]> git.ipfire.org Git - thirdparty/gcc.git/blob - gcc/tree-ssa-strlen.c
projects / thirdparty / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
builtins.c (compute_objsize): Add an argument and set it to offset into destination.
[thirdparty/gcc.git] / gcc / tree-ssa-strlen.c
1 /* String length optimization
2 Copyright (C) 2011-2019 Free Software Foundation, Inc.
3 Contributed by Jakub Jelinek <jakub@redhat.com>
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
11
12 GCC is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "backend.h"
25 #include "rtl.h"
26 #include "tree.h"
27 #include "gimple.h"
28 #include "alloc-pool.h"
29 #include "tree-pass.h"
30 #include "ssa.h"
31 #include "cgraph.h"
32 #include "gimple-pretty-print.h"
33 #include "gimple-ssa-warn-restrict.h"
34 #include "fold-const.h"
35 #include "stor-layout.h"
36 #include "gimple-fold.h"
37 #include "tree-eh.h"
38 #include "gimplify.h"
39 #include "gimple-iterator.h"
40 #include "gimplify-me.h"
41 #include "expr.h"
42 #include "tree-cfg.h"
43 #include "tree-dfa.h"
44 #include "domwalk.h"
45 #include "tree-ssa-alias.h"
46 #include "tree-ssa-propagate.h"
47 #include "tree-ssa-strlen.h"
48 #include "tree-hash-traits.h"
49 #include "tree-object-size.h"
50 #include "builtins.h"
51 #include "target.h"
52 #include "diagnostic-core.h"
53 #include "diagnostic.h"
54 #include "intl.h"
55 #include "attribs.h"
56 #include "calls.h"
57 #include "cfgloop.h"
58 #include "tree-ssa-loop.h"
59 #include "tree-scalar-evolution.h"
60
61 #include "vr-values.h"
62 #include "gimple-ssa-evrp-analyze.h"
63
64 /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
65 is an index into strinfo vector, negative value stands for
66 string length of a string literal (~strlen). */
67 static vec<int> ssa_ver_to_stridx;
68
69 /* Number of currently active string indexes plus one. */
70 static int max_stridx;
71
72 /* Set to true to optimize, false when just checking. */
73 static bool strlen_optimize;
74
75 /* String information record. */
76 struct strinfo
77 {
78 /* Number of leading characters that are known to be nonzero. This is
79 also the length of the string if FULL_STRING_P.
80
81 The values in a list of related string pointers must be consistent;
82 that is, if strinfo B comes X bytes after strinfo A, it must be
83 the case that A->nonzero_chars == X + B->nonzero_chars. */
84 tree nonzero_chars;
85 /* Any of the corresponding pointers for querying alias oracle. */
86 tree ptr;
87 /* This is used for two things:
88
89 - To record the statement that should be used for delayed length
90 computations. We maintain the invariant that all related strinfos
91 have delayed lengths or none do.
92
93 - To record the malloc or calloc call that produced this result. */
94 gimple *stmt;
95 /* Pointer to '\0' if known, if NULL, it can be computed as
96 ptr + length. */
97 tree endptr;
98 /* Reference count. Any changes to strinfo entry possibly shared
99 with dominating basic blocks need unshare_strinfo first, except
100 for dont_invalidate which affects only the immediately next
101 maybe_invalidate. */
102 int refcount;
103 /* Copy of index. get_strinfo (si->idx) should return si; */
104 int idx;
105 /* These 3 fields are for chaining related string pointers together.
106 E.g. for
107 bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
108 strcpy (c, d); e = c + dl;
109 strinfo(a) -> strinfo(c) -> strinfo(e)
110 All have ->first field equal to strinfo(a)->idx and are doubly
111 chained through prev/next fields. The later strinfos are required
112 to point into the same string with zero or more bytes after
113 the previous pointer and all bytes in between the two pointers
114 must be non-zero. Functions like strcpy or memcpy are supposed
115 to adjust all previous strinfo lengths, but not following strinfo
116 lengths (those are uncertain, usually invalidated during
117 maybe_invalidate, except when the alias oracle knows better).
118 Functions like strcat on the other side adjust the whole
119 related strinfo chain.
120 They are updated lazily, so to use the chain the same first fields
121 and si->prev->next == si->idx needs to be verified. */
122 int first;
123 int next;
124 int prev;
125 /* A flag whether the string is known to be written in the current
126 function. */
127 bool writable;
128 /* A flag for the next maybe_invalidate that this strinfo shouldn't
129 be invalidated. Always cleared by maybe_invalidate. */
130 bool dont_invalidate;
131 /* True if the string is known to be nul-terminated after NONZERO_CHARS
132 characters. False is useful when detecting strings that are built
133 up via successive memcpys. */
134 bool full_string_p;
135 };
136
137 /* Pool for allocating strinfo_struct entries. */
138 static object_allocator<strinfo> strinfo_pool ("strinfo pool");
139
140 /* Vector mapping positive string indexes to strinfo, for the
141 current basic block. The first pointer in the vector is special,
142 it is either NULL, meaning the vector isn't shared, or it is
143 a basic block pointer to the owner basic_block if shared.
144 If some other bb wants to modify the vector, the vector needs
145 to be unshared first, and only the owner bb is supposed to free it. */
146 static vec<strinfo *, va_heap, vl_embed> *stridx_to_strinfo;
147
148 /* One OFFSET->IDX mapping. */
149 struct stridxlist
150 {
151 struct stridxlist *next;
152 HOST_WIDE_INT offset;
153 int idx;
154 };
155
156 /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
157 struct decl_stridxlist_map
158 {
159 struct tree_map_base base;
160 struct stridxlist list;
161 };
162
163 /* Hash table for mapping decls to a chained list of offset -> idx
164 mappings. */
165 typedef hash_map<tree_decl_hash, stridxlist> decl_to_stridxlist_htab_t;
166 static decl_to_stridxlist_htab_t *decl_to_stridxlist_htab;
167
168 /* Hash table mapping strlen (or strnlen with constant bound and return
169 smaller than bound) calls to stridx instances describing
170 the calls' arguments. Non-null only when warn_stringop_truncation
171 is non-zero. */
172 typedef std::pair<int, location_t> stridx_strlenloc;
173 static hash_map<tree, stridx_strlenloc> *strlen_to_stridx;
174
175 /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
176 static struct obstack stridx_obstack;
177
178 /* Last memcpy statement if it could be adjusted if the trailing
179 '\0' written is immediately overwritten, or
180 *x = '\0' store that could be removed if it is immediately overwritten. */
181 struct laststmt_struct
182 {
183 gimple *stmt;
184 tree len;
185 int stridx;
186 } laststmt;
187
188 static int get_stridx_plus_constant (strinfo *, unsigned HOST_WIDE_INT, tree);
189 static void handle_builtin_stxncpy (built_in_function, gimple_stmt_iterator *);
190
191 /* Sets MINMAX to either the constant value or the range VAL is in
192 and returns true on success. When nonnull, uses RVALS to get
193 VAL's range. Otherwise uses get_range_info. */
194
195 static bool
196 get_range (tree val, wide_int minmax[2], const vr_values *rvals = NULL)
197 {
198 if (tree_fits_uhwi_p (val))
199 {
200 minmax[0] = minmax[1] = wi::to_wide (val);
201 return true;
202 }
203
204 if (TREE_CODE (val) != SSA_NAME)
205 return false;
206
207 if (rvals)
208 {
209 /* The range below may be "inaccurate" if a constant has been
210 substituted earlier for VAL by this pass that hasn't been
211 propagated through the CFG. This shoud be fixed by the new
212 on-demand VRP if/when it becomes available (hopefully in
213 GCC 11). */
214 const value_range *vr
215 = (CONST_CAST (class vr_values *, rvals)->get_value_range (val));
216 value_range_kind rng = vr->kind ();
217 if (rng != VR_RANGE || !range_int_cst_p (vr))
218 return false;
219
220 minmax[0] = wi::to_wide (vr->min ());
221 minmax[1] = wi::to_wide (vr->max ());
222 return true;
223 }
224
225 value_range_kind rng = get_range_info (val, minmax, minmax + 1);
226 if (rng == VR_RANGE)
227 return true;
228
229 /* Do not handle anti-ranges and instead make use of the on-demand
230 VRP if/when it becomes available (hopefully in GCC 11). */
231 return false;
232 }
233
234 /* Return:
235
236 * +1 if SI is known to start with more than OFF nonzero characters.
237
238 * 0 if SI is known to start with exactly OFF nonzero characters.
239
240 * -1 if SI either does not start with OFF nonzero characters
241 or the relationship between the number of leading nonzero
242 characters in SI and OFF is unknown. */
243
244 static inline int
245 compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off)
246 {
247 if (si->nonzero_chars
248 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
249 return compare_tree_int (si->nonzero_chars, off);
250 else
251 return -1;
252 }
253
254 /* Same as above but suitable also for strings with non-constant lengths.
255 Uses RVALS to determine length range. */
256
257 static int
258 compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off,
259 const vr_values *rvals)
260 {
261 if (!si->nonzero_chars)
262 return -1;
263
264 if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
265 return compare_tree_int (si->nonzero_chars, off);
266
267 if (!rvals || TREE_CODE (si->nonzero_chars) != SSA_NAME)
268 return -1;
269
270 const value_range_equiv *vr
271 = (CONST_CAST (class vr_values *, rvals)
272 ->get_value_range (si->nonzero_chars));
273
274 value_range_kind rng = vr->kind ();
275 if (rng != VR_RANGE || !range_int_cst_p (vr))
276 return -1;
277
278 /* If the offset is less than the minimum length or if the bounds
279 of the length range are equal return the result of the comparison
280 same as in the constant case. Otherwise return a conservative
281 result. */
282 int cmpmin = compare_tree_int (vr->min (), off);
283 if (cmpmin > 0 || tree_int_cst_equal (vr->min (), vr->max ()))
284 return cmpmin;
285
286 return -1;
287 }
288
289 /* Return true if SI is known to be a zero-length string. */
290
291 static inline bool
292 zero_length_string_p (strinfo *si)
293 {
294 return si->full_string_p && integer_zerop (si->nonzero_chars);
295 }
296
297 /* Return strinfo vector entry IDX. */
298
299 static inline strinfo *
300 get_strinfo (int idx)
301 {
302 if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
303 return NULL;
304 return (*stridx_to_strinfo)[idx];
305 }
306
307 /* Get the next strinfo in the chain after SI, or null if none. */
308
309 static inline strinfo *
310 get_next_strinfo (strinfo *si)
311 {
312 if (si->next == 0)
313 return NULL;
314 strinfo *nextsi = get_strinfo (si->next);
315 if (nextsi == NULL || nextsi->first != si->first || nextsi->prev != si->idx)
316 return NULL;
317 return nextsi;
318 }
319
320 /* Helper function for get_stridx. Return the strinfo index of the address
321 of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
322 OK to return the index for some X <= &EXP and store &EXP - X in
323 *OFFSET_OUT. */
324
325 static int
326 get_addr_stridx (tree exp, tree ptr, unsigned HOST_WIDE_INT *offset_out,
327 const vr_values *rvals = NULL)
328 {
329 HOST_WIDE_INT off;
330 struct stridxlist *list, *last = NULL;
331 tree base;
332
333 if (!decl_to_stridxlist_htab)
334 return 0;
335
336 poly_int64 poff;
337 base = get_addr_base_and_unit_offset (exp, &poff);
338 if (base == NULL || !DECL_P (base) || !poff.is_constant (&off))
339 return 0;
340
341 list = decl_to_stridxlist_htab->get (base);
342 if (list == NULL)
343 return 0;
344
345 do
346 {
347 if (list->offset == off)
348 {
349 if (offset_out)
350 *offset_out = 0;
351 return list->idx;
352 }
353 if (list->offset > off)
354 return 0;
355 last = list;
356 list = list->next;
357 }
358 while (list);
359
360 if ((offset_out || ptr) && last && last->idx > 0)
361 {
362 unsigned HOST_WIDE_INT rel_off
363 = (unsigned HOST_WIDE_INT) off - last->offset;
364 strinfo *si = get_strinfo (last->idx);
365 if (si && compare_nonzero_chars (si, rel_off, rvals) >= 0)
366 {
367 if (offset_out)
368 {
369 *offset_out = rel_off;
370 return last->idx;
371 }
372 else
373 return get_stridx_plus_constant (si, rel_off, ptr);
374 }
375 }
376 return 0;
377 }
378
379 /* Returns string index for EXP. When EXP is an SSA_NAME that refers
380 to a known strinfo with an offset and OFFRNG is non-null, sets
381 both elements of the OFFRNG array to the range of the offset and
382 returns the index of the known strinfo. In this case the result
383 must not be used in for functions that modify the string. */
384
385 static int
386 get_stridx (tree exp, wide_int offrng[2] = NULL)
387 {
388 if (offrng)
389 offrng[0] = offrng[1] = wi::zero (TYPE_PRECISION (sizetype));
390
391 if (TREE_CODE (exp) == SSA_NAME)
392 {
393 if (ssa_ver_to_stridx[SSA_NAME_VERSION (exp)])
394 return ssa_ver_to_stridx[SSA_NAME_VERSION (exp)];
395
396 tree e = exp;
397 int last_idx = 0;
398 HOST_WIDE_INT offset = 0;
399 /* Follow a chain of at most 5 assignments. */
400 for (int i = 0; i < 5; i++)
401 {
402 gimple *def_stmt = SSA_NAME_DEF_STMT (e);
403 if (!is_gimple_assign (def_stmt))
404 return last_idx;
405
406 tree_code rhs_code = gimple_assign_rhs_code (def_stmt);
407 tree ptr, off;
408
409 if (rhs_code == ADDR_EXPR)
410 {
411 /* Handle indices/offsets into VLAs which are implemented
412 as pointers to arrays. */
413 ptr = gimple_assign_rhs1 (def_stmt);
414 ptr = TREE_OPERAND (ptr, 0);
415
416 /* Handle also VLAs of types larger than char. */
417 if (tree eltsize = TYPE_SIZE_UNIT (TREE_TYPE (ptr)))
418 {
419 if (TREE_CODE (ptr) == ARRAY_REF)
420 {
421 off = TREE_OPERAND (ptr, 1);
422 ptr = TREE_OPERAND (ptr, 0);
423 if (!integer_onep (eltsize))
424 {
425 /* Scale the array index by the size of the element
426 type in the rare case that it's greater than
427 the typical 1 for char, making sure both operands
428 have the same type. */
429 eltsize = fold_convert (ssizetype, eltsize);
430 off = fold_convert (ssizetype, off);
431 off = fold_build2 (MULT_EXPR, ssizetype, off, eltsize);
432 }
433 }
434 else
435 off = integer_zero_node;
436 }
437 else
438 return 0;
439
440 if (TREE_CODE (ptr) != MEM_REF)
441 return 0;
442
443 /* Add the MEM_REF byte offset. */
444 tree mem_off = TREE_OPERAND (ptr, 1);
445 off = fold_build2 (PLUS_EXPR, TREE_TYPE (off), off, mem_off);
446 ptr = TREE_OPERAND (ptr, 0);
447 }
448 else if (rhs_code == POINTER_PLUS_EXPR)
449 {
450 ptr = gimple_assign_rhs1 (def_stmt);
451 off = gimple_assign_rhs2 (def_stmt);
452 }
453 else
454 return 0;
455
456 if (TREE_CODE (ptr) != SSA_NAME)
457 return 0;
458
459 if (!tree_fits_shwi_p (off))
460 {
461 if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
462 if (offrng)
463 {
464 /* Only when requested by setting OFFRNG to non-null,
465 return the index corresponding to the SSA_NAME.
466 Do this irrespective of the whether the offset
467 is known. */
468 if (get_range (off, offrng))
469 {
470 /* When the offset range is known, increment it
471 it by the constant offset computed in prior
472 iterations and store it in the OFFRNG array. */
473 offrng[0] += offset;
474 offrng[1] += offset;
475 }
476 else
477 {
478 /* When the offset range cannot be determined
479 store [0, SIZE_MAX] and let the caller decide
480 if the offset matters. */
481 offrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
482 offrng[0] = wi::zero (offrng[1].get_precision ());
483 }
484 return idx;
485 }
486 return 0;
487 }
488
489 HOST_WIDE_INT this_off = tree_to_shwi (off);
490 if (offrng)
491 {
492 offrng[0] += wi::shwi (this_off, offrng->get_precision ());
493 offrng[1] += offrng[0];
494 }
495
496 if (this_off < 0)
497 return last_idx;
498
499 offset = (unsigned HOST_WIDE_INT) offset + this_off;
500 if (offset < 0)
501 return last_idx;
502
503 if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
504 {
505 strinfo *si = get_strinfo (idx);
506 if (si)
507 {
508 if (compare_nonzero_chars (si, offset) >= 0)
509 return get_stridx_plus_constant (si, offset, exp);
510
511 if (offrng)
512 last_idx = idx;
513 }
514 }
515 e = ptr;
516 }
517
518 return last_idx;
519 }
520
521 if (TREE_CODE (exp) == ADDR_EXPR)
522 {
523 int idx = get_addr_stridx (TREE_OPERAND (exp, 0), exp, NULL);
524 if (idx != 0)
525 return idx;
526 }
527
528 const char *p = c_getstr (exp);
529 if (p)
530 return ~(int) strlen (p);
531
532 return 0;
533 }
534
535 /* Return true if strinfo vector is shared with the immediate dominator. */
536
537 static inline bool
538 strinfo_shared (void)
539 {
540 return vec_safe_length (stridx_to_strinfo)
541 && (*stridx_to_strinfo)[0] != NULL;
542 }
543
544 /* Unshare strinfo vector that is shared with the immediate dominator. */
545
546 static void
547 unshare_strinfo_vec (void)
548 {
549 strinfo *si;
550 unsigned int i = 0;
551
552 gcc_assert (strinfo_shared ());
553 stridx_to_strinfo = vec_safe_copy (stridx_to_strinfo);
554 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
555 if (si != NULL)
556 si->refcount++;
557 (*stridx_to_strinfo)[0] = NULL;
558 }
559
560 /* Attempt to create a string index for exp, ADDR_EXPR's operand.
561 Return a pointer to the location where the string index can
562 be stored (if 0) or is stored, or NULL if this can't be tracked. */
563
564 static int *
565 addr_stridxptr (tree exp)
566 {
567 HOST_WIDE_INT off;
568
569 poly_int64 poff;
570 tree base = get_addr_base_and_unit_offset (exp, &poff);
571 if (base == NULL_TREE || !DECL_P (base) || !poff.is_constant (&off))
572 return NULL;
573
574 if (!decl_to_stridxlist_htab)
575 {
576 decl_to_stridxlist_htab
577 = new hash_map<tree_decl_hash, stridxlist> (64);
578 gcc_obstack_init (&stridx_obstack);
579 }
580
581 bool existed;
582 stridxlist *list = &decl_to_stridxlist_htab->get_or_insert (base, &existed);
583 if (existed)
584 {
585 int i;
586 stridxlist *before = NULL;
587 for (i = 0; i < 32; i++)
588 {
589 if (list->offset == off)
590 return &list->idx;
591 if (list->offset > off && before == NULL)
592 before = list;
593 if (list->next == NULL)
594 break;
595 list = list->next;
596 }
597 if (i == 32)
598 return NULL;
599 if (before)
600 {
601 list = before;
602 before = XOBNEW (&stridx_obstack, struct stridxlist);
603 *before = *list;
604 list->next = before;
605 list->offset = off;
606 list->idx = 0;
607 return &list->idx;
608 }
609 list->next = XOBNEW (&stridx_obstack, struct stridxlist);
610 list = list->next;
611 }
612
613 list->next = NULL;
614 list->offset = off;
615 list->idx = 0;
616 return &list->idx;
617 }
618
619 /* Create a new string index, or return 0 if reached limit. */
620
621 static int
622 new_stridx (tree exp)
623 {
624 int idx;
625 if (max_stridx >= param_max_tracked_strlens)
626 return 0;
627 if (TREE_CODE (exp) == SSA_NAME)
628 {
629 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp))
630 return 0;
631 idx = max_stridx++;
632 ssa_ver_to_stridx[SSA_NAME_VERSION (exp)] = idx;
633 return idx;
634 }
635 if (TREE_CODE (exp) == ADDR_EXPR)
636 {
637 int *pidx = addr_stridxptr (TREE_OPERAND (exp, 0));
638 if (pidx != NULL)
639 {
640 gcc_assert (*pidx == 0);
641 *pidx = max_stridx++;
642 return *pidx;
643 }
644 }
645 return 0;
646 }
647
648 /* Like new_stridx, but for ADDR_EXPR's operand instead. */
649
650 static int
651 new_addr_stridx (tree exp)
652 {
653 int *pidx;
654 if (max_stridx >= param_max_tracked_strlens)
655 return 0;
656 pidx = addr_stridxptr (exp);
657 if (pidx != NULL)
658 {
659 gcc_assert (*pidx == 0);
660 *pidx = max_stridx++;
661 return *pidx;
662 }
663 return 0;
664 }
665
666 /* Create a new strinfo. */
667
668 static strinfo *
669 new_strinfo (tree ptr, int idx, tree nonzero_chars, bool full_string_p)
670 {
671 strinfo *si = strinfo_pool.allocate ();
672 si->nonzero_chars = nonzero_chars;
673 si->ptr = ptr;
674 si->stmt = NULL;
675 si->endptr = NULL_TREE;
676 si->refcount = 1;
677 si->idx = idx;
678 si->first = 0;
679 si->prev = 0;
680 si->next = 0;
681 si->writable = false;
682 si->dont_invalidate = false;
683 si->full_string_p = full_string_p;
684 return si;
685 }
686
687 /* Decrease strinfo refcount and free it if not referenced anymore. */
688
689 static inline void
690 free_strinfo (strinfo *si)
691 {
692 if (si && --si->refcount == 0)
693 strinfo_pool.remove (si);
694 }
695
696 /* Set strinfo in the vector entry IDX to SI. */
697
698 static inline void
699 set_strinfo (int idx, strinfo *si)
700 {
701 if (vec_safe_length (stridx_to_strinfo) && (*stridx_to_strinfo)[0])
702 unshare_strinfo_vec ();
703 if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
704 vec_safe_grow_cleared (stridx_to_strinfo, idx + 1);
705 (*stridx_to_strinfo)[idx] = si;
706 }
707
708 /* Return the first strinfo in the related strinfo chain
709 if all strinfos in between belong to the chain, otherwise NULL. */
710
711 static strinfo *
712 verify_related_strinfos (strinfo *origsi)
713 {
714 strinfo *si = origsi, *psi;
715
716 if (origsi->first == 0)
717 return NULL;
718 for (; si->prev; si = psi)
719 {
720 if (si->first != origsi->first)
721 return NULL;
722 psi = get_strinfo (si->prev);
723 if (psi == NULL)
724 return NULL;
725 if (psi->next != si->idx)
726 return NULL;
727 }
728 if (si->idx != si->first)
729 return NULL;
730 return si;
731 }
732
733 /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
734 Use LOC for folding. */
735
736 static void
737 set_endptr_and_length (location_t loc, strinfo *si, tree endptr)
738 {
739 si->endptr = endptr;
740 si->stmt = NULL;
741 tree start_as_size = fold_convert_loc (loc, size_type_node, si->ptr);
742 tree end_as_size = fold_convert_loc (loc, size_type_node, endptr);
743 si->nonzero_chars = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
744 end_as_size, start_as_size);
745 si->full_string_p = true;
746 }
747
748 /* Return the string length, or NULL if it can't be computed.
749 The length may but need not be constant. Instead, it might be
750 the result of a strlen() call. */
751
752 static tree
753 get_string_length (strinfo *si)
754 {
755 /* If the length has already been computed return it if it's exact
756 (i.e., the string is nul-terminated at NONZERO_CHARS), or return
757 null if it isn't. */
758 if (si->nonzero_chars)
759 return si->full_string_p ? si->nonzero_chars : NULL;
760
761 /* If the string is the result of one of the built-in calls below
762 attempt to compute the length from the call statement. */
763 if (si->stmt)
764 {
765 gimple *stmt = si->stmt, *lenstmt;
766 tree callee, lhs, fn, tem;
767 location_t loc;
768 gimple_stmt_iterator gsi;
769
770 gcc_assert (is_gimple_call (stmt));
771 callee = gimple_call_fndecl (stmt);
772 gcc_assert (callee && fndecl_built_in_p (callee, BUILT_IN_NORMAL));
773 lhs = gimple_call_lhs (stmt);
774 /* unshare_strinfo is intentionally not called here. The (delayed)
775 transformation of strcpy or strcat into stpcpy is done at the place
776 of the former strcpy/strcat call and so can affect all the strinfos
777 with the same stmt. If they were unshared before and transformation
778 has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
779 just compute the right length. */
780 switch (DECL_FUNCTION_CODE (callee))
781 {
782 case BUILT_IN_STRCAT:
783 case BUILT_IN_STRCAT_CHK:
784 gsi = gsi_for_stmt (stmt);
785 fn = builtin_decl_implicit (BUILT_IN_STRLEN);
786 gcc_assert (lhs == NULL_TREE);
787 tem = unshare_expr (gimple_call_arg (stmt, 0));
788 lenstmt = gimple_build_call (fn, 1, tem);
789 lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), lenstmt);
790 gimple_call_set_lhs (lenstmt, lhs);
791 gimple_set_vuse (lenstmt, gimple_vuse (stmt));
792 gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
793 tem = gimple_call_arg (stmt, 0);
794 if (!ptrofftype_p (TREE_TYPE (lhs)))
795 {
796 lhs = convert_to_ptrofftype (lhs);
797 lhs = force_gimple_operand_gsi (&gsi, lhs, true, NULL_TREE,
798 true, GSI_SAME_STMT);
799 }
800 lenstmt = gimple_build_assign
801 (make_ssa_name (TREE_TYPE (gimple_call_arg (stmt, 0))),
802 POINTER_PLUS_EXPR,tem, lhs);
803 gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
804 gimple_call_set_arg (stmt, 0, gimple_assign_lhs (lenstmt));
805 lhs = NULL_TREE;
806 /* FALLTHRU */
807 case BUILT_IN_STRCPY:
808 case BUILT_IN_STRCPY_CHK:
809 gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY));
810 if (gimple_call_num_args (stmt) == 2)
811 fn = builtin_decl_implicit (BUILT_IN_STPCPY);
812 else
813 fn = builtin_decl_explicit (BUILT_IN_STPCPY_CHK);
814 gcc_assert (lhs == NULL_TREE);
815 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
816 {
817 fprintf (dump_file, "Optimizing: ");
818 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
819 }
820 gimple_call_set_fndecl (stmt, fn);
821 lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt);
822 gimple_call_set_lhs (stmt, lhs);
823 update_stmt (stmt);
824 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
825 {
826 fprintf (dump_file, "into: ");
827 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
828 }
829 /* FALLTHRU */
830 case BUILT_IN_STPCPY:
831 case BUILT_IN_STPCPY_CHK:
832 gcc_assert (lhs != NULL_TREE);
833 loc = gimple_location (stmt);
834 set_endptr_and_length (loc, si, lhs);
835 for (strinfo *chainsi = verify_related_strinfos (si);
836 chainsi != NULL;
837 chainsi = get_next_strinfo (chainsi))
838 if (chainsi->nonzero_chars == NULL)
839 set_endptr_and_length (loc, chainsi, lhs);
840 break;
841 case BUILT_IN_MALLOC:
842 break;
843 /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
844 default:
845 gcc_unreachable ();
846 break;
847 }
848 }
849
850 return si->nonzero_chars;
851 }
852
853 /* Dump strlen data to FP for statement STMT. When non-null, RVALS
854 points to EVRP info and is used to dump strlen range for non-constant
855 results. */
856
857 DEBUG_FUNCTION void
858 dump_strlen_info (FILE *fp, gimple *stmt, const vr_values *rvals)
859 {
860 if (stmt)
861 {
862 fprintf (fp, "\nDumping strlen pass data after ");
863 print_gimple_expr (fp, stmt, TDF_LINENO);
864 fputc ('\n', fp);
865 }
866 else
867 fprintf (fp, "\nDumping strlen pass data\n");
868
869 fprintf (fp, "max_stridx = %i\n", max_stridx);
870 fprintf (fp, "ssa_ver_to_stridx has %u elements\n",
871 ssa_ver_to_stridx.length ());
872 fprintf (fp, "stridx_to_strinfo");
873 if (stridx_to_strinfo)
874 {
875 fprintf (fp, " has %u elements\n", stridx_to_strinfo->length ());
876 for (unsigned i = 0; i != stridx_to_strinfo->length (); ++i)
877 {
878 if (strinfo *si = (*stridx_to_strinfo)[i])
879 {
880 if (!si->idx)
881 continue;
882 fprintf (fp, " idx = %i", si->idx);
883 if (si->ptr)
884 {
885 fprintf (fp, ", ptr = ");
886 print_generic_expr (fp, si->ptr);
887 }
888 fprintf (fp, ", nonzero_chars = ");
889 print_generic_expr (fp, si->nonzero_chars);
890 if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
891 {
892 value_range_kind rng = VR_UNDEFINED;
893 wide_int min, max;
894 if (rvals)
895 {
896 const value_range_equiv *vr
897 = CONST_CAST (class vr_values *, rvals)
898 ->get_value_range (si->nonzero_chars);
899 rng = vr->kind ();
900 if (range_int_cst_p (vr))
901 {
902 min = wi::to_wide (vr->min ());
903 max = wi::to_wide (vr->max ());
904 }
905 else
906 rng = VR_UNDEFINED;
907 }
908 else
909 rng = get_range_info (si->nonzero_chars, &min, &max);
910
911 if (rng == VR_RANGE || rng == VR_ANTI_RANGE)
912 {
913 fprintf (fp, " %s[%llu, %llu]",
914 rng == VR_RANGE ? "" : "~",
915 (long long) min.to_uhwi (),
916 (long long) max.to_uhwi ());
917 }
918 }
919 fprintf (fp, " , refcount = %i", si->refcount);
920 if (si->stmt)
921 {
922 fprintf (fp, ", stmt = ");
923 print_gimple_expr (fp, si->stmt, 0);
924 }
925 if (si->writable)
926 fprintf (fp, ", writable");
927 if (si->full_string_p)
928 fprintf (fp, ", full_string_p");
929 if (strinfo *next = get_next_strinfo (si))
930 {
931 fprintf (fp, ", {");
932 do
933 fprintf (fp, "%i%s", next->idx, next->first ? ", " : "");
934 while ((next = get_next_strinfo (next)));
935 fprintf (fp, "}");
936 }
937 fputs ("\n", fp);
938 }
939 }
940 }
941 else
942 fprintf (fp, " = null\n");
943
944 fprintf (fp, "decl_to_stridxlist_htab");
945 if (decl_to_stridxlist_htab)
946 {
947 fputs ("\n", fp);
948 typedef decl_to_stridxlist_htab_t::iterator iter_t;
949 for (iter_t it = decl_to_stridxlist_htab->begin ();
950 it != decl_to_stridxlist_htab->end (); ++it)
951 {
952 tree decl = (*it).first;
953 stridxlist *list = &(*it).second;
954 fprintf (fp, " decl = ");
955 print_generic_expr (fp, decl);
956 if (list)
957 {
958 fprintf (fp, ", offsets = {");
959 for (; list; list = list->next)
960 fprintf (fp, "%lli%s", (long long) list->offset,
961 list->next ? ", " : "");
962 fputs ("}", fp);
963 }
964 fputs ("\n", fp);
965 }
966 }
967 else
968 fprintf (fp, " = null\n");
969
970 if (laststmt.stmt)
971 {
972 fprintf (fp, "laststmt = ");
973 print_gimple_expr (fp, laststmt.stmt, 0);
974 fprintf (fp, ", len = ");
975 print_generic_expr (fp, laststmt.len);
976 fprintf (fp, ", stridx = %i\n", laststmt.stridx);
977 }
978 }
979
980 /* Attempt to determine the length of the string SRC. On success, store
981 the length in *PDATA and return true. Otherwise, return false.
982 VISITED is a bitmap of visited PHI nodes. RVALS points to EVRP info
983 and PSSA_DEF_MAX to an SSA_NAME assignment limit used to prevent runaway
984 recursion. */
985
986 static bool
987 get_range_strlen_dynamic (tree src, c_strlen_data *pdata, bitmap *visited,
988 const vr_values *rvals, unsigned *pssa_def_max)
989 {
990 int idx = get_stridx (src);
991 if (!idx)
992 {
993 if (TREE_CODE (src) == SSA_NAME)
994 {
995 gimple *def_stmt = SSA_NAME_DEF_STMT (src);
996 if (gimple_code (def_stmt) == GIMPLE_PHI)
997 {
998 if (!*visited)
999 *visited = BITMAP_ALLOC (NULL);
1000
1001 if (!bitmap_set_bit (*visited, SSA_NAME_VERSION (src)))
1002 return true;
1003
1004 if (*pssa_def_max == 0)
1005 return false;
1006
1007 --*pssa_def_max;
1008
1009 /* Iterate over the PHI arguments and determine the minimum
1010 and maximum length/size of each and incorporate them into
1011 the overall result. */
1012 gphi *phi = as_a <gphi *> (def_stmt);
1013 for (unsigned i = 0; i != gimple_phi_num_args (phi); ++i)
1014 {
1015 tree arg = gimple_phi_arg_def (phi, i);
1016 if (arg == gimple_phi_result (def_stmt))
1017 continue;
1018
1019 c_strlen_data argdata = { };
1020 if (get_range_strlen_dynamic (arg, &argdata, visited, rvals,
1021 pssa_def_max))
1022 {
1023 /* Set the DECL of an unterminated array this argument
1024 refers to if one hasn't been found yet. */
1025 if (!pdata->decl && argdata.decl)
1026 pdata->decl = argdata.decl;
1027
1028 if (!argdata.minlen
1029 || (integer_zerop (argdata.minlen)
1030 && (!argdata.maxbound
1031 || integer_all_onesp (argdata.maxbound))
1032 && integer_all_onesp (argdata.maxlen)))
1033 {
1034 /* Set the upper bound of the length to unbounded. */
1035 pdata->maxlen = build_all_ones_cst (size_type_node);
1036 continue;
1037 }
1038
1039 /* Adjust the minimum and maximum length determined
1040 so far and the upper bound on the array size. */
1041 if (!pdata->minlen
1042 || tree_int_cst_lt (argdata.minlen, pdata->minlen))
1043 pdata->minlen = argdata.minlen;
1044 if (!pdata->maxlen
1045 || (argdata.maxlen
1046 && tree_int_cst_lt (pdata->maxlen, argdata.maxlen)))
1047 pdata->maxlen = argdata.maxlen;
1048 if (!pdata->maxbound
1049 || TREE_CODE (pdata->maxbound) != INTEGER_CST
1050 || (argdata.maxbound
1051 && tree_int_cst_lt (pdata->maxbound,
1052 argdata.maxbound)
1053 && !integer_all_onesp (argdata.maxbound)))
1054 pdata->maxbound = argdata.maxbound;
1055 }
1056 else
1057 pdata->maxlen = build_all_ones_cst (size_type_node);
1058 }
1059
1060 return true;
1061 }
1062 }
1063
1064 /* Return success regardless of the result and handle *PDATA
1065 in the caller. */
1066 get_range_strlen (src, pdata, 1);
1067 return true;
1068 }
1069
1070 if (idx < 0)
1071 {
1072 /* SRC is a string of constant length. */
1073 pdata->minlen = build_int_cst (size_type_node, ~idx);
1074 pdata->maxlen = pdata->minlen;
1075 pdata->maxbound = pdata->maxlen;
1076 return true;
1077 }
1078
1079 if (strinfo *si = get_strinfo (idx))
1080 {
1081 pdata->minlen = get_string_length (si);
1082 if (!pdata->minlen && si->nonzero_chars)
1083 {
1084 if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
1085 pdata->minlen = si->nonzero_chars;
1086 else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
1087 {
1088 const value_range_equiv *vr
1089 = CONST_CAST (class vr_values *, rvals)
1090 ->get_value_range (si->nonzero_chars);
1091 if (vr->kind () == VR_RANGE
1092 && range_int_cst_p (vr))
1093 {
1094 pdata->minlen = vr->min ();
1095 pdata->maxlen = vr->max ();
1096 }
1097 else
1098 pdata->minlen = build_zero_cst (size_type_node);
1099 }
1100 else
1101 pdata->minlen = build_zero_cst (size_type_node);
1102
1103 tree base = si->ptr;
1104 if (TREE_CODE (base) == ADDR_EXPR)
1105 base = TREE_OPERAND (base, 0);
1106
1107 HOST_WIDE_INT off;
1108 poly_int64 poff;
1109 base = get_addr_base_and_unit_offset (base, &poff);
1110 if (base
1111 && DECL_P (base)
1112 && TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE
1113 && TYPE_SIZE_UNIT (TREE_TYPE (base))
1114 && poff.is_constant (&off))
1115 {
1116 tree basetype = TREE_TYPE (base);
1117 tree size = TYPE_SIZE_UNIT (basetype);
1118 ++off; /* Increment for the terminating nul. */
1119 pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node, size,
1120 build_int_cst (size_type_node, off));
1121 pdata->maxbound = pdata->maxlen;
1122 }
1123 else
1124 pdata->maxlen = build_all_ones_cst (size_type_node);
1125 }
1126 else if (pdata->minlen && TREE_CODE (pdata->minlen) == SSA_NAME)
1127 {
1128 const value_range_equiv *vr
1129 = CONST_CAST (class vr_values *, rvals)
1130 ->get_value_range (si->nonzero_chars);
1131 if (vr->kind () == VR_RANGE
1132 && range_int_cst_p (vr))
1133 {
1134 pdata->minlen = vr->min ();
1135 pdata->maxlen = vr->max ();
1136 pdata->maxbound = pdata->maxlen;
1137 }
1138 else
1139 {
1140 pdata->minlen = build_zero_cst (size_type_node);
1141 pdata->maxlen = build_all_ones_cst (size_type_node);
1142 }
1143 }
1144 else if (pdata->minlen && TREE_CODE (pdata->minlen) == INTEGER_CST)
1145 {
1146 pdata->maxlen = pdata->minlen;
1147 pdata->maxbound = pdata->minlen;
1148 }
1149 else
1150 {
1151 /* For PDATA->MINLEN that's a non-constant expression such
1152 as PLUS_EXPR whose value range is unknown, set the bounds
1153 to zero and SIZE_MAX. */
1154 pdata->minlen = build_zero_cst (size_type_node);
1155 pdata->maxlen = build_all_ones_cst (size_type_node);
1156 }
1157
1158 return true;
1159 }
1160
1161 return false;
1162 }
1163
1164 /* Analogous to get_range_strlen but for dynamically created strings,
1165 i.e., those created by calls to strcpy as opposed to just string
1166 constants.
1167 Try to obtain the range of the lengths of the string(s) referenced
1168 by SRC, or the size of the largest array SRC refers to if the range
1169 of lengths cannot be determined, and store all in *PDATA. RVALS
1170 points to EVRP info. */
1171
1172 void
1173 get_range_strlen_dynamic (tree src, c_strlen_data *pdata,
1174 const vr_values *rvals)
1175 {
1176 bitmap visited = NULL;
1177 tree maxbound = pdata->maxbound;
1178
1179 unsigned limit = param_ssa_name_def_chain_limit;
1180 if (!get_range_strlen_dynamic (src, pdata, &visited, rvals, &limit))
1181 {
1182 /* On failure extend the length range to an impossible maximum
1183 (a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other
1184 members can stay unchanged regardless. */
1185 pdata->minlen = ssize_int (0);
1186 pdata->maxlen = build_all_ones_cst (size_type_node);
1187 }
1188 else if (!pdata->minlen)
1189 pdata->minlen = ssize_int (0);
1190
1191 /* If it's unchanged from it initial non-null value, set the conservative
1192 MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */
1193 if (maxbound && pdata->maxbound == maxbound)
1194 pdata->maxbound = build_all_ones_cst (size_type_node);
1195
1196 if (visited)
1197 BITMAP_FREE (visited);
1198 }
1199
1200 /* Invalidate string length information for strings whose length
1201 might change due to stores in stmt, except those marked DON'T
1202 INVALIDATE. For string-modifying statements, ZERO_WRITE is
1203 set when the statement wrote only zeros. */
1204
1205 static bool
1206 maybe_invalidate (gimple *stmt, bool zero_write = false)
1207 {
1208 if (dump_file && (dump_flags & TDF_DETAILS))
1209 fprintf (dump_file, " %s()\n", __func__);
1210
1211 strinfo *si;
1212 unsigned int i;
1213 bool nonempty = false;
1214
1215 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
1216 if (si != NULL)
1217 {
1218 if (!si->dont_invalidate)
1219 {
1220 ao_ref r;
1221 tree size = NULL_TREE;
1222 if (si->nonzero_chars)
1223 {
1224 /* Include the terminating nul in the size of the string
1225 to consider when determining possible clobber. */
1226 tree type = TREE_TYPE (si->nonzero_chars);
1227 size = fold_build2 (PLUS_EXPR, type, si->nonzero_chars,
1228 build_int_cst (type, 1));
1229 }
1230 ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
1231 if (stmt_may_clobber_ref_p_1 (stmt, &r))
1232 {
1233 if (dump_file && (dump_flags & TDF_DETAILS))
1234 {
1235 if (size && tree_fits_uhwi_p (size))
1236 fprintf (dump_file,
1237 " statement may clobber string "
1238 HOST_WIDE_INT_PRINT_UNSIGNED " long\n",
1239 tree_to_uhwi (size));
1240 else
1241 fprintf (dump_file,
1242 " statement may clobber string\n");
1243 }
1244
1245 set_strinfo (i, NULL);
1246 free_strinfo (si);
1247 continue;
1248 }
1249
1250 if (size
1251 && !zero_write
1252 && si->stmt
1253 && is_gimple_call (si->stmt)
1254 && (DECL_FUNCTION_CODE (gimple_call_fndecl (si->stmt))
1255 == BUILT_IN_CALLOC))
1256 {
1257 /* If the clobber test above considered the length of
1258 the string (including the nul), then for (potentially)
1259 non-zero writes that might modify storage allocated by
1260 calloc consider the whole object and if it might be
1261 clobbered by the statement reset the allocation
1262 statement. */
1263 ao_ref_init_from_ptr_and_size (&r, si->ptr, NULL_TREE);
1264 if (stmt_may_clobber_ref_p_1 (stmt, &r))
1265 si->stmt = NULL;
1266 }
1267 }
1268 si->dont_invalidate = false;
1269 nonempty = true;
1270 }
1271
1272 if (dump_file && (dump_flags & TDF_DETAILS))
1273 fprintf (dump_file, " %s() ==> %i\n", __func__, nonempty);
1274
1275 return nonempty;
1276 }
1277
1278 /* Unshare strinfo record SI, if it has refcount > 1 or
1279 if stridx_to_strinfo vector is shared with some other
1280 bbs. */
1281
1282 static strinfo *
1283 unshare_strinfo (strinfo *si)
1284 {
1285 strinfo *nsi;
1286
1287 if (si->refcount == 1 && !strinfo_shared ())
1288 return si;
1289
1290 nsi = new_strinfo (si->ptr, si->idx, si->nonzero_chars, si->full_string_p);
1291 nsi->stmt = si->stmt;
1292 nsi->endptr = si->endptr;
1293 nsi->first = si->first;
1294 nsi->prev = si->prev;
1295 nsi->next = si->next;
1296 nsi->writable = si->writable;
1297 set_strinfo (si->idx, nsi);
1298 free_strinfo (si);
1299 return nsi;
1300 }
1301
1302 /* Attempt to create a new strinfo for BASESI + OFF, or find existing
1303 strinfo if there is any. Return it's idx, or 0 if no strinfo has
1304 been created. */
1305
1306 static int
1307 get_stridx_plus_constant (strinfo *basesi, unsigned HOST_WIDE_INT off,
1308 tree ptr)
1309 {
1310 if (TREE_CODE (ptr) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1311 return 0;
1312
1313 if (compare_nonzero_chars (basesi, off) < 0
1314 || !tree_fits_uhwi_p (basesi->nonzero_chars))
1315 return 0;
1316
1317 unsigned HOST_WIDE_INT nonzero_chars
1318 = tree_to_uhwi (basesi->nonzero_chars) - off;
1319 strinfo *si = basesi, *chainsi;
1320 if (si->first || si->prev || si->next)
1321 si = verify_related_strinfos (basesi);
1322 if (si == NULL
1323 || si->nonzero_chars == NULL_TREE
1324 || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1325 return 0;
1326
1327 if (TREE_CODE (ptr) == SSA_NAME
1328 && ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1329 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names);
1330
1331 gcc_checking_assert (compare_tree_int (si->nonzero_chars, off) != -1);
1332 for (chainsi = si; chainsi->next; chainsi = si)
1333 {
1334 si = get_next_strinfo (chainsi);
1335 if (si == NULL
1336 || si->nonzero_chars == NULL_TREE
1337 || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1338 break;
1339 int r = compare_tree_int (si->nonzero_chars, nonzero_chars);
1340 if (r != 1)
1341 {
1342 if (r == 0)
1343 {
1344 if (TREE_CODE (ptr) == SSA_NAME)
1345 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = si->idx;
1346 else
1347 {
1348 int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1349 if (pidx != NULL && *pidx == 0)
1350 *pidx = si->idx;
1351 }
1352 return si->idx;
1353 }
1354 break;
1355 }
1356 }
1357
1358 int idx = new_stridx (ptr);
1359 if (idx == 0)
1360 return 0;
1361 si = new_strinfo (ptr, idx, build_int_cst (size_type_node, nonzero_chars),
1362 basesi->full_string_p);
1363 set_strinfo (idx, si);
1364 if (strinfo *nextsi = get_strinfo (chainsi->next))
1365 {
1366 nextsi = unshare_strinfo (nextsi);
1367 si->next = nextsi->idx;
1368 nextsi->prev = idx;
1369 }
1370 chainsi = unshare_strinfo (chainsi);
1371 if (chainsi->first == 0)
1372 chainsi->first = chainsi->idx;
1373 chainsi->next = idx;
1374 if (chainsi->endptr == NULL_TREE && zero_length_string_p (si))
1375 chainsi->endptr = ptr;
1376 si->endptr = chainsi->endptr;
1377 si->prev = chainsi->idx;
1378 si->first = chainsi->first;
1379 si->writable = chainsi->writable;
1380 return si->idx;
1381 }
1382
1383 /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
1384 to a zero-length string and if possible chain it to a related strinfo
1385 chain whose part is or might be CHAINSI. */
1386
1387 static strinfo *
1388 zero_length_string (tree ptr, strinfo *chainsi)
1389 {
1390 strinfo *si;
1391 int idx;
1392 if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1393 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names);
1394 gcc_checking_assert (TREE_CODE (ptr) == SSA_NAME
1395 && ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] == 0);
1396
1397 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1398 return NULL;
1399 if (chainsi != NULL)
1400 {
1401 si = verify_related_strinfos (chainsi);
1402 if (si)
1403 {
1404 do
1405 {
1406 /* We shouldn't mix delayed and non-delayed lengths. */
1407 gcc_assert (si->full_string_p);
1408 if (si->endptr == NULL_TREE)
1409 {
1410 si = unshare_strinfo (si);
1411 si->endptr = ptr;
1412 }
1413 chainsi = si;
1414 si = get_next_strinfo (si);
1415 }
1416 while (si != NULL);
1417 if (zero_length_string_p (chainsi))
1418 {
1419 if (chainsi->next)
1420 {
1421 chainsi = unshare_strinfo (chainsi);
1422 chainsi->next = 0;
1423 }
1424 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = chainsi->idx;
1425 return chainsi;
1426 }
1427 }
1428 else
1429 {
1430 /* We shouldn't mix delayed and non-delayed lengths. */
1431 gcc_assert (chainsi->full_string_p);
1432 if (chainsi->first || chainsi->prev || chainsi->next)
1433 {
1434 chainsi = unshare_strinfo (chainsi);
1435 chainsi->first = 0;
1436 chainsi->prev = 0;
1437 chainsi->next = 0;
1438 }
1439 }
1440 }
1441 idx = new_stridx (ptr);
1442 if (idx == 0)
1443 return NULL;
1444 si = new_strinfo (ptr, idx, build_int_cst (size_type_node, 0), true);
1445 set_strinfo (idx, si);
1446 si->endptr = ptr;
1447 if (chainsi != NULL)
1448 {
1449 chainsi = unshare_strinfo (chainsi);
1450 if (chainsi->first == 0)
1451 chainsi->first = chainsi->idx;
1452 chainsi->next = idx;
1453 if (chainsi->endptr == NULL_TREE)
1454 chainsi->endptr = ptr;
1455 si->prev = chainsi->idx;
1456 si->first = chainsi->first;
1457 si->writable = chainsi->writable;
1458 }
1459 return si;
1460 }
1461
1462 /* For strinfo ORIGSI whose length has been just updated, adjust other
1463 related strinfos so that they match the new ORIGSI. This involves:
1464
1465 - adding ADJ to the nonzero_chars fields
1466 - copying full_string_p from the new ORIGSI. */
1467
1468 static void
1469 adjust_related_strinfos (location_t loc, strinfo *origsi, tree adj)
1470 {
1471 strinfo *si = verify_related_strinfos (origsi);
1472
1473 if (si == NULL)
1474 return;
1475
1476 while (1)
1477 {
1478 strinfo *nsi;
1479
1480 if (si != origsi)
1481 {
1482 tree tem;
1483
1484 si = unshare_strinfo (si);
1485 /* We shouldn't see delayed lengths here; the caller must
1486 have calculated the old length in order to calculate
1487 the adjustment. */
1488 gcc_assert (si->nonzero_chars);
1489 tem = fold_convert_loc (loc, TREE_TYPE (si->nonzero_chars), adj);
1490 si->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
1491 TREE_TYPE (si->nonzero_chars),
1492 si->nonzero_chars, tem);
1493 si->full_string_p = origsi->full_string_p;
1494
1495 si->endptr = NULL_TREE;
1496 si->dont_invalidate = true;
1497 }
1498 nsi = get_next_strinfo (si);
1499 if (nsi == NULL)
1500 return;
1501 si = nsi;
1502 }
1503 }
1504
1505 /* Find if there are other SSA_NAME pointers equal to PTR
1506 for which we don't track their string lengths yet. If so, use
1507 IDX for them. */
1508
1509 static void
1510 find_equal_ptrs (tree ptr, int idx)
1511 {
1512 if (TREE_CODE (ptr) != SSA_NAME)
1513 return;
1514 while (1)
1515 {
1516 gimple *stmt = SSA_NAME_DEF_STMT (ptr);
1517 if (!is_gimple_assign (stmt))
1518 return;
1519 ptr = gimple_assign_rhs1 (stmt);
1520 switch (gimple_assign_rhs_code (stmt))
1521 {
1522 case SSA_NAME:
1523 break;
1524 CASE_CONVERT:
1525 if (!POINTER_TYPE_P (TREE_TYPE (ptr)))
1526 return;
1527 if (TREE_CODE (ptr) == SSA_NAME)
1528 break;
1529 if (TREE_CODE (ptr) != ADDR_EXPR)
1530 return;
1531 /* FALLTHRU */
1532 case ADDR_EXPR:
1533 {
1534 int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1535 if (pidx != NULL && *pidx == 0)
1536 *pidx = idx;
1537 return;
1538 }
1539 default:
1540 return;
1541 }
1542
1543 /* We might find an endptr created in this pass. Grow the
1544 vector in that case. */
1545 if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1546 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names);
1547
1548 if (ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] != 0)
1549 return;
1550 ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = idx;
1551 }
1552 }
1553
1554 /* Return true if STMT is a call to a builtin function with the right
1555 arguments and attributes that should be considered for optimization
1556 by this pass. */
1557
1558 static bool
1559 valid_builtin_call (gimple *stmt)
1560 {
1561 if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
1562 return false;
1563
1564 tree callee = gimple_call_fndecl (stmt);
1565 tree decl = builtin_decl_explicit (DECL_FUNCTION_CODE (callee));
1566 if (decl
1567 && decl != callee
1568 && !gimple_builtin_call_types_compatible_p (stmt, decl))
1569 return false;
1570
1571 switch (DECL_FUNCTION_CODE (callee))
1572 {
1573 case BUILT_IN_MEMCMP:
1574 case BUILT_IN_MEMCMP_EQ:
1575 case BUILT_IN_STRCMP:
1576 case BUILT_IN_STRNCMP:
1577 case BUILT_IN_STRCHR:
1578 case BUILT_IN_STRLEN:
1579 case BUILT_IN_STRNLEN:
1580 /* The above functions should be pure. Punt if they aren't. */
1581 if (gimple_vdef (stmt) || gimple_vuse (stmt) == NULL_TREE)
1582 return false;
1583 break;
1584
1585 case BUILT_IN_CALLOC:
1586 case BUILT_IN_MALLOC:
1587 case BUILT_IN_MEMCPY:
1588 case BUILT_IN_MEMCPY_CHK:
1589 case BUILT_IN_MEMPCPY:
1590 case BUILT_IN_MEMPCPY_CHK:
1591 case BUILT_IN_MEMSET:
1592 case BUILT_IN_STPCPY:
1593 case BUILT_IN_STPCPY_CHK:
1594 case BUILT_IN_STPNCPY:
1595 case BUILT_IN_STPNCPY_CHK:
1596 case BUILT_IN_STRCAT:
1597 case BUILT_IN_STRCAT_CHK:
1598 case BUILT_IN_STRCPY:
1599 case BUILT_IN_STRCPY_CHK:
1600 case BUILT_IN_STRNCAT:
1601 case BUILT_IN_STRNCAT_CHK:
1602 case BUILT_IN_STRNCPY:
1603 case BUILT_IN_STRNCPY_CHK:
1604 /* The above functions should be neither const nor pure. Punt if they
1605 aren't. */
1606 if (gimple_vdef (stmt) == NULL_TREE || gimple_vuse (stmt) == NULL_TREE)
1607 return false;
1608 break;
1609
1610 default:
1611 break;
1612 }
1613
1614 return true;
1615 }
1616
1617 /* If the last .MEM setter statement before STMT is
1618 memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1619 and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1620 just memcpy (x, y, strlen (y)). SI must be the zero length
1621 strinfo. */
1622
1623 static void
1624 adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat)
1625 {
1626 tree vuse, callee, len;
1627 struct laststmt_struct last = laststmt;
1628 strinfo *lastsi, *firstsi;
1629 unsigned len_arg_no = 2;
1630
1631 laststmt.stmt = NULL;
1632 laststmt.len = NULL_TREE;
1633 laststmt.stridx = 0;
1634
1635 if (last.stmt == NULL)
1636 return;
1637
1638 vuse = gimple_vuse (stmt);
1639 if (vuse == NULL_TREE
1640 || SSA_NAME_DEF_STMT (vuse) != last.stmt
1641 || !has_single_use (vuse))
1642 return;
1643
1644 gcc_assert (last.stridx > 0);
1645 lastsi = get_strinfo (last.stridx);
1646 if (lastsi == NULL)
1647 return;
1648
1649 if (lastsi != si)
1650 {
1651 if (lastsi->first == 0 || lastsi->first != si->first)
1652 return;
1653
1654 firstsi = verify_related_strinfos (si);
1655 if (firstsi == NULL)
1656 return;
1657 while (firstsi != lastsi)
1658 {
1659 firstsi = get_next_strinfo (firstsi);
1660 if (firstsi == NULL)
1661 return;
1662 }
1663 }
1664
1665 if (!is_strcat && !zero_length_string_p (si))
1666 return;
1667
1668 if (is_gimple_assign (last.stmt))
1669 {
1670 gimple_stmt_iterator gsi;
1671
1672 if (!integer_zerop (gimple_assign_rhs1 (last.stmt)))
1673 return;
1674 if (stmt_could_throw_p (cfun, last.stmt))
1675 return;
1676 gsi = gsi_for_stmt (last.stmt);
1677 unlink_stmt_vdef (last.stmt);
1678 release_defs (last.stmt);
1679 gsi_remove (&gsi, true);
1680 return;
1681 }
1682
1683 if (!valid_builtin_call (last.stmt))
1684 return;
1685
1686 callee = gimple_call_fndecl (last.stmt);
1687 switch (DECL_FUNCTION_CODE (callee))
1688 {
1689 case BUILT_IN_MEMCPY:
1690 case BUILT_IN_MEMCPY_CHK:
1691 break;
1692 default:
1693 return;
1694 }
1695
1696 len = gimple_call_arg (last.stmt, len_arg_no);
1697 if (tree_fits_uhwi_p (len))
1698 {
1699 if (!tree_fits_uhwi_p (last.len)
1700 || integer_zerop (len)
1701 || tree_to_uhwi (len) != tree_to_uhwi (last.len) + 1)
1702 return;
1703 /* Don't adjust the length if it is divisible by 4, it is more efficient
1704 to store the extra '\0' in that case. */
1705 if ((tree_to_uhwi (len) & 3) == 0)
1706 return;
1707
1708 /* Don't fold away an out of bounds access, as this defeats proper
1709 warnings. */
1710 tree dst = gimple_call_arg (last.stmt, 0);
1711 tree size = compute_objsize (dst, 0);
1712 if (size && tree_int_cst_lt (size, len))
1713 return;
1714 }
1715 else if (TREE_CODE (len) == SSA_NAME)
1716 {
1717 gimple *def_stmt = SSA_NAME_DEF_STMT (len);
1718 if (!is_gimple_assign (def_stmt)
1719 || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
1720 || gimple_assign_rhs1 (def_stmt) != last.len
1721 || !integer_onep (gimple_assign_rhs2 (def_stmt)))
1722 return;
1723 }
1724 else
1725 return;
1726
1727 gimple_call_set_arg (last.stmt, len_arg_no, last.len);
1728 update_stmt (last.stmt);
1729 }
1730
1731 /* For an LHS that is an SSA_NAME that is the result of a strlen()
1732 call, or when BOUND is non-null, of a strnlen() call, set LHS
1733 range info to [0, min (MAX, BOUND)] when the range includes more
1734 than one value and return LHS. Otherwise, when the range
1735 [MIN, MAX] is such that MIN == MAX, return the tree representation
1736 of (MIN). The latter allows callers to fold suitable strnlen() calls
1737 to constants. */
1738
1739 tree
1740 set_strlen_range (tree lhs, wide_int min, wide_int max,
1741 tree bound /* = NULL_TREE */)
1742 {
1743 if (TREE_CODE (lhs) != SSA_NAME
1744 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1745 return NULL_TREE;
1746
1747 if (bound)
1748 {
1749 /* For strnlen, adjust MIN and MAX as necessary. If the bound
1750 is less than the size of the array set MAX to it. It it's
1751 greater than MAX and MAX is non-zero bump MAX down to account
1752 for the necessary terminating nul. Otherwise leave it alone. */
1753 if (TREE_CODE (bound) == INTEGER_CST)
1754 {
1755 wide_int wibnd = wi::to_wide (bound);
1756 int cmp = wi::cmpu (wibnd, max);
1757 if (cmp < 0)
1758 max = wibnd;
1759 else if (cmp && wi::ne_p (max, min))
1760 --max;
1761 }
1762 else if (TREE_CODE (bound) == SSA_NAME)
1763 {
1764 wide_int minbound, maxbound;
1765 value_range_kind rng = get_range_info (bound, &minbound, &maxbound);
1766 if (rng == VR_RANGE)
1767 {
1768 /* For a bound in a known range, adjust the range determined
1769 above as necessary. For a bound in some anti-range or
1770 in an unknown range, use the range determined by callers. */
1771 if (wi::ltu_p (minbound, min))
1772 min = minbound;
1773 if (wi::ltu_p (maxbound, max))
1774 max = maxbound;
1775 }
1776 }
1777 }
1778
1779 if (min == max)
1780 return wide_int_to_tree (size_type_node, min);
1781
1782 set_range_info (lhs, VR_RANGE, min, max);
1783 return lhs;
1784 }
1785
1786 /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1787 SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1788 a character array A[N] with unknown length bounded by N, and for
1789 strnlen(), by min (N, BOUND). */
1790
1791 static tree
1792 maybe_set_strlen_range (tree lhs, tree src, tree bound)
1793 {
1794 if (TREE_CODE (lhs) != SSA_NAME
1795 || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1796 return NULL_TREE;
1797
1798 if (TREE_CODE (src) == SSA_NAME)
1799 {
1800 gimple *def = SSA_NAME_DEF_STMT (src);
1801 if (is_gimple_assign (def)
1802 && gimple_assign_rhs_code (def) == ADDR_EXPR)
1803 src = gimple_assign_rhs1 (def);
1804 }
1805
1806 /* The longest string is PTRDIFF_MAX - 1 bytes including the final
1807 NUL so that the difference between a pointer to just past it and
1808 one to its beginning is positive. */
1809 wide_int max = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
1810
1811 if (TREE_CODE (src) == ADDR_EXPR)
1812 {
1813 /* The last array member of a struct can be bigger than its size
1814 suggests if it's treated as a poor-man's flexible array member. */
1815 src = TREE_OPERAND (src, 0);
1816 if (TREE_CODE (src) != MEM_REF
1817 && !array_at_struct_end_p (src))
1818 {
1819 tree type = TREE_TYPE (src);
1820 tree size = TYPE_SIZE_UNIT (type);
1821 if (size
1822 && TREE_CODE (size) == INTEGER_CST
1823 && !integer_zerop (size))
1824 {
1825 /* Even though such uses of strlen would be undefined,
1826 avoid relying on arrays of arrays in case some genius
1827 decides to call strlen on an unterminated array element
1828 that's followed by a terminated one. Likewise, avoid
1829 assuming that a struct array member is necessarily
1830 nul-terminated (the nul may be in the member that
1831 follows). In those cases, assume that the length
1832 of the string stored in such an array is bounded
1833 by the size of the enclosing object if one can be
1834 determined. */
1835 tree base = get_base_address (src);
1836 if (VAR_P (base))
1837 {
1838 if (tree size = DECL_SIZE_UNIT (base))
1839 if (size
1840 && TREE_CODE (size) == INTEGER_CST
1841 && TREE_CODE (TREE_TYPE (base)) != POINTER_TYPE)
1842 max = wi::to_wide (size);
1843 }
1844 }
1845
1846 /* For strlen() the upper bound above is equal to
1847 the longest string that can be stored in the array
1848 (i.e., it accounts for the terminating nul. For
1849 strnlen() bump up the maximum by one since the array
1850 need not be nul-terminated. */
1851 if (!bound && max != 0)
1852 --max;
1853 }
1854 }
1855
1856 wide_int min = wi::zero (max.get_precision ());
1857 return set_strlen_range (lhs, min, max, bound);
1858 }
1859
1860 /* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes,
1861 into an object designated by the LHS of STMT otherise. */
1862
1863 static void
1864 maybe_warn_overflow (gimple *stmt, tree len,
1865 const vr_values *rvals = NULL,
1866 strinfo *si = NULL, bool plus_one = false)
1867 {
1868 if (!len || gimple_no_warning_p (stmt))
1869 return;
1870
1871 tree writefn = NULL_TREE;
1872 tree destdecl = NULL_TREE;
1873 tree destsize = NULL_TREE;
1874 tree dest = NULL_TREE;
1875
1876 /* The offset into the destination object set by compute_objsize
1877 but already reflected in DESTSIZE. */
1878 tree destoff = NULL_TREE;
1879
1880 if (is_gimple_assign (stmt))
1881 {
1882 dest = gimple_assign_lhs (stmt);
1883 if (TREE_NO_WARNING (dest))
1884 return;
1885
1886 /* For assignments try to determine the size of the destination
1887 first. Set DESTOFF to the the offset on success. */
1888 tree off = size_zero_node;
1889 destsize = compute_objsize (dest, 1, &destdecl, &off);
1890 if (destsize)
1891 destoff = off;
1892 }
1893 else if (is_gimple_call (stmt))
1894 {
1895 writefn = gimple_call_fndecl (stmt);
1896 dest = gimple_call_arg (stmt, 0);
1897 }
1898
1899 /* The offset into the destination object computed below and not
1900 reflected in DESTSIZE. Either DESTOFF is set above or OFFRNG
1901 below. */
1902 wide_int offrng[2];
1903 offrng[0] = wi::zero (TYPE_PRECISION (sizetype));
1904 offrng[1] = offrng[0];
1905
1906 if (!destsize && !si && dest)
1907 {
1908 /* For both assignments and calls, if no destination STRINFO was
1909 provided, try to get it from the DEST. */
1910 tree ref = dest;
1911 tree off = NULL_TREE;
1912 if (TREE_CODE (ref) == ARRAY_REF)
1913 {
1914 /* Handle stores to VLAs (represented as
1915 ARRAY_REF (MEM_REF (vlaptr, 0), N]. */
1916 off = TREE_OPERAND (ref, 1);
1917 ref = TREE_OPERAND (ref, 0);
1918 }
1919
1920 if (TREE_CODE (ref) == MEM_REF)
1921 {
1922 tree mem_off = TREE_OPERAND (ref, 1);
1923 if (off)
1924 {
1925 if (!integer_zerop (mem_off))
1926 return;
1927 }
1928 else
1929 off = mem_off;
1930 ref = TREE_OPERAND (ref, 0);
1931 }
1932
1933 if (int idx = get_stridx (ref, offrng))
1934 {
1935 si = get_strinfo (idx);
1936 if (off && TREE_CODE (off) == INTEGER_CST)
1937 {
1938 wide_int wioff = wi::to_wide (off, offrng->get_precision ());
1939 offrng[0] += wioff;
1940 offrng[1] += wioff;
1941 }
1942 }
1943 else
1944 return;
1945 }
1946
1947 /* Return early if the DESTSIZE size expression is the same as LEN
1948 and the offset into the destination is zero. This might happen
1949 in the case of a pair of malloc and memset calls to allocate
1950 an object and clear it as if by calloc. */
1951 if (destsize == len && !plus_one && offrng[0] == 0 && offrng[0] == offrng[1])
1952 return;
1953
1954 wide_int lenrng[2];
1955 if (!get_range (len, lenrng, rvals))
1956 return;
1957
1958 if (plus_one)
1959 {
1960 lenrng[0] += 1;
1961 lenrng[1] += 1;
1962 }
1963
1964 /* Compute the range of sizes of the destination object. The range
1965 is constant for declared objects but may be a range for allocated
1966 objects. */
1967 wide_int sizrng[2];
1968 if (!destsize || !get_range (destsize, sizrng, rvals))
1969 {
1970 /* On failure, rather than bailing outright, use the maximum range
1971 so that overflow in allocated objects whose size depends on
1972 the strlen of the source can still be diagnosed below. */
1973 sizrng[0] = wi::zero (lenrng->get_precision ());
1974 sizrng[1] = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
1975 }
1976
1977 /* The size of the remaining space in the destination computed as
1978 the size of the latter minus the offset into it. */
1979 wide_int spcrng[2] = { sizrng[0], sizrng[1] };
1980 if (wi::sign_mask (offrng[0]))
1981 {
1982 /* FIXME: Handle negative offsets into allocated objects. */
1983 if (destdecl)
1984 spcrng[0] = spcrng[1] = wi::zero (spcrng->get_precision ());
1985 else
1986 return;
1987 }
1988 else
1989 {
1990 spcrng[0] -= wi::ltu_p (offrng[0], spcrng[0]) ? offrng[0] : spcrng[0];
1991 spcrng[1] -= wi::ltu_p (offrng[0], spcrng[1]) ? offrng[0] : spcrng[1];
1992 }
1993
1994 if (wi::leu_p (lenrng[0], spcrng[0]))
1995 return;
1996
1997 if (lenrng[0] == spcrng[1]
1998 && (len != destsize
1999 || !si || !is_strlen_related_p (si->ptr, len)))
2000 return;
2001
2002 location_t loc = gimple_nonartificial_location (stmt);
2003 if (loc == UNKNOWN_LOCATION && dest && EXPR_HAS_LOCATION (dest))
2004 loc = tree_nonartificial_location (dest);
2005 loc = expansion_point_location_if_in_system_header (loc);
2006
2007 bool warned = false;
2008 if (wi::leu_p (lenrng[0], spcrng[1]))
2009 {
2010 if (len != destsize
2011 && (!si || !is_strlen_related_p (si->ptr, len)))
2012 return;
2013
2014 warned = (writefn
2015 ? warning_at (loc, OPT_Wstringop_overflow_,
2016 "%G%qD writing one too many bytes into a region "
2017 "of a size that depends on %<strlen%>",
2018 stmt, writefn)
2019 : warning_at (loc, OPT_Wstringop_overflow_,
2020 "%Gwriting one too many bytes into a region "
2021 "of a size that depends on %<strlen%>",
2022 stmt));
2023 }
2024 else if (lenrng[0] == lenrng[1])
2025 {
2026 if (spcrng[0] == spcrng[1])
2027 warned = (writefn
2028 ? warning_n (loc, OPT_Wstringop_overflow_,
2029 lenrng[0].to_uhwi (),
2030 "%G%qD writing %wu byte into a region "
2031 "of size %wu",
2032 "%G%qD writing %wu bytes into a region "
2033 "of size %wu",
2034 stmt, writefn, lenrng[0].to_uhwi (),
2035 spcrng[0].to_uhwi ())
2036 : warning_n (loc, OPT_Wstringop_overflow_,
2037 lenrng[0].to_uhwi (),
2038 "%Gwriting %wu byte into a region "
2039 "of size %wu",
2040 "%Gwriting %wu bytes into a region "
2041 "of size %wu",
2042 stmt, lenrng[0].to_uhwi (),
2043 spcrng[0].to_uhwi ()));
2044 else
2045 warned = (writefn
2046 ? warning_n (loc, OPT_Wstringop_overflow_,
2047 lenrng[0].to_uhwi (),
2048 "%G%qD writing %wu byte into a region "
2049 "of size between %wu and %wu",
2050 "%G%qD writing %wu bytes into a region "
2051 "of size between %wu and %wu",
2052 stmt, writefn, lenrng[0].to_uhwi (),
2053 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2054 : warning_n (loc, OPT_Wstringop_overflow_,
2055 lenrng[0].to_uhwi (),
2056 "%Gwriting %wu byte into a region "
2057 "of size between %wu and %wu",
2058 "%Gwriting %wu bytes into a region "
2059 "of size between %wu and %wu",
2060 stmt, lenrng[0].to_uhwi (),
2061 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2062 }
2063 else if (spcrng[0] == spcrng[1])
2064 warned = (writefn
2065 ? warning_at (loc, OPT_Wstringop_overflow_,
2066 "%G%qD writing between %wu and %wu bytes "
2067 "into a region of size %wu",
2068 stmt, writefn, lenrng[0].to_uhwi (),
2069 lenrng[1].to_uhwi (),
2070 spcrng[0].to_uhwi ())
2071 : warning_at (loc, OPT_Wstringop_overflow_,
2072 "%Gwriting between %wu and %wu bytes "
2073 "into a region of size %wu",
2074 stmt, lenrng[0].to_uhwi (),
2075 lenrng[1].to_uhwi (),
2076 spcrng[0].to_uhwi ()));
2077 else
2078 warned = (writefn
2079 ? warning_at (loc, OPT_Wstringop_overflow_,
2080 "%G%qD writing between %wu and %wu bytes "
2081 "into a region of size between %wu and %wu",
2082 stmt, writefn, lenrng[0].to_uhwi (),
2083 lenrng[1].to_uhwi (),
2084 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2085 : warning_at (loc, OPT_Wstringop_overflow_,
2086 "%Gwriting between %wu and %wu bytes "
2087 "into a region of size between %wu and %wu",
2088 stmt, lenrng[0].to_uhwi (),
2089 lenrng[1].to_uhwi (),
2090 spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2091
2092 if (!warned)
2093 return;
2094
2095 /* If DESTOFF is not null, use it to format the offset value/range. */
2096 if (destoff)
2097 get_range (destoff, offrng);
2098
2099 /* Format the offset to keep the number of inform calls from growing
2100 out of control. */
2101 char offstr[64];
2102 if (offrng[0] == offrng[1])
2103 sprintf (offstr, "%lli", (long long) offrng[0].to_shwi ());
2104 else
2105 sprintf (offstr, "[%lli, %lli]",
2106 (long long) offrng[0].to_shwi (), (long long) offrng[1].to_shwi ());
2107
2108 if (destdecl)
2109 {
2110 if (tree size = DECL_SIZE_UNIT (destdecl))
2111 inform (DECL_SOURCE_LOCATION (destdecl),
2112 "at offset %s to object %qD with size %E declared here",
2113 offstr, destdecl, size);
2114 else
2115 inform (DECL_SOURCE_LOCATION (destdecl),
2116 "at offset %s to object %qD declared here",
2117 offstr, destdecl);
2118 return;
2119 }
2120 }
2121
2122 /* Convenience wrapper for the above. */
2123
2124 static inline void
2125 maybe_warn_overflow (gimple *stmt, unsigned HOST_WIDE_INT len,
2126 const vr_values *rvals = NULL,
2127 strinfo *si = NULL, bool plus_one = false)
2128 {
2129 maybe_warn_overflow (stmt, build_int_cst (size_type_node, len), rvals,
2130 si, plus_one);
2131 }
2132
2133 /* Handle a strlen call. If strlen of the argument is known, replace
2134 the strlen call with the known value, otherwise remember that strlen
2135 of the argument is stored in the lhs SSA_NAME. */
2136
2137 static void
2138 handle_builtin_strlen (gimple_stmt_iterator *gsi)
2139 {
2140 gimple *stmt = gsi_stmt (*gsi);
2141 tree lhs = gimple_call_lhs (stmt);
2142
2143 if (lhs == NULL_TREE)
2144 return;
2145
2146 location_t loc = gimple_location (stmt);
2147 tree callee = gimple_call_fndecl (stmt);
2148 tree src = gimple_call_arg (stmt, 0);
2149 tree bound = (DECL_FUNCTION_CODE (callee) == BUILT_IN_STRNLEN
2150 ? gimple_call_arg (stmt, 1) : NULL_TREE);
2151 int idx = get_stridx (src);
2152 if (idx || (bound && integer_zerop (bound)))
2153 {
2154 strinfo *si = NULL;
2155 tree rhs;
2156
2157 if (idx < 0)
2158 rhs = build_int_cst (TREE_TYPE (lhs), ~idx);
2159 else if (idx == 0)
2160 rhs = bound;
2161 else
2162 {
2163 rhs = NULL_TREE;
2164 si = get_strinfo (idx);
2165 if (si != NULL)
2166 {
2167 rhs = get_string_length (si);
2168 /* For strnlen, if bound is constant, even if si is not known
2169 to be zero terminated, if we know at least bound bytes are
2170 not zero, the return value will be bound. */
2171 if (rhs == NULL_TREE
2172 && bound != NULL_TREE
2173 && TREE_CODE (bound) == INTEGER_CST
2174 && si->nonzero_chars != NULL_TREE
2175 && TREE_CODE (si->nonzero_chars) == INTEGER_CST
2176 && tree_int_cst_le (bound, si->nonzero_chars))
2177 rhs = bound;
2178 }
2179 }
2180 if (rhs != NULL_TREE)
2181 {
2182 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2183 {
2184 fprintf (dump_file, "Optimizing: ");
2185 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2186 }
2187 rhs = unshare_expr (rhs);
2188 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
2189 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2190
2191 if (bound)
2192 rhs = fold_build2_loc (loc, MIN_EXPR, TREE_TYPE (rhs), rhs, bound);
2193
2194 if (!update_call_from_tree (gsi, rhs))
2195 gimplify_and_update_call_from_tree (gsi, rhs);
2196 stmt = gsi_stmt (*gsi);
2197 update_stmt (stmt);
2198 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2199 {
2200 fprintf (dump_file, "into: ");
2201 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2202 }
2203
2204 if (si != NULL
2205 /* Don't update anything for strnlen. */
2206 && bound == NULL_TREE
2207 && TREE_CODE (si->nonzero_chars) != SSA_NAME
2208 && TREE_CODE (si->nonzero_chars) != INTEGER_CST
2209 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2210 {
2211 si = unshare_strinfo (si);
2212 si->nonzero_chars = lhs;
2213 gcc_assert (si->full_string_p);
2214 }
2215
2216 if (strlen_to_stridx
2217 && (bound == NULL_TREE
2218 /* For strnlen record this only if the call is proven
2219 to return the same value as strlen would. */
2220 || (TREE_CODE (bound) == INTEGER_CST
2221 && TREE_CODE (rhs) == INTEGER_CST
2222 && tree_int_cst_lt (rhs, bound))))
2223 strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2224
2225 return;
2226 }
2227 }
2228 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2229 return;
2230
2231 if (idx == 0)
2232 idx = new_stridx (src);
2233 else
2234 {
2235 strinfo *si = get_strinfo (idx);
2236 if (si != NULL)
2237 {
2238 if (!si->full_string_p && !si->stmt)
2239 {
2240 /* Until now we only had a lower bound on the string length.
2241 Install LHS as the actual length. */
2242 si = unshare_strinfo (si);
2243 tree old = si->nonzero_chars;
2244 si->nonzero_chars = lhs;
2245 si->full_string_p = true;
2246 if (TREE_CODE (old) == INTEGER_CST)
2247 {
2248 old = fold_convert_loc (loc, TREE_TYPE (lhs), old);
2249 tree adj = fold_build2_loc (loc, MINUS_EXPR,
2250 TREE_TYPE (lhs), lhs, old);
2251 adjust_related_strinfos (loc, si, adj);
2252 /* Use the constant minimum length as the lower bound
2253 of the non-constant length. */
2254 wide_int min = wi::to_wide (old);
2255 wide_int max
2256 = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
2257 set_strlen_range (lhs, min, max);
2258 }
2259 else
2260 {
2261 si->first = 0;
2262 si->prev = 0;
2263 si->next = 0;
2264 }
2265 }
2266 return;
2267 }
2268 }
2269 if (idx)
2270 {
2271 if (!bound)
2272 {
2273 /* Only store the new length information for calls to strlen(),
2274 not for those to strnlen(). */
2275 strinfo *si = new_strinfo (src, idx, lhs, true);
2276 set_strinfo (idx, si);
2277 find_equal_ptrs (src, idx);
2278 }
2279
2280 /* For SRC that is an array of N elements, set LHS's range
2281 to [0, min (N, BOUND)]. A constant return value means
2282 the range would have consisted of a single value. In
2283 that case, fold the result into the returned constant. */
2284 if (tree ret = maybe_set_strlen_range (lhs, src, bound))
2285 if (TREE_CODE (ret) == INTEGER_CST)
2286 {
2287 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2288 {
2289 fprintf (dump_file, "Optimizing: ");
2290 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2291 }
2292 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (ret)))
2293 ret = fold_convert_loc (loc, TREE_TYPE (lhs), ret);
2294 if (!update_call_from_tree (gsi, ret))
2295 gimplify_and_update_call_from_tree (gsi, ret);
2296 stmt = gsi_stmt (*gsi);
2297 update_stmt (stmt);
2298 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2299 {
2300 fprintf (dump_file, "into: ");
2301 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2302 }
2303 }
2304
2305 if (strlen_to_stridx && !bound)
2306 strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2307 }
2308 }
2309
2310 /* Handle a strchr call. If strlen of the first argument is known, replace
2311 the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
2312 that lhs of the call is endptr and strlen of the argument is endptr - x. */
2313
2314 static void
2315 handle_builtin_strchr (gimple_stmt_iterator *gsi)
2316 {
2317 gimple *stmt = gsi_stmt (*gsi);
2318 tree lhs = gimple_call_lhs (stmt);
2319
2320 if (lhs == NULL_TREE)
2321 return;
2322
2323 if (!integer_zerop (gimple_call_arg (stmt, 1)))
2324 return;
2325
2326 tree src = gimple_call_arg (stmt, 0);
2327
2328 /* Avoid folding if the first argument is not a nul-terminated array.
2329 Defer warning until later. */
2330 if (!check_nul_terminated_array (NULL_TREE, src))
2331 return;
2332
2333 int idx = get_stridx (src);
2334 if (idx)
2335 {
2336 strinfo *si = NULL;
2337 tree rhs;
2338
2339 if (idx < 0)
2340 rhs = build_int_cst (size_type_node, ~idx);
2341 else
2342 {
2343 rhs = NULL_TREE;
2344 si = get_strinfo (idx);
2345 if (si != NULL)
2346 rhs = get_string_length (si);
2347 }
2348 if (rhs != NULL_TREE)
2349 {
2350 location_t loc = gimple_location (stmt);
2351
2352 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2353 {
2354 fprintf (dump_file, "Optimizing: ");
2355 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2356 }
2357 if (si != NULL && si->endptr != NULL_TREE)
2358 {
2359 rhs = unshare_expr (si->endptr);
2360 if (!useless_type_conversion_p (TREE_TYPE (lhs),
2361 TREE_TYPE (rhs)))
2362 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2363 }
2364 else
2365 {
2366 rhs = fold_convert_loc (loc, sizetype, unshare_expr (rhs));
2367 rhs = fold_build2_loc (loc, POINTER_PLUS_EXPR,
2368 TREE_TYPE (src), src, rhs);
2369 if (!useless_type_conversion_p (TREE_TYPE (lhs),
2370 TREE_TYPE (rhs)))
2371 rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2372 }
2373 if (!update_call_from_tree (gsi, rhs))
2374 gimplify_and_update_call_from_tree (gsi, rhs);
2375 stmt = gsi_stmt (*gsi);
2376 update_stmt (stmt);
2377 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2378 {
2379 fprintf (dump_file, "into: ");
2380 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2381 }
2382 if (si != NULL
2383 && si->endptr == NULL_TREE
2384 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2385 {
2386 si = unshare_strinfo (si);
2387 si->endptr = lhs;
2388 }
2389 zero_length_string (lhs, si);
2390 return;
2391 }
2392 }
2393 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2394 return;
2395 if (TREE_CODE (src) != SSA_NAME || !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src))
2396 {
2397 if (idx == 0)
2398 idx = new_stridx (src);
2399 else if (get_strinfo (idx) != NULL)
2400 {
2401 zero_length_string (lhs, NULL);
2402 return;
2403 }
2404 if (idx)
2405 {
2406 location_t loc = gimple_location (stmt);
2407 tree lhsu = fold_convert_loc (loc, size_type_node, lhs);
2408 tree srcu = fold_convert_loc (loc, size_type_node, src);
2409 tree length = fold_build2_loc (loc, MINUS_EXPR,
2410 size_type_node, lhsu, srcu);
2411 strinfo *si = new_strinfo (src, idx, length, true);
2412 si->endptr = lhs;
2413 set_strinfo (idx, si);
2414 find_equal_ptrs (src, idx);
2415 zero_length_string (lhs, si);
2416 }
2417 }
2418 else
2419 zero_length_string (lhs, NULL);
2420 }
2421
2422 /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
2423 If strlen of the second argument is known, strlen of the first argument
2424 is the same after this call. Furthermore, attempt to convert it to
2425 memcpy. */
2426
2427 static void
2428 handle_builtin_strcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi)
2429 {
2430 int idx, didx;
2431 tree src, dst, srclen, len, lhs, type, fn, oldlen;
2432 bool success;
2433 gimple *stmt = gsi_stmt (*gsi);
2434 strinfo *si, *dsi, *olddsi, *zsi;
2435 location_t loc;
2436
2437 src = gimple_call_arg (stmt, 1);
2438 dst = gimple_call_arg (stmt, 0);
2439 lhs = gimple_call_lhs (stmt);
2440 idx = get_stridx (src);
2441 si = NULL;
2442 if (idx > 0)
2443 si = get_strinfo (idx);
2444
2445 didx = get_stridx (dst);
2446 olddsi = NULL;
2447 oldlen = NULL_TREE;
2448 if (didx > 0)
2449 olddsi = get_strinfo (didx);
2450 else if (didx < 0)
2451 return;
2452
2453 if (olddsi != NULL)
2454 adjust_last_stmt (olddsi, stmt, false);
2455
2456 srclen = NULL_TREE;
2457 if (si != NULL)
2458 srclen = get_string_length (si);
2459 else if (idx < 0)
2460 srclen = build_int_cst (size_type_node, ~idx);
2461
2462 loc = gimple_location (stmt);
2463 if (srclen == NULL_TREE)
2464 switch (bcode)
2465 {
2466 case BUILT_IN_STRCPY:
2467 case BUILT_IN_STRCPY_CHK:
2468 if (lhs != NULL_TREE || !builtin_decl_implicit_p (BUILT_IN_STPCPY))
2469 return;
2470 break;
2471 case BUILT_IN_STPCPY:
2472 case BUILT_IN_STPCPY_CHK:
2473 if (lhs == NULL_TREE)
2474 return;
2475 else
2476 {
2477 tree lhsuint = fold_convert_loc (loc, size_type_node, lhs);
2478 srclen = fold_convert_loc (loc, size_type_node, dst);
2479 srclen = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
2480 lhsuint, srclen);
2481 }
2482 break;
2483 default:
2484 gcc_unreachable ();
2485 }
2486
2487 if (didx == 0)
2488 {
2489 didx = new_stridx (dst);
2490 if (didx == 0)
2491 return;
2492 }
2493 if (olddsi != NULL)
2494 {
2495 oldlen = olddsi->nonzero_chars;
2496 dsi = unshare_strinfo (olddsi);
2497 dsi->nonzero_chars = srclen;
2498 dsi->full_string_p = (srclen != NULL_TREE);
2499 /* Break the chain, so adjust_related_strinfo on later pointers in
2500 the chain won't adjust this one anymore. */
2501 dsi->next = 0;
2502 dsi->stmt = NULL;
2503 dsi->endptr = NULL_TREE;
2504 }
2505 else
2506 {
2507 dsi = new_strinfo (dst, didx, srclen, srclen != NULL_TREE);
2508 set_strinfo (didx, dsi);
2509 find_equal_ptrs (dst, didx);
2510 }
2511 dsi->writable = true;
2512 dsi->dont_invalidate = true;
2513
2514 if (dsi->nonzero_chars == NULL_TREE)
2515 {
2516 strinfo *chainsi;
2517
2518 /* If string length of src is unknown, use delayed length
2519 computation. If string length of dst will be needed, it
2520 can be computed by transforming this strcpy call into
2521 stpcpy and subtracting dst from the return value. */
2522
2523 /* Look for earlier strings whose length could be determined if
2524 this strcpy is turned into an stpcpy. */
2525
2526 if (dsi->prev != 0 && (chainsi = verify_related_strinfos (dsi)) != NULL)
2527 {
2528 for (; chainsi && chainsi != dsi; chainsi = get_strinfo (chainsi->next))
2529 {
2530 /* When setting a stmt for delayed length computation
2531 prevent all strinfos through dsi from being
2532 invalidated. */
2533 chainsi = unshare_strinfo (chainsi);
2534 chainsi->stmt = stmt;
2535 chainsi->nonzero_chars = NULL_TREE;
2536 chainsi->full_string_p = false;
2537 chainsi->endptr = NULL_TREE;
2538 chainsi->dont_invalidate = true;
2539 }
2540 }
2541 dsi->stmt = stmt;
2542
2543 /* Try to detect overlap before returning. This catches cases
2544 like strcpy (d, d + n) where n is non-constant whose range
2545 is such that (n <= strlen (d) holds).
2546
2547 OLDDSI->NONZERO_chars may have been reset by this point with
2548 oldlen holding it original value. */
2549 if (olddsi && oldlen)
2550 {
2551 /* Add 1 for the terminating NUL. */
2552 tree type = TREE_TYPE (oldlen);
2553 oldlen = fold_build2 (PLUS_EXPR, type, oldlen,
2554 build_int_cst (type, 1));
2555 check_bounds_or_overlap (stmt, olddsi->ptr, src, oldlen, NULL_TREE);
2556 }
2557
2558 return;
2559 }
2560
2561 if (olddsi != NULL)
2562 {
2563 tree adj = NULL_TREE;
2564 if (oldlen == NULL_TREE)
2565 ;
2566 else if (integer_zerop (oldlen))
2567 adj = srclen;
2568 else if (TREE_CODE (oldlen) == INTEGER_CST
2569 || TREE_CODE (srclen) == INTEGER_CST)
2570 adj = fold_build2_loc (loc, MINUS_EXPR,
2571 TREE_TYPE (srclen), srclen,
2572 fold_convert_loc (loc, TREE_TYPE (srclen),
2573 oldlen));
2574 if (adj != NULL_TREE)
2575 adjust_related_strinfos (loc, dsi, adj);
2576 else
2577 dsi->prev = 0;
2578 }
2579 /* strcpy src may not overlap dst, so src doesn't need to be
2580 invalidated either. */
2581 if (si != NULL)
2582 si->dont_invalidate = true;
2583
2584 fn = NULL_TREE;
2585 zsi = NULL;
2586 switch (bcode)
2587 {
2588 case BUILT_IN_STRCPY:
2589 fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
2590 if (lhs)
2591 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2592 break;
2593 case BUILT_IN_STRCPY_CHK:
2594 fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
2595 if (lhs)
2596 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2597 break;
2598 case BUILT_IN_STPCPY:
2599 /* This would need adjustment of the lhs (subtract one),
2600 or detection that the trailing '\0' doesn't need to be
2601 written, if it will be immediately overwritten.
2602 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
2603 if (lhs)
2604 {
2605 dsi->endptr = lhs;
2606 zsi = zero_length_string (lhs, dsi);
2607 }
2608 break;
2609 case BUILT_IN_STPCPY_CHK:
2610 /* This would need adjustment of the lhs (subtract one),
2611 or detection that the trailing '\0' doesn't need to be
2612 written, if it will be immediately overwritten.
2613 fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
2614 if (lhs)
2615 {
2616 dsi->endptr = lhs;
2617 zsi = zero_length_string (lhs, dsi);
2618 }
2619 break;
2620 default:
2621 gcc_unreachable ();
2622 }
2623 if (zsi != NULL)
2624 zsi->dont_invalidate = true;
2625
2626 if (fn)
2627 {
2628 tree args = TYPE_ARG_TYPES (TREE_TYPE (fn));
2629 type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
2630 }
2631 else
2632 type = size_type_node;
2633
2634 len = fold_convert_loc (loc, type, unshare_expr (srclen));
2635 len = fold_build2_loc (loc, PLUS_EXPR, type, len, build_int_cst (type, 1));
2636
2637 /* Set the no-warning bit on the transformed statement? */
2638 bool set_no_warning = false;
2639
2640 if (const strinfo *chksi = olddsi ? olddsi : dsi)
2641 if (si
2642 && check_bounds_or_overlap (stmt, chksi->ptr, si->ptr, NULL_TREE, len))
2643 {
2644 gimple_set_no_warning (stmt, true);
2645 set_no_warning = true;
2646 }
2647
2648 if (fn == NULL_TREE)
2649 return;
2650
2651 len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
2652 GSI_SAME_STMT);
2653 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2654 {
2655 fprintf (dump_file, "Optimizing: ");
2656 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2657 }
2658 if (gimple_call_num_args (stmt) == 2)
2659 success = update_gimple_call (gsi, fn, 3, dst, src, len);
2660 else
2661 success = update_gimple_call (gsi, fn, 4, dst, src, len,
2662 gimple_call_arg (stmt, 2));
2663 if (success)
2664 {
2665 stmt = gsi_stmt (*gsi);
2666 update_stmt (stmt);
2667 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2668 {
2669 fprintf (dump_file, "into: ");
2670 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2671 }
2672 /* Allow adjust_last_stmt to decrease this memcpy's size. */
2673 laststmt.stmt = stmt;
2674 laststmt.len = srclen;
2675 laststmt.stridx = dsi->idx;
2676 }
2677 else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2678 fprintf (dump_file, "not possible.\n");
2679
2680 if (set_no_warning)
2681 gimple_set_no_warning (stmt, true);
2682 }
2683
2684 /* Check the size argument to the built-in forms of stpncpy and strncpy
2685 for out-of-bounds offsets or overlapping access, and to see if the
2686 size argument is derived from a call to strlen() on the source argument,
2687 and if so, issue an appropriate warning. */
2688
2689 static void
2690 handle_builtin_strncat (built_in_function bcode, gimple_stmt_iterator *gsi)
2691 {
2692 /* Same as stxncpy(). */
2693 handle_builtin_stxncpy (bcode, gsi);
2694 }
2695
2696 /* Return true if LEN depends on a call to strlen(SRC) in an interesting
2697 way. LEN can either be an integer expression, or a pointer (to char).
2698 When it is the latter (such as in recursive calls to self) is is
2699 assumed to be the argument in some call to strlen() whose relationship
2700 to SRC is being ascertained. */
2701
2702 bool
2703 is_strlen_related_p (tree src, tree len)
2704 {
2705 if (TREE_CODE (TREE_TYPE (len)) == POINTER_TYPE
2706 && operand_equal_p (src, len, 0))
2707 return true;
2708
2709 if (TREE_CODE (len) != SSA_NAME)
2710 return false;
2711
2712 gimple *def_stmt = SSA_NAME_DEF_STMT (len);
2713 if (!def_stmt)
2714 return false;
2715
2716 if (is_gimple_call (def_stmt))
2717 {
2718 tree func = gimple_call_fndecl (def_stmt);
2719 if (!valid_builtin_call (def_stmt)
2720 || DECL_FUNCTION_CODE (func) != BUILT_IN_STRLEN)
2721 return false;
2722
2723 tree arg = gimple_call_arg (def_stmt, 0);
2724 return is_strlen_related_p (src, arg);
2725 }
2726
2727 if (!is_gimple_assign (def_stmt))
2728 return false;
2729
2730 tree_code code = gimple_assign_rhs_code (def_stmt);
2731 tree rhs1 = gimple_assign_rhs1 (def_stmt);
2732 tree rhstype = TREE_TYPE (rhs1);
2733
2734 if ((TREE_CODE (rhstype) == POINTER_TYPE && code == POINTER_PLUS_EXPR)
2735 || (INTEGRAL_TYPE_P (rhstype)
2736 && (code == BIT_AND_EXPR
2737 || code == NOP_EXPR)))
2738 {
2739 /* Pointer plus (an integer), and truncation are considered among
2740 the (potentially) related expressions to strlen. */
2741 return is_strlen_related_p (src, rhs1);
2742 }
2743
2744 if (tree rhs2 = gimple_assign_rhs2 (def_stmt))
2745 {
2746 /* Integer subtraction is considered strlen-related when both
2747 arguments are integers and second one is strlen-related. */
2748 rhstype = TREE_TYPE (rhs2);
2749 if (INTEGRAL_TYPE_P (rhstype) && code == MINUS_EXPR)
2750 return is_strlen_related_p (src, rhs2);
2751 }
2752
2753 return false;
2754 }
2755
2756 /* Called by handle_builtin_stxncpy and by gimple_fold_builtin_strncpy
2757 in gimple-fold.c.
2758 Check to see if the specified bound is a) equal to the size of
2759 the destination DST and if so, b) if it's immediately followed by
2760 DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
2761 do nothing. Return true if diagnostic has been issued.
2762
2763 The purpose is to diagnose calls to strncpy and stpncpy that do
2764 not nul-terminate the copy while allowing for the idiom where
2765 such a call is immediately followed by setting the last element
2766 to nul, as in:
2767 char a[32];
2768 strncpy (a, s, sizeof a);
2769 a[sizeof a - 1] = '\0';
2770 */
2771
2772 bool
2773 maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi, tree src, tree cnt)
2774 {
2775 gimple *stmt = gsi_stmt (gsi);
2776 if (gimple_no_warning_p (stmt))
2777 return false;
2778
2779 wide_int cntrange[2];
2780
2781 if (TREE_CODE (cnt) == INTEGER_CST)
2782 cntrange[0] = cntrange[1] = wi::to_wide (cnt);
2783 else if (TREE_CODE (cnt) == SSA_NAME)
2784 {
2785 enum value_range_kind rng = get_range_info (cnt, cntrange, cntrange + 1);
2786 if (rng == VR_RANGE)
2787 ;
2788 else if (rng == VR_ANTI_RANGE)
2789 {
2790 wide_int maxobjsize = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
2791
2792 if (wi::ltu_p (cntrange[1], maxobjsize))
2793 {
2794 cntrange[0] = cntrange[1] + 1;
2795 cntrange[1] = maxobjsize;
2796 }
2797 else
2798 {
2799 cntrange[1] = cntrange[0] - 1;
2800 cntrange[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt)));
2801 }
2802 }
2803 else
2804 return false;
2805 }
2806 else
2807 return false;
2808
2809 /* Negative value is the constant string length. If it's less than
2810 the lower bound there is no truncation. Avoid calling get_stridx()
2811 when ssa_ver_to_stridx is empty. That implies the caller isn't
2812 running under the control of this pass and ssa_ver_to_stridx hasn't
2813 been created yet. */
2814 int sidx = ssa_ver_to_stridx.length () ? get_stridx (src) : 0;
2815 if (sidx < 0 && wi::gtu_p (cntrange[0], ~sidx))
2816 return false;
2817
2818 tree dst = gimple_call_arg (stmt, 0);
2819 tree dstdecl = dst;
2820 if (TREE_CODE (dstdecl) == ADDR_EXPR)
2821 dstdecl = TREE_OPERAND (dstdecl, 0);
2822
2823 tree ref = NULL_TREE;
2824
2825 if (!sidx)
2826 {
2827 /* If the source is a non-string return early to avoid warning
2828 for possible truncation (if the truncation is certain SIDX
2829 is non-zero). */
2830 tree srcdecl = gimple_call_arg (stmt, 1);
2831 if (TREE_CODE (srcdecl) == ADDR_EXPR)
2832 srcdecl = TREE_OPERAND (srcdecl, 0);
2833 if (get_attr_nonstring_decl (srcdecl, &ref))
2834 return false;
2835 }
2836
2837 /* Likewise, if the destination refers to a an array/pointer declared
2838 nonstring return early. */
2839 if (get_attr_nonstring_decl (dstdecl, &ref))
2840 return false;
2841
2842 /* Look for dst[i] = '\0'; after the stxncpy() call and if found
2843 avoid the truncation warning. */
2844 gsi_next_nondebug (&gsi);
2845 gimple *next_stmt = gsi_stmt (gsi);
2846 if (!next_stmt)
2847 {
2848 /* When there is no statement in the same basic block check
2849 the immediate successor block. */
2850 if (basic_block bb = gimple_bb (stmt))
2851 {
2852 if (single_succ_p (bb))
2853 {
2854 /* For simplicity, ignore blocks with multiple outgoing
2855 edges for now and only consider successor blocks along
2856 normal edges. */
2857 edge e = EDGE_SUCC (bb, 0);
2858 if (!(e->flags & EDGE_ABNORMAL))
2859 {
2860 gsi = gsi_start_bb (e->dest);
2861 next_stmt = gsi_stmt (gsi);
2862 if (next_stmt && is_gimple_debug (next_stmt))
2863 {
2864 gsi_next_nondebug (&gsi);
2865 next_stmt = gsi_stmt (gsi);
2866 }
2867 }
2868 }
2869 }
2870 }
2871
2872 if (next_stmt && is_gimple_assign (next_stmt))
2873 {
2874 tree lhs = gimple_assign_lhs (next_stmt);
2875 tree_code code = TREE_CODE (lhs);
2876 if (code == ARRAY_REF || code == MEM_REF)
2877 lhs = TREE_OPERAND (lhs, 0);
2878
2879 tree func = gimple_call_fndecl (stmt);
2880 if (DECL_FUNCTION_CODE (func) == BUILT_IN_STPNCPY)
2881 {
2882 tree ret = gimple_call_lhs (stmt);
2883 if (ret && operand_equal_p (ret, lhs, 0))
2884 return false;
2885 }
2886
2887 /* Determine the base address and offset of the reference,
2888 ignoring the innermost array index. */
2889 if (TREE_CODE (ref) == ARRAY_REF)
2890 ref = TREE_OPERAND (ref, 0);
2891
2892 poly_int64 dstoff;
2893 tree dstbase = get_addr_base_and_unit_offset (ref, &dstoff);
2894
2895 poly_int64 lhsoff;
2896 tree lhsbase = get_addr_base_and_unit_offset (lhs, &lhsoff);
2897 if (lhsbase
2898 && dstbase
2899 && known_eq (dstoff, lhsoff)
2900 && operand_equal_p (dstbase, lhsbase, 0))
2901 return false;
2902 }
2903
2904 int prec = TYPE_PRECISION (TREE_TYPE (cnt));
2905 wide_int lenrange[2];
2906 if (strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL)
2907 {
2908 lenrange[0] = (sisrc->nonzero_chars
2909 && TREE_CODE (sisrc->nonzero_chars) == INTEGER_CST
2910 ? wi::to_wide (sisrc->nonzero_chars)
2911 : wi::zero (prec));
2912 lenrange[1] = lenrange[0];
2913 }
2914 else if (sidx < 0)
2915 lenrange[0] = lenrange[1] = wi::shwi (~sidx, prec);
2916 else
2917 {
2918 c_strlen_data lendata = { };
2919 /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
2920 to have it set to the length of the longest string in a PHI. */
2921 lendata.maxbound = src;
2922 get_range_strlen (src, &lendata, /* eltsize = */1);
2923 if (TREE_CODE (lendata.minlen) == INTEGER_CST
2924 && TREE_CODE (lendata.maxbound) == INTEGER_CST)
2925 {
2926 /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
2927 which stores the length of the shortest known string. */
2928 if (integer_all_onesp (lendata.maxlen))
2929 lenrange[0] = wi::shwi (0, prec);
2930 else
2931 lenrange[0] = wi::to_wide (lendata.minlen, prec);
2932 lenrange[1] = wi::to_wide (lendata.maxbound, prec);
2933 }
2934 else
2935 {
2936 lenrange[0] = wi::shwi (0, prec);
2937 lenrange[1] = wi::shwi (-1, prec);
2938 }
2939 }
2940
2941 location_t callloc = gimple_nonartificial_location (stmt);
2942 callloc = expansion_point_location_if_in_system_header (callloc);
2943
2944 tree func = gimple_call_fndecl (stmt);
2945
2946 if (lenrange[0] != 0 || !wi::neg_p (lenrange[1]))
2947 {
2948 /* If the longest source string is shorter than the lower bound
2949 of the specified count the copy is definitely nul-terminated. */
2950 if (wi::ltu_p (lenrange[1], cntrange[0]))
2951 return false;
2952
2953 if (wi::neg_p (lenrange[1]))
2954 {
2955 /* The length of one of the strings is unknown but at least
2956 one has non-zero length and that length is stored in
2957 LENRANGE[1]. Swap the bounds to force a "may be truncated"
2958 warning below. */
2959 lenrange[1] = lenrange[0];
2960 lenrange[0] = wi::shwi (0, prec);
2961 }
2962
2963 /* Set to true for strncat whose bound is derived from the length
2964 of the destination (the expected usage pattern). */
2965 bool cat_dstlen_bounded = false;
2966 if (DECL_FUNCTION_CODE (func) == BUILT_IN_STRNCAT)
2967 cat_dstlen_bounded = is_strlen_related_p (dst, cnt);
2968
2969 if (lenrange[0] == cntrange[1] && cntrange[0] == cntrange[1])
2970 return warning_n (callloc, OPT_Wstringop_truncation,
2971 cntrange[0].to_uhwi (),
2972 "%G%qD output truncated before terminating "
2973 "nul copying %E byte from a string of the "
2974 "same length",
2975 "%G%qD output truncated before terminating nul "
2976 "copying %E bytes from a string of the same "
2977 "length",
2978 stmt, func, cnt);
2979 else if (!cat_dstlen_bounded)
2980 {
2981 if (wi::geu_p (lenrange[0], cntrange[1]))
2982 {
2983 /* The shortest string is longer than the upper bound of
2984 the count so the truncation is certain. */
2985 if (cntrange[0] == cntrange[1])
2986 return warning_n (callloc, OPT_Wstringop_truncation,
2987 cntrange[0].to_uhwi (),
2988 "%G%qD output truncated copying %E byte "
2989 "from a string of length %wu",
2990 "%G%qD output truncated copying %E bytes "
2991 "from a string of length %wu",
2992 stmt, func, cnt, lenrange[0].to_uhwi ());
2993
2994 return warning_at (callloc, OPT_Wstringop_truncation,
2995 "%G%qD output truncated copying between %wu "
2996 "and %wu bytes from a string of length %wu",
2997 stmt, func, cntrange[0].to_uhwi (),
2998 cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
2999 }
3000 else if (wi::geu_p (lenrange[1], cntrange[1]))
3001 {
3002 /* The longest string is longer than the upper bound of
3003 the count so the truncation is possible. */
3004 if (cntrange[0] == cntrange[1])
3005 return warning_n (callloc, OPT_Wstringop_truncation,
3006 cntrange[0].to_uhwi (),
3007 "%G%qD output may be truncated copying %E "
3008 "byte from a string of length %wu",
3009 "%G%qD output may be truncated copying %E "
3010 "bytes from a string of length %wu",
3011 stmt, func, cnt, lenrange[1].to_uhwi ());
3012
3013 return warning_at (callloc, OPT_Wstringop_truncation,
3014 "%G%qD output may be truncated copying between "
3015 "%wu and %wu bytes from a string of length %wu",
3016 stmt, func, cntrange[0].to_uhwi (),
3017 cntrange[1].to_uhwi (), lenrange[1].to_uhwi ());
3018 }
3019 }
3020
3021 if (!cat_dstlen_bounded
3022 && cntrange[0] != cntrange[1]
3023 && wi::leu_p (cntrange[0], lenrange[0])
3024 && wi::leu_p (cntrange[1], lenrange[0] + 1))
3025 {
3026 /* If the source (including the terminating nul) is longer than
3027 the lower bound of the specified count but shorter than the
3028 upper bound the copy may (but need not) be truncated. */
3029 return warning_at (callloc, OPT_Wstringop_truncation,
3030 "%G%qD output may be truncated copying between "
3031 "%wu and %wu bytes from a string of length %wu",
3032 stmt, func, cntrange[0].to_uhwi (),
3033 cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3034 }
3035 }
3036
3037 if (tree dstsize = compute_objsize (dst, 1))
3038 {
3039 /* The source length is unknown. Try to determine the destination
3040 size and see if it matches the specified bound. If not, bail.
3041 Otherwise go on to see if it should be diagnosed for possible
3042 truncation. */
3043 if (!dstsize)
3044 return false;
3045
3046 if (wi::to_wide (dstsize) != cntrange[1])
3047 return false;
3048
3049 /* Avoid warning for strncpy(a, b, N) calls where the following
3050 equalities hold:
3051 N == sizeof a && N == sizeof b */
3052 if (tree srcsize = compute_objsize (src, 1))
3053 if (wi::to_wide (srcsize) == cntrange[1])
3054 return false;
3055
3056 if (cntrange[0] == cntrange[1])
3057 return warning_at (callloc, OPT_Wstringop_truncation,
3058 "%G%qD specified bound %E equals destination size",
3059 stmt, func, cnt);
3060 }
3061
3062 return false;
3063 }
3064
3065 /* Check the arguments to the built-in forms of stpncpy and strncpy for
3066 out-of-bounds offsets or overlapping access, and to see if the size
3067 is derived from calling strlen() on the source argument, and if so,
3068 issue the appropriate warning. */
3069
3070 static void
3071 handle_builtin_stxncpy (built_in_function, gimple_stmt_iterator *gsi)
3072 {
3073 if (!strlen_to_stridx)
3074 return;
3075
3076 gimple *stmt = gsi_stmt (*gsi);
3077
3078 tree dst = gimple_call_arg (stmt, 0);
3079 tree src = gimple_call_arg (stmt, 1);
3080 tree len = gimple_call_arg (stmt, 2);
3081 tree dstsize = NULL_TREE, srcsize = NULL_TREE;
3082
3083 int didx = get_stridx (dst);
3084 if (strinfo *sidst = didx > 0 ? get_strinfo (didx) : NULL)
3085 {
3086 /* Compute the size of the destination string including the nul
3087 if it is known to be nul-terminated. */
3088 if (sidst->nonzero_chars)
3089 {
3090 if (sidst->full_string_p)
3091 {
3092 /* String is known to be nul-terminated. */
3093 tree type = TREE_TYPE (sidst->nonzero_chars);
3094 dstsize = fold_build2 (PLUS_EXPR, type, sidst->nonzero_chars,
3095 build_int_cst (type, 1));
3096 }
3097 else
3098 dstsize = sidst->nonzero_chars;
3099 }
3100
3101 dst = sidst->ptr;
3102 }
3103
3104 int sidx = get_stridx (src);
3105 strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL;
3106 if (sisrc)
3107 {
3108 /* strncat() and strncpy() can modify the source string by writing
3109 over the terminating nul so SISRC->DONT_INVALIDATE must be left
3110 clear. */
3111
3112 /* Compute the size of the source string including the terminating
3113 nul if its known to be nul-terminated. */
3114 if (sisrc->nonzero_chars)
3115 {
3116 if (sisrc->full_string_p)
3117 {
3118 tree type = TREE_TYPE (sisrc->nonzero_chars);
3119 srcsize = fold_build2 (PLUS_EXPR, type, sisrc->nonzero_chars,
3120 build_int_cst (type, 1));
3121 }
3122 else
3123 srcsize = sisrc->nonzero_chars;
3124 }
3125
3126 src = sisrc->ptr;
3127 }
3128 else
3129 srcsize = NULL_TREE;
3130
3131 if (check_bounds_or_overlap (stmt, dst, src, dstsize, srcsize))
3132 {
3133 gimple_set_no_warning (stmt, true);
3134 return;
3135 }
3136
3137 /* If the length argument was computed from strlen(S) for some string
3138 S retrieve the strinfo index for the string (PSS->FIRST) along with
3139 the location of the strlen() call (PSS->SECOND). */
3140 stridx_strlenloc *pss = strlen_to_stridx->get (len);
3141 if (!pss || pss->first <= 0)
3142 {
3143 if (maybe_diag_stxncpy_trunc (*gsi, src, len))
3144 gimple_set_no_warning (stmt, true);
3145
3146 return;
3147 }
3148
3149 /* Retrieve the strinfo data for the string S that LEN was computed
3150 from as some function F of strlen (S) (i.e., LEN need not be equal
3151 to strlen(S)). */
3152 strinfo *silen = get_strinfo (pss->first);
3153
3154 location_t callloc = gimple_nonartificial_location (stmt);
3155 callloc = expansion_point_location_if_in_system_header (callloc);
3156
3157 tree func = gimple_call_fndecl (stmt);
3158
3159 bool warned = false;
3160
3161 /* When -Wstringop-truncation is set, try to determine truncation
3162 before diagnosing possible overflow. Truncation is implied by
3163 the LEN argument being equal to strlen(SRC), regardless of
3164 whether its value is known. Otherwise, issue the more generic
3165 -Wstringop-overflow which triggers for LEN arguments that in
3166 any meaningful way depend on strlen(SRC). */
3167 if (sisrc == silen
3168 && is_strlen_related_p (src, len)
3169 && warning_at (callloc, OPT_Wstringop_truncation,
3170 "%G%qD output truncated before terminating nul "
3171 "copying as many bytes from a string as its length",
3172 stmt, func))
3173 warned = true;
3174 else if (silen && is_strlen_related_p (src, silen->ptr))
3175 warned = warning_at (callloc, OPT_Wstringop_overflow_,
3176 "%G%qD specified bound depends on the length "
3177 "of the source argument",
3178 stmt, func);
3179 if (warned)
3180 {
3181 location_t strlenloc = pss->second;
3182 if (strlenloc != UNKNOWN_LOCATION && strlenloc != callloc)
3183 inform (strlenloc, "length computed here");
3184 }
3185 }
3186
3187 /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
3188 If strlen of the second argument is known and length of the third argument
3189 is that plus one, strlen of the first argument is the same after this
3190 call. */
3191
3192 static void
3193 handle_builtin_memcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi)
3194 {
3195 int idx, didx;
3196 tree src, dst, len, lhs, oldlen, newlen;
3197 gimple *stmt = gsi_stmt (*gsi);
3198 strinfo *si, *dsi, *olddsi;
3199
3200 len = gimple_call_arg (stmt, 2);
3201 src = gimple_call_arg (stmt, 1);
3202 dst = gimple_call_arg (stmt, 0);
3203 idx = get_stridx (src);
3204 if (idx == 0)
3205 return;
3206
3207 didx = get_stridx (dst);
3208 olddsi = NULL;
3209 if (didx > 0)
3210 olddsi = get_strinfo (didx);
3211 else if (didx < 0)
3212 return;
3213
3214 if (olddsi != NULL
3215 && tree_fits_uhwi_p (len)
3216 && !integer_zerop (len))
3217 adjust_last_stmt (olddsi, stmt, false);
3218
3219 bool full_string_p;
3220 if (idx > 0)
3221 {
3222 gimple *def_stmt;
3223
3224 /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
3225 is known. */
3226 si = get_strinfo (idx);
3227 if (si == NULL || si->nonzero_chars == NULL_TREE)
3228 return;
3229 if (TREE_CODE (len) == INTEGER_CST
3230 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
3231 {
3232 if (tree_int_cst_le (len, si->nonzero_chars))
3233 {
3234 /* Copying LEN nonzero characters, where LEN is constant. */
3235 newlen = len;
3236 full_string_p = false;
3237 }
3238 else
3239 {
3240 /* Copying the whole of the analyzed part of SI. */
3241 newlen = si->nonzero_chars;
3242 full_string_p = si->full_string_p;
3243 }
3244 }
3245 else
3246 {
3247 if (!si->full_string_p)
3248 return;
3249 if (TREE_CODE (len) != SSA_NAME)
3250 return;
3251 def_stmt = SSA_NAME_DEF_STMT (len);
3252 if (!is_gimple_assign (def_stmt)
3253 || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
3254 || gimple_assign_rhs1 (def_stmt) != si->nonzero_chars
3255 || !integer_onep (gimple_assign_rhs2 (def_stmt)))
3256 return;
3257 /* Copying variable-length string SI (and no more). */
3258 newlen = si->nonzero_chars;
3259 full_string_p = true;
3260 }
3261 }
3262 else
3263 {
3264 si = NULL;
3265 /* Handle memcpy (x, "abcd", 5) or
3266 memcpy (x, "abc\0uvw", 7). */
3267 if (!tree_fits_uhwi_p (len))
3268 return;
3269
3270 unsigned HOST_WIDE_INT clen = tree_to_uhwi (len);
3271 unsigned HOST_WIDE_INT nonzero_chars = ~idx;
3272 newlen = build_int_cst (size_type_node, MIN (nonzero_chars, clen));
3273 full_string_p = clen > nonzero_chars;
3274 }
3275
3276 if (!full_string_p
3277 && olddsi
3278 && olddsi->nonzero_chars
3279 && TREE_CODE (olddsi->nonzero_chars) == INTEGER_CST
3280 && tree_int_cst_le (newlen, olddsi->nonzero_chars))
3281 {
3282 /* The SRC substring being written strictly overlaps
3283 a subsequence of the existing string OLDDSI. */
3284 newlen = olddsi->nonzero_chars;
3285 full_string_p = olddsi->full_string_p;
3286 }
3287
3288 if (olddsi != NULL && TREE_CODE (len) == SSA_NAME)
3289 adjust_last_stmt (olddsi, stmt, false);
3290
3291 if (didx == 0)
3292 {
3293 didx = new_stridx (dst);
3294 if (didx == 0)
3295 return;
3296 }
3297 oldlen = NULL_TREE;
3298 if (olddsi != NULL)
3299 {
3300 dsi = unshare_strinfo (olddsi);
3301 oldlen = olddsi->nonzero_chars;
3302 dsi->nonzero_chars = newlen;
3303 dsi->full_string_p = full_string_p;
3304 /* Break the chain, so adjust_related_strinfo on later pointers in
3305 the chain won't adjust this one anymore. */
3306 dsi->next = 0;
3307 dsi->stmt = NULL;
3308 dsi->endptr = NULL_TREE;
3309 }
3310 else
3311 {
3312 dsi = new_strinfo (dst, didx, newlen, full_string_p);
3313 set_strinfo (didx, dsi);
3314 find_equal_ptrs (dst, didx);
3315 }
3316 dsi->writable = true;
3317 dsi->dont_invalidate = true;
3318 if (olddsi != NULL)
3319 {
3320 tree adj = NULL_TREE;
3321 location_t loc = gimple_location (stmt);
3322 if (oldlen == NULL_TREE)
3323 ;
3324 else if (integer_zerop (oldlen))
3325 adj = newlen;
3326 else if (TREE_CODE (oldlen) == INTEGER_CST
3327 || TREE_CODE (newlen) == INTEGER_CST)
3328 adj = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (newlen), newlen,
3329 fold_convert_loc (loc, TREE_TYPE (newlen),
3330 oldlen));
3331 if (adj != NULL_TREE)
3332 adjust_related_strinfos (loc, dsi, adj);
3333 else
3334 dsi->prev = 0;
3335 }
3336 /* memcpy src may not overlap dst, so src doesn't need to be
3337 invalidated either. */
3338 if (si != NULL)
3339 si->dont_invalidate = true;
3340
3341 if (full_string_p)
3342 {
3343 lhs = gimple_call_lhs (stmt);
3344 switch (bcode)
3345 {
3346 case BUILT_IN_MEMCPY:
3347 case BUILT_IN_MEMCPY_CHK:
3348 /* Allow adjust_last_stmt to decrease this memcpy's size. */
3349 laststmt.stmt = stmt;
3350 laststmt.len = dsi->nonzero_chars;
3351 laststmt.stridx = dsi->idx;
3352 if (lhs)
3353 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
3354 break;
3355 case BUILT_IN_MEMPCPY:
3356 case BUILT_IN_MEMPCPY_CHK:
3357 break;
3358 default:
3359 gcc_unreachable ();
3360 }
3361 }
3362 }
3363
3364 /* Handle a strcat-like ({strcat,__strcat_chk}) call.
3365 If strlen of the second argument is known, strlen of the first argument
3366 is increased by the length of the second argument. Furthermore, attempt
3367 to convert it to memcpy/strcpy if the length of the first argument
3368 is known. */
3369
3370 static void
3371 handle_builtin_strcat (enum built_in_function bcode, gimple_stmt_iterator *gsi)
3372 {
3373 int idx, didx;
3374 tree srclen, args, type, fn, objsz, endptr;
3375 bool success;
3376 gimple *stmt = gsi_stmt (*gsi);
3377 strinfo *si, *dsi;
3378 location_t loc = gimple_location (stmt);
3379
3380 tree src = gimple_call_arg (stmt, 1);
3381 tree dst = gimple_call_arg (stmt, 0);
3382
3383 /* Bail if the source is the same as destination. It will be diagnosed
3384 elsewhere. */
3385 if (operand_equal_p (src, dst, 0))
3386 return;
3387
3388 tree lhs = gimple_call_lhs (stmt);
3389
3390 didx = get_stridx (dst);
3391 if (didx < 0)
3392 return;
3393
3394 dsi = NULL;
3395 if (didx > 0)
3396 dsi = get_strinfo (didx);
3397
3398 srclen = NULL_TREE;
3399 si = NULL;
3400 idx = get_stridx (src);
3401 if (idx < 0)
3402 srclen = build_int_cst (size_type_node, ~idx);
3403 else if (idx > 0)
3404 {
3405 si = get_strinfo (idx);
3406 if (si != NULL)
3407 srclen = get_string_length (si);
3408 }
3409
3410 /* Set the no-warning bit on the transformed statement? */
3411 bool set_no_warning = false;
3412
3413 if (dsi == NULL || get_string_length (dsi) == NULL_TREE)
3414 {
3415 {
3416 /* The concatenation always involves copying at least one byte
3417 (the terminating nul), even if the source string is empty.
3418 If the source is unknown assume it's one character long and
3419 used that as both sizes. */
3420 tree slen = srclen;
3421 if (slen)
3422 {
3423 tree type = TREE_TYPE (slen);
3424 slen = fold_build2 (PLUS_EXPR, type, slen, build_int_cst (type, 1));
3425 }
3426
3427 tree sptr = si && si->ptr ? si->ptr : src;
3428
3429 if (check_bounds_or_overlap (stmt, dst, sptr, NULL_TREE, slen))
3430 {
3431 gimple_set_no_warning (stmt, true);
3432 set_no_warning = true;
3433 }
3434 }
3435
3436 /* strcat (p, q) can be transformed into
3437 tmp = p + strlen (p); endptr = stpcpy (tmp, q);
3438 with length endptr - p if we need to compute the length
3439 later on. Don't do this transformation if we don't need
3440 it. */
3441 if (builtin_decl_implicit_p (BUILT_IN_STPCPY) && lhs == NULL_TREE)
3442 {
3443 if (didx == 0)
3444 {
3445 didx = new_stridx (dst);
3446 if (didx == 0)
3447 return;
3448 }
3449 if (dsi == NULL)
3450 {
3451 dsi = new_strinfo (dst, didx, NULL_TREE, false);
3452 set_strinfo (didx, dsi);
3453 find_equal_ptrs (dst, didx);
3454 }
3455 else
3456 {
3457 dsi = unshare_strinfo (dsi);
3458 dsi->nonzero_chars = NULL_TREE;
3459 dsi->full_string_p = false;
3460 dsi->next = 0;
3461 dsi->endptr = NULL_TREE;
3462 }
3463 dsi->writable = true;
3464 dsi->stmt = stmt;
3465 dsi->dont_invalidate = true;
3466 }
3467 return;
3468 }
3469
3470 tree dstlen = dsi->nonzero_chars;
3471 endptr = dsi->endptr;
3472
3473 dsi = unshare_strinfo (dsi);
3474 dsi->endptr = NULL_TREE;
3475 dsi->stmt = NULL;
3476 dsi->writable = true;
3477
3478 if (srclen != NULL_TREE)
3479 {
3480 dsi->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
3481 TREE_TYPE (dsi->nonzero_chars),
3482 dsi->nonzero_chars, srclen);
3483 gcc_assert (dsi->full_string_p);
3484 adjust_related_strinfos (loc, dsi, srclen);
3485 dsi->dont_invalidate = true;
3486 }
3487 else
3488 {
3489 dsi->nonzero_chars = NULL;
3490 dsi->full_string_p = false;
3491 if (lhs == NULL_TREE && builtin_decl_implicit_p (BUILT_IN_STPCPY))
3492 dsi->dont_invalidate = true;
3493 }
3494
3495 if (si != NULL)
3496 /* strcat src may not overlap dst, so src doesn't need to be
3497 invalidated either. */
3498 si->dont_invalidate = true;
3499
3500 /* For now. Could remove the lhs from the call and add
3501 lhs = dst; afterwards. */
3502 if (lhs)
3503 return;
3504
3505 fn = NULL_TREE;
3506 objsz = NULL_TREE;
3507 switch (bcode)
3508 {
3509 case BUILT_IN_STRCAT:
3510 if (srclen != NULL_TREE)
3511 fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
3512 else
3513 fn = builtin_decl_implicit (BUILT_IN_STRCPY);
3514 break;
3515 case BUILT_IN_STRCAT_CHK:
3516 if (srclen != NULL_TREE)
3517 fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
3518 else
3519 fn = builtin_decl_explicit (BUILT_IN_STRCPY_CHK);
3520 objsz = gimple_call_arg (stmt, 2);
3521 break;
3522 default:
3523 gcc_unreachable ();
3524 }
3525
3526 if (fn == NULL_TREE)
3527 return;
3528
3529 if (dsi && dstlen)
3530 {
3531 tree type = TREE_TYPE (dstlen);
3532
3533 /* Compute the size of the source sequence, including the nul. */
3534 tree srcsize = srclen ? srclen : size_zero_node;
3535 tree one = build_int_cst (type, 1);
3536 srcsize = fold_build2 (PLUS_EXPR, type, srcsize, one);
3537 tree dstsize = fold_build2 (PLUS_EXPR, type, dstlen, one);
3538 tree sptr = si && si->ptr ? si->ptr : src;
3539
3540 if (check_bounds_or_overlap (stmt, dst, sptr, dstsize, srcsize))
3541 {
3542 gimple_set_no_warning (stmt, true);
3543 set_no_warning = true;
3544 }
3545 }
3546
3547 tree len = NULL_TREE;
3548 if (srclen != NULL_TREE)
3549 {
3550 args = TYPE_ARG_TYPES (TREE_TYPE (fn));
3551 type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
3552
3553 len = fold_convert_loc (loc, type, unshare_expr (srclen));
3554 len = fold_build2_loc (loc, PLUS_EXPR, type, len,
3555 build_int_cst (type, 1));
3556 len = force_gimple_operand_gsi (gsi, len, true, NULL_TREE, true,
3557 GSI_SAME_STMT);
3558 }
3559 if (endptr)
3560 dst = fold_convert_loc (loc, TREE_TYPE (dst), unshare_expr (endptr));
3561 else
3562 dst = fold_build2_loc (loc, POINTER_PLUS_EXPR, TREE_TYPE (dst), dst,
3563 fold_convert_loc (loc, sizetype,
3564 unshare_expr (dstlen)));
3565 dst = force_gimple_operand_gsi (gsi, dst, true, NULL_TREE, true,
3566 GSI_SAME_STMT);
3567 if (objsz)
3568 {
3569 objsz = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (objsz), objsz,
3570 fold_convert_loc (loc, TREE_TYPE (objsz),
3571 unshare_expr (dstlen)));
3572 objsz = force_gimple_operand_gsi (gsi, objsz, true, NULL_TREE, true,
3573 GSI_SAME_STMT);
3574 }
3575 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3576 {
3577 fprintf (dump_file, "Optimizing: ");
3578 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3579 }
3580 if (srclen != NULL_TREE)
3581 success = update_gimple_call (gsi, fn, 3 + (objsz != NULL_TREE),
3582 dst, src, len, objsz);
3583 else
3584 success = update_gimple_call (gsi, fn, 2 + (objsz != NULL_TREE),
3585 dst, src, objsz);
3586 if (success)
3587 {
3588 stmt = gsi_stmt (*gsi);
3589 update_stmt (stmt);
3590 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3591 {
3592 fprintf (dump_file, "into: ");
3593 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3594 }
3595 /* If srclen == NULL, note that current string length can be
3596 computed by transforming this strcpy into stpcpy. */
3597 if (srclen == NULL_TREE && dsi->dont_invalidate)
3598 dsi->stmt = stmt;
3599 adjust_last_stmt (dsi, stmt, true);
3600 if (srclen != NULL_TREE)
3601 {
3602 laststmt.stmt = stmt;
3603 laststmt.len = srclen;
3604 laststmt.stridx = dsi->idx;
3605 }
3606 }
3607 else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3608 fprintf (dump_file, "not possible.\n");
3609
3610 if (set_no_warning)
3611 gimple_set_no_warning (stmt, true);
3612 }
3613
3614 /* Handle a call to malloc or calloc. */
3615
3616 static void
3617 handle_builtin_malloc (enum built_in_function bcode, gimple_stmt_iterator *gsi)
3618 {
3619 gimple *stmt = gsi_stmt (*gsi);
3620 tree lhs = gimple_call_lhs (stmt);
3621 if (lhs == NULL_TREE)
3622 return;
3623
3624 gcc_assert (get_stridx (lhs) == 0);
3625 int idx = new_stridx (lhs);
3626 tree length = NULL_TREE;
3627 if (bcode == BUILT_IN_CALLOC)
3628 length = build_int_cst (size_type_node, 0);
3629 strinfo *si = new_strinfo (lhs, idx, length, length != NULL_TREE);
3630 if (bcode == BUILT_IN_CALLOC)
3631 si->endptr = lhs;
3632 set_strinfo (idx, si);
3633 si->writable = true;
3634 si->stmt = stmt;
3635 si->dont_invalidate = true;
3636 }
3637
3638 /* Handle a call to memset.
3639 After a call to calloc, memset(,0,) is unnecessary.
3640 memset(malloc(n),0,n) is calloc(n,1).
3641 return true when the call is transformed, false otherwise. */
3642
3643 static bool
3644 handle_builtin_memset (gimple_stmt_iterator *gsi, bool *zero_write)
3645 {
3646 gimple *stmt2 = gsi_stmt (*gsi);
3647 if (!integer_zerop (gimple_call_arg (stmt2, 1)))
3648 return false;
3649
3650 /* Let the caller know the memset call cleared the destination. */
3651 *zero_write = true;
3652
3653 tree ptr = gimple_call_arg (stmt2, 0);
3654 int idx1 = get_stridx (ptr);
3655 if (idx1 <= 0)
3656 return false;
3657 strinfo *si1 = get_strinfo (idx1);
3658 if (!si1)
3659 return false;
3660 gimple *stmt1 = si1->stmt;
3661 if (!stmt1 || !is_gimple_call (stmt1))
3662 return false;
3663 tree callee1 = gimple_call_fndecl (stmt1);
3664 if (!valid_builtin_call (stmt1))
3665 return false;
3666 enum built_in_function code1 = DECL_FUNCTION_CODE (callee1);
3667 tree size = gimple_call_arg (stmt2, 2);
3668 if (code1 == BUILT_IN_CALLOC)
3669 /* Not touching stmt1 */ ;
3670 else if (code1 == BUILT_IN_MALLOC
3671 && operand_equal_p (gimple_call_arg (stmt1, 0), size, 0))
3672 {
3673 gimple_stmt_iterator gsi1 = gsi_for_stmt (stmt1);
3674 update_gimple_call (&gsi1, builtin_decl_implicit (BUILT_IN_CALLOC), 2,
3675 size, build_one_cst (size_type_node));
3676 si1->nonzero_chars = build_int_cst (size_type_node, 0);
3677 si1->full_string_p = true;
3678 si1->stmt = gsi_stmt (gsi1);
3679 }
3680 else
3681 return false;
3682 tree lhs = gimple_call_lhs (stmt2);
3683 unlink_stmt_vdef (stmt2);
3684 if (lhs)
3685 {
3686 gimple *assign = gimple_build_assign (lhs, ptr);
3687 gsi_replace (gsi, assign, false);
3688 }
3689 else
3690 {
3691 gsi_remove (gsi, true);
3692 release_defs (stmt2);
3693 }
3694
3695 return true;
3696 }
3697
3698 /* Return a pointer to the first such equality expression if RES is used
3699 only in expressions testing its equality to zero, and null otherwise. */
3700
3701 static gimple *
3702 used_only_for_zero_equality (tree res)
3703 {
3704 gimple *first_use = NULL;
3705
3706 use_operand_p use_p;
3707 imm_use_iterator iter;
3708
3709 FOR_EACH_IMM_USE_FAST (use_p, iter, res)
3710 {
3711 gimple *use_stmt = USE_STMT (use_p);
3712
3713 if (is_gimple_debug (use_stmt))
3714 continue;
3715 if (gimple_code (use_stmt) == GIMPLE_ASSIGN)
3716 {
3717 tree_code code = gimple_assign_rhs_code (use_stmt);
3718 if (code == COND_EXPR)
3719 {
3720 tree cond_expr = gimple_assign_rhs1 (use_stmt);
3721 if ((TREE_CODE (cond_expr) != EQ_EXPR
3722 && (TREE_CODE (cond_expr) != NE_EXPR))
3723 || !integer_zerop (TREE_OPERAND (cond_expr, 1)))
3724 return NULL;
3725 }
3726 else if (code == EQ_EXPR || code == NE_EXPR)
3727 {
3728 if (!integer_zerop (gimple_assign_rhs2 (use_stmt)))
3729 return NULL;
3730 }
3731 else
3732 return NULL;
3733 }
3734 else if (gimple_code (use_stmt) == GIMPLE_COND)
3735 {
3736 tree_code code = gimple_cond_code (use_stmt);
3737 if ((code != EQ_EXPR && code != NE_EXPR)
3738 || !integer_zerop (gimple_cond_rhs (use_stmt)))
3739 return NULL;
3740 }
3741 else
3742 return NULL;
3743
3744 if (!first_use)
3745 first_use = use_stmt;
3746 }
3747
3748 return first_use;
3749 }
3750
3751 /* Handle a call to memcmp. We try to handle small comparisons by
3752 converting them to load and compare, and replacing the call to memcmp
3753 with a __builtin_memcmp_eq call where possible.
3754 return true when call is transformed, return false otherwise. */
3755
3756 static bool
3757 handle_builtin_memcmp (gimple_stmt_iterator *gsi)
3758 {
3759 gcall *stmt = as_a <gcall *> (gsi_stmt (*gsi));
3760 tree res = gimple_call_lhs (stmt);
3761
3762 if (!res || !used_only_for_zero_equality (res))
3763 return false;
3764
3765 tree arg1 = gimple_call_arg (stmt, 0);
3766 tree arg2 = gimple_call_arg (stmt, 1);
3767 tree len = gimple_call_arg (stmt, 2);
3768 unsigned HOST_WIDE_INT leni;
3769
3770 if (tree_fits_uhwi_p (len)
3771 && (leni = tree_to_uhwi (len)) <= GET_MODE_SIZE (word_mode)
3772 && pow2p_hwi (leni))
3773 {
3774 leni *= CHAR_TYPE_SIZE;
3775 unsigned align1 = get_pointer_alignment (arg1);
3776 unsigned align2 = get_pointer_alignment (arg2);
3777 unsigned align = MIN (align1, align2);
3778 scalar_int_mode mode;
3779 if (int_mode_for_size (leni, 1).exists (&mode)
3780 && (align >= leni || !targetm.slow_unaligned_access (mode, align)))
3781 {
3782 location_t loc = gimple_location (stmt);
3783 tree type, off;
3784 type = build_nonstandard_integer_type (leni, 1);
3785 gcc_assert (known_eq (GET_MODE_BITSIZE (TYPE_MODE (type)), leni));
3786 tree ptrtype = build_pointer_type_for_mode (char_type_node,
3787 ptr_mode, true);
3788 off = build_int_cst (ptrtype, 0);
3789 arg1 = build2_loc (loc, MEM_REF, type, arg1, off);
3790 arg2 = build2_loc (loc, MEM_REF, type, arg2, off);
3791 tree tem1 = fold_const_aggregate_ref (arg1);
3792 if (tem1)
3793 arg1 = tem1;
3794 tree tem2 = fold_const_aggregate_ref (arg2);
3795 if (tem2)
3796 arg2 = tem2;
3797 res = fold_convert_loc (loc, TREE_TYPE (res),
3798 fold_build2_loc (loc, NE_EXPR,
3799 boolean_type_node,
3800 arg1, arg2));
3801 gimplify_and_update_call_from_tree (gsi, res);
3802 return true;
3803 }
3804 }
3805
3806 gimple_call_set_fndecl (stmt, builtin_decl_explicit (BUILT_IN_MEMCMP_EQ));
3807 return true;
3808 }
3809
3810 /* Given an index to the strinfo vector, compute the string length
3811 for the corresponding string. Return -1 when unknown. */
3812
3813 static HOST_WIDE_INT
3814 compute_string_length (int idx)
3815 {
3816 HOST_WIDE_INT string_leni = -1;
3817 gcc_assert (idx != 0);
3818
3819 if (idx < 0)
3820 return ~idx;
3821
3822 strinfo *si = get_strinfo (idx);
3823 if (si)
3824 {
3825 tree const_string_len = get_string_length (si);
3826 if (const_string_len && tree_fits_shwi_p (const_string_len))
3827 string_leni = tree_to_shwi (const_string_len);
3828 }
3829
3830 if (string_leni < 0)
3831 return -1;
3832
3833 return string_leni;
3834 }
3835
3836 /* Determine the minimum size of the object referenced by DEST expression
3837 which must have a pointer type.
3838 Return the minimum size of the object if successful or HWI_M1U when
3839 the size cannot be determined. */
3840
3841 static unsigned HOST_WIDE_INT
3842 determine_min_objsize (tree dest)
3843 {
3844 unsigned HOST_WIDE_INT size = 0;
3845
3846 init_object_sizes ();
3847
3848 if (compute_builtin_object_size (dest, 2, &size))
3849 return size;
3850
3851 /* Try to determine the size of the object through the RHS
3852 of the assign statement. */
3853 if (TREE_CODE (dest) == SSA_NAME)
3854 {
3855 gimple *stmt = SSA_NAME_DEF_STMT (dest);
3856 if (!is_gimple_assign (stmt))
3857 return HOST_WIDE_INT_M1U;
3858
3859 if (!gimple_assign_single_p (stmt)
3860 && !gimple_assign_unary_nop_p (stmt))
3861 return HOST_WIDE_INT_M1U;
3862
3863 dest = gimple_assign_rhs1 (stmt);
3864 return determine_min_objsize (dest);
3865 }
3866
3867 /* Try to determine the size of the object from its type. */
3868 if (TREE_CODE (dest) != ADDR_EXPR)
3869 return HOST_WIDE_INT_M1U;
3870
3871 tree type = TREE_TYPE (dest);
3872 if (TREE_CODE (type) == POINTER_TYPE)
3873 type = TREE_TYPE (type);
3874
3875 type = TYPE_MAIN_VARIANT (type);
3876
3877 /* The size of a flexible array cannot be determined. Otherwise,
3878 for arrays with more than one element, return the size of its
3879 type. GCC itself misuses arrays of both zero and one elements
3880 as flexible array members so they are excluded as well. */
3881 if (TREE_CODE (type) != ARRAY_TYPE
3882 || !array_at_struct_end_p (dest))
3883 {
3884 tree type_size = TYPE_SIZE_UNIT (type);
3885 if (type_size && TREE_CODE (type_size) == INTEGER_CST
3886 && !integer_onep (type_size)
3887 && !integer_zerop (type_size))
3888 return tree_to_uhwi (type_size);
3889 }
3890
3891 return HOST_WIDE_INT_M1U;
3892 }
3893
3894 /* Given strinfo IDX for ARG, set LENRNG[] to the range of lengths
3895 of the string(s) referenced by ARG if it can be determined.
3896 If the length cannot be determined, set *SIZE to the size of
3897 the array the string is stored in, if any. If no such array is
3898 known, set *SIZE to -1. When the strings are nul-terminated set
3899 *NULTERM to true, otherwise to false. Return true on success. */
3900
3901 static bool
3902 get_len_or_size (tree arg, int idx, unsigned HOST_WIDE_INT lenrng[2],
3903 unsigned HOST_WIDE_INT *size, bool *nulterm)
3904 {
3905 /* Set so that both LEN and ~LEN are invalid lengths, i.e.,
3906 maximum possible length + 1. */
3907 lenrng[0] = lenrng[1] = HOST_WIDE_INT_MAX;
3908
3909 *size = HOST_WIDE_INT_M1U;
3910
3911 if (idx < 0)
3912 {
3913 /* IDX is the inverted constant string length. */
3914 lenrng[0] = ~idx;
3915 lenrng[1] = lenrng[0];
3916 *nulterm = true;
3917 }
3918 else if (idx == 0)
3919 ; /* Handled below. */
3920 else if (strinfo *si = get_strinfo (idx))
3921 {
3922 if (!si->nonzero_chars)
3923 arg = si->ptr;
3924 else if (tree_fits_uhwi_p (si->nonzero_chars))
3925 {
3926 lenrng[0] = tree_to_uhwi (si->nonzero_chars);
3927 *nulterm = si->full_string_p;
3928 /* Set the upper bound only if the string is known to be
3929 nul-terminated, otherwise leave it at maximum + 1. */
3930 if (*nulterm)
3931 lenrng[1] = lenrng[0];
3932 }
3933 else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
3934 {
3935 wide_int min, max;
3936 value_range_kind rng = get_range_info (si->nonzero_chars, &min, &max);
3937 if (rng == VR_RANGE)
3938 {
3939 lenrng[0] = min.to_uhwi ();
3940 lenrng[1] = max.to_uhwi ();
3941 *nulterm = si->full_string_p;
3942 }
3943 }
3944 else if (si->ptr)
3945 arg = si->ptr;
3946 }
3947
3948 if (lenrng[0] == HOST_WIDE_INT_MAX)
3949 {
3950 /* Compute the minimum and maximum real or possible lengths. */
3951 c_strlen_data lendata = { };
3952 if (get_range_strlen (arg, &lendata, /* eltsize = */1))
3953 {
3954 if (tree_fits_shwi_p (lendata.maxlen) && !lendata.maxbound)
3955 {
3956 lenrng[0] = tree_to_shwi (lendata.minlen);
3957 lenrng[1] = tree_to_shwi (lendata.maxlen);
3958 *nulterm = true;
3959 }
3960 else if (lendata.maxbound && tree_fits_shwi_p (lendata.maxbound))
3961 {
3962 /* Set *SIZE to the conservative LENDATA.MAXBOUND which
3963 is a conservative estimate of the longest string based
3964 on the sizes of the arrays referenced by ARG. */
3965 *size = tree_to_uhwi (lendata.maxbound) + 1;
3966 *nulterm = false;
3967 }
3968 }
3969 else
3970 {
3971 /* Set *SIZE to the size of the smallest object referenced
3972 by ARG if ARG denotes a single object, or to HWI_M1U
3973 otherwise. */
3974 *size = determine_min_objsize (arg);
3975 *nulterm = false;
3976 }
3977 }
3978
3979 return lenrng[0] != HOST_WIDE_INT_MAX || *size != HOST_WIDE_INT_M1U;
3980 }
3981
3982 /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return
3983 the result of 0 == strncmp (A, B, BOUND) (which is the same as strcmp
3984 for a sufficiently large BOUND). If the result is based on the length
3985 of one string being greater than the longest string that would fit in
3986 the array pointer to by the argument, set *PLEN and *PSIZE to
3987 the corresponding length (or its complement when the string is known
3988 to be at least as long and need not be nul-terminated) and size.
3989 Otherwise return null. */
3990
3991 static tree
3992 strxcmp_eqz_result (tree arg1, int idx1, tree arg2, int idx2,
3993 unsigned HOST_WIDE_INT bound, unsigned HOST_WIDE_INT len[2],
3994 unsigned HOST_WIDE_INT *psize)
3995 {
3996 /* Determine the range the length of each string is in and whether it's
3997 known to be nul-terminated, or the size of the array it's stored in. */
3998 bool nul1, nul2;
3999 unsigned HOST_WIDE_INT siz1, siz2;
4000 unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4001 if (!get_len_or_size (arg1, idx1, len1rng, &siz1, &nul1)
4002 || !get_len_or_size (arg2, idx2, len2rng, &siz2, &nul2))
4003 return NULL_TREE;
4004
4005 /* BOUND is set to HWI_M1U for strcmp and less to strncmp, and LENiRNG
4006 to HWI_MAX when invalid. Adjust the length of each string to consider
4007 to be no more than BOUND. */
4008 if (len1rng[0] < HOST_WIDE_INT_MAX && len1rng[0] > bound)
4009 len1rng[0] = bound;
4010 if (len1rng[1] < HOST_WIDE_INT_MAX && len1rng[1] > bound)
4011 len1rng[1] = bound;
4012 if (len2rng[0] < HOST_WIDE_INT_MAX && len2rng[0] > bound)
4013 len2rng[0] = bound;
4014 if (len2rng[1] < HOST_WIDE_INT_MAX && len2rng[1] > bound)
4015 len2rng[1] = bound;
4016
4017 /* Two empty strings are equal. */
4018 if (len1rng[1] == 0 && len2rng[1] == 0)
4019 return integer_one_node;
4020
4021 /* The strings are definitely unequal when the lower bound of the length
4022 of one of them is greater than the length of the longest string that
4023 would fit into the other array. */
4024 if (len1rng[0] == HOST_WIDE_INT_MAX
4025 && len2rng[0] != HOST_WIDE_INT_MAX
4026 && ((len2rng[0] < bound && len2rng[0] >= siz1)
4027 || len2rng[0] > siz1))
4028 {
4029 *psize = siz1;
4030 len[0] = len1rng[0];
4031 /* Set LEN[0] to the lower bound of ARG1's length when it's
4032 nul-terminated or to the complement of its minimum length
4033 otherwise, */
4034 len[1] = nul2 ? len2rng[0] : ~len2rng[0];
4035 return integer_zero_node;
4036 }
4037
4038 if (len2rng[0] == HOST_WIDE_INT_MAX
4039 && len1rng[0] != HOST_WIDE_INT_MAX
4040 && ((len1rng[0] < bound && len1rng[0] >= siz2)
4041 || len1rng[0] > siz2))
4042 {
4043 *psize = siz2;
4044 len[0] = nul1 ? len1rng[0] : ~len1rng[0];
4045 len[1] = len2rng[0];
4046 return integer_zero_node;
4047 }
4048
4049 /* The strings are also definitely unequal when their lengths are unequal
4050 and at least one is nul-terminated. */
4051 if (len1rng[0] != HOST_WIDE_INT_MAX
4052 && len2rng[0] != HOST_WIDE_INT_MAX
4053 && ((len1rng[1] < len2rng[0] && nul1)
4054 || (len2rng[1] < len1rng[0] && nul2)))
4055 {
4056 if (bound <= len1rng[0] || bound <= len2rng[0])
4057 *psize = bound;
4058 else
4059 *psize = HOST_WIDE_INT_M1U;
4060
4061 len[0] = len1rng[0];
4062 len[1] = len2rng[0];
4063 return integer_zero_node;
4064 }
4065
4066 /* The string lengths may be equal or unequal. Even when equal and
4067 both strings nul-terminated, without the string contents there's
4068 no way to determine whether they are equal. */
4069 return NULL_TREE;
4070 }
4071
4072 /* Diagnose pointless calls to strcmp or strncmp STMT with string
4073 arguments of lengths LEN or size SIZ and (for strncmp) BOUND,
4074 whose result is used in equality expressions that evaluate to
4075 a constant due to one argument being longer than the size of
4076 the other. */
4077
4078 static void
4079 maybe_warn_pointless_strcmp (gimple *stmt, HOST_WIDE_INT bound,
4080 unsigned HOST_WIDE_INT len[2],
4081 unsigned HOST_WIDE_INT siz)
4082 {
4083 tree lhs = gimple_call_lhs (stmt);
4084 gimple *use = used_only_for_zero_equality (lhs);
4085 if (!use)
4086 return;
4087
4088 bool at_least = false;
4089
4090 /* Excessive LEN[i] indicates a lower bound. */
4091 if (len[0] > HOST_WIDE_INT_MAX)
4092 {
4093 at_least = true;
4094 len[0] = ~len[0];
4095 }
4096
4097 if (len[1] > HOST_WIDE_INT_MAX)
4098 {
4099 at_least = true;
4100 len[1] = ~len[1];
4101 }
4102
4103 unsigned HOST_WIDE_INT minlen = MIN (len[0], len[1]);
4104
4105 /* FIXME: Include a note pointing to the declaration of the smaller
4106 array. */
4107 location_t stmt_loc = gimple_nonartificial_location (stmt);
4108 if (stmt_loc == UNKNOWN_LOCATION && EXPR_HAS_LOCATION (lhs))
4109 stmt_loc = tree_nonartificial_location (lhs);
4110 stmt_loc = expansion_point_location_if_in_system_header (stmt_loc);
4111
4112 tree callee = gimple_call_fndecl (stmt);
4113 bool warned = false;
4114 if (siz <= minlen && bound == -1)
4115 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4116 (at_least
4117 ? G_("%G%qD of a string of length %wu or more and "
4118 "an array of size %wu evaluates to nonzero")
4119 : G_("%G%qD of a string of length %wu and an array "
4120 "of size %wu evaluates to nonzero")),
4121 stmt, callee, minlen, siz);
4122 else if (!at_least && siz <= HOST_WIDE_INT_MAX)
4123 {
4124 if (len[0] != HOST_WIDE_INT_MAX && len[1] != HOST_WIDE_INT_MAX)
4125 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4126 "%G%qD of strings of length %wu and %wu "
4127 "and bound of %wu evaluates to nonzero",
4128 stmt, callee, len[0], len[1], bound);
4129 else
4130 warned = warning_at (stmt_loc, OPT_Wstring_compare,
4131 "%G%qD of a string of length %wu, an array "
4132 "of size %wu and bound of %wu evaluates to "
4133 "nonzero",
4134 stmt, callee, minlen, siz, bound);
4135 }
4136
4137 if (warned)
4138 {
4139 location_t use_loc = gimple_location (use);
4140 if (LOCATION_LINE (stmt_loc) != LOCATION_LINE (use_loc))
4141 inform (use_loc, "in this expression");
4142 }
4143 }
4144
4145
4146 /* Optimize a call to strcmp or strncmp either by folding it to a constant
4147 when possible or by transforming the latter to the former. Warn about
4148 calls where the length of one argument is greater than the size of
4149 the array to which the other argument points if the latter's length
4150 is not known. Return true when the call has been transformed into
4151 another and false otherwise. */
4152
4153 static bool
4154 handle_builtin_string_cmp (gimple_stmt_iterator *gsi)
4155 {
4156 gcall *stmt = as_a <gcall *> (gsi_stmt (*gsi));
4157 tree lhs = gimple_call_lhs (stmt);
4158
4159 if (!lhs)
4160 return false;
4161
4162 tree arg1 = gimple_call_arg (stmt, 0);
4163 tree arg2 = gimple_call_arg (stmt, 1);
4164 int idx1 = get_stridx (arg1);
4165 int idx2 = get_stridx (arg2);
4166
4167 /* For strncmp set to the the value of the third argument if known. */
4168 HOST_WIDE_INT bound = -1;
4169 tree len = NULL_TREE;
4170 /* Extract the strncmp bound. */
4171 if (gimple_call_num_args (stmt) == 3)
4172 {
4173 len = gimple_call_arg (stmt, 2);
4174 if (tree_fits_shwi_p (len))
4175 bound = tree_to_shwi (len);
4176
4177 /* If the bound argument is NOT known, do nothing. */
4178 if (bound < 0)
4179 return false;
4180 }
4181
4182 /* Avoid folding if either argument is not a nul-terminated array.
4183 Defer warning until later. */
4184 if (!check_nul_terminated_array (NULL_TREE, arg1, len)
4185 || !check_nul_terminated_array (NULL_TREE, arg2, len))
4186 return false;
4187
4188 {
4189 /* Set to the length of one argument (or its complement if it's
4190 the lower bound of a range) and the size of the array storing
4191 the other if the result is based on the former being equal to
4192 or greater than the latter. */
4193 unsigned HOST_WIDE_INT len[2] = { HOST_WIDE_INT_MAX, HOST_WIDE_INT_MAX };
4194 unsigned HOST_WIDE_INT siz = HOST_WIDE_INT_M1U;
4195
4196 /* Try to determine if the two strings are either definitely equal
4197 or definitely unequal and if so, either fold the result to zero
4198 (when equal) or set the range of the result to ~[0, 0] otherwise. */
4199 if (tree eqz = strxcmp_eqz_result (arg1, idx1, arg2, idx2, bound,
4200 len, &siz))
4201 {
4202 if (integer_zerop (eqz))
4203 {
4204 maybe_warn_pointless_strcmp (stmt, bound, len, siz);
4205
4206 /* When the lengths of the first two string arguments are
4207 known to be unequal set the range of the result to non-zero.
4208 This allows the call to be eliminated if its result is only
4209 used in tests for equality to zero. */
4210 wide_int zero = wi::zero (TYPE_PRECISION (TREE_TYPE (lhs)));
4211 set_range_info (lhs, VR_ANTI_RANGE, zero, zero);
4212 return false;
4213 }
4214 /* When the two strings are definitely equal (such as when they
4215 are both empty) fold the call to the constant result. */
4216 replace_call_with_value (gsi, integer_zero_node);
4217 return true;
4218 }
4219 }
4220
4221 /* Return if nothing is known about the strings pointed to by ARG1
4222 and ARG2. */
4223 if (idx1 == 0 && idx2 == 0)
4224 return false;
4225
4226 /* Determine either the length or the size of each of the strings,
4227 whichever is available. */
4228 HOST_WIDE_INT cstlen1 = -1, cstlen2 = -1;
4229 HOST_WIDE_INT arysiz1 = -1, arysiz2 = -1;
4230
4231 if (idx1)
4232 cstlen1 = compute_string_length (idx1);
4233 else
4234 arysiz1 = determine_min_objsize (arg1);
4235
4236 /* Bail if neither the string length nor the size of the array
4237 it is stored in can be determined. */
4238 if (cstlen1 < 0 && arysiz1 < 0)
4239 return false;
4240
4241 /* Repeat for the second argument. */
4242 if (idx2)
4243 cstlen2 = compute_string_length (idx2);
4244 else
4245 arysiz2 = determine_min_objsize (arg2);
4246
4247 if (cstlen2 < 0 && arysiz2 < 0)
4248 return false;
4249
4250 if (cstlen1 < 0 && cstlen2 < 0)
4251 return false;
4252
4253 if (cstlen1 >= 0)
4254 ++cstlen1;
4255 if (cstlen2 >= 0)
4256 ++cstlen2;
4257
4258 /* The exact number of characters to compare. */
4259 HOST_WIDE_INT cmpsiz = bound < 0 ? cstlen1 < 0 ? cstlen2 : cstlen1 : bound;
4260 /* The size of the array in which the unknown string is stored. */
4261 HOST_WIDE_INT varsiz = arysiz1 < 0 ? arysiz2 : arysiz1;
4262
4263 if (cmpsiz < varsiz && used_only_for_zero_equality (lhs))
4264 {
4265 /* If the known length is less than the size of the other array
4266 and the strcmp result is only used to test equality to zero,
4267 transform the call to the equivalent _eq call. */
4268 if (tree fn = builtin_decl_implicit (bound < 0 ? BUILT_IN_STRCMP_EQ
4269 : BUILT_IN_STRNCMP_EQ))
4270 {
4271 tree n = build_int_cst (size_type_node, cmpsiz);
4272 update_gimple_call (gsi, fn, 3, arg1, arg2, n);
4273 return true;
4274 }
4275 }
4276
4277 return false;
4278 }
4279
4280 /* Handle a POINTER_PLUS_EXPR statement.
4281 For p = "abcd" + 2; compute associated length, or if
4282 p = q + off is pointing to a '\0' character of a string, call
4283 zero_length_string on it. */
4284
4285 static void
4286 handle_pointer_plus (gimple_stmt_iterator *gsi)
4287 {
4288 gimple *stmt = gsi_stmt (*gsi);
4289 tree lhs = gimple_assign_lhs (stmt), off;
4290 int idx = get_stridx (gimple_assign_rhs1 (stmt));
4291 strinfo *si, *zsi;
4292
4293 if (idx == 0)
4294 return;
4295
4296 if (idx < 0)
4297 {
4298 tree off = gimple_assign_rhs2 (stmt);
4299 if (tree_fits_uhwi_p (off)
4300 && tree_to_uhwi (off) <= (unsigned HOST_WIDE_INT) ~idx)
4301 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)]
4302 = ~(~idx - (int) tree_to_uhwi (off));
4303 return;
4304 }
4305
4306 si = get_strinfo (idx);
4307 if (si == NULL || si->nonzero_chars == NULL_TREE)
4308 return;
4309
4310 off = gimple_assign_rhs2 (stmt);
4311 zsi = NULL;
4312 if (si->full_string_p && operand_equal_p (si->nonzero_chars, off, 0))
4313 zsi = zero_length_string (lhs, si);
4314 else if (TREE_CODE (off) == SSA_NAME)
4315 {
4316 gimple *def_stmt = SSA_NAME_DEF_STMT (off);
4317 if (gimple_assign_single_p (def_stmt)
4318 && si->full_string_p
4319 && operand_equal_p (si->nonzero_chars,
4320 gimple_assign_rhs1 (def_stmt), 0))
4321 zsi = zero_length_string (lhs, si);
4322 }
4323 if (zsi != NULL
4324 && si->endptr != NULL_TREE
4325 && si->endptr != lhs
4326 && TREE_CODE (si->endptr) == SSA_NAME)
4327 {
4328 enum tree_code rhs_code
4329 = useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (si->endptr))
4330 ? SSA_NAME : NOP_EXPR;
4331 gimple_assign_set_rhs_with_ops (gsi, rhs_code, si->endptr);
4332 gcc_assert (gsi_stmt (*gsi) == stmt);
4333 update_stmt (stmt);
4334 }
4335 }
4336
4337 /* Describes recursion limits used by count_nonzero_bytes. */
4338
4339 class ssa_name_limit_t
4340 {
4341 bitmap visited; /* Bitmap of visited SSA_NAMEs. */
4342 unsigned ssa_def_max; /* Longest chain of SSA_NAMEs to follow. */
4343
4344 /* Not copyable or assignable. */
4345 ssa_name_limit_t (ssa_name_limit_t&);
4346 void operator= (ssa_name_limit_t&);
4347
4348 public:
4349
4350 ssa_name_limit_t ()
4351 : visited (NULL),
4352 ssa_def_max (param_ssa_name_def_chain_limit) { }
4353
4354 int next_ssa_name (tree);
4355
4356 ~ssa_name_limit_t ()
4357 {
4358 if (visited)
4359 BITMAP_FREE (visited);
4360 }
4361 };
4362
4363 /* If the SSA_NAME has already been "seen" return a positive value.
4364 Otherwise add it to VISITED. If the SSA_NAME limit has been
4365 reached, return a negative value. Otherwise return zero. */
4366
4367 int ssa_name_limit_t::next_ssa_name (tree ssa_name)
4368 {
4369 if (!visited)
4370 visited = BITMAP_ALLOC (NULL);
4371
4372 /* Return a positive value if SSA_NAME has already been visited. */
4373 if (!bitmap_set_bit (visited, SSA_NAME_VERSION (ssa_name)))
4374 return 1;
4375
4376 /* Return a negative value to let caller avoid recursing beyond
4377 the specified limit. */
4378 if (ssa_def_max == 0)
4379 return -1;
4380
4381 --ssa_def_max;
4382
4383 return 0;
4384 }
4385
4386 /* Determines the minimum and maximum number of leading non-zero bytes
4387 in the representation of EXP and set LENRANGE[0] and LENRANGE[1]
4388 to each. Sets LENRANGE[2] to the total number of bytes in
4389 the representation. Sets *NULTREM if the representation contains
4390 a zero byte, and sets *ALLNUL if all the bytes are zero.
4391 OFFSET and NBYTES are the offset into the representation and
4392 the size of the access to it determined from a MEM_REF or zero
4393 for other expressions.
4394 Avoid recursing deeper than the limits in SNLIM allow.
4395 Returns true on success and false otherwise. */
4396
4397 static bool
4398 count_nonzero_bytes (tree exp, unsigned HOST_WIDE_INT offset,
4399 unsigned HOST_WIDE_INT nbytes,
4400 unsigned lenrange[3], bool *nulterm,
4401 bool *allnul, bool *allnonnul, const vr_values *rvals,
4402 ssa_name_limit_t &snlim)
4403 {
4404 int idx = get_stridx (exp);
4405 if (idx > 0)
4406 {
4407 strinfo *si = get_strinfo (idx);
4408 if (!si)
4409 return false;
4410
4411 /* Handle both constant lengths as well non-constant lengths
4412 in some range. */
4413 unsigned HOST_WIDE_INT minlen, maxlen;
4414 if (tree_fits_shwi_p (si->nonzero_chars))
4415 minlen = maxlen = tree_to_shwi (si->nonzero_chars);
4416 else if (nbytes
4417 && si->nonzero_chars
4418 && TREE_CODE (si->nonzero_chars) == SSA_NAME)
4419 {
4420 const value_range_equiv *vr
4421 = CONST_CAST (class vr_values *, rvals)
4422 ->get_value_range (si->nonzero_chars);
4423 if (vr->kind () != VR_RANGE
4424 || !range_int_cst_p (vr))
4425 return false;
4426
4427 minlen = tree_to_uhwi (vr->min ());
4428 maxlen = tree_to_uhwi (vr->max ());
4429 }
4430 else
4431 return false;
4432
4433 if (maxlen < offset)
4434 return false;
4435
4436 minlen = minlen < offset ? 0 : minlen - offset;
4437 maxlen -= offset;
4438 if (maxlen + 1 < nbytes)
4439 return false;
4440
4441 if (nbytes <= minlen)
4442 *nulterm = false;
4443
4444 if (nbytes < minlen)
4445 {
4446 minlen = nbytes;
4447 if (nbytes < maxlen)
4448 maxlen = nbytes;
4449 }
4450
4451 if (minlen < lenrange[0])
4452 lenrange[0] = minlen;
4453 if (lenrange[1] < maxlen)
4454 lenrange[1] = maxlen;
4455
4456 if (lenrange[2] < nbytes)
4457 (lenrange[2] = nbytes);
4458
4459 /* Since only the length of the string are known and not its contents,
4460 clear ALLNUL and ALLNONNUL purely on the basis of the length. */
4461 *allnul = false;
4462 if (minlen < nbytes)
4463 *allnonnul = false;
4464
4465 return true;
4466 }
4467
4468 if (TREE_CODE (exp) == ADDR_EXPR)
4469 exp = TREE_OPERAND (exp, 0);
4470
4471 if (TREE_CODE (exp) == SSA_NAME)
4472 {
4473 /* Handle non-zero single-character stores specially. */
4474 tree type = TREE_TYPE (exp);
4475 if (TREE_CODE (type) == INTEGER_TYPE
4476 && TYPE_MODE (type) == TYPE_MODE (char_type_node)
4477 && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node)
4478 && tree_expr_nonzero_p (exp))
4479 {
4480 /* If the character EXP is known to be non-zero (even if its
4481 exact value is not known) recurse once to set the range
4482 for an arbitrary constant. */
4483 exp = build_int_cst (type, 1);
4484 return count_nonzero_bytes (exp, offset, 1, lenrange,
4485 nulterm, allnul, allnonnul, rvals, snlim);
4486 }
4487
4488 gimple *stmt = SSA_NAME_DEF_STMT (exp);
4489 if (gimple_assign_single_p (stmt))
4490 {
4491 exp = gimple_assign_rhs1 (stmt);
4492 if (TREE_CODE (exp) != MEM_REF)
4493 return false;
4494 /* Handle MEM_REF below. */
4495 }
4496 else if (gimple_code (stmt) == GIMPLE_PHI)
4497 {
4498 /* Avoid processing an SSA_NAME that has already been visited
4499 or if an SSA_NAME limit has been reached. Indicate success
4500 if the former and failure if the latter. */
4501 if (int res = snlim.next_ssa_name (exp))
4502 return res > 0;
4503
4504 /* Determine the minimum and maximum from the PHI arguments. */
4505 unsigned int n = gimple_phi_num_args (stmt);
4506 for (unsigned i = 0; i != n; i++)
4507 {
4508 tree def = gimple_phi_arg_def (stmt, i);
4509 if (!count_nonzero_bytes (def, offset, nbytes, lenrange, nulterm,
4510 allnul, allnonnul, rvals, snlim))
4511 return false;
4512 }
4513
4514 return true;
4515 }
4516 }
4517
4518 if (TREE_CODE (exp) == MEM_REF)
4519 {
4520 if (nbytes)
4521 return false;
4522
4523 tree arg = TREE_OPERAND (exp, 0);
4524 tree off = TREE_OPERAND (exp, 1);
4525
4526 if (TREE_CODE (off) != INTEGER_CST
4527 || !tree_fits_uhwi_p (off))
4528 return false;
4529
4530 unsigned HOST_WIDE_INT wioff = tree_to_uhwi (off);
4531 if (INT_MAX < wioff)
4532 return false;
4533
4534 offset += wioff;
4535 if (INT_MAX < offset)
4536 return false;
4537
4538 /* The size of the MEM_REF access determines the number of bytes. */
4539 tree type = TREE_TYPE (exp);
4540 tree typesize = TYPE_SIZE_UNIT (type);
4541 if (!typesize || !tree_fits_uhwi_p (typesize))
4542 return false;
4543 nbytes = tree_to_uhwi (typesize);
4544
4545 /* Handle MEM_REF = SSA_NAME types of assignments. */
4546 return count_nonzero_bytes (arg, offset, nbytes, lenrange, nulterm,
4547 allnul, allnonnul, rvals, snlim);
4548 }
4549
4550 if (TREE_CODE (exp) == VAR_DECL && TREE_READONLY (exp))
4551 {
4552 exp = DECL_INITIAL (exp);
4553 if (!exp)
4554 return false;
4555 }
4556
4557 const char *prep = NULL;
4558 if (TREE_CODE (exp) == STRING_CST)
4559 {
4560 unsigned nchars = TREE_STRING_LENGTH (exp);
4561 if (nchars < offset)
4562 return false;
4563
4564 if (!nbytes)
4565 /* If NBYTES hasn't been determined earlier from MEM_REF,
4566 set it here. It includes all internal nuls, including
4567 the terminating one if the string has one. */
4568 nbytes = nchars - offset;
4569
4570 prep = TREE_STRING_POINTER (exp) + offset;
4571 }
4572
4573 unsigned char buf[256];
4574 if (!prep)
4575 {
4576 /* If the pointer to representation hasn't been set above
4577 for STRING_CST point it at the buffer. */
4578 prep = reinterpret_cast <char *>(buf);
4579 /* Try to extract the representation of the constant object
4580 or expression starting from the offset. */
4581 unsigned repsize = native_encode_expr (exp, buf, sizeof buf, offset);
4582 if (repsize < nbytes)
4583 {
4584 /* This should only happen when REPSIZE is zero because EXP
4585 doesn't denote an object with a known initializer, except
4586 perhaps when the reference reads past its end. */
4587 lenrange[0] = 0;
4588 prep = NULL;
4589 }
4590 else if (!nbytes)
4591 nbytes = repsize;
4592 else if (nbytes < repsize)
4593 return false;
4594 }
4595
4596 if (!nbytes)
4597 return false;
4598
4599 /* Compute the number of leading nonzero bytes in the representation
4600 and update the minimum and maximum. */
4601 unsigned n = prep ? strnlen (prep, nbytes) : nbytes;
4602
4603 if (n < lenrange[0])
4604 lenrange[0] = n;
4605 if (lenrange[1] < n)
4606 lenrange[1] = n;
4607
4608 /* Set the size of the representation. */
4609 if (lenrange[2] < nbytes)
4610 lenrange[2] = nbytes;
4611
4612 /* Clear NULTERM if none of the bytes is zero. */
4613 if (n == nbytes)
4614 *nulterm = false;
4615
4616 if (n)
4617 {
4618 /* When the initial number of non-zero bytes N is non-zero, reset
4619 *ALLNUL; if N is less than that the size of the representation
4620 also clear *ALLNONNUL. */
4621 *allnul = false;
4622 if (n < nbytes)
4623 *allnonnul = false;
4624 }
4625 else if (*allnul || *allnonnul)
4626 {
4627 *allnonnul = false;
4628
4629 if (*allnul)
4630 {
4631 /* When either ALLNUL is set and N is zero, also determine
4632 whether all subsequent bytes after the first one (which
4633 is nul) are zero or nonzero and clear ALLNUL if not. */
4634 for (const char *p = prep; p != prep + nbytes; ++p)
4635 if (*p)
4636 {
4637 *allnul = false;
4638 break;
4639 }
4640 }
4641 }
4642
4643 return true;
4644 }
4645
4646 /* Same as above except with an implicit SSA_NAME limit. RVALS is used
4647 to determine ranges of dynamically computed string lengths (the results
4648 of strlen). */
4649
4650 static bool
4651 count_nonzero_bytes (tree exp, unsigned lenrange[3], bool *nulterm,
4652 bool *allnul, bool *allnonnul, const vr_values *rvals)
4653 {
4654 /* Set to optimistic values so the caller doesn't have to worry about
4655 initializing these and to what. On success, the function will clear
4656 these if it determines their values are different but being recursive
4657 it never sets either to true. On failure, their values are
4658 unspecified. */
4659 *nulterm = true;
4660 *allnul = true;
4661 *allnonnul = true;
4662
4663 ssa_name_limit_t snlim;
4664 return count_nonzero_bytes (exp, 0, 0, lenrange, nulterm, allnul, allnonnul,
4665 rvals, snlim);
4666 }
4667
4668 /* Handle a single or multibyte store other than by a built-in function,
4669 either via a single character assignment or by multi-byte assignment
4670 either via MEM_REF or via a type other than char (such as in
4671 '*(int*)a = 12345'). Return true to let the caller advance *GSI to
4672 the next statement in the basic block and false otherwise. */
4673
4674 static bool
4675 handle_store (gimple_stmt_iterator *gsi, bool *zero_write, const vr_values *rvals)
4676 {
4677 int idx = -1;
4678 strinfo *si = NULL;
4679 gimple *stmt = gsi_stmt (*gsi);
4680 tree ssaname = NULL_TREE, lhs = gimple_assign_lhs (stmt);
4681 tree rhs = gimple_assign_rhs1 (stmt);
4682
4683 /* The offset of the first byte in LHS modified by the the store. */
4684 unsigned HOST_WIDE_INT offset = 0;
4685
4686 if (TREE_CODE (lhs) == MEM_REF
4687 && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME)
4688 {
4689 tree mem_offset = TREE_OPERAND (lhs, 1);
4690 if (tree_fits_uhwi_p (mem_offset))
4691 {
4692 /* Get the strinfo for the base, and use it if it starts with at
4693 least OFFSET nonzero characters. This is trivially true if
4694 OFFSET is zero. */
4695 offset = tree_to_uhwi (mem_offset);
4696 idx = get_stridx (TREE_OPERAND (lhs, 0));
4697 if (idx > 0)
4698 si = get_strinfo (idx);
4699 if (offset == 0)
4700 ssaname = TREE_OPERAND (lhs, 0);
4701 else if (si == NULL || compare_nonzero_chars (si, offset, rvals) < 0)
4702 {
4703 *zero_write = initializer_zerop (rhs);
4704
4705 bool dummy;
4706 unsigned lenrange[] = { UINT_MAX, 0, 0 };
4707 if (count_nonzero_bytes (rhs, lenrange, &dummy, &dummy, &dummy,
4708 rvals))
4709 maybe_warn_overflow (stmt, lenrange[2], rvals);
4710
4711 return true;
4712 }
4713 }
4714 }
4715 else
4716 {
4717 idx = get_addr_stridx (lhs, NULL_TREE, &offset, rvals);
4718 if (idx > 0)
4719 si = get_strinfo (idx);
4720 }
4721
4722 /* Minimum and maximum leading non-zero bytes and the size of the store. */
4723 unsigned lenrange[] = { UINT_MAX, 0, 0 };
4724
4725 /* Set to the minimum length of the string being assigned if known. */
4726 unsigned HOST_WIDE_INT rhs_minlen;
4727
4728 /* STORING_NONZERO_P is true iff not all stored characters are zero.
4729 STORING_ALL_NONZERO_P is true if all stored characters are zero.
4730 STORING_ALL_ZEROS_P is true iff all stored characters are zero.
4731 Both are false when it's impossible to determine which is true. */
4732 bool storing_nonzero_p;
4733 bool storing_all_nonzero_p;
4734 bool storing_all_zeros_p;
4735 /* FULL_STRING_P is set when the stored sequence of characters form
4736 a nul-terminated string. */
4737 bool full_string_p;
4738
4739 const bool ranges_valid
4740 = count_nonzero_bytes (rhs, lenrange, &full_string_p,
4741 &storing_all_zeros_p, &storing_all_nonzero_p,
4742 rvals);
4743 if (ranges_valid)
4744 {
4745 rhs_minlen = lenrange[0];
4746 storing_nonzero_p = lenrange[1] > 0;
4747 *zero_write = storing_all_zeros_p;
4748
4749 maybe_warn_overflow (stmt, lenrange[2], rvals);
4750 }
4751 else
4752 {
4753 rhs_minlen = HOST_WIDE_INT_M1U;
4754 full_string_p = false;
4755 storing_nonzero_p = false;
4756 storing_all_zeros_p = false;
4757 storing_all_nonzero_p = false;
4758 }
4759
4760 if (si != NULL)
4761 {
4762 /* The corresponding element is set to 1 if the first and last
4763 element, respectively, of the sequence of characters being
4764 written over the string described by SI ends before
4765 the terminating nul (if it has one), to zero if the nul is
4766 being overwritten but not beyond, or negative otherwise. */
4767 int store_before_nul[2];
4768 if (ranges_valid)
4769 {
4770 /* The offset of the last stored byte. */
4771 unsigned HOST_WIDE_INT endoff = offset + lenrange[2] - 1;
4772 store_before_nul[0] = compare_nonzero_chars (si, offset, rvals);
4773 if (endoff == offset)
4774 store_before_nul[1] = store_before_nul[0];
4775 else
4776 store_before_nul[1] = compare_nonzero_chars (si, endoff, rvals);
4777 }
4778 else
4779 {
4780 store_before_nul[0] = compare_nonzero_chars (si, offset, rvals);
4781 store_before_nul[1] = store_before_nul[0];
4782 gcc_assert (offset == 0 || store_before_nul[0] >= 0);
4783 }
4784
4785 if (storing_all_zeros_p
4786 && store_before_nul[0] == 0
4787 && store_before_nul[1] == 0
4788 && si->full_string_p)
4789 {
4790 /* When overwriting a '\0' with a '\0', the store can be removed
4791 if we know it has been stored in the current function. */
4792 if (!stmt_could_throw_p (cfun, stmt) && si->writable)
4793 {
4794 unlink_stmt_vdef (stmt);
4795 release_defs (stmt);
4796 gsi_remove (gsi, true);
4797 return false;
4798 }
4799 else
4800 {
4801 si->writable = true;
4802 gsi_next (gsi);
4803 return false;
4804 }
4805 }
4806
4807 if (store_before_nul[1] > 0
4808 && storing_nonzero_p
4809 && lenrange[0] == lenrange[1]
4810 && lenrange[0] == lenrange[2]
4811 && TREE_CODE (TREE_TYPE (rhs)) == INTEGER_TYPE)
4812 {
4813 /* Handle a store of one or more non-nul characters that ends
4814 before the terminating nul of the destination and so does
4815 not affect its length
4816 If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
4817 and if we aren't storing '\0', we know that the length of
4818 the string and any other zero terminated string in memory
4819 remains the same. In that case we move to the next gimple
4820 statement and return to signal the caller that it shouldn't
4821 invalidate anything.
4822
4823 This is beneficial for cases like:
4824
4825 char p[20];
4826 void foo (char *q)
4827 {
4828 strcpy (p, "foobar");
4829 size_t len = strlen (p); // can be folded to 6
4830 size_t len2 = strlen (q); // has to be computed
4831 p[0] = 'X';
4832 size_t len3 = strlen (p); // can be folded to 6
4833 size_t len4 = strlen (q); // can be folded to len2
4834 bar (len, len2, len3, len4);
4835 } */
4836 gsi_next (gsi);
4837 return false;
4838 }
4839
4840 if (storing_all_zeros_p
4841 || storing_nonzero_p
4842 || (offset != 0 && store_before_nul[1] > 0))
4843 {
4844 /* When STORING_NONZERO_P, we know that the string will start
4845 with at least OFFSET + 1 nonzero characters. If storing
4846 a single character, set si->NONZERO_CHARS to the result.
4847 If storing multiple characters, try to determine the number
4848 of leading non-zero characters and set si->NONZERO_CHARS to
4849 the result instead.
4850
4851 When STORING_ALL_ZEROS_P, we know that the string is now
4852 OFFSET characters long.
4853
4854 Otherwise, we're storing an unknown value at offset OFFSET,
4855 so need to clip the nonzero_chars to OFFSET.
4856 Use the minimum length of the string (or individual character)
4857 being stored if it's known. Otherwise, STORING_NONZERO_P
4858 guarantees it's at least 1. */
4859 HOST_WIDE_INT len
4860 = storing_nonzero_p && ranges_valid ? lenrange[0] : 1;
4861 location_t loc = gimple_location (stmt);
4862 tree oldlen = si->nonzero_chars;
4863 if (store_before_nul[1] == 0 && si->full_string_p)
4864 /* We're overwriting the nul terminator with a nonzero or
4865 unknown character. If the previous stmt was a memcpy,
4866 its length may be decreased. */
4867 adjust_last_stmt (si, stmt, false);
4868 si = unshare_strinfo (si);
4869 if (storing_nonzero_p)
4870 {
4871 gcc_assert (len >= 0);
4872 si->nonzero_chars = build_int_cst (size_type_node, offset + len);
4873 }
4874 else
4875 si->nonzero_chars = build_int_cst (size_type_node, offset);
4876
4877 /* Set FULL_STRING_P only if the length of the strings being
4878 written is the same, and clear it if the strings have
4879 different lengths. In the latter case the length stored
4880 in si->NONZERO_CHARS becomes the lower bound.
4881 FIXME: Handle the upper bound of the length if possible. */
4882 si->full_string_p = full_string_p && lenrange[0] == lenrange[1];
4883
4884 if (storing_all_zeros_p
4885 && ssaname
4886 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
4887 si->endptr = ssaname;
4888 else
4889 si->endptr = NULL;
4890 si->next = 0;
4891 si->stmt = NULL;
4892 si->writable = true;
4893 si->dont_invalidate = true;
4894 if (oldlen)
4895 {
4896 tree adj = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
4897 si->nonzero_chars, oldlen);
4898 adjust_related_strinfos (loc, si, adj);
4899 }
4900 else
4901 si->prev = 0;
4902 }
4903 }
4904 else if (idx == 0 && (storing_all_zeros_p || storing_nonzero_p))
4905 {
4906 if (ssaname)
4907 idx = new_stridx (ssaname);
4908 else
4909 idx = new_addr_stridx (lhs);
4910 if (idx != 0)
4911 {
4912 tree ptr = (ssaname ? ssaname : build_fold_addr_expr (lhs));
4913
4914 HOST_WIDE_INT slen;
4915 if (storing_all_zeros_p)
4916 slen = 0;
4917 else if (storing_nonzero_p && ranges_valid)
4918 {
4919 /* FIXME: Handle the upper bound of the length when
4920 LENRANGE[0] != LENRANGE[1]. */
4921 slen = lenrange[0];
4922 if (lenrange[0] != lenrange[1])
4923 /* Set the minimum length but ignore the maximum
4924 for now. */
4925 full_string_p = false;
4926 }
4927 else
4928 slen = -1;
4929
4930 tree len = (slen <= 0
4931 ? size_zero_node
4932 : build_int_cst (size_type_node, slen));
4933 si = new_strinfo (ptr, idx, len, slen >= 0 && full_string_p);
4934 set_strinfo (idx, si);
4935 if (storing_all_zeros_p
4936 && ssaname
4937 && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
4938 si->endptr = ssaname;
4939 si->dont_invalidate = true;
4940 si->writable = true;
4941 }
4942 }
4943 else if (idx == 0
4944 && rhs_minlen < HOST_WIDE_INT_M1U
4945 && ssaname == NULL_TREE
4946 && TREE_CODE (TREE_TYPE (lhs)) == ARRAY_TYPE)
4947 {
4948 HOST_WIDE_INT a = int_size_in_bytes (TREE_TYPE (lhs));
4949 if (a > 0 && (unsigned HOST_WIDE_INT) a > rhs_minlen)
4950 {
4951 int idx = new_addr_stridx (lhs);
4952 if (idx != 0)
4953 {
4954 si = new_strinfo (build_fold_addr_expr (lhs), idx,
4955 build_int_cst (size_type_node, rhs_minlen),
4956 full_string_p);
4957 set_strinfo (idx, si);
4958 si->dont_invalidate = true;
4959 }
4960 }
4961 }
4962
4963 if (si != NULL && offset == 0 && storing_all_zeros_p)
4964 {
4965 /* Allow adjust_last_stmt to remove it if the stored '\0'
4966 is immediately overwritten. */
4967 laststmt.stmt = stmt;
4968 laststmt.len = build_int_cst (size_type_node, 1);
4969 laststmt.stridx = si->idx;
4970 }
4971 return true;
4972 }
4973
4974 /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
4975
4976 static void
4977 fold_strstr_to_strncmp (tree rhs1, tree rhs2, gimple *stmt)
4978 {
4979 if (TREE_CODE (rhs1) != SSA_NAME
4980 || TREE_CODE (rhs2) != SSA_NAME)
4981 return;
4982
4983 gimple *call_stmt = NULL;
4984 for (int pass = 0; pass < 2; pass++)
4985 {
4986 gimple *g = SSA_NAME_DEF_STMT (rhs1);
4987 if (gimple_call_builtin_p (g, BUILT_IN_STRSTR)
4988 && has_single_use (rhs1)
4989 && gimple_call_arg (g, 0) == rhs2)
4990 {
4991 call_stmt = g;
4992 break;
4993 }
4994 std::swap (rhs1, rhs2);
4995 }
4996
4997 if (call_stmt)
4998 {
4999 tree arg0 = gimple_call_arg (call_stmt, 0);
5000
5001 if (arg0 == rhs2)
5002 {
5003 tree arg1 = gimple_call_arg (call_stmt, 1);
5004 tree arg1_len = NULL_TREE;
5005 int idx = get_stridx (arg1);
5006
5007 if (idx)
5008 {
5009 if (idx < 0)
5010 arg1_len = build_int_cst (size_type_node, ~idx);
5011 else
5012 {
5013 strinfo *si = get_strinfo (idx);
5014 if (si)
5015 arg1_len = get_string_length (si);
5016 }
5017 }
5018
5019 if (arg1_len != NULL_TREE)
5020 {
5021 gimple_stmt_iterator gsi = gsi_for_stmt (call_stmt);
5022 tree strncmp_decl = builtin_decl_explicit (BUILT_IN_STRNCMP);
5023
5024 if (!is_gimple_val (arg1_len))
5025 {
5026 tree arg1_len_tmp = make_ssa_name (TREE_TYPE (arg1_len));
5027 gassign *arg1_stmt = gimple_build_assign (arg1_len_tmp,
5028 arg1_len);
5029 gsi_insert_before (&gsi, arg1_stmt, GSI_SAME_STMT);
5030 arg1_len = arg1_len_tmp;
5031 }
5032
5033 gcall *strncmp_call = gimple_build_call (strncmp_decl, 3,
5034 arg0, arg1, arg1_len);
5035 tree strncmp_lhs = make_ssa_name (integer_type_node);
5036 gimple_set_vuse (strncmp_call, gimple_vuse (call_stmt));
5037 gimple_call_set_lhs (strncmp_call, strncmp_lhs);
5038 gsi_remove (&gsi, true);
5039 gsi_insert_before (&gsi, strncmp_call, GSI_SAME_STMT);
5040 tree zero = build_zero_cst (TREE_TYPE (strncmp_lhs));
5041
5042 if (is_gimple_assign (stmt))
5043 {
5044 if (gimple_assign_rhs_code (stmt) == COND_EXPR)
5045 {
5046 tree cond = gimple_assign_rhs1 (stmt);
5047 TREE_OPERAND (cond, 0) = strncmp_lhs;
5048 TREE_OPERAND (cond, 1) = zero;
5049 }
5050 else
5051 {
5052 gimple_assign_set_rhs1 (stmt, strncmp_lhs);
5053 gimple_assign_set_rhs2 (stmt, zero);
5054 }
5055 }
5056 else
5057 {
5058 gcond *cond = as_a<gcond *> (stmt);
5059 gimple_cond_set_lhs (cond, strncmp_lhs);
5060 gimple_cond_set_rhs (cond, zero);
5061 }
5062 update_stmt (stmt);
5063 }
5064 }
5065 }
5066 }
5067
5068 /* Return true if TYPE corresponds to a narrow character type. */
5069
5070 static bool
5071 is_char_type (tree type)
5072 {
5073 return (TREE_CODE (type) == INTEGER_TYPE
5074 && TYPE_MODE (type) == TYPE_MODE (char_type_node)
5075 && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node));
5076 }
5077
5078 /* Check the built-in call at GSI for validity and optimize it.
5079 Return true to let the caller advance *GSI to the next statement
5080 in the basic block and false otherwise. */
5081
5082 static bool
5083 strlen_check_and_optimize_call (gimple_stmt_iterator *gsi,
5084 bool *zero_write,
5085 const vr_values *rvals)
5086 {
5087 gimple *stmt = gsi_stmt (*gsi);
5088
5089 /* When not optimizing we must be checking printf calls which
5090 we do even for user-defined functions when they are declared
5091 with attribute format. */
5092 if (!flag_optimize_strlen
5093 || !strlen_optimize
5094 || !valid_builtin_call (stmt))
5095 return !handle_printf_call (gsi, rvals);
5096
5097 tree callee = gimple_call_fndecl (stmt);
5098 switch (DECL_FUNCTION_CODE (callee))
5099 {
5100 case BUILT_IN_STRLEN:
5101 case BUILT_IN_STRNLEN:
5102 handle_builtin_strlen (gsi);
5103 break;
5104 case BUILT_IN_STRCHR:
5105 handle_builtin_strchr (gsi);
5106 break;
5107 case BUILT_IN_STRCPY:
5108 case BUILT_IN_STRCPY_CHK:
5109 case BUILT_IN_STPCPY:
5110 case BUILT_IN_STPCPY_CHK:
5111 handle_builtin_strcpy (DECL_FUNCTION_CODE (callee), gsi);
5112 break;
5113
5114 case BUILT_IN_STRNCAT:
5115 case BUILT_IN_STRNCAT_CHK:
5116 handle_builtin_strncat (DECL_FUNCTION_CODE (callee), gsi);
5117 break;
5118
5119 case BUILT_IN_STPNCPY:
5120 case BUILT_IN_STPNCPY_CHK:
5121 case BUILT_IN_STRNCPY:
5122 case BUILT_IN_STRNCPY_CHK:
5123 handle_builtin_stxncpy (DECL_FUNCTION_CODE (callee), gsi);
5124 break;
5125
5126 case BUILT_IN_MEMCPY:
5127 case BUILT_IN_MEMCPY_CHK:
5128 case BUILT_IN_MEMPCPY:
5129 case BUILT_IN_MEMPCPY_CHK:
5130 handle_builtin_memcpy (DECL_FUNCTION_CODE (callee), gsi);
5131 break;
5132 case BUILT_IN_STRCAT:
5133 case BUILT_IN_STRCAT_CHK:
5134 handle_builtin_strcat (DECL_FUNCTION_CODE (callee), gsi);
5135 break;
5136 case BUILT_IN_MALLOC:
5137 case BUILT_IN_CALLOC:
5138 handle_builtin_malloc (DECL_FUNCTION_CODE (callee), gsi);
5139 break;
5140 case BUILT_IN_MEMSET:
5141 if (handle_builtin_memset (gsi, zero_write))
5142 return false;
5143 break;
5144 case BUILT_IN_MEMCMP:
5145 if (handle_builtin_memcmp (gsi))
5146 return false;
5147 break;
5148 case BUILT_IN_STRCMP:
5149 case BUILT_IN_STRNCMP:
5150 if (handle_builtin_string_cmp (gsi))
5151 return false;
5152 break;
5153 default:
5154 if (handle_printf_call (gsi, rvals))
5155 return false;
5156 break;
5157 }
5158
5159 return true;
5160 }
5161
5162 /* Handle an assignment statement at *GSI to a LHS of integral type.
5163 If GSI's basic block needs clean-up of EH, set *CLEANUP_EH to true. */
5164
5165 static void
5166 handle_integral_assign (gimple_stmt_iterator *gsi, bool *cleanup_eh)
5167 {
5168 gimple *stmt = gsi_stmt (*gsi);
5169 tree lhs = gimple_assign_lhs (stmt);
5170 tree lhs_type = TREE_TYPE (lhs);
5171
5172 enum tree_code code = gimple_assign_rhs_code (stmt);
5173 if (code == COND_EXPR)
5174 {
5175 tree cond = gimple_assign_rhs1 (stmt);
5176 enum tree_code cond_code = TREE_CODE (cond);
5177
5178 if (cond_code == EQ_EXPR || cond_code == NE_EXPR)
5179 fold_strstr_to_strncmp (TREE_OPERAND (cond, 0),
5180 TREE_OPERAND (cond, 1), stmt);
5181 }
5182 else if (code == EQ_EXPR || code == NE_EXPR)
5183 fold_strstr_to_strncmp (gimple_assign_rhs1 (stmt),
5184 gimple_assign_rhs2 (stmt), stmt);
5185 else if (gimple_assign_load_p (stmt)
5186 && TREE_CODE (lhs_type) == INTEGER_TYPE
5187 && TYPE_MODE (lhs_type) == TYPE_MODE (char_type_node)
5188 && (TYPE_PRECISION (lhs_type)
5189 == TYPE_PRECISION (char_type_node))
5190 && !gimple_has_volatile_ops (stmt))
5191 {
5192 tree off = integer_zero_node;
5193 unsigned HOST_WIDE_INT coff = 0;
5194 int idx = 0;
5195 tree rhs1 = gimple_assign_rhs1 (stmt);
5196 if (code == MEM_REF)
5197 {
5198 idx = get_stridx (TREE_OPERAND (rhs1, 0));
5199 if (idx > 0)
5200 {
5201 strinfo *si = get_strinfo (idx);
5202 if (si
5203 && si->nonzero_chars
5204 && TREE_CODE (si->nonzero_chars) == INTEGER_CST
5205 && (wi::to_widest (si->nonzero_chars)
5206 >= wi::to_widest (off)))
5207 off = TREE_OPERAND (rhs1, 1);
5208 else
5209 /* This case is not useful. See if get_addr_stridx
5210 returns something usable. */
5211 idx = 0;
5212 }
5213 }
5214 if (idx <= 0)
5215 idx = get_addr_stridx (rhs1, NULL_TREE, &coff);
5216 if (idx > 0)
5217 {
5218 strinfo *si = get_strinfo (idx);
5219 if (si
5220 && si->nonzero_chars
5221 && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
5222 {
5223 widest_int w1 = wi::to_widest (si->nonzero_chars);
5224 widest_int w2 = wi::to_widest (off) + coff;
5225 if (w1 == w2
5226 && si->full_string_p)
5227 {
5228 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5229 {
5230 fprintf (dump_file, "Optimizing: ");
5231 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5232 }
5233
5234 /* Reading the final '\0' character. */
5235 tree zero = build_int_cst (lhs_type, 0);
5236 gimple_set_vuse (stmt, NULL_TREE);
5237 gimple_assign_set_rhs_from_tree (gsi, zero);
5238 *cleanup_eh
5239 |= maybe_clean_or_replace_eh_stmt (stmt,
5240 gsi_stmt (*gsi));
5241 stmt = gsi_stmt (*gsi);
5242 update_stmt (stmt);
5243
5244 if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5245 {
5246 fprintf (dump_file, "into: ");
5247 print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5248 }
5249 }
5250 else if (w1 > w2)
5251 {
5252 /* Reading a character before the final '\0'
5253 character. Just set the value range to ~[0, 0]
5254 if we don't have anything better. */
5255 wide_int min, max;
5256 signop sign = TYPE_SIGN (lhs_type);
5257 int prec = TYPE_PRECISION (lhs_type);
5258 value_range_kind vr = get_range_info (lhs, &min, &max);
5259 if (vr == VR_VARYING
5260 || (vr == VR_RANGE
5261 && min == wi::min_value (prec, sign)
5262 && max == wi::max_value (prec, sign)))
5263 set_range_info (lhs, VR_ANTI_RANGE,
5264 wi::zero (prec), wi::zero (prec));
5265 }
5266 }
5267 }
5268 }
5269
5270 if (strlen_to_stridx)
5271 {
5272 tree rhs1 = gimple_assign_rhs1 (stmt);
5273 if (stridx_strlenloc *ps = strlen_to_stridx->get (rhs1))
5274 strlen_to_stridx->put (lhs, stridx_strlenloc (*ps));
5275 }
5276 }
5277
5278 /* Attempt to check for validity of the performed access a single statement
5279 at *GSI using string length knowledge, and to optimize it.
5280 If the given basic block needs clean-up of EH, CLEANUP_EH is set to
5281 true. Return true to let the caller advance *GSI to the next statement
5282 in the basic block and false otherwise. */
5283
5284 static bool
5285 check_and_optimize_stmt (gimple_stmt_iterator *gsi, bool *cleanup_eh,
5286 const vr_values *rvals)
5287 {
5288 gimple *stmt = gsi_stmt (*gsi);
5289
5290 /* For statements that modify a string, set to true if the write
5291 is only zeros. */
5292 bool zero_write = false;
5293
5294 if (is_gimple_call (stmt))
5295 {
5296 if (!strlen_check_and_optimize_call (gsi, &zero_write, rvals))
5297 return false;
5298 }
5299 else if (!flag_optimize_strlen || !strlen_optimize)
5300 return true;
5301 else if (is_gimple_assign (stmt) && !gimple_clobber_p (stmt))
5302 {
5303 /* Handle non-clobbering assignment. */
5304 tree lhs = gimple_assign_lhs (stmt);
5305 tree lhs_type = TREE_TYPE (lhs);
5306
5307 if (TREE_CODE (lhs) == SSA_NAME && POINTER_TYPE_P (lhs_type))
5308 {
5309 if (gimple_assign_single_p (stmt)
5310 || (gimple_assign_cast_p (stmt)
5311 && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (stmt)))))
5312 {
5313 int idx = get_stridx (gimple_assign_rhs1 (stmt));
5314 ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = idx;
5315 }
5316 else if (gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
5317 handle_pointer_plus (gsi);
5318 }
5319 else if (TREE_CODE (lhs) == SSA_NAME && INTEGRAL_TYPE_P (lhs_type))
5320 /* Handle assignment to a character. */
5321 handle_integral_assign (gsi, cleanup_eh);
5322 else if (TREE_CODE (lhs) != SSA_NAME && !TREE_SIDE_EFFECTS (lhs))
5323 {
5324 tree type = TREE_TYPE (lhs);
5325 if (TREE_CODE (type) == ARRAY_TYPE)
5326 type = TREE_TYPE (type);
5327
5328 bool is_char_store = is_char_type (type);
5329 if (!is_char_store && TREE_CODE (lhs) == MEM_REF)
5330 {
5331 /* To consider stores into char objects via integer types
5332 other than char but not those to non-character objects,
5333 determine the type of the destination rather than just
5334 the type of the access. */
5335 tree ref = TREE_OPERAND (lhs, 0);
5336 type = TREE_TYPE (ref);
5337 if (TREE_CODE (type) == POINTER_TYPE)
5338 type = TREE_TYPE (type);
5339 if (TREE_CODE (type) == ARRAY_TYPE)
5340 type = TREE_TYPE (type);
5341 if (is_char_type (type))
5342 is_char_store = true;
5343 }
5344
5345 /* Handle a single or multibyte assignment. */
5346 if (is_char_store && !handle_store (gsi, &zero_write, rvals))
5347 return false;
5348 }
5349 }
5350 else if (gcond *cond = dyn_cast<gcond *> (stmt))
5351 {
5352 enum tree_code code = gimple_cond_code (cond);
5353 if (code == EQ_EXPR || code == NE_EXPR)
5354 fold_strstr_to_strncmp (gimple_cond_lhs (stmt),
5355 gimple_cond_rhs (stmt), stmt);
5356 }
5357
5358 if (gimple_vdef (stmt))
5359 maybe_invalidate (stmt, zero_write);
5360 return true;
5361 }
5362
5363 /* Recursively call maybe_invalidate on stmts that might be executed
5364 in between dombb and current bb and that contain a vdef. Stop when
5365 *count stmts are inspected, or if the whole strinfo vector has
5366 been invalidated. */
5367
5368 static void
5369 do_invalidate (basic_block dombb, gimple *phi, bitmap visited, int *count)
5370 {
5371 unsigned int i, n = gimple_phi_num_args (phi);
5372
5373 for (i = 0; i < n; i++)
5374 {
5375 tree vuse = gimple_phi_arg_def (phi, i);
5376 gimple *stmt = SSA_NAME_DEF_STMT (vuse);
5377 basic_block bb = gimple_bb (stmt);
5378 if (bb == NULL
5379 || bb == dombb
5380 || !bitmap_set_bit (visited, bb->index)
5381 || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5382 continue;
5383 while (1)
5384 {
5385 if (gimple_code (stmt) == GIMPLE_PHI)
5386 {
5387 do_invalidate (dombb, stmt, visited, count);
5388 if (*count == 0)
5389 return;
5390 break;
5391 }
5392 if (--*count == 0)
5393 return;
5394 if (!maybe_invalidate (stmt))
5395 {
5396 *count = 0;
5397 return;
5398 }
5399 vuse = gimple_vuse (stmt);
5400 stmt = SSA_NAME_DEF_STMT (vuse);
5401 if (gimple_bb (stmt) != bb)
5402 {
5403 bb = gimple_bb (stmt);
5404 if (bb == NULL
5405 || bb == dombb
5406 || !bitmap_set_bit (visited, bb->index)
5407 || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5408 break;
5409 }
5410 }
5411 }
5412 }
5413
5414 class strlen_dom_walker : public dom_walker
5415 {
5416 public:
5417 strlen_dom_walker (cdi_direction direction)
5418 : dom_walker (direction),
5419 evrp (false),
5420 m_cleanup_cfg (false)
5421 {}
5422
5423 virtual edge before_dom_children (basic_block);
5424 virtual void after_dom_children (basic_block);
5425
5426 /* EVRP analyzer used for printf argument range processing, and
5427 to track strlen results across integer variable assignments. */
5428 evrp_range_analyzer evrp;
5429
5430 /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
5431 execute function. */
5432 bool m_cleanup_cfg;
5433 };
5434
5435 /* Callback for walk_dominator_tree. Attempt to optimize various
5436 string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
5437
5438 edge
5439 strlen_dom_walker::before_dom_children (basic_block bb)
5440 {
5441 evrp.enter (bb);
5442
5443 basic_block dombb = get_immediate_dominator (CDI_DOMINATORS, bb);
5444
5445 if (dombb == NULL)
5446 stridx_to_strinfo = NULL;
5447 else
5448 {
5449 stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) dombb->aux);
5450 if (stridx_to_strinfo)
5451 {
5452 for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5453 gsi_next (&gsi))
5454 {
5455 gphi *phi = gsi.phi ();
5456 if (virtual_operand_p (gimple_phi_result (phi)))
5457 {
5458 bitmap visited = BITMAP_ALLOC (NULL);
5459 int count_vdef = 100;
5460 do_invalidate (dombb, phi, visited, &count_vdef);
5461 BITMAP_FREE (visited);
5462 if (count_vdef == 0)
5463 {
5464 /* If there were too many vdefs in between immediate
5465 dominator and current bb, invalidate everything.
5466 If stridx_to_strinfo has been unshared, we need
5467 to free it, otherwise just set it to NULL. */
5468 if (!strinfo_shared ())
5469 {
5470 unsigned int i;
5471 strinfo *si;
5472
5473 for (i = 1;
5474 vec_safe_iterate (stridx_to_strinfo, i, &si);
5475 ++i)
5476 {
5477 free_strinfo (si);
5478 (*stridx_to_strinfo)[i] = NULL;
5479 }
5480 }
5481 else
5482 stridx_to_strinfo = NULL;
5483 }
5484 break;
5485 }
5486 }
5487 }
5488 }
5489
5490 /* If all PHI arguments have the same string index, the PHI result
5491 has it as well. */
5492 for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5493 gsi_next (&gsi))
5494 {
5495 gphi *phi = gsi.phi ();
5496 tree result = gimple_phi_result (phi);
5497 if (!virtual_operand_p (result) && POINTER_TYPE_P (TREE_TYPE (result)))
5498 {
5499 int idx = get_stridx (gimple_phi_arg_def (phi, 0));
5500 if (idx != 0)
5501 {
5502 unsigned int i, n = gimple_phi_num_args (phi);
5503 for (i = 1; i < n; i++)
5504 if (idx != get_stridx (gimple_phi_arg_def (phi, i)))
5505 break;
5506 if (i == n)
5507 ssa_ver_to_stridx[SSA_NAME_VERSION (result)] = idx;
5508 }
5509 }
5510 }
5511
5512 bool cleanup_eh = false;
5513
5514 /* Attempt to optimize individual statements. */
5515 for (gimple_stmt_iterator gsi = gsi_start_bb (bb); !gsi_end_p (gsi); )
5516 {
5517 gimple *stmt = gsi_stmt (gsi);
5518
5519 /* First record ranges generated by this statement so they
5520 can be used by printf argument processing. */
5521 evrp.record_ranges_from_stmt (stmt, false);
5522
5523 if (check_and_optimize_stmt (&gsi, &cleanup_eh, evrp.get_vr_values ()))
5524 gsi_next (&gsi);
5525 }
5526
5527 if (cleanup_eh && gimple_purge_dead_eh_edges (bb))
5528 m_cleanup_cfg = true;
5529
5530 bb->aux = stridx_to_strinfo;
5531 if (vec_safe_length (stridx_to_strinfo) && !strinfo_shared ())
5532 (*stridx_to_strinfo)[0] = (strinfo *) bb;
5533 return NULL;
5534 }
5535
5536 /* Callback for walk_dominator_tree. Free strinfo vector if it is
5537 owned by the current bb, clear bb->aux. */
5538
5539 void
5540 strlen_dom_walker::after_dom_children (basic_block bb)
5541 {
5542 evrp.leave (bb);
5543
5544 if (bb->aux)
5545 {
5546 stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) bb->aux);
5547 if (vec_safe_length (stridx_to_strinfo)
5548 && (*stridx_to_strinfo)[0] == (strinfo *) bb)
5549 {
5550 unsigned int i;
5551 strinfo *si;
5552
5553 for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
5554 free_strinfo (si);
5555 vec_free (stridx_to_strinfo);
5556 }
5557 bb->aux = NULL;
5558 }
5559 }
5560
5561 namespace {
5562
5563 static unsigned int
5564 printf_strlen_execute (function *fun, bool warn_only)
5565 {
5566 strlen_optimize = !warn_only;
5567
5568 calculate_dominance_info (CDI_DOMINATORS);
5569
5570 bool use_scev = optimize > 0 && flag_printf_return_value;
5571 if (use_scev)
5572 {
5573 loop_optimizer_init (LOOPS_NORMAL);
5574 scev_initialize ();
5575 }
5576
5577 gcc_assert (!strlen_to_stridx);
5578 if (warn_stringop_overflow || warn_stringop_truncation)
5579 strlen_to_stridx = new hash_map<tree, stridx_strlenloc> ();
5580
5581 /* This has to happen after initializing the loop optimizer
5582 and initializing SCEV as they create new SSA_NAMEs. */
5583 ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names);
5584 max_stridx = 1;
5585
5586 /* String length optimization is implemented as a walk of the dominator
5587 tree and a forward walk of statements within each block. */
5588 strlen_dom_walker walker (CDI_DOMINATORS);
5589 walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun));
5590
5591 ssa_ver_to_stridx.release ();
5592 strinfo_pool.release ();
5593 if (decl_to_stridxlist_htab)
5594 {
5595 obstack_free (&stridx_obstack, NULL);
5596 delete decl_to_stridxlist_htab;
5597 decl_to_stridxlist_htab = NULL;
5598 }
5599 laststmt.stmt = NULL;
5600 laststmt.len = NULL_TREE;
5601 laststmt.stridx = 0;
5602
5603 if (strlen_to_stridx)
5604 {
5605 strlen_to_stridx->empty ();
5606 delete strlen_to_stridx;
5607 strlen_to_stridx = NULL;
5608 }
5609
5610 if (use_scev)
5611 {
5612 scev_finalize ();
5613 loop_optimizer_finalize ();
5614 }
5615
5616 /* Clean up object size info. */
5617 fini_object_sizes ();
5618
5619 return walker.m_cleanup_cfg ? TODO_cleanup_cfg : 0;
5620 }
5621
5622 /* This file defines two passes: one for warnings that runs only when
5623 optimization is disabled, and another that implements optimizations
5624 and also issues warnings. */
5625
5626 const pass_data pass_data_warn_printf =
5627 {
5628 GIMPLE_PASS, /* type */
5629 "warn-printf", /* name */
5630 OPTGROUP_NONE, /* optinfo_flags */
5631 TV_NONE, /* tv_id */
5632 /* Normally an optimization pass would require PROP_ssa but because
5633 this pass runs early, with no optimization, to do sprintf format
5634 checking, it only requires PROP_cfg. */
5635 PROP_cfg, /* properties_required */
5636 0, /* properties_provided */
5637 0, /* properties_destroyed */
5638 0, /* todo_flags_start */
5639 0, /* todo_flags_finish */
5640 };
5641
5642 class pass_warn_printf : public gimple_opt_pass
5643 {
5644 public:
5645 pass_warn_printf (gcc::context *ctxt)
5646 : gimple_opt_pass (pass_data_warn_printf, ctxt)
5647 {}
5648
5649 virtual bool gate (function *);
5650 virtual unsigned int execute (function *fun)
5651 {
5652 return printf_strlen_execute (fun, true);
5653 }
5654 };
5655
5656
5657 /* Return true to run the warning pass only when not optimizing and
5658 iff either -Wformat-overflow or -Wformat-truncation is specified. */
5659
5660 bool
5661 pass_warn_printf::gate (function *)
5662 {
5663 return !optimize && (warn_format_overflow > 0 || warn_format_trunc > 0);
5664 }
5665
5666 const pass_data pass_data_strlen =
5667 {
5668 GIMPLE_PASS, /* type */
5669 "strlen", /* name */
5670 OPTGROUP_NONE, /* optinfo_flags */
5671 TV_TREE_STRLEN, /* tv_id */
5672 PROP_cfg | PROP_ssa, /* properties_required */
5673 0, /* properties_provided */
5674 0, /* properties_destroyed */
5675 0, /* todo_flags_start */
5676 0, /* todo_flags_finish */
5677 };
5678
5679 class pass_strlen : public gimple_opt_pass
5680 {
5681 public:
5682 pass_strlen (gcc::context *ctxt)
5683 : gimple_opt_pass (pass_data_strlen, ctxt)
5684 {}
5685
5686 opt_pass * clone () { return new pass_strlen (m_ctxt); }
5687
5688 virtual bool gate (function *);
5689 virtual unsigned int execute (function *fun)
5690 {
5691 return printf_strlen_execute (fun, false);
5692 }
5693 };
5694
5695 /* Return true to run the pass only when the sprintf and/or strlen
5696 optimizations are enabled and -Wformat-overflow or -Wformat-truncation
5697 are specified. */
5698
5699 bool
5700 pass_strlen::gate (function *)
5701 {
5702 return ((warn_format_overflow > 0
5703 || warn_format_trunc > 0
5704 || warn_restrict > 0
5705 || flag_optimize_strlen > 0
5706 || flag_printf_return_value)
5707 && optimize > 0);
5708 }
5709
5710 } // anon namespace
5711
5712 gimple_opt_pass *
5713 make_pass_warn_printf (gcc::context *ctxt)
5714 {
5715 return new pass_warn_printf (ctxt);
5716 }
5717
5718 gimple_opt_pass *
5719 make_pass_strlen (gcc::context *ctxt)
5720 {
5721 return new pass_strlen (ctxt);
5722 }
Mirror of https://gcc.gnu.org/git/gcc.git