MS |
4079 | } |
4080 | ||
671a2836 | 4081 | |
2a837de2 MS |
4082 | /* Check basic block BB for invalid accesses. */ |
4083 | ||
4084 | void | |
671a2836 | 4085 | pass_waccess::check_block (basic_block bb) |
2a837de2 MS |
4086 | { |
4087 | /* Iterate over statements, looking for function calls. */ | |
671a2836 MS |
4088 | for (auto si = gsi_start_bb (bb); !gsi_end_p (si); |
4089 | gsi_next_nondebug (&si)) | |
2a837de2 | 4090 | { |
671a2836 MS |
4091 | gimple *stmt = gsi_stmt (si); |
4092 | if (gcall *call = dyn_cast <gcall *> (stmt)) | |
4093 | check_call (call); | |
2a837de2 MS |
4094 | } |
4095 | } | |
4096 | ||
671a2836 MS |
4097 | /* Return the argument that the call STMT to a built-in function returns |
4098 | (including with an offset) or null if it doesn't. */ | |
4099 | ||
4100 | tree | |
4101 | pass_waccess::gimple_call_return_arg (gcall *call) | |
4102 | { | |
4103 | /* Check for attribute fn spec to see if the function returns one | |
4104 | of its arguments. */ | |
4105 | attr_fnspec fnspec = gimple_call_fnspec (call); | |
4106 | unsigned int argno; | |
4107 | if (!fnspec.returns_arg (&argno)) | |
4108 | { | |
4109 | if (gimple_call_num_args (call) < 1) | |
4110 | return NULL_TREE; | |
4111 | ||
4112 | if (!gimple_call_builtin_p (call, BUILT_IN_NORMAL)) | |
4113 | return NULL_TREE; | |
4114 | ||
4115 | tree fndecl = gimple_call_fndecl (call); | |
4116 | switch (DECL_FUNCTION_CODE (fndecl)) | |
4117 | { | |
4118 | case BUILT_IN_MEMPCPY: | |
4119 | case BUILT_IN_MEMPCPY_CHK: | |
4120 | case BUILT_IN_MEMCHR: | |
4121 | case BUILT_IN_STRCHR: | |
4122 | case BUILT_IN_STRRCHR: | |
4123 | case BUILT_IN_STRSTR: | |
4124 | case BUILT_IN_STPCPY: | |
4125 | case BUILT_IN_STPCPY_CHK: | |
4126 | case BUILT_IN_STPNCPY: | |
4127 | case BUILT_IN_STPNCPY_CHK: | |
4128 | argno = 0; | |
4129 | break; | |
4130 | ||
4131 | default: | |
4132 | return NULL_TREE; | |
4133 | } | |
4134 | } | |
4135 | ||
4136 | if (gimple_call_num_args (call) <= argno) | |
4137 | return NULL_TREE; | |
4138 | ||
4139 | return gimple_call_arg (call, argno); | |
4140 | } | |
4141 | ||
2a837de2 MS |
4142 | /* Check function FUN for invalid accesses. */ |
4143 | ||
4144 | unsigned | |
4145 | pass_waccess::execute (function *fun) | |
4146 | { | |
671a2836 MS |
4147 | calculate_dominance_info (CDI_DOMINATORS); |
4148 | calculate_dominance_info (CDI_POST_DOMINATORS); | |
4149 | ||
81501087 | 4150 | /* Create a new ranger instance and associate it with FUN. */ |
ece28da9 | 4151 | m_ptr_qry.rvals = enable_ranger (fun); |
671a2836 MS |
4152 | m_func = fun; |
4153 | ||
4154 | auto_bitmap bb_uids_set (&bitmap_default_obstack); | |
4155 | m_bb_uids_set = bb_uids_set; | |
4156 | ||
4157 | set_gimple_stmt_max_uid (m_func, 0); | |
b48d4e68 | 4158 | |
2a837de2 MS |
4159 | basic_block bb; |
4160 | FOR_EACH_BB_FN (bb, fun) | |
671a2836 | 4161 | check_block (bb); |
2a837de2 | 4162 | |
ece28da9 MS |
4163 | if (dump_file) |
4164 | m_ptr_qry.dump (dump_file, (dump_flags & TDF_DETAILS) != 0); | |
4165 | ||
4166 | m_ptr_qry.flush_cache (); | |
4167 | ||
4168 | /* Release the ranger instance and replace it with a global ranger. | |
4169 | Also reset the pointer since calling disable_ranger() deletes it. */ | |
81501087 | 4170 | disable_ranger (fun); |
ece28da9 | 4171 | m_ptr_qry.rvals = NULL; |
81501087 | 4172 | |
671a2836 MS |
4173 | m_bb_uids_set = NULL; |
4174 | ||
4175 | free_dominance_info (CDI_POST_DOMINATORS); | |
4176 | free_dominance_info (CDI_DOMINATORS); | |
2a837de2 MS |
4177 | return 0; |
4178 | } | |
4179 | ||
4180 | } // namespace | |
4181 | ||
4182 | /* Return a new instance of the pass. */ | |
4183 | ||
4184 | gimple_opt_pass * | |
4185 | make_pass_warn_access (gcc::context *ctxt) | |
4186 | { | |
4187 | return new pass_waccess (ctxt); | |
4188 | } |