]>
Commit | Line | Data |
---|---|---|
2a837de2 MS |
1 | /* Pass to detect and issue warnings for invalid accesses, including |
2 | invalid or mismatched allocation/deallocation calls. | |
3 | ||
7adcbafe | 4 | Copyright (C) 2020-2022 Free Software Foundation, Inc. |
2a837de2 MS |
5 | Contributed by Martin Sebor <msebor@redhat.com>. |
6 | ||
7 | This file is part of GCC. | |
8 | ||
9 | GCC is free software; you can redistribute it and/or modify it under | |
10 | the terms of the GNU General Public License as published by the Free | |
11 | Software Foundation; either version 3, or (at your option) any later | |
12 | version. | |
13 | ||
14 | GCC is distributed in the hope that it will be useful, but WITHOUT ANY | |
15 | WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
16 | FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
17 | for more details. | |
18 | ||
19 | You should have received a copy of the GNU General Public License | |
20 | along with GCC; see the file COPYING3. If not see | |
21 | <http://www.gnu.org/licenses/>. */ | |
22 | ||
b48d4e68 | 23 | #define INCLUDE_STRING |
2a837de2 MS |
24 | #include "config.h" |
25 | #include "system.h" | |
26 | #include "coretypes.h" | |
27 | #include "backend.h" | |
28 | #include "tree.h" | |
29 | #include "gimple.h" | |
30 | #include "tree-pass.h" | |
31 | #include "builtins.h" | |
5a431b60 | 32 | #include "diagnostic.h" |
2a837de2 MS |
33 | #include "ssa.h" |
34 | #include "gimple-pretty-print.h" | |
35 | #include "gimple-ssa-warn-access.h" | |
36 | #include "gimple-ssa-warn-restrict.h" | |
37 | #include "diagnostic-core.h" | |
38 | #include "fold-const.h" | |
39 | #include "gimple-fold.h" | |
40 | #include "gimple-iterator.h" | |
b48d4e68 | 41 | #include "langhooks.h" |
5a431b60 MS |
42 | #include "memmodel.h" |
43 | #include "target.h" | |
2a837de2 MS |
44 | #include "tree-dfa.h" |
45 | #include "tree-ssa.h" | |
46 | #include "tree-cfg.h" | |
47 | #include "tree-object-size.h" | |
81d6cdd3 | 48 | #include "tree-ssa-strlen.h" |
2a837de2 MS |
49 | #include "calls.h" |
50 | #include "cfgloop.h" | |
51 | #include "intl.h" | |
52 | #include "gimple-range.h" | |
53 | #include "stringpool.h" | |
54 | #include "attribs.h" | |
55 | #include "demangle.h" | |
56 | #include "pointer-query.h" | |
57 | ||
81d6cdd3 MS |
58 | /* Return true if tree node X has an associated location. */ |
59 | ||
60 | static inline location_t | |
61 | has_location (const_tree x) | |
62 | { | |
63 | if (DECL_P (x)) | |
64 | return DECL_SOURCE_LOCATION (x) != UNKNOWN_LOCATION; | |
65 | ||
66 | if (EXPR_P (x)) | |
67 | return EXPR_HAS_LOCATION (x); | |
68 | ||
69 | return false; | |
70 | } | |
71 | ||
72 | /* Return the associated location of STMT. */ | |
73 | ||
74 | static inline location_t | |
75 | get_location (const gimple *stmt) | |
76 | { | |
77 | return gimple_location (stmt); | |
78 | } | |
79 | ||
80 | /* Return the associated location of tree node X. */ | |
81 | ||
82 | static inline location_t | |
83 | get_location (tree x) | |
84 | { | |
85 | if (DECL_P (x)) | |
86 | return DECL_SOURCE_LOCATION (x); | |
87 | ||
88 | if (EXPR_P (x)) | |
89 | return EXPR_LOCATION (x); | |
90 | ||
91 | return UNKNOWN_LOCATION; | |
92 | } | |
93 | ||
94 | /* Overload of the nascent tree function for GIMPLE STMT. */ | |
95 | ||
96 | static inline tree | |
97 | get_callee_fndecl (const gimple *stmt) | |
98 | { | |
99 | return gimple_call_fndecl (stmt); | |
100 | } | |
101 | ||
102 | static inline unsigned | |
103 | call_nargs (const gimple *stmt) | |
104 | { | |
105 | return gimple_call_num_args (stmt); | |
106 | } | |
107 | ||
108 | static inline unsigned | |
109 | call_nargs (const_tree expr) | |
110 | { | |
111 | return call_expr_nargs (expr); | |
112 | } | |
113 | ||
114 | ||
115 | static inline tree | |
116 | call_arg (const gimple *stmt, unsigned argno) | |
117 | { | |
118 | return gimple_call_arg (stmt, argno); | |
119 | } | |
120 | ||
121 | static inline tree | |
122 | call_arg (tree expr, unsigned argno) | |
123 | { | |
124 | return CALL_EXPR_ARG (expr, argno); | |
125 | } | |
126 | ||
2a837de2 MS |
127 | /* For a call EXPR at LOC to a function FNAME that expects a string |
128 | in the argument ARG, issue a diagnostic due to it being a called | |
129 | with an argument that is a character array with no terminating | |
130 | NUL. SIZE is the EXACT size of the array, and BNDRNG the number | |
131 | of characters in which the NUL is expected. Either EXPR or FNAME | |
132 | may be null but noth both. SIZE may be null when BNDRNG is null. */ | |
133 | ||
81d6cdd3 MS |
134 | template <class GimpleOrTree> |
135 | static void | |
136 | warn_string_no_nul (location_t loc, GimpleOrTree expr, const char *fname, | |
137 | tree arg, tree decl, tree size, bool exact, | |
2a837de2 MS |
138 | const wide_int bndrng[2] /* = NULL */) |
139 | { | |
140 | const opt_code opt = OPT_Wstringop_overread; | |
141 | if ((expr && warning_suppressed_p (expr, opt)) | |
142 | || warning_suppressed_p (arg, opt)) | |
143 | return; | |
144 | ||
145 | loc = expansion_point_location_if_in_system_header (loc); | |
146 | bool warned; | |
147 | ||
148 | /* Format the bound range as a string to keep the nuber of messages | |
149 | from exploding. */ | |
150 | char bndstr[80]; | |
151 | *bndstr = 0; | |
152 | if (bndrng) | |
153 | { | |
154 | if (bndrng[0] == bndrng[1]) | |
155 | sprintf (bndstr, "%llu", (unsigned long long) bndrng[0].to_uhwi ()); | |
156 | else | |
157 | sprintf (bndstr, "[%llu, %llu]", | |
158 | (unsigned long long) bndrng[0].to_uhwi (), | |
159 | (unsigned long long) bndrng[1].to_uhwi ()); | |
160 | } | |
161 | ||
162 | const tree maxobjsize = max_object_size (); | |
163 | const wide_int maxsiz = wi::to_wide (maxobjsize); | |
164 | if (expr) | |
165 | { | |
166 | tree func = get_callee_fndecl (expr); | |
167 | if (bndrng) | |
168 | { | |
169 | if (wi::ltu_p (maxsiz, bndrng[0])) | |
170 | warned = warning_at (loc, opt, | |
171 | "%qD specified bound %s exceeds " | |
172 | "maximum object size %E", | |
173 | func, bndstr, maxobjsize); | |
174 | else | |
175 | { | |
176 | bool maybe = wi::to_wide (size) == bndrng[0]; | |
177 | warned = warning_at (loc, opt, | |
178 | exact | |
179 | ? G_("%qD specified bound %s exceeds " | |
180 | "the size %E of unterminated array") | |
181 | : (maybe | |
182 | ? G_("%qD specified bound %s may " | |
183 | "exceed the size of at most %E " | |
184 | "of unterminated array") | |
185 | : G_("%qD specified bound %s exceeds " | |
186 | "the size of at most %E " | |
187 | "of unterminated array")), | |
188 | func, bndstr, size); | |
189 | } | |
190 | } | |
191 | else | |
192 | warned = warning_at (loc, opt, | |
193 | "%qD argument missing terminating nul", | |
194 | func); | |
195 | } | |
196 | else | |
197 | { | |
198 | if (bndrng) | |
199 | { | |
200 | if (wi::ltu_p (maxsiz, bndrng[0])) | |
201 | warned = warning_at (loc, opt, | |
202 | "%qs specified bound %s exceeds " | |
203 | "maximum object size %E", | |
204 | fname, bndstr, maxobjsize); | |
205 | else | |
206 | { | |
207 | bool maybe = wi::to_wide (size) == bndrng[0]; | |
208 | warned = warning_at (loc, opt, | |
209 | exact | |
210 | ? G_("%qs specified bound %s exceeds " | |
211 | "the size %E of unterminated array") | |
212 | : (maybe | |
213 | ? G_("%qs specified bound %s may " | |
214 | "exceed the size of at most %E " | |
215 | "of unterminated array") | |
216 | : G_("%qs specified bound %s exceeds " | |
217 | "the size of at most %E " | |
218 | "of unterminated array")), | |
219 | fname, bndstr, size); | |
220 | } | |
221 | } | |
222 | else | |
223 | warned = warning_at (loc, opt, | |
224 | "%qs argument missing terminating nul", | |
225 | fname); | |
226 | } | |
227 | ||
228 | if (warned) | |
229 | { | |
81d6cdd3 | 230 | inform (get_location (decl), |
2a837de2 MS |
231 | "referenced argument declared here"); |
232 | suppress_warning (arg, opt); | |
233 | if (expr) | |
234 | suppress_warning (expr, opt); | |
235 | } | |
236 | } | |
237 | ||
81d6cdd3 MS |
238 | void |
239 | warn_string_no_nul (location_t loc, gimple *stmt, const char *fname, | |
240 | tree arg, tree decl, tree size /* = NULL_TREE */, | |
241 | bool exact /* = false */, | |
242 | const wide_int bndrng[2] /* = NULL */) | |
243 | { | |
244 | return warn_string_no_nul<gimple *> (loc, stmt, fname, | |
245 | arg, decl, size, exact, bndrng); | |
246 | } | |
247 | ||
248 | void | |
249 | warn_string_no_nul (location_t loc, tree expr, const char *fname, | |
250 | tree arg, tree decl, tree size /* = NULL_TREE */, | |
251 | bool exact /* = false */, | |
252 | const wide_int bndrng[2] /* = NULL */) | |
253 | { | |
254 | return warn_string_no_nul<tree> (loc, expr, fname, | |
255 | arg, decl, size, exact, bndrng); | |
256 | } | |
257 | ||
258 | /* If EXP refers to an unterminated constant character array return | |
259 | the declaration of the object of which the array is a member or | |
260 | element and if SIZE is not null, set *SIZE to the size of | |
261 | the unterminated array and set *EXACT if the size is exact or | |
262 | clear it otherwise. Otherwise return null. */ | |
263 | ||
264 | tree | |
265 | unterminated_array (tree exp, tree *size /* = NULL */, bool *exact /* = NULL */) | |
266 | { | |
267 | /* C_STRLEN will return NULL and set DECL in the info | |
268 | structure if EXP references a unterminated array. */ | |
269 | c_strlen_data lendata = { }; | |
270 | tree len = c_strlen (exp, 1, &lendata); | |
271 | if (len || !lendata.minlen || !lendata.decl) | |
272 | return NULL_TREE; | |
273 | ||
274 | if (!size) | |
275 | return lendata.decl; | |
276 | ||
277 | len = lendata.minlen; | |
278 | if (lendata.off) | |
279 | { | |
280 | /* Constant offsets are already accounted for in LENDATA.MINLEN, | |
281 | but not in a SSA_NAME + CST expression. */ | |
282 | if (TREE_CODE (lendata.off) == INTEGER_CST) | |
283 | *exact = true; | |
284 | else if (TREE_CODE (lendata.off) == PLUS_EXPR | |
285 | && TREE_CODE (TREE_OPERAND (lendata.off, 1)) == INTEGER_CST) | |
286 | { | |
287 | /* Subtract the offset from the size of the array. */ | |
288 | *exact = false; | |
289 | tree temp = TREE_OPERAND (lendata.off, 1); | |
290 | temp = fold_convert (ssizetype, temp); | |
291 | len = fold_build2 (MINUS_EXPR, ssizetype, len, temp); | |
292 | } | |
293 | else | |
294 | *exact = false; | |
295 | } | |
296 | else | |
297 | *exact = true; | |
298 | ||
299 | *size = len; | |
300 | return lendata.decl; | |
301 | } | |
302 | ||
2a837de2 MS |
303 | /* For a call EXPR (which may be null) that expects a string argument |
304 | SRC as an argument, returns false if SRC is a character array with | |
305 | no terminating NUL. When nonnull, BOUND is the number of characters | |
81d6cdd3 MS |
306 | in which to expect the terminating NUL. When EXPR is nonnull also |
307 | issues a warning. */ | |
2a837de2 | 308 | |
81d6cdd3 MS |
309 | template <class GimpleOrTree> |
310 | static bool | |
311 | check_nul_terminated_array (GimpleOrTree expr, tree src, tree bound) | |
2a837de2 MS |
312 | { |
313 | /* The constant size of the array SRC points to. The actual size | |
314 | may be less of EXACT is true, but not more. */ | |
315 | tree size; | |
316 | /* True if SRC involves a non-constant offset into the array. */ | |
317 | bool exact; | |
318 | /* The unterminated constant array SRC points to. */ | |
319 | tree nonstr = unterminated_array (src, &size, &exact); | |
320 | if (!nonstr) | |
321 | return true; | |
322 | ||
323 | /* NONSTR refers to the non-nul terminated constant array and SIZE | |
324 | is the constant size of the array in bytes. EXACT is true when | |
325 | SIZE is exact. */ | |
326 | ||
327 | wide_int bndrng[2]; | |
328 | if (bound) | |
329 | { | |
330 | value_range r; | |
331 | ||
332 | get_global_range_query ()->range_of_expr (r, bound); | |
333 | ||
334 | if (r.kind () != VR_RANGE) | |
335 | return true; | |
336 | ||
337 | bndrng[0] = r.lower_bound (); | |
338 | bndrng[1] = r.upper_bound (); | |
339 | ||
340 | if (exact) | |
341 | { | |
342 | if (wi::leu_p (bndrng[0], wi::to_wide (size))) | |
343 | return true; | |
344 | } | |
345 | else if (wi::lt_p (bndrng[0], wi::to_wide (size), UNSIGNED)) | |
346 | return true; | |
347 | } | |
348 | ||
349 | if (expr) | |
81d6cdd3 | 350 | warn_string_no_nul (get_location (expr), expr, NULL, src, nonstr, |
2a837de2 MS |
351 | size, exact, bound ? bndrng : NULL); |
352 | ||
353 | return false; | |
354 | } | |
355 | ||
81d6cdd3 MS |
356 | bool |
357 | check_nul_terminated_array (gimple *stmt, tree src, tree bound /* = NULL_TREE */) | |
358 | { | |
359 | return check_nul_terminated_array<gimple *>(stmt, src, bound); | |
360 | } | |
2a837de2 | 361 | |
81d6cdd3 MS |
362 | bool |
363 | check_nul_terminated_array (tree expr, tree src, tree bound /* = NULL_TREE */) | |
2a837de2 | 364 | { |
81d6cdd3 MS |
365 | return check_nul_terminated_array<tree>(expr, src, bound); |
366 | } | |
367 | ||
368 | /* Warn about passing a non-string array/pointer to a built-in function | |
369 | that expects a nul-terminated string argument. Returns true if | |
370 | a warning has been issued.*/ | |
371 | ||
372 | template <class GimpleOrTree> | |
373 | static bool | |
374 | maybe_warn_nonstring_arg (tree fndecl, GimpleOrTree exp) | |
375 | { | |
376 | if (!fndecl || !fndecl_built_in_p (fndecl, BUILT_IN_NORMAL)) | |
377 | return false; | |
378 | ||
379 | if (!warn_stringop_overread | |
380 | || warning_suppressed_p (exp, OPT_Wstringop_overread)) | |
381 | return false; | |
382 | ||
383 | /* Avoid clearly invalid calls (more checking done below). */ | |
384 | unsigned nargs = call_nargs (exp); | |
385 | if (!nargs) | |
386 | return false; | |
387 | ||
388 | /* The bound argument to a bounded string function like strncpy. */ | |
389 | tree bound = NULL_TREE; | |
390 | ||
391 | /* The longest known or possible string argument to one of the comparison | |
392 | functions. If the length is less than the bound it is used instead. | |
393 | Since the length is only used for warning and not for code generation | |
394 | disable strict mode in the calls to get_range_strlen below. */ | |
395 | tree maxlen = NULL_TREE; | |
396 | ||
397 | /* It's safe to call "bounded" string functions with a non-string | |
398 | argument since the functions provide an explicit bound for this | |
399 | purpose. The exception is strncat where the bound may refer to | |
400 | either the destination or the source. */ | |
401 | int fncode = DECL_FUNCTION_CODE (fndecl); | |
402 | switch (fncode) | |
403 | { | |
404 | case BUILT_IN_STRCMP: | |
405 | case BUILT_IN_STRNCMP: | |
406 | case BUILT_IN_STRNCASECMP: | |
407 | { | |
408 | /* For these, if one argument refers to one or more of a set | |
409 | of string constants or arrays of known size, determine | |
410 | the range of their known or possible lengths and use it | |
411 | conservatively as the bound for the unbounded function, | |
412 | and to adjust the range of the bound of the bounded ones. */ | |
413 | for (unsigned argno = 0; | |
414 | argno < MIN (nargs, 2) | |
415 | && !(maxlen && TREE_CODE (maxlen) == INTEGER_CST); argno++) | |
416 | { | |
417 | tree arg = call_arg (exp, argno); | |
418 | if (!get_attr_nonstring_decl (arg)) | |
419 | { | |
420 | c_strlen_data lendata = { }; | |
421 | /* Set MAXBOUND to an arbitrary non-null non-integer | |
422 | node as a request to have it set to the length of | |
423 | the longest string in a PHI. */ | |
424 | lendata.maxbound = arg; | |
425 | get_range_strlen (arg, &lendata, /* eltsize = */ 1); | |
426 | maxlen = lendata.maxbound; | |
427 | } | |
428 | } | |
429 | } | |
430 | /* Fall through. */ | |
431 | ||
432 | case BUILT_IN_STRNCAT: | |
433 | case BUILT_IN_STPNCPY: | |
434 | case BUILT_IN_STRNCPY: | |
435 | if (nargs > 2) | |
436 | bound = call_arg (exp, 2); | |
437 | break; | |
438 | ||
439 | case BUILT_IN_STRNDUP: | |
440 | if (nargs < 2) | |
441 | return false; | |
442 | bound = call_arg (exp, 1); | |
443 | break; | |
444 | ||
445 | case BUILT_IN_STRNLEN: | |
446 | { | |
447 | tree arg = call_arg (exp, 0); | |
448 | if (!get_attr_nonstring_decl (arg)) | |
449 | { | |
450 | c_strlen_data lendata = { }; | |
451 | /* Set MAXBOUND to an arbitrary non-null non-integer | |
452 | node as a request to have it set to the length of | |
453 | the longest string in a PHI. */ | |
454 | lendata.maxbound = arg; | |
455 | get_range_strlen (arg, &lendata, /* eltsize = */ 1); | |
456 | maxlen = lendata.maxbound; | |
457 | } | |
458 | if (nargs > 1) | |
459 | bound = call_arg (exp, 1); | |
460 | break; | |
461 | } | |
462 | ||
463 | default: | |
464 | break; | |
465 | } | |
466 | ||
467 | /* Determine the range of the bound argument (if specified). */ | |
468 | tree bndrng[2] = { NULL_TREE, NULL_TREE }; | |
469 | if (bound) | |
470 | { | |
471 | STRIP_NOPS (bound); | |
472 | get_size_range (bound, bndrng); | |
473 | } | |
474 | ||
475 | location_t loc = get_location (exp); | |
476 | ||
477 | if (bndrng[0]) | |
478 | { | |
479 | /* Diagnose excessive bound prior to the adjustment below and | |
480 | regardless of attribute nonstring. */ | |
481 | tree maxobjsize = max_object_size (); | |
482 | if (tree_int_cst_lt (maxobjsize, bndrng[0])) | |
2a837de2 | 483 | { |
81d6cdd3 MS |
484 | bool warned = false; |
485 | if (tree_int_cst_equal (bndrng[0], bndrng[1])) | |
486 | warned = warning_at (loc, OPT_Wstringop_overread, | |
487 | "%qD specified bound %E " | |
488 | "exceeds maximum object size %E", | |
489 | fndecl, bndrng[0], maxobjsize); | |
490 | else | |
491 | warned = warning_at (loc, OPT_Wstringop_overread, | |
492 | "%qD specified bound [%E, %E] " | |
493 | "exceeds maximum object size %E", | |
494 | fndecl, bndrng[0], bndrng[1], | |
495 | maxobjsize); | |
496 | if (warned) | |
497 | suppress_warning (exp, OPT_Wstringop_overread); | |
498 | ||
499 | return warned; | |
500 | } | |
501 | } | |
502 | ||
503 | if (maxlen && !integer_all_onesp (maxlen)) | |
504 | { | |
505 | /* Add one for the nul. */ | |
506 | maxlen = const_binop (PLUS_EXPR, TREE_TYPE (maxlen), maxlen, | |
507 | size_one_node); | |
508 | ||
509 | if (!bndrng[0]) | |
510 | { | |
511 | /* Conservatively use the upper bound of the lengths for | |
512 | both the lower and the upper bound of the operation. */ | |
513 | bndrng[0] = maxlen; | |
514 | bndrng[1] = maxlen; | |
515 | bound = void_type_node; | |
516 | } | |
517 | else if (maxlen) | |
518 | { | |
519 | /* Replace the bound on the operation with the upper bound | |
520 | of the length of the string if the latter is smaller. */ | |
521 | if (tree_int_cst_lt (maxlen, bndrng[0])) | |
522 | bndrng[0] = maxlen; | |
523 | else if (tree_int_cst_lt (maxlen, bndrng[1])) | |
524 | bndrng[1] = maxlen; | |
525 | } | |
526 | } | |
527 | ||
528 | bool any_arg_warned = false; | |
529 | /* Iterate over the built-in function's formal arguments and check | |
530 | each const char* against the actual argument. If the actual | |
531 | argument is declared attribute non-string issue a warning unless | |
532 | the argument's maximum length is bounded. */ | |
533 | function_args_iterator it; | |
534 | function_args_iter_init (&it, TREE_TYPE (fndecl)); | |
535 | ||
536 | for (unsigned argno = 0; ; ++argno, function_args_iter_next (&it)) | |
537 | { | |
538 | /* Avoid iterating past the declared argument in a call | |
539 | to function declared without a prototype. */ | |
540 | if (argno >= nargs) | |
541 | break; | |
542 | ||
543 | tree argtype = function_args_iter_cond (&it); | |
544 | if (!argtype) | |
545 | break; | |
546 | ||
547 | if (TREE_CODE (argtype) != POINTER_TYPE) | |
548 | continue; | |
549 | ||
550 | argtype = TREE_TYPE (argtype); | |
551 | ||
552 | if (TREE_CODE (argtype) != INTEGER_TYPE | |
553 | || !TYPE_READONLY (argtype)) | |
554 | continue; | |
555 | ||
556 | argtype = TYPE_MAIN_VARIANT (argtype); | |
557 | if (argtype != char_type_node) | |
558 | continue; | |
559 | ||
560 | tree callarg = call_arg (exp, argno); | |
561 | if (TREE_CODE (callarg) == ADDR_EXPR) | |
562 | callarg = TREE_OPERAND (callarg, 0); | |
563 | ||
564 | /* See if the destination is declared with attribute "nonstring". */ | |
565 | tree decl = get_attr_nonstring_decl (callarg); | |
566 | if (!decl) | |
567 | continue; | |
568 | ||
569 | /* The maximum number of array elements accessed. */ | |
570 | offset_int wibnd = 0; | |
571 | ||
572 | if (argno && fncode == BUILT_IN_STRNCAT) | |
573 | { | |
574 | /* See if the bound in strncat is derived from the length | |
575 | of the strlen of the destination (as it's expected to be). | |
576 | If so, reset BOUND and FNCODE to trigger a warning. */ | |
577 | tree dstarg = call_arg (exp, 0); | |
578 | if (is_strlen_related_p (dstarg, bound)) | |
579 | { | |
580 | /* The bound applies to the destination, not to the source, | |
581 | so reset these to trigger a warning without mentioning | |
582 | the bound. */ | |
583 | bound = NULL; | |
584 | fncode = 0; | |
585 | } | |
586 | else if (bndrng[1]) | |
587 | /* Use the upper bound of the range for strncat. */ | |
588 | wibnd = wi::to_offset (bndrng[1]); | |
589 | } | |
590 | else if (bndrng[0]) | |
591 | /* Use the lower bound of the range for functions other than | |
592 | strncat. */ | |
593 | wibnd = wi::to_offset (bndrng[0]); | |
594 | ||
595 | /* Determine the size of the argument array if it is one. */ | |
596 | offset_int asize = wibnd; | |
597 | bool known_size = false; | |
598 | tree type = TREE_TYPE (decl); | |
599 | ||
600 | /* Determine the array size. For arrays of unknown bound and | |
601 | pointers reset BOUND to trigger the appropriate warning. */ | |
602 | if (TREE_CODE (type) == ARRAY_TYPE) | |
603 | { | |
604 | if (tree arrbnd = TYPE_DOMAIN (type)) | |
2a837de2 | 605 | { |
81d6cdd3 | 606 | if ((arrbnd = TYPE_MAX_VALUE (arrbnd))) |
2a837de2 | 607 | { |
81d6cdd3 MS |
608 | asize = wi::to_offset (arrbnd) + 1; |
609 | known_size = true; | |
2a837de2 | 610 | } |
2a837de2 | 611 | } |
81d6cdd3 MS |
612 | else if (bound == void_type_node) |
613 | bound = NULL_TREE; | |
614 | } | |
615 | else if (bound == void_type_node) | |
616 | bound = NULL_TREE; | |
617 | ||
618 | /* In a call to strncat with a bound in a range whose lower but | |
619 | not upper bound is less than the array size, reset ASIZE to | |
620 | be the same as the bound and the other variable to trigger | |
621 | the apprpriate warning below. */ | |
622 | if (fncode == BUILT_IN_STRNCAT | |
623 | && bndrng[0] != bndrng[1] | |
624 | && wi::ltu_p (wi::to_offset (bndrng[0]), asize) | |
625 | && (!known_size | |
626 | || wi::ltu_p (asize, wibnd))) | |
627 | { | |
628 | asize = wibnd; | |
629 | bound = NULL_TREE; | |
630 | fncode = 0; | |
631 | } | |
632 | ||
633 | bool warned = false; | |
634 | ||
635 | auto_diagnostic_group d; | |
636 | if (wi::ltu_p (asize, wibnd)) | |
637 | { | |
638 | if (bndrng[0] == bndrng[1]) | |
639 | warned = warning_at (loc, OPT_Wstringop_overread, | |
640 | "%qD argument %i declared attribute " | |
641 | "%<nonstring%> is smaller than the specified " | |
642 | "bound %wu", | |
643 | fndecl, argno + 1, wibnd.to_uhwi ()); | |
644 | else if (wi::ltu_p (asize, wi::to_offset (bndrng[0]))) | |
645 | warned = warning_at (loc, OPT_Wstringop_overread, | |
646 | "%qD argument %i declared attribute " | |
647 | "%<nonstring%> is smaller than " | |
648 | "the specified bound [%E, %E]", | |
649 | fndecl, argno + 1, bndrng[0], bndrng[1]); | |
2a837de2 | 650 | else |
81d6cdd3 MS |
651 | warned = warning_at (loc, OPT_Wstringop_overread, |
652 | "%qD argument %i declared attribute " | |
653 | "%<nonstring%> may be smaller than " | |
654 | "the specified bound [%E, %E]", | |
655 | fndecl, argno + 1, bndrng[0], bndrng[1]); | |
656 | } | |
657 | else if (fncode == BUILT_IN_STRNCAT) | |
658 | ; /* Avoid warning for calls to strncat() when the bound | |
659 | is equal to the size of the non-string argument. */ | |
660 | else if (!bound) | |
661 | warned = warning_at (loc, OPT_Wstringop_overread, | |
662 | "%qD argument %i declared attribute %<nonstring%>", | |
663 | fndecl, argno + 1); | |
2a837de2 | 664 | |
81d6cdd3 MS |
665 | if (warned) |
666 | { | |
667 | inform (DECL_SOURCE_LOCATION (decl), | |
668 | "argument %qD declared here", decl); | |
669 | any_arg_warned = true; | |
2a837de2 | 670 | } |
81d6cdd3 MS |
671 | } |
672 | ||
673 | if (any_arg_warned) | |
674 | suppress_warning (exp, OPT_Wstringop_overread); | |
675 | ||
676 | return any_arg_warned; | |
677 | } | |
678 | ||
679 | bool | |
680 | maybe_warn_nonstring_arg (tree fndecl, gimple *stmt) | |
681 | { | |
682 | return maybe_warn_nonstring_arg<gimple *>(fndecl, stmt); | |
683 | } | |
2a837de2 | 684 | |
81d6cdd3 MS |
685 | |
686 | bool | |
687 | maybe_warn_nonstring_arg (tree fndecl, tree expr) | |
688 | { | |
689 | return maybe_warn_nonstring_arg<tree>(fndecl, expr); | |
2a837de2 MS |
690 | } |
691 | ||
692 | /* Issue a warning OPT for a bounded call EXP with a bound in RANGE | |
693 | accessing an object with SIZE. */ | |
694 | ||
81d6cdd3 MS |
695 | template <class GimpleOrTree> |
696 | static bool | |
697 | maybe_warn_for_bound (opt_code opt, location_t loc, GimpleOrTree exp, tree func, | |
698 | tree bndrng[2], tree size, const access_data *pad) | |
2a837de2 MS |
699 | { |
700 | if (!bndrng[0] || warning_suppressed_p (exp, opt)) | |
701 | return false; | |
702 | ||
703 | tree maxobjsize = max_object_size (); | |
704 | ||
705 | bool warned = false; | |
706 | ||
707 | if (opt == OPT_Wstringop_overread) | |
708 | { | |
709 | bool maybe = pad && pad->src.phi (); | |
820f0940 MS |
710 | if (maybe) |
711 | { | |
712 | /* Issue a "maybe" warning only if the PHI refers to objects | |
713 | at least one of which has more space remaining than the bound. | |
714 | Otherwise, if the bound is greater, use the definitive form. */ | |
715 | offset_int remmax = pad->src.size_remaining (); | |
716 | if (remmax < wi::to_offset (bndrng[0])) | |
717 | maybe = false; | |
718 | } | |
2a837de2 MS |
719 | |
720 | if (tree_int_cst_lt (maxobjsize, bndrng[0])) | |
721 | { | |
722 | if (bndrng[0] == bndrng[1]) | |
723 | warned = (func | |
724 | ? warning_at (loc, opt, | |
725 | (maybe | |
726 | ? G_("%qD specified bound %E may " | |
727 | "exceed maximum object size %E") | |
728 | : G_("%qD specified bound %E " | |
729 | "exceeds maximum object size %E")), | |
730 | func, bndrng[0], maxobjsize) | |
731 | : warning_at (loc, opt, | |
732 | (maybe | |
733 | ? G_("specified bound %E may " | |
734 | "exceed maximum object size %E") | |
735 | : G_("specified bound %E " | |
736 | "exceeds maximum object size %E")), | |
737 | bndrng[0], maxobjsize)); | |
738 | else | |
739 | warned = (func | |
740 | ? warning_at (loc, opt, | |
741 | (maybe | |
742 | ? G_("%qD specified bound [%E, %E] may " | |
743 | "exceed maximum object size %E") | |
744 | : G_("%qD specified bound [%E, %E] " | |
745 | "exceeds maximum object size %E")), | |
746 | func, | |
747 | bndrng[0], bndrng[1], maxobjsize) | |
748 | : warning_at (loc, opt, | |
749 | (maybe | |
750 | ? G_("specified bound [%E, %E] may " | |
751 | "exceed maximum object size %E") | |
752 | : G_("specified bound [%E, %E] " | |
753 | "exceeds maximum object size %E")), | |
754 | bndrng[0], bndrng[1], maxobjsize)); | |
755 | } | |
756 | else if (!size || tree_int_cst_le (bndrng[0], size)) | |
757 | return false; | |
758 | else if (tree_int_cst_equal (bndrng[0], bndrng[1])) | |
759 | warned = (func | |
760 | ? warning_at (loc, opt, | |
761 | (maybe | |
762 | ? G_("%qD specified bound %E may exceed " | |
763 | "source size %E") | |
764 | : G_("%qD specified bound %E exceeds " | |
765 | "source size %E")), | |
766 | func, bndrng[0], size) | |
767 | : warning_at (loc, opt, | |
768 | (maybe | |
769 | ? G_("specified bound %E may exceed " | |
770 | "source size %E") | |
771 | : G_("specified bound %E exceeds " | |
772 | "source size %E")), | |
773 | bndrng[0], size)); | |
774 | else | |
775 | warned = (func | |
776 | ? warning_at (loc, opt, | |
777 | (maybe | |
778 | ? G_("%qD specified bound [%E, %E] may " | |
779 | "exceed source size %E") | |
780 | : G_("%qD specified bound [%E, %E] exceeds " | |
781 | "source size %E")), | |
782 | func, bndrng[0], bndrng[1], size) | |
783 | : warning_at (loc, opt, | |
784 | (maybe | |
785 | ? G_("specified bound [%E, %E] may exceed " | |
786 | "source size %E") | |
787 | : G_("specified bound [%E, %E] exceeds " | |
788 | "source size %E")), | |
789 | bndrng[0], bndrng[1], size)); | |
790 | if (warned) | |
791 | { | |
81d6cdd3 MS |
792 | if (pad && pad->src.ref |
793 | && has_location (pad->src.ref)) | |
794 | inform (get_location (pad->src.ref), | |
795 | "source object allocated here"); | |
2a837de2 MS |
796 | suppress_warning (exp, opt); |
797 | } | |
798 | ||
799 | return warned; | |
800 | } | |
801 | ||
802 | bool maybe = pad && pad->dst.phi (); | |
820f0940 MS |
803 | if (maybe) |
804 | { | |
805 | /* Issue a "maybe" warning only if the PHI refers to objects | |
806 | at least one of which has more space remaining than the bound. | |
807 | Otherwise, if the bound is greater, use the definitive form. */ | |
808 | offset_int remmax = pad->dst.size_remaining (); | |
809 | if (remmax < wi::to_offset (bndrng[0])) | |
810 | maybe = false; | |
811 | } | |
2a837de2 MS |
812 | if (tree_int_cst_lt (maxobjsize, bndrng[0])) |
813 | { | |
814 | if (bndrng[0] == bndrng[1]) | |
815 | warned = (func | |
816 | ? warning_at (loc, opt, | |
817 | (maybe | |
818 | ? G_("%qD specified size %E may " | |
819 | "exceed maximum object size %E") | |
820 | : G_("%qD specified size %E " | |
821 | "exceeds maximum object size %E")), | |
822 | func, bndrng[0], maxobjsize) | |
823 | : warning_at (loc, opt, | |
824 | (maybe | |
825 | ? G_("specified size %E may exceed " | |
826 | "maximum object size %E") | |
827 | : G_("specified size %E exceeds " | |
828 | "maximum object size %E")), | |
829 | bndrng[0], maxobjsize)); | |
830 | else | |
831 | warned = (func | |
832 | ? warning_at (loc, opt, | |
833 | (maybe | |
834 | ? G_("%qD specified size between %E and %E " | |
835 | "may exceed maximum object size %E") | |
836 | : G_("%qD specified size between %E and %E " | |
837 | "exceeds maximum object size %E")), | |
838 | func, bndrng[0], bndrng[1], maxobjsize) | |
839 | : warning_at (loc, opt, | |
840 | (maybe | |
841 | ? G_("specified size between %E and %E " | |
842 | "may exceed maximum object size %E") | |
843 | : G_("specified size between %E and %E " | |
844 | "exceeds maximum object size %E")), | |
845 | bndrng[0], bndrng[1], maxobjsize)); | |
846 | } | |
847 | else if (!size || tree_int_cst_le (bndrng[0], size)) | |
848 | return false; | |
849 | else if (tree_int_cst_equal (bndrng[0], bndrng[1])) | |
850 | warned = (func | |
851 | ? warning_at (loc, opt, | |
852 | (maybe | |
853 | ? G_("%qD specified bound %E may exceed " | |
854 | "destination size %E") | |
855 | : G_("%qD specified bound %E exceeds " | |
856 | "destination size %E")), | |
857 | func, bndrng[0], size) | |
858 | : warning_at (loc, opt, | |
859 | (maybe | |
860 | ? G_("specified bound %E may exceed " | |
861 | "destination size %E") | |
862 | : G_("specified bound %E exceeds " | |
863 | "destination size %E")), | |
864 | bndrng[0], size)); | |
865 | else | |
866 | warned = (func | |
867 | ? warning_at (loc, opt, | |
868 | (maybe | |
869 | ? G_("%qD specified bound [%E, %E] may exceed " | |
870 | "destination size %E") | |
871 | : G_("%qD specified bound [%E, %E] exceeds " | |
872 | "destination size %E")), | |
873 | func, bndrng[0], bndrng[1], size) | |
874 | : warning_at (loc, opt, | |
875 | (maybe | |
876 | ? G_("specified bound [%E, %E] exceeds " | |
877 | "destination size %E") | |
878 | : G_("specified bound [%E, %E] exceeds " | |
879 | "destination size %E")), | |
880 | bndrng[0], bndrng[1], size)); | |
881 | ||
882 | if (warned) | |
883 | { | |
81d6cdd3 MS |
884 | if (pad && pad->dst.ref |
885 | && has_location (pad->dst.ref)) | |
886 | inform (get_location (pad->dst.ref), | |
887 | "destination object allocated here"); | |
2a837de2 MS |
888 | suppress_warning (exp, opt); |
889 | } | |
890 | ||
891 | return warned; | |
892 | } | |
893 | ||
81d6cdd3 MS |
894 | bool |
895 | maybe_warn_for_bound (opt_code opt, location_t loc, gimple *stmt, tree func, | |
896 | tree bndrng[2], tree size, | |
897 | const access_data *pad /* = NULL */) | |
898 | { | |
899 | return maybe_warn_for_bound<gimple *> (opt, loc, stmt, func, bndrng, size, | |
900 | pad); | |
901 | } | |
902 | ||
903 | bool | |
904 | maybe_warn_for_bound (opt_code opt, location_t loc, tree expr, tree func, | |
905 | tree bndrng[2], tree size, | |
906 | const access_data *pad /* = NULL */) | |
907 | { | |
908 | return maybe_warn_for_bound<tree> (opt, loc, expr, func, bndrng, size, pad); | |
909 | } | |
910 | ||
2a837de2 MS |
911 | /* For an expression EXP issue an access warning controlled by option OPT |
912 | with access to a region SIZE bytes in size in the RANGE of sizes. | |
913 | WRITE is true for a write access, READ for a read access, neither for | |
914 | call that may or may not perform an access but for which the range | |
915 | is expected to valid. | |
916 | Returns true when a warning has been issued. */ | |
917 | ||
81d6cdd3 | 918 | template <class GimpleOrTree> |
2a837de2 | 919 | static bool |
81d6cdd3 MS |
920 | warn_for_access (location_t loc, tree func, GimpleOrTree exp, int opt, |
921 | tree range[2], tree size, bool write, bool read, bool maybe) | |
2a837de2 MS |
922 | { |
923 | bool warned = false; | |
924 | ||
925 | if (write && read) | |
926 | { | |
927 | if (tree_int_cst_equal (range[0], range[1])) | |
928 | warned = (func | |
929 | ? warning_n (loc, opt, tree_to_uhwi (range[0]), | |
930 | (maybe | |
931 | ? G_("%qD may access %E byte in a region " | |
932 | "of size %E") | |
933 | : G_("%qD accessing %E byte in a region " | |
934 | "of size %E")), | |
935 | (maybe | |
936 | ? G_ ("%qD may access %E bytes in a region " | |
937 | "of size %E") | |
938 | : G_ ("%qD accessing %E bytes in a region " | |
939 | "of size %E")), | |
940 | func, range[0], size) | |
941 | : warning_n (loc, opt, tree_to_uhwi (range[0]), | |
942 | (maybe | |
943 | ? G_("may access %E byte in a region " | |
944 | "of size %E") | |
945 | : G_("accessing %E byte in a region " | |
946 | "of size %E")), | |
947 | (maybe | |
948 | ? G_("may access %E bytes in a region " | |
949 | "of size %E") | |
950 | : G_("accessing %E bytes in a region " | |
951 | "of size %E")), | |
952 | range[0], size)); | |
953 | else if (tree_int_cst_sign_bit (range[1])) | |
954 | { | |
955 | /* Avoid printing the upper bound if it's invalid. */ | |
956 | warned = (func | |
957 | ? warning_at (loc, opt, | |
958 | (maybe | |
959 | ? G_("%qD may access %E or more bytes " | |
960 | "in a region of size %E") | |
961 | : G_("%qD accessing %E or more bytes " | |
962 | "in a region of size %E")), | |
963 | func, range[0], size) | |
964 | : warning_at (loc, opt, | |
965 | (maybe | |
966 | ? G_("may access %E or more bytes " | |
967 | "in a region of size %E") | |
968 | : G_("accessing %E or more bytes " | |
969 | "in a region of size %E")), | |
970 | range[0], size)); | |
971 | } | |
972 | else | |
973 | warned = (func | |
974 | ? warning_at (loc, opt, | |
975 | (maybe | |
976 | ? G_("%qD may access between %E and %E " | |
977 | "bytes in a region of size %E") | |
978 | : G_("%qD accessing between %E and %E " | |
979 | "bytes in a region of size %E")), | |
980 | func, range[0], range[1], size) | |
981 | : warning_at (loc, opt, | |
982 | (maybe | |
983 | ? G_("may access between %E and %E bytes " | |
984 | "in a region of size %E") | |
985 | : G_("accessing between %E and %E bytes " | |
986 | "in a region of size %E")), | |
987 | range[0], range[1], size)); | |
988 | return warned; | |
989 | } | |
990 | ||
991 | if (write) | |
992 | { | |
993 | if (tree_int_cst_equal (range[0], range[1])) | |
994 | warned = (func | |
995 | ? warning_n (loc, opt, tree_to_uhwi (range[0]), | |
996 | (maybe | |
997 | ? G_("%qD may write %E byte into a region " | |
998 | "of size %E") | |
999 | : G_("%qD writing %E byte into a region " | |
1000 | "of size %E overflows the destination")), | |
1001 | (maybe | |
1002 | ? G_("%qD may write %E bytes into a region " | |
1003 | "of size %E") | |
1004 | : G_("%qD writing %E bytes into a region " | |
1005 | "of size %E overflows the destination")), | |
1006 | func, range[0], size) | |
1007 | : warning_n (loc, opt, tree_to_uhwi (range[0]), | |
1008 | (maybe | |
1009 | ? G_("may write %E byte into a region " | |
1010 | "of size %E") | |
1011 | : G_("writing %E byte into a region " | |
1012 | "of size %E overflows the destination")), | |
1013 | (maybe | |
1014 | ? G_("may write %E bytes into a region " | |
1015 | "of size %E") | |
1016 | : G_("writing %E bytes into a region " | |
1017 | "of size %E overflows the destination")), | |
1018 | range[0], size)); | |
1019 | else if (tree_int_cst_sign_bit (range[1])) | |
1020 | { | |
1021 | /* Avoid printing the upper bound if it's invalid. */ | |
1022 | warned = (func | |
1023 | ? warning_at (loc, opt, | |
1024 | (maybe | |
1025 | ? G_("%qD may write %E or more bytes " | |
1026 | "into a region of size %E") | |
1027 | : G_("%qD writing %E or more bytes " | |
1028 | "into a region of size %E overflows " | |
1029 | "the destination")), | |
1030 | func, range[0], size) | |
1031 | : warning_at (loc, opt, | |
1032 | (maybe | |
1033 | ? G_("may write %E or more bytes into " | |
1034 | "a region of size %E") | |
1035 | : G_("writing %E or more bytes into " | |
1036 | "a region of size %E overflows " | |
1037 | "the destination")), | |
1038 | range[0], size)); | |
1039 | } | |
1040 | else | |
1041 | warned = (func | |
1042 | ? warning_at (loc, opt, | |
1043 | (maybe | |
1044 | ? G_("%qD may write between %E and %E bytes " | |
1045 | "into a region of size %E") | |
1046 | : G_("%qD writing between %E and %E bytes " | |
1047 | "into a region of size %E overflows " | |
1048 | "the destination")), | |
1049 | func, range[0], range[1], size) | |
1050 | : warning_at (loc, opt, | |
1051 | (maybe | |
1052 | ? G_("may write between %E and %E bytes " | |
1053 | "into a region of size %E") | |
1054 | : G_("writing between %E and %E bytes " | |
1055 | "into a region of size %E overflows " | |
1056 | "the destination")), | |
1057 | range[0], range[1], size)); | |
1058 | return warned; | |
1059 | } | |
1060 | ||
1061 | if (read) | |
1062 | { | |
1063 | if (tree_int_cst_equal (range[0], range[1])) | |
1064 | warned = (func | |
1065 | ? warning_n (loc, OPT_Wstringop_overread, | |
1066 | tree_to_uhwi (range[0]), | |
1067 | (maybe | |
1068 | ? G_("%qD may read %E byte from a region " | |
1069 | "of size %E") | |
1070 | : G_("%qD reading %E byte from a region " | |
1071 | "of size %E")), | |
1072 | (maybe | |
1073 | ? G_("%qD may read %E bytes from a region " | |
1074 | "of size %E") | |
1075 | : G_("%qD reading %E bytes from a region " | |
1076 | "of size %E")), | |
1077 | func, range[0], size) | |
1078 | : warning_n (loc, OPT_Wstringop_overread, | |
1079 | tree_to_uhwi (range[0]), | |
1080 | (maybe | |
1081 | ? G_("may read %E byte from a region " | |
1082 | "of size %E") | |
1083 | : G_("reading %E byte from a region " | |
1084 | "of size %E")), | |
1085 | (maybe | |
1086 | ? G_("may read %E bytes from a region " | |
1087 | "of size %E") | |
1088 | : G_("reading %E bytes from a region " | |
1089 | "of size %E")), | |
1090 | range[0], size)); | |
1091 | else if (tree_int_cst_sign_bit (range[1])) | |
1092 | { | |
1093 | /* Avoid printing the upper bound if it's invalid. */ | |
1094 | warned = (func | |
1095 | ? warning_at (loc, OPT_Wstringop_overread, | |
1096 | (maybe | |
1097 | ? G_("%qD may read %E or more bytes " | |
1098 | "from a region of size %E") | |
1099 | : G_("%qD reading %E or more bytes " | |
1100 | "from a region of size %E")), | |
1101 | func, range[0], size) | |
1102 | : warning_at (loc, OPT_Wstringop_overread, | |
1103 | (maybe | |
1104 | ? G_("may read %E or more bytes " | |
1105 | "from a region of size %E") | |
1106 | : G_("reading %E or more bytes " | |
1107 | "from a region of size %E")), | |
1108 | range[0], size)); | |
1109 | } | |
1110 | else | |
1111 | warned = (func | |
1112 | ? warning_at (loc, OPT_Wstringop_overread, | |
1113 | (maybe | |
1114 | ? G_("%qD may read between %E and %E bytes " | |
1115 | "from a region of size %E") | |
1116 | : G_("%qD reading between %E and %E bytes " | |
1117 | "from a region of size %E")), | |
1118 | func, range[0], range[1], size) | |
1119 | : warning_at (loc, opt, | |
1120 | (maybe | |
1121 | ? G_("may read between %E and %E bytes " | |
1122 | "from a region of size %E") | |
1123 | : G_("reading between %E and %E bytes " | |
1124 | "from a region of size %E")), | |
1125 | range[0], range[1], size)); | |
1126 | ||
1127 | if (warned) | |
1128 | suppress_warning (exp, OPT_Wstringop_overread); | |
1129 | ||
1130 | return warned; | |
1131 | } | |
1132 | ||
1133 | if (tree_int_cst_equal (range[0], range[1]) | |
1134 | || tree_int_cst_sign_bit (range[1])) | |
1135 | warned = (func | |
1136 | ? warning_n (loc, OPT_Wstringop_overread, | |
1137 | tree_to_uhwi (range[0]), | |
1138 | "%qD expecting %E byte in a region of size %E", | |
1139 | "%qD expecting %E bytes in a region of size %E", | |
1140 | func, range[0], size) | |
1141 | : warning_n (loc, OPT_Wstringop_overread, | |
1142 | tree_to_uhwi (range[0]), | |
1143 | "expecting %E byte in a region of size %E", | |
1144 | "expecting %E bytes in a region of size %E", | |
1145 | range[0], size)); | |
1146 | else if (tree_int_cst_sign_bit (range[1])) | |
1147 | { | |
1148 | /* Avoid printing the upper bound if it's invalid. */ | |
1149 | warned = (func | |
1150 | ? warning_at (loc, OPT_Wstringop_overread, | |
1151 | "%qD expecting %E or more bytes in a region " | |
1152 | "of size %E", | |
1153 | func, range[0], size) | |
1154 | : warning_at (loc, OPT_Wstringop_overread, | |
1155 | "expecting %E or more bytes in a region " | |
1156 | "of size %E", | |
1157 | range[0], size)); | |
1158 | } | |
1159 | else | |
1160 | warned = (func | |
1161 | ? warning_at (loc, OPT_Wstringop_overread, | |
1162 | "%qD expecting between %E and %E bytes in " | |
1163 | "a region of size %E", | |
1164 | func, range[0], range[1], size) | |
1165 | : warning_at (loc, OPT_Wstringop_overread, | |
1166 | "expecting between %E and %E bytes in " | |
1167 | "a region of size %E", | |
1168 | range[0], range[1], size)); | |
1169 | ||
1170 | if (warned) | |
1171 | suppress_warning (exp, OPT_Wstringop_overread); | |
1172 | ||
1173 | return warned; | |
1174 | } | |
1175 | ||
81d6cdd3 MS |
1176 | static bool |
1177 | warn_for_access (location_t loc, tree func, gimple *stmt, int opt, | |
1178 | tree range[2], tree size, bool write, bool read, bool maybe) | |
1179 | { | |
1180 | return warn_for_access<gimple *>(loc, func, stmt, opt, range, size, | |
1181 | write, read, maybe); | |
1182 | } | |
1183 | ||
1184 | static bool | |
1185 | warn_for_access (location_t loc, tree func, tree expr, int opt, | |
1186 | tree range[2], tree size, bool write, bool read, bool maybe) | |
1187 | { | |
1188 | return warn_for_access<tree>(loc, func, expr, opt, range, size, | |
1189 | write, read, maybe); | |
1190 | } | |
1191 | ||
2a837de2 MS |
1192 | /* Helper to set RANGE to the range of BOUND if it's nonnull, bounded |
1193 | by BNDRNG if nonnull and valid. */ | |
1194 | ||
b48d4e68 | 1195 | static void |
9a27acc3 | 1196 | get_size_range (range_query *query, tree bound, gimple *stmt, tree range[2], |
ece28da9 | 1197 | const offset_int bndrng[2]) |
2a837de2 MS |
1198 | { |
1199 | if (bound) | |
9a27acc3 | 1200 | get_size_range (query, bound, stmt, range); |
2a837de2 MS |
1201 | |
1202 | if (!bndrng || (bndrng[0] == 0 && bndrng[1] == HOST_WIDE_INT_M1U)) | |
1203 | return; | |
1204 | ||
1205 | if (range[0] && TREE_CODE (range[0]) == INTEGER_CST) | |
1206 | { | |
1207 | offset_int r[] = | |
1208 | { wi::to_offset (range[0]), wi::to_offset (range[1]) }; | |
1209 | if (r[0] < bndrng[0]) | |
1210 | range[0] = wide_int_to_tree (sizetype, bndrng[0]); | |
1211 | if (bndrng[1] < r[1]) | |
1212 | range[1] = wide_int_to_tree (sizetype, bndrng[1]); | |
1213 | } | |
1214 | else | |
1215 | { | |
1216 | range[0] = wide_int_to_tree (sizetype, bndrng[0]); | |
1217 | range[1] = wide_int_to_tree (sizetype, bndrng[1]); | |
1218 | } | |
1219 | } | |
1220 | ||
1221 | /* Try to verify that the sizes and lengths of the arguments to a string | |
1222 | manipulation function given by EXP are within valid bounds and that | |
1223 | the operation does not lead to buffer overflow or read past the end. | |
1224 | Arguments other than EXP may be null. When non-null, the arguments | |
1225 | have the following meaning: | |
1226 | DST is the destination of a copy call or NULL otherwise. | |
1227 | SRC is the source of a copy call or NULL otherwise. | |
1228 | DSTWRITE is the number of bytes written into the destination obtained | |
1229 | from the user-supplied size argument to the function (such as in | |
1230 | memcpy(DST, SRCs, DSTWRITE) or strncpy(DST, DRC, DSTWRITE). | |
1231 | MAXREAD is the user-supplied bound on the length of the source sequence | |
1232 | (such as in strncat(d, s, N). It specifies the upper limit on the number | |
1233 | of bytes to write. If NULL, it's taken to be the same as DSTWRITE. | |
1234 | SRCSTR is the source string (such as in strcpy(DST, SRC)) when the | |
1235 | expression EXP is a string function call (as opposed to a memory call | |
1236 | like memcpy). As an exception, SRCSTR can also be an integer denoting | |
1237 | the precomputed size of the source string or object (for functions like | |
1238 | memcpy). | |
1239 | DSTSIZE is the size of the destination object. | |
1240 | ||
1241 | When DSTWRITE is null LEN is checked to verify that it doesn't exceed | |
1242 | SIZE_MAX. | |
1243 | ||
1244 | WRITE is true for write accesses, READ is true for reads. Both are | |
1245 | false for simple size checks in calls to functions that neither read | |
1246 | from nor write to the region. | |
1247 | ||
1248 | When nonnull, PAD points to a more detailed description of the access. | |
1249 | ||
1250 | If the call is successfully verified as safe return true, otherwise | |
1251 | return false. */ | |
1252 | ||
81d6cdd3 MS |
1253 | template <class GimpleOrTree> |
1254 | static bool | |
1255 | check_access (GimpleOrTree exp, tree dstwrite, | |
2a837de2 | 1256 | tree maxread, tree srcstr, tree dstsize, |
9a27acc3 MS |
1257 | access_mode mode, const access_data *pad, |
1258 | range_query *rvals) | |
2a837de2 MS |
1259 | { |
1260 | /* The size of the largest object is half the address space, or | |
1261 | PTRDIFF_MAX. (This is way too permissive.) */ | |
1262 | tree maxobjsize = max_object_size (); | |
1263 | ||
1264 | /* Either an approximate/minimum the length of the source string for | |
1265 | string functions or the size of the source object for raw memory | |
1266 | functions. */ | |
1267 | tree slen = NULL_TREE; | |
1268 | ||
1269 | /* The range of the access in bytes; first set to the write access | |
1270 | for functions that write and then read for those that also (or | |
1271 | just) read. */ | |
1272 | tree range[2] = { NULL_TREE, NULL_TREE }; | |
1273 | ||
1274 | /* Set to true when the exact number of bytes written by a string | |
1275 | function like strcpy is not known and the only thing that is | |
1276 | known is that it must be at least one (for the terminating nul). */ | |
1277 | bool at_least_one = false; | |
1278 | if (srcstr) | |
1279 | { | |
1280 | /* SRCSTR is normally a pointer to string but as a special case | |
1281 | it can be an integer denoting the length of a string. */ | |
1282 | if (POINTER_TYPE_P (TREE_TYPE (srcstr))) | |
1283 | { | |
1284 | if (!check_nul_terminated_array (exp, srcstr, maxread)) | |
81d6cdd3 MS |
1285 | /* Return if the array is not nul-terminated and a warning |
1286 | has been issued. */ | |
2a837de2 | 1287 | return false; |
81d6cdd3 | 1288 | |
2a837de2 MS |
1289 | /* Try to determine the range of lengths the source string |
1290 | refers to. If it can be determined and is less than | |
1291 | the upper bound given by MAXREAD add one to it for | |
1292 | the terminating nul. Otherwise, set it to one for | |
1293 | the same reason, or to MAXREAD as appropriate. */ | |
1294 | c_strlen_data lendata = { }; | |
1295 | get_range_strlen (srcstr, &lendata, /* eltsize = */ 1); | |
1296 | range[0] = lendata.minlen; | |
1297 | range[1] = lendata.maxbound ? lendata.maxbound : lendata.maxlen; | |
1298 | if (range[0] | |
1299 | && TREE_CODE (range[0]) == INTEGER_CST | |
1300 | && TREE_CODE (range[1]) == INTEGER_CST | |
1301 | && (!maxread || TREE_CODE (maxread) == INTEGER_CST)) | |
1302 | { | |
1303 | if (maxread && tree_int_cst_le (maxread, range[0])) | |
1304 | range[0] = range[1] = maxread; | |
1305 | else | |
1306 | range[0] = fold_build2 (PLUS_EXPR, size_type_node, | |
1307 | range[0], size_one_node); | |
1308 | ||
1309 | if (maxread && tree_int_cst_le (maxread, range[1])) | |
1310 | range[1] = maxread; | |
1311 | else if (!integer_all_onesp (range[1])) | |
1312 | range[1] = fold_build2 (PLUS_EXPR, size_type_node, | |
1313 | range[1], size_one_node); | |
1314 | ||
1315 | slen = range[0]; | |
1316 | } | |
1317 | else | |
1318 | { | |
1319 | at_least_one = true; | |
1320 | slen = size_one_node; | |
1321 | } | |
1322 | } | |
1323 | else | |
1324 | slen = srcstr; | |
1325 | } | |
1326 | ||
1327 | if (!dstwrite && !maxread) | |
1328 | { | |
1329 | /* When the only available piece of data is the object size | |
1330 | there is nothing to do. */ | |
1331 | if (!slen) | |
1332 | return true; | |
1333 | ||
1334 | /* Otherwise, when the length of the source sequence is known | |
1335 | (as with strlen), set DSTWRITE to it. */ | |
1336 | if (!range[0]) | |
1337 | dstwrite = slen; | |
1338 | } | |
1339 | ||
1340 | if (!dstsize) | |
1341 | dstsize = maxobjsize; | |
1342 | ||
f9379fcb | 1343 | /* Set RANGE to that of DSTWRITE if non-null, bounded by PAD->DST_BNDRNG |
2a837de2 | 1344 | if valid. */ |
9a27acc3 | 1345 | gimple *stmt = pad ? pad->stmt : nullptr; |
f9379fcb | 1346 | get_size_range (rvals, dstwrite, stmt, range, pad ? pad->dst_bndrng : NULL); |
2a837de2 MS |
1347 | |
1348 | tree func = get_callee_fndecl (exp); | |
1349 | /* Read vs write access by built-ins can be determined from the const | |
1350 | qualifiers on the pointer argument. In the absence of attribute | |
1351 | access, non-const qualified pointer arguments to user-defined | |
1352 | functions are assumed to both read and write the objects. */ | |
1353 | const bool builtin = func ? fndecl_built_in_p (func) : false; | |
1354 | ||
1355 | /* First check the number of bytes to be written against the maximum | |
1356 | object size. */ | |
1357 | if (range[0] | |
1358 | && TREE_CODE (range[0]) == INTEGER_CST | |
1359 | && tree_int_cst_lt (maxobjsize, range[0])) | |
1360 | { | |
81d6cdd3 | 1361 | location_t loc = get_location (exp); |
2a837de2 MS |
1362 | maybe_warn_for_bound (OPT_Wstringop_overflow_, loc, exp, func, range, |
1363 | NULL_TREE, pad); | |
1364 | return false; | |
1365 | } | |
1366 | ||
1367 | /* The number of bytes to write is "exact" if DSTWRITE is non-null, | |
1368 | constant, and in range of unsigned HOST_WIDE_INT. */ | |
1369 | bool exactwrite = dstwrite && tree_fits_uhwi_p (dstwrite); | |
1370 | ||
1371 | /* Next check the number of bytes to be written against the destination | |
1372 | object size. */ | |
1373 | if (range[0] || !exactwrite || integer_all_onesp (dstwrite)) | |
1374 | { | |
1375 | if (range[0] | |
1376 | && TREE_CODE (range[0]) == INTEGER_CST | |
1377 | && ((tree_fits_uhwi_p (dstsize) | |
1378 | && tree_int_cst_lt (dstsize, range[0])) | |
1379 | || (dstwrite | |
1380 | && tree_fits_uhwi_p (dstwrite) | |
1381 | && tree_int_cst_lt (dstwrite, range[0])))) | |
1382 | { | |
1383 | const opt_code opt = OPT_Wstringop_overflow_; | |
1384 | if (warning_suppressed_p (exp, opt) | |
1385 | || (pad && pad->dst.ref | |
1386 | && warning_suppressed_p (pad->dst.ref, opt))) | |
1387 | return false; | |
1388 | ||
81d6cdd3 | 1389 | location_t loc = get_location (exp); |
2a837de2 MS |
1390 | bool warned = false; |
1391 | if (dstwrite == slen && at_least_one) | |
1392 | { | |
1393 | /* This is a call to strcpy with a destination of 0 size | |
1394 | and a source of unknown length. The call will write | |
1395 | at least one byte past the end of the destination. */ | |
1396 | warned = (func | |
1397 | ? warning_at (loc, opt, | |
1398 | "%qD writing %E or more bytes into " | |
1399 | "a region of size %E overflows " | |
1400 | "the destination", | |
1401 | func, range[0], dstsize) | |
1402 | : warning_at (loc, opt, | |
1403 | "writing %E or more bytes into " | |
1404 | "a region of size %E overflows " | |
1405 | "the destination", | |
1406 | range[0], dstsize)); | |
1407 | } | |
1408 | else | |
1409 | { | |
1410 | const bool read | |
1411 | = mode == access_read_only || mode == access_read_write; | |
1412 | const bool write | |
1413 | = mode == access_write_only || mode == access_read_write; | |
1414 | const bool maybe = pad && pad->dst.parmarray; | |
1415 | warned = warn_for_access (loc, func, exp, | |
1416 | OPT_Wstringop_overflow_, | |
1417 | range, dstsize, | |
1418 | write, read && !builtin, maybe); | |
1419 | } | |
1420 | ||
1421 | if (warned) | |
1422 | { | |
1423 | suppress_warning (exp, OPT_Wstringop_overflow_); | |
1424 | if (pad) | |
1425 | pad->dst.inform_access (pad->mode); | |
1426 | } | |
1427 | ||
1428 | /* Return error when an overflow has been detected. */ | |
1429 | return false; | |
1430 | } | |
1431 | } | |
1432 | ||
1433 | /* Check the maximum length of the source sequence against the size | |
1434 | of the destination object if known, or against the maximum size | |
1435 | of an object. */ | |
1436 | if (maxread) | |
1437 | { | |
f9379fcb | 1438 | /* Set RANGE to that of MAXREAD, bounded by PAD->SRC_BNDRNG if |
2a837de2 | 1439 | PAD is nonnull and BNDRNG is valid. */ |
f9379fcb | 1440 | get_size_range (rvals, maxread, stmt, range, pad ? pad->src_bndrng : NULL); |
2a837de2 | 1441 | |
81d6cdd3 | 1442 | location_t loc = get_location (exp); |
2a837de2 MS |
1443 | tree size = dstsize; |
1444 | if (pad && pad->mode == access_read_only) | |
820f0940 | 1445 | size = wide_int_to_tree (sizetype, pad->src.size_remaining ()); |
2a837de2 MS |
1446 | |
1447 | if (range[0] && maxread && tree_fits_uhwi_p (size)) | |
1448 | { | |
1449 | if (tree_int_cst_lt (maxobjsize, range[0])) | |
1450 | { | |
1451 | maybe_warn_for_bound (OPT_Wstringop_overread, loc, exp, func, | |
1452 | range, size, pad); | |
1453 | return false; | |
1454 | } | |
1455 | ||
1456 | if (size != maxobjsize && tree_int_cst_lt (size, range[0])) | |
1457 | { | |
1458 | opt_code opt = (dstwrite || mode != access_read_only | |
1459 | ? OPT_Wstringop_overflow_ | |
1460 | : OPT_Wstringop_overread); | |
1461 | maybe_warn_for_bound (opt, loc, exp, func, range, size, pad); | |
1462 | return false; | |
1463 | } | |
1464 | } | |
1465 | ||
1466 | maybe_warn_nonstring_arg (func, exp); | |
1467 | } | |
1468 | ||
1469 | /* Check for reading past the end of SRC. */ | |
1470 | bool overread = (slen | |
1471 | && slen == srcstr | |
1472 | && dstwrite | |
1473 | && range[0] | |
1474 | && TREE_CODE (slen) == INTEGER_CST | |
1475 | && tree_int_cst_lt (slen, range[0])); | |
1476 | /* If none is determined try to get a better answer based on the details | |
1477 | in PAD. */ | |
1478 | if (!overread | |
1479 | && pad | |
1480 | && pad->src.sizrng[1] >= 0 | |
1481 | && pad->src.offrng[0] >= 0 | |
1482 | && (pad->src.offrng[1] < 0 | |
1483 | || pad->src.offrng[0] <= pad->src.offrng[1])) | |
1484 | { | |
f9379fcb | 1485 | /* Set RANGE to that of MAXREAD, bounded by PAD->SRC_BNDRNG if |
2a837de2 | 1486 | PAD is nonnull and BNDRNG is valid. */ |
f9379fcb | 1487 | get_size_range (rvals, maxread, stmt, range, pad ? pad->src_bndrng : NULL); |
2a837de2 | 1488 | /* Set OVERREAD for reads starting just past the end of an object. */ |
f9379fcb MS |
1489 | overread = pad->src.sizrng[1] - pad->src.offrng[0] < pad->src_bndrng[0]; |
1490 | range[0] = wide_int_to_tree (sizetype, pad->src_bndrng[0]); | |
2a837de2 MS |
1491 | slen = size_zero_node; |
1492 | } | |
1493 | ||
1494 | if (overread) | |
1495 | { | |
1496 | const opt_code opt = OPT_Wstringop_overread; | |
1497 | if (warning_suppressed_p (exp, opt) | |
1498 | || (srcstr && warning_suppressed_p (srcstr, opt)) | |
1499 | || (pad && pad->src.ref | |
1500 | && warning_suppressed_p (pad->src.ref, opt))) | |
1501 | return false; | |
1502 | ||
81d6cdd3 | 1503 | location_t loc = get_location (exp); |
2a837de2 MS |
1504 | const bool read |
1505 | = mode == access_read_only || mode == access_read_write; | |
1506 | const bool maybe = pad && pad->dst.parmarray; | |
1507 | if (warn_for_access (loc, func, exp, opt, range, slen, false, read, | |
1508 | maybe)) | |
1509 | { | |
1510 | suppress_warning (exp, opt); | |
1511 | if (pad) | |
1512 | pad->src.inform_access (access_read_only); | |
1513 | } | |
1514 | return false; | |
1515 | } | |
1516 | ||
1517 | return true; | |
1518 | } | |
1519 | ||
9a27acc3 | 1520 | static bool |
81d6cdd3 MS |
1521 | check_access (gimple *stmt, tree dstwrite, |
1522 | tree maxread, tree srcstr, tree dstsize, | |
9a27acc3 MS |
1523 | access_mode mode, const access_data *pad, |
1524 | range_query *rvals) | |
81d6cdd3 | 1525 | { |
9a27acc3 MS |
1526 | return check_access<gimple *> (stmt, dstwrite, maxread, srcstr, dstsize, |
1527 | mode, pad, rvals); | |
81d6cdd3 MS |
1528 | } |
1529 | ||
1530 | bool | |
1531 | check_access (tree expr, tree dstwrite, | |
1532 | tree maxread, tree srcstr, tree dstsize, | |
1533 | access_mode mode, const access_data *pad /* = NULL */) | |
1534 | { | |
9a27acc3 MS |
1535 | return check_access<tree> (expr, dstwrite, maxread, srcstr, dstsize, |
1536 | mode, pad, nullptr); | |
81d6cdd3 MS |
1537 | } |
1538 | ||
2a837de2 MS |
1539 | /* Return true if STMT is a call to an allocation function. Unless |
1540 | ALL_ALLOC is set, consider only functions that return dynmamically | |
1541 | allocated objects. Otherwise return true even for all forms of | |
1542 | alloca (including VLA). */ | |
1543 | ||
1544 | static bool | |
1545 | fndecl_alloc_p (tree fndecl, bool all_alloc) | |
1546 | { | |
1547 | if (!fndecl) | |
1548 | return false; | |
1549 | ||
1550 | /* A call to operator new isn't recognized as one to a built-in. */ | |
1551 | if (DECL_IS_OPERATOR_NEW_P (fndecl)) | |
1552 | return true; | |
1553 | ||
1554 | if (fndecl_built_in_p (fndecl, BUILT_IN_NORMAL)) | |
1555 | { | |
1556 | switch (DECL_FUNCTION_CODE (fndecl)) | |
1557 | { | |
1558 | case BUILT_IN_ALLOCA: | |
1559 | case BUILT_IN_ALLOCA_WITH_ALIGN: | |
1560 | return all_alloc; | |
1561 | case BUILT_IN_ALIGNED_ALLOC: | |
1562 | case BUILT_IN_CALLOC: | |
1563 | case BUILT_IN_GOMP_ALLOC: | |
1564 | case BUILT_IN_MALLOC: | |
1565 | case BUILT_IN_REALLOC: | |
1566 | case BUILT_IN_STRDUP: | |
1567 | case BUILT_IN_STRNDUP: | |
1568 | return true; | |
1569 | default: | |
1570 | break; | |
1571 | } | |
1572 | } | |
1573 | ||
1574 | /* A function is considered an allocation function if it's declared | |
1575 | with attribute malloc with an argument naming its associated | |
1576 | deallocation function. */ | |
1577 | tree attrs = DECL_ATTRIBUTES (fndecl); | |
1578 | if (!attrs) | |
1579 | return false; | |
1580 | ||
1581 | for (tree allocs = attrs; | |
1582 | (allocs = lookup_attribute ("malloc", allocs)); | |
1583 | allocs = TREE_CHAIN (allocs)) | |
1584 | { | |
1585 | tree args = TREE_VALUE (allocs); | |
1586 | if (!args) | |
1587 | continue; | |
1588 | ||
1589 | if (TREE_VALUE (args)) | |
1590 | return true; | |
1591 | } | |
1592 | ||
1593 | return false; | |
1594 | } | |
1595 | ||
1596 | /* Return true if STMT is a call to an allocation function. A wrapper | |
1597 | around fndecl_alloc_p. */ | |
1598 | ||
1599 | static bool | |
1600 | gimple_call_alloc_p (gimple *stmt, bool all_alloc = false) | |
1601 | { | |
1602 | return fndecl_alloc_p (gimple_call_fndecl (stmt), all_alloc); | |
1603 | } | |
1604 | ||
1605 | /* Return true if DELC doesn't refer to an operator delete that's | |
1606 | suitable to call with a pointer returned from the operator new | |
1607 | described by NEWC. */ | |
1608 | ||
1609 | static bool | |
1610 | new_delete_mismatch_p (const demangle_component &newc, | |
1611 | const demangle_component &delc) | |
1612 | { | |
1613 | if (newc.type != delc.type) | |
1614 | return true; | |
1615 | ||
1616 | switch (newc.type) | |
1617 | { | |
1618 | case DEMANGLE_COMPONENT_NAME: | |
1619 | { | |
1620 | int len = newc.u.s_name.len; | |
1621 | const char *news = newc.u.s_name.s; | |
1622 | const char *dels = delc.u.s_name.s; | |
1623 | if (len != delc.u.s_name.len || memcmp (news, dels, len)) | |
1624 | return true; | |
1625 | ||
1626 | if (news[len] == 'n') | |
1627 | { | |
1628 | if (news[len + 1] == 'a') | |
1629 | return dels[len] != 'd' || dels[len + 1] != 'a'; | |
1630 | if (news[len + 1] == 'w') | |
1631 | return dels[len] != 'd' || dels[len + 1] != 'l'; | |
1632 | } | |
1633 | return false; | |
1634 | } | |
1635 | ||
1636 | case DEMANGLE_COMPONENT_OPERATOR: | |
1637 | /* Operator mismatches are handled above. */ | |
1638 | return false; | |
1639 | ||
1640 | case DEMANGLE_COMPONENT_EXTENDED_OPERATOR: | |
1641 | if (newc.u.s_extended_operator.args != delc.u.s_extended_operator.args) | |
1642 | return true; | |
1643 | return new_delete_mismatch_p (*newc.u.s_extended_operator.name, | |
1644 | *delc.u.s_extended_operator.name); | |
1645 | ||
1646 | case DEMANGLE_COMPONENT_FIXED_TYPE: | |
1647 | if (newc.u.s_fixed.accum != delc.u.s_fixed.accum | |
1648 | || newc.u.s_fixed.sat != delc.u.s_fixed.sat) | |
1649 | return true; | |
1650 | return new_delete_mismatch_p (*newc.u.s_fixed.length, | |
1651 | *delc.u.s_fixed.length); | |
1652 | ||
1653 | case DEMANGLE_COMPONENT_CTOR: | |
1654 | if (newc.u.s_ctor.kind != delc.u.s_ctor.kind) | |
1655 | return true; | |
1656 | return new_delete_mismatch_p (*newc.u.s_ctor.name, | |
1657 | *delc.u.s_ctor.name); | |
1658 | ||
1659 | case DEMANGLE_COMPONENT_DTOR: | |
1660 | if (newc.u.s_dtor.kind != delc.u.s_dtor.kind) | |
1661 | return true; | |
1662 | return new_delete_mismatch_p (*newc.u.s_dtor.name, | |
1663 | *delc.u.s_dtor.name); | |
1664 | ||
1665 | case DEMANGLE_COMPONENT_BUILTIN_TYPE: | |
1666 | { | |
1667 | /* The demangler API provides no better way to compare built-in | |
1668 | types except to by comparing their demangled names. */ | |
1669 | size_t nsz, dsz; | |
1670 | demangle_component *pnc = const_cast<demangle_component *>(&newc); | |
1671 | demangle_component *pdc = const_cast<demangle_component *>(&delc); | |
1672 | char *nts = cplus_demangle_print (0, pnc, 16, &nsz); | |
1673 | char *dts = cplus_demangle_print (0, pdc, 16, &dsz); | |
1674 | if (!nts != !dts) | |
1675 | return true; | |
1676 | bool mismatch = strcmp (nts, dts); | |
1677 | free (nts); | |
1678 | free (dts); | |
1679 | return mismatch; | |
1680 | } | |
1681 | ||
1682 | case DEMANGLE_COMPONENT_SUB_STD: | |
1683 | if (newc.u.s_string.len != delc.u.s_string.len) | |
1684 | return true; | |
1685 | return memcmp (newc.u.s_string.string, delc.u.s_string.string, | |
1686 | newc.u.s_string.len); | |
1687 | ||
1688 | case DEMANGLE_COMPONENT_FUNCTION_PARAM: | |
1689 | case DEMANGLE_COMPONENT_TEMPLATE_PARAM: | |
1690 | return newc.u.s_number.number != delc.u.s_number.number; | |
1691 | ||
1692 | case DEMANGLE_COMPONENT_CHARACTER: | |
1693 | return newc.u.s_character.character != delc.u.s_character.character; | |
1694 | ||
1695 | case DEMANGLE_COMPONENT_DEFAULT_ARG: | |
1696 | case DEMANGLE_COMPONENT_LAMBDA: | |
1697 | if (newc.u.s_unary_num.num != delc.u.s_unary_num.num) | |
1698 | return true; | |
1699 | return new_delete_mismatch_p (*newc.u.s_unary_num.sub, | |
1700 | *delc.u.s_unary_num.sub); | |
1701 | default: | |
1702 | break; | |
1703 | } | |
1704 | ||
1705 | if (!newc.u.s_binary.left != !delc.u.s_binary.left) | |
1706 | return true; | |
1707 | ||
1708 | if (!newc.u.s_binary.left) | |
1709 | return false; | |
1710 | ||
1711 | if (new_delete_mismatch_p (*newc.u.s_binary.left, *delc.u.s_binary.left) | |
1712 | || !newc.u.s_binary.right != !delc.u.s_binary.right) | |
1713 | return true; | |
1714 | ||
1715 | if (newc.u.s_binary.right) | |
1716 | return new_delete_mismatch_p (*newc.u.s_binary.right, | |
1717 | *delc.u.s_binary.right); | |
1718 | return false; | |
1719 | } | |
1720 | ||
1721 | /* Return true if DELETE_DECL is an operator delete that's not suitable | |
1722 | to call with a pointer returned fron NEW_DECL. */ | |
1723 | ||
1724 | static bool | |
1725 | new_delete_mismatch_p (tree new_decl, tree delete_decl) | |
1726 | { | |
1727 | tree new_name = DECL_ASSEMBLER_NAME (new_decl); | |
1728 | tree delete_name = DECL_ASSEMBLER_NAME (delete_decl); | |
1729 | ||
1730 | /* valid_new_delete_pair_p() returns a conservative result (currently | |
1731 | it only handles global operators). A true result is reliable but | |
96194a07 MS |
1732 | a false result doesn't necessarily mean the operators don't match |
1733 | unless CERTAIN is set. */ | |
1734 | bool certain; | |
1735 | if (valid_new_delete_pair_p (new_name, delete_name, &certain)) | |
2a837de2 | 1736 | return false; |
96194a07 MS |
1737 | /* CERTAIN is set when the negative result is certain. */ |
1738 | if (certain) | |
1739 | return true; | |
2a837de2 MS |
1740 | |
1741 | /* For anything not handled by valid_new_delete_pair_p() such as member | |
1742 | operators compare the individual demangled components of the mangled | |
1743 | name. */ | |
1744 | const char *new_str = IDENTIFIER_POINTER (new_name); | |
1745 | const char *del_str = IDENTIFIER_POINTER (delete_name); | |
1746 | ||
1747 | void *np = NULL, *dp = NULL; | |
1748 | demangle_component *ndc = cplus_demangle_v3_components (new_str, 0, &np); | |
1749 | demangle_component *ddc = cplus_demangle_v3_components (del_str, 0, &dp); | |
1750 | bool mismatch = new_delete_mismatch_p (*ndc, *ddc); | |
1751 | free (np); | |
1752 | free (dp); | |
1753 | return mismatch; | |
1754 | } | |
1755 | ||
1756 | /* ALLOC_DECL and DEALLOC_DECL are pair of allocation and deallocation | |
1757 | functions. Return true if the latter is suitable to deallocate objects | |
1758 | allocated by calls to the former. */ | |
1759 | ||
1760 | static bool | |
1761 | matching_alloc_calls_p (tree alloc_decl, tree dealloc_decl) | |
1762 | { | |
1763 | /* Set to alloc_kind_t::builtin if ALLOC_DECL is associated with | |
1764 | a built-in deallocator. */ | |
1765 | enum class alloc_kind_t { none, builtin, user } | |
1766 | alloc_dealloc_kind = alloc_kind_t::none; | |
1767 | ||
1768 | if (DECL_IS_OPERATOR_NEW_P (alloc_decl)) | |
1769 | { | |
1770 | if (DECL_IS_OPERATOR_DELETE_P (dealloc_decl)) | |
1771 | /* Return true iff both functions are of the same array or | |
1772 | singleton form and false otherwise. */ | |
1773 | return !new_delete_mismatch_p (alloc_decl, dealloc_decl); | |
1774 | ||
1775 | /* Return false for deallocation functions that are known not | |
1776 | to match. */ | |
1777 | if (fndecl_built_in_p (dealloc_decl, BUILT_IN_FREE) | |
1778 | || fndecl_built_in_p (dealloc_decl, BUILT_IN_REALLOC)) | |
1779 | return false; | |
1780 | /* Otherwise proceed below to check the deallocation function's | |
1781 | "*dealloc" attributes to look for one that mentions this operator | |
1782 | new. */ | |
1783 | } | |
1784 | else if (fndecl_built_in_p (alloc_decl, BUILT_IN_NORMAL)) | |
1785 | { | |
1786 | switch (DECL_FUNCTION_CODE (alloc_decl)) | |
1787 | { | |
1788 | case BUILT_IN_ALLOCA: | |
1789 | case BUILT_IN_ALLOCA_WITH_ALIGN: | |
1790 | return false; | |
1791 | ||
1792 | case BUILT_IN_ALIGNED_ALLOC: | |
1793 | case BUILT_IN_CALLOC: | |
1794 | case BUILT_IN_GOMP_ALLOC: | |
1795 | case BUILT_IN_MALLOC: | |
1796 | case BUILT_IN_REALLOC: | |
1797 | case BUILT_IN_STRDUP: | |
1798 | case BUILT_IN_STRNDUP: | |
1799 | if (DECL_IS_OPERATOR_DELETE_P (dealloc_decl)) | |
1800 | return false; | |
1801 | ||
1802 | if (fndecl_built_in_p (dealloc_decl, BUILT_IN_FREE) | |
1803 | || fndecl_built_in_p (dealloc_decl, BUILT_IN_REALLOC)) | |
1804 | return true; | |
1805 | ||
1806 | alloc_dealloc_kind = alloc_kind_t::builtin; | |
1807 | break; | |
1808 | ||
1809 | default: | |
1810 | break; | |
1811 | } | |
1812 | } | |
1813 | ||
1814 | /* Set if DEALLOC_DECL both allocates and deallocates. */ | |
1815 | alloc_kind_t realloc_kind = alloc_kind_t::none; | |
1816 | ||
1817 | if (fndecl_built_in_p (dealloc_decl, BUILT_IN_NORMAL)) | |
1818 | { | |
1819 | built_in_function dealloc_code = DECL_FUNCTION_CODE (dealloc_decl); | |
1820 | if (dealloc_code == BUILT_IN_REALLOC) | |
1821 | realloc_kind = alloc_kind_t::builtin; | |
1822 | ||
1823 | for (tree amats = DECL_ATTRIBUTES (alloc_decl); | |
1824 | (amats = lookup_attribute ("malloc", amats)); | |
1825 | amats = TREE_CHAIN (amats)) | |
1826 | { | |
1827 | tree args = TREE_VALUE (amats); | |
1828 | if (!args) | |
1829 | continue; | |
1830 | ||
1831 | tree fndecl = TREE_VALUE (args); | |
1832 | if (!fndecl || !DECL_P (fndecl)) | |
1833 | continue; | |
1834 | ||
1835 | if (fndecl_built_in_p (fndecl, BUILT_IN_NORMAL) | |
1836 | && dealloc_code == DECL_FUNCTION_CODE (fndecl)) | |
1837 | return true; | |
1838 | } | |
1839 | } | |
1840 | ||
1841 | const bool alloc_builtin = fndecl_built_in_p (alloc_decl, BUILT_IN_NORMAL); | |
1842 | alloc_kind_t realloc_dealloc_kind = alloc_kind_t::none; | |
1843 | ||
1844 | /* If DEALLOC_DECL has an internal "*dealloc" attribute scan the list | |
1845 | of its associated allocation functions for ALLOC_DECL. | |
1846 | If the corresponding ALLOC_DECL is found they're a matching pair, | |
1847 | otherwise they're not. | |
1848 | With DDATS set to the Deallocator's *Dealloc ATtributes... */ | |
1849 | for (tree ddats = DECL_ATTRIBUTES (dealloc_decl); | |
1850 | (ddats = lookup_attribute ("*dealloc", ddats)); | |
1851 | ddats = TREE_CHAIN (ddats)) | |
1852 | { | |
1853 | tree args = TREE_VALUE (ddats); | |
1854 | if (!args) | |
1855 | continue; | |
1856 | ||
1857 | tree alloc = TREE_VALUE (args); | |
1858 | if (!alloc) | |
1859 | continue; | |
1860 | ||
1861 | if (alloc == DECL_NAME (dealloc_decl)) | |
1862 | realloc_kind = alloc_kind_t::user; | |
1863 | ||
1864 | if (DECL_P (alloc)) | |
1865 | { | |
1866 | gcc_checking_assert (fndecl_built_in_p (alloc, BUILT_IN_NORMAL)); | |
1867 | ||
1868 | switch (DECL_FUNCTION_CODE (alloc)) | |
1869 | { | |
1870 | case BUILT_IN_ALIGNED_ALLOC: | |
1871 | case BUILT_IN_CALLOC: | |
1872 | case BUILT_IN_GOMP_ALLOC: | |
1873 | case BUILT_IN_MALLOC: | |
1874 | case BUILT_IN_REALLOC: | |
1875 | case BUILT_IN_STRDUP: | |
1876 | case BUILT_IN_STRNDUP: | |
1877 | realloc_dealloc_kind = alloc_kind_t::builtin; | |
1878 | break; | |
1879 | default: | |
1880 | break; | |
1881 | } | |
1882 | ||
1883 | if (!alloc_builtin) | |
1884 | continue; | |
1885 | ||
1886 | if (DECL_FUNCTION_CODE (alloc) != DECL_FUNCTION_CODE (alloc_decl)) | |
1887 | continue; | |
1888 | ||
1889 | return true; | |
1890 | } | |
1891 | ||
1892 | if (alloc == DECL_NAME (alloc_decl)) | |
1893 | return true; | |
1894 | } | |
1895 | ||
1896 | if (realloc_kind == alloc_kind_t::none) | |
1897 | return false; | |
1898 | ||
1899 | hash_set<tree> common_deallocs; | |
1900 | /* Special handling for deallocators. Iterate over both the allocator's | |
1901 | and the reallocator's associated deallocator functions looking for | |
1902 | the first one in common. If one is found, the de/reallocator is | |
1903 | a match for the allocator even though the latter isn't directly | |
1904 | associated with the former. This simplifies declarations in system | |
1905 | headers. | |
1906 | With AMATS set to the Allocator's Malloc ATtributes, | |
1907 | and RMATS set to Reallocator's Malloc ATtributes... */ | |
1908 | for (tree amats = DECL_ATTRIBUTES (alloc_decl), | |
1909 | rmats = DECL_ATTRIBUTES (dealloc_decl); | |
1910 | (amats = lookup_attribute ("malloc", amats)) | |
1911 | || (rmats = lookup_attribute ("malloc", rmats)); | |
1912 | amats = amats ? TREE_CHAIN (amats) : NULL_TREE, | |
1913 | rmats = rmats ? TREE_CHAIN (rmats) : NULL_TREE) | |
1914 | { | |
1915 | if (tree args = amats ? TREE_VALUE (amats) : NULL_TREE) | |
1916 | if (tree adealloc = TREE_VALUE (args)) | |
1917 | { | |
1918 | if (DECL_P (adealloc) | |
1919 | && fndecl_built_in_p (adealloc, BUILT_IN_NORMAL)) | |
1920 | { | |
1921 | built_in_function fncode = DECL_FUNCTION_CODE (adealloc); | |
1922 | if (fncode == BUILT_IN_FREE || fncode == BUILT_IN_REALLOC) | |
1923 | { | |
1924 | if (realloc_kind == alloc_kind_t::builtin) | |
1925 | return true; | |
1926 | alloc_dealloc_kind = alloc_kind_t::builtin; | |
1927 | } | |
1928 | continue; | |
1929 | } | |
1930 | ||
1931 | common_deallocs.add (adealloc); | |
1932 | } | |
1933 | ||
1934 | if (tree args = rmats ? TREE_VALUE (rmats) : NULL_TREE) | |
1935 | if (tree ddealloc = TREE_VALUE (args)) | |
1936 | { | |
1937 | if (DECL_P (ddealloc) | |
1938 | && fndecl_built_in_p (ddealloc, BUILT_IN_NORMAL)) | |
1939 | { | |
1940 | built_in_function fncode = DECL_FUNCTION_CODE (ddealloc); | |
1941 | if (fncode == BUILT_IN_FREE || fncode == BUILT_IN_REALLOC) | |
1942 | { | |
1943 | if (alloc_dealloc_kind == alloc_kind_t::builtin) | |
1944 | return true; | |
1945 | realloc_dealloc_kind = alloc_kind_t::builtin; | |
1946 | } | |
1947 | continue; | |
1948 | } | |
1949 | ||
1950 | if (common_deallocs.add (ddealloc)) | |
1951 | return true; | |
1952 | } | |
1953 | } | |
1954 | ||
1955 | /* Succeed only if ALLOC_DECL and the reallocator DEALLOC_DECL share | |
1956 | a built-in deallocator. */ | |
1957 | return (alloc_dealloc_kind == alloc_kind_t::builtin | |
1958 | && realloc_dealloc_kind == alloc_kind_t::builtin); | |
1959 | } | |
1960 | ||
1961 | /* Return true if DEALLOC_DECL is a function suitable to deallocate | |
1962 | objectes allocated by the ALLOC call. */ | |
1963 | ||
1964 | static bool | |
1965 | matching_alloc_calls_p (gimple *alloc, tree dealloc_decl) | |
1966 | { | |
1967 | tree alloc_decl = gimple_call_fndecl (alloc); | |
1968 | if (!alloc_decl) | |
1969 | return true; | |
1970 | ||
1971 | return matching_alloc_calls_p (alloc_decl, dealloc_decl); | |
1972 | } | |
1973 | ||
1974 | /* Diagnose a call EXP to deallocate a pointer referenced by AREF if it | |
1975 | includes a nonzero offset. Such a pointer cannot refer to the beginning | |
1976 | of an allocated object. A negative offset may refer to it only if | |
1977 | the target pointer is unknown. */ | |
1978 | ||
1979 | static bool | |
1980 | warn_dealloc_offset (location_t loc, gimple *call, const access_ref &aref) | |
1981 | { | |
1982 | if (aref.deref || aref.offrng[0] <= 0 || aref.offrng[1] <= 0) | |
1983 | return false; | |
1984 | ||
1985 | tree dealloc_decl = gimple_call_fndecl (call); | |
1986 | if (!dealloc_decl) | |
1987 | return false; | |
1988 | ||
1989 | if (DECL_IS_OPERATOR_DELETE_P (dealloc_decl) | |
1990 | && !DECL_IS_REPLACEABLE_OPERATOR (dealloc_decl)) | |
1991 | { | |
1992 | /* A call to a user-defined operator delete with a pointer plus offset | |
1993 | may be valid if it's returned from an unknown function (i.e., one | |
1994 | that's not operator new). */ | |
1995 | if (TREE_CODE (aref.ref) == SSA_NAME) | |
1996 | { | |
1997 | gimple *def_stmt = SSA_NAME_DEF_STMT (aref.ref); | |
1998 | if (is_gimple_call (def_stmt)) | |
1999 | { | |
2000 | tree alloc_decl = gimple_call_fndecl (def_stmt); | |
2001 | if (!alloc_decl || !DECL_IS_OPERATOR_NEW_P (alloc_decl)) | |
2002 | return false; | |
2003 | } | |
2004 | } | |
2005 | } | |
2006 | ||
2007 | char offstr[80]; | |
2008 | offstr[0] = '\0'; | |
2009 | if (wi::fits_shwi_p (aref.offrng[0])) | |
2010 | { | |
2011 | if (aref.offrng[0] == aref.offrng[1] | |
2012 | || !wi::fits_shwi_p (aref.offrng[1])) | |
2013 | sprintf (offstr, " %lli", | |
2014 | (long long)aref.offrng[0].to_shwi ()); | |
2015 | else | |
2016 | sprintf (offstr, " [%lli, %lli]", | |
2017 | (long long)aref.offrng[0].to_shwi (), | |
2018 | (long long)aref.offrng[1].to_shwi ()); | |
2019 | } | |
2020 | ||
2021 | if (!warning_at (loc, OPT_Wfree_nonheap_object, | |
2022 | "%qD called on pointer %qE with nonzero offset%s", | |
2023 | dealloc_decl, aref.ref, offstr)) | |
2024 | return false; | |
2025 | ||
2026 | if (DECL_P (aref.ref)) | |
81d6cdd3 | 2027 | inform (get_location (aref.ref), "declared here"); |
2a837de2 MS |
2028 | else if (TREE_CODE (aref.ref) == SSA_NAME) |
2029 | { | |
2030 | gimple *def_stmt = SSA_NAME_DEF_STMT (aref.ref); | |
2031 | if (is_gimple_call (def_stmt)) | |
2032 | { | |
81d6cdd3 | 2033 | location_t def_loc = get_location (def_stmt); |
2a837de2 MS |
2034 | tree alloc_decl = gimple_call_fndecl (def_stmt); |
2035 | if (alloc_decl) | |
2036 | inform (def_loc, | |
2037 | "returned from %qD", alloc_decl); | |
2038 | else if (tree alloc_fntype = gimple_call_fntype (def_stmt)) | |
2039 | inform (def_loc, | |
2040 | "returned from %qT", alloc_fntype); | |
2041 | else | |
2042 | inform (def_loc, "obtained here"); | |
2043 | } | |
2044 | } | |
2045 | ||
2046 | return true; | |
2047 | } | |
2048 | ||
2a837de2 MS |
2049 | namespace { |
2050 | ||
2051 | const pass_data pass_data_waccess = { | |
2052 | GIMPLE_PASS, | |
2053 | "waccess", | |
2054 | OPTGROUP_NONE, | |
2055 | TV_NONE, | |
2056 | PROP_cfg, /* properties_required */ | |
2057 | 0, /* properties_provided */ | |
2058 | 0, /* properties_destroyed */ | |
2059 | 0, /* properties_start */ | |
2060 | 0, /* properties_finish */ | |
2061 | }; | |
2062 | ||
2063 | /* Pass to detect invalid accesses. */ | |
2064 | class pass_waccess : public gimple_opt_pass | |
2065 | { | |
2066 | public: | |
b48d4e68 MS |
2067 | pass_waccess (gcc::context *); |
2068 | ||
2069 | ~pass_waccess (); | |
2a837de2 MS |
2070 | |
2071 | opt_pass *clone () { return new pass_waccess (m_ctxt); } | |
2072 | ||
2073 | virtual bool gate (function *); | |
2074 | virtual unsigned int execute (function *); | |
2075 | ||
ece28da9 MS |
2076 | private: |
2077 | /* Not copyable or assignable. */ | |
2078 | pass_waccess (pass_waccess &) = delete; | |
2079 | void operator= (pass_waccess &) = delete; | |
2080 | ||
88b504b7 MS |
2081 | /* Check a call to an atomic built-in function. */ |
2082 | bool check_atomic_builtin (gcall *); | |
2083 | ||
81d6cdd3 MS |
2084 | /* Check a call to a built-in function. */ |
2085 | bool check_builtin (gcall *); | |
2086 | ||
b48d4e68 MS |
2087 | /* Check a call to an ordinary function. */ |
2088 | bool check_call (gcall *); | |
2089 | ||
81d6cdd3 | 2090 | /* Check statements in a basic block. */ |
2a837de2 | 2091 | void check (basic_block); |
81d6cdd3 MS |
2092 | |
2093 | /* Check a call to a function. */ | |
ece28da9 | 2094 | void check (gcall *); |
2a837de2 | 2095 | |
ece28da9 MS |
2096 | /* Check a call to the named built-in function. */ |
2097 | void check_alloca (gcall *); | |
2098 | void check_alloc_size_call (gcall *); | |
2099 | void check_strcat (gcall *); | |
2100 | void check_strncat (gcall *); | |
2101 | void check_stxcpy (gcall *); | |
2102 | void check_stxncpy (gcall *); | |
2103 | void check_strncmp (gcall *); | |
2104 | void check_memop_access (gimple *, tree, tree, tree); | |
9a27acc3 | 2105 | void check_read_access (gimple *, tree, tree = NULL_TREE, int = 1); |
ece28da9 MS |
2106 | |
2107 | void maybe_check_dealloc_call (gcall *); | |
2108 | void maybe_check_access_sizes (rdwr_map *, tree, tree, gimple *); | |
5a431b60 MS |
2109 | bool maybe_warn_memmodel (gimple *, tree, tree, const unsigned char *); |
2110 | void check_atomic_memmodel (gimple *, tree, tree, const unsigned char *); | |
b48d4e68 MS |
2111 | |
2112 | /* A pointer_query object and its cache to store information about | |
2113 | pointers and their targets in. */ | |
ece28da9 MS |
2114 | pointer_query m_ptr_qry; |
2115 | pointer_query::cache_type m_var_cache; | |
2a837de2 MS |
2116 | }; |
2117 | ||
b48d4e68 MS |
2118 | /* Construct the pass. */ |
2119 | ||
2120 | pass_waccess::pass_waccess (gcc::context *ctxt) | |
2121 | : gimple_opt_pass (pass_data_waccess, ctxt), | |
ece28da9 MS |
2122 | m_ptr_qry (NULL, &m_var_cache), |
2123 | m_var_cache () | |
b48d4e68 MS |
2124 | { |
2125 | } | |
2126 | ||
2127 | /* Release pointer_query cache. */ | |
2128 | ||
2129 | pass_waccess::~pass_waccess () | |
2130 | { | |
ece28da9 | 2131 | m_ptr_qry.flush_cache (); |
b48d4e68 MS |
2132 | } |
2133 | ||
2a837de2 MS |
2134 | /* Return true when any checks performed by the pass are enabled. */ |
2135 | ||
2136 | bool | |
2137 | pass_waccess::gate (function *) | |
2138 | { | |
2139 | return (warn_free_nonheap_object | |
2140 | || warn_mismatched_alloc | |
2141 | || warn_mismatched_new_delete); | |
2142 | } | |
2143 | ||
b48d4e68 MS |
2144 | /* Initialize ALLOC_OBJECT_SIZE_LIMIT based on the -Walloc-size-larger-than= |
2145 | setting if the option is specified, or to the maximum object size if it | |
2146 | is not. Return the initialized value. */ | |
2147 | ||
2148 | static tree | |
2149 | alloc_max_size (void) | |
2150 | { | |
2151 | HOST_WIDE_INT limit = warn_alloc_size_limit; | |
2152 | if (limit == HOST_WIDE_INT_MAX) | |
2153 | limit = tree_to_shwi (TYPE_MAX_VALUE (ptrdiff_type_node)); | |
2154 | ||
2155 | return build_int_cst (size_type_node, limit); | |
2156 | } | |
2157 | ||
2158 | /* Diagnose a call EXP to function FN decorated with attribute alloc_size | |
2159 | whose argument numbers given by IDX with values given by ARGS exceed | |
2160 | the maximum object size or cause an unsigned oveflow (wrapping) when | |
2161 | multiplied. FN is null when EXP is a call via a function pointer. | |
2162 | When ARGS[0] is null the function does nothing. ARGS[1] may be null | |
2163 | for functions like malloc, and non-null for those like calloc that | |
2164 | are decorated with a two-argument attribute alloc_size. */ | |
2165 | ||
2166 | void | |
2167 | maybe_warn_alloc_args_overflow (gimple *stmt, const tree args[2], | |
2168 | const int idx[2]) | |
2169 | { | |
2170 | /* The range each of the (up to) two arguments is known to be in. */ | |
2171 | tree argrange[2][2] = { { NULL_TREE, NULL_TREE }, { NULL_TREE, NULL_TREE } }; | |
2172 | ||
2173 | /* Maximum object size set by -Walloc-size-larger-than= or SIZE_MAX / 2. */ | |
2174 | tree maxobjsize = alloc_max_size (); | |
2175 | ||
2176 | location_t loc = get_location (stmt); | |
2177 | ||
2178 | tree fn = gimple_call_fndecl (stmt); | |
2179 | tree fntype = fn ? TREE_TYPE (fn) : gimple_call_fntype (stmt); | |
2180 | bool warned = false; | |
2181 | ||
2182 | /* Validate each argument individually. */ | |
2183 | for (unsigned i = 0; i != 2 && args[i]; ++i) | |
2184 | { | |
2185 | if (TREE_CODE (args[i]) == INTEGER_CST) | |
2186 | { | |
2187 | argrange[i][0] = args[i]; | |
2188 | argrange[i][1] = args[i]; | |
2189 | ||
2190 | if (tree_int_cst_lt (args[i], integer_zero_node)) | |
2191 | { | |
2192 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2193 | "argument %i value %qE is negative", | |
2194 | idx[i] + 1, args[i]); | |
2195 | } | |
2196 | else if (integer_zerop (args[i])) | |
2197 | { | |
2198 | /* Avoid issuing -Walloc-zero for allocation functions other | |
2199 | than __builtin_alloca that are declared with attribute | |
2200 | returns_nonnull because there's no portability risk. This | |
2201 | avoids warning for such calls to libiberty's xmalloc and | |
2202 | friends. | |
2203 | Also avoid issuing the warning for calls to function named | |
2204 | "alloca". */ | |
2205 | if (fn && fndecl_built_in_p (fn, BUILT_IN_ALLOCA) | |
2206 | ? IDENTIFIER_LENGTH (DECL_NAME (fn)) != 6 | |
2207 | : !lookup_attribute ("returns_nonnull", | |
2208 | TYPE_ATTRIBUTES (fntype))) | |
2209 | warned = warning_at (loc, OPT_Walloc_zero, | |
2210 | "argument %i value is zero", | |
2211 | idx[i] + 1); | |
2212 | } | |
2213 | else if (tree_int_cst_lt (maxobjsize, args[i])) | |
2214 | { | |
2215 | /* G++ emits calls to ::operator new[](SIZE_MAX) in C++98 | |
2216 | mode and with -fno-exceptions as a way to indicate array | |
2217 | size overflow. There's no good way to detect C++98 here | |
2218 | so avoid diagnosing these calls for all C++ modes. */ | |
2219 | if (i == 0 | |
2220 | && fn | |
2221 | && !args[1] | |
2222 | && lang_GNU_CXX () | |
2223 | && DECL_IS_OPERATOR_NEW_P (fn) | |
2224 | && integer_all_onesp (args[i])) | |
2225 | continue; | |
2226 | ||
2227 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2228 | "argument %i value %qE exceeds " | |
2229 | "maximum object size %E", | |
2230 | idx[i] + 1, args[i], maxobjsize); | |
2231 | } | |
2232 | } | |
2233 | else if (TREE_CODE (args[i]) == SSA_NAME | |
2234 | && get_size_range (args[i], argrange[i])) | |
2235 | { | |
2236 | /* Verify that the argument's range is not negative (including | |
2237 | upper bound of zero). */ | |
2238 | if (tree_int_cst_lt (argrange[i][0], integer_zero_node) | |
2239 | && tree_int_cst_le (argrange[i][1], integer_zero_node)) | |
2240 | { | |
2241 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2242 | "argument %i range [%E, %E] is negative", | |
2243 | idx[i] + 1, | |
2244 | argrange[i][0], argrange[i][1]); | |
2245 | } | |
2246 | else if (tree_int_cst_lt (maxobjsize, argrange[i][0])) | |
2247 | { | |
2248 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2249 | "argument %i range [%E, %E] exceeds " | |
2250 | "maximum object size %E", | |
2251 | idx[i] + 1, | |
2252 | argrange[i][0], argrange[i][1], | |
2253 | maxobjsize); | |
2254 | } | |
2255 | } | |
2256 | } | |
2257 | ||
b3aa3288 | 2258 | if (!argrange[0][0]) |
b48d4e68 MS |
2259 | return; |
2260 | ||
2261 | /* For a two-argument alloc_size, validate the product of the two | |
2262 | arguments if both of their values or ranges are known. */ | |
2263 | if (!warned && tree_fits_uhwi_p (argrange[0][0]) | |
2264 | && argrange[1][0] && tree_fits_uhwi_p (argrange[1][0]) | |
2265 | && !integer_onep (argrange[0][0]) | |
2266 | && !integer_onep (argrange[1][0])) | |
2267 | { | |
2268 | /* Check for overflow in the product of a function decorated with | |
2269 | attribute alloc_size (X, Y). */ | |
2270 | unsigned szprec = TYPE_PRECISION (size_type_node); | |
2271 | wide_int x = wi::to_wide (argrange[0][0], szprec); | |
2272 | wide_int y = wi::to_wide (argrange[1][0], szprec); | |
2273 | ||
2274 | wi::overflow_type vflow; | |
2275 | wide_int prod = wi::umul (x, y, &vflow); | |
2276 | ||
2277 | if (vflow) | |
2278 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2279 | "product %<%E * %E%> of arguments %i and %i " | |
2280 | "exceeds %<SIZE_MAX%>", | |
2281 | argrange[0][0], argrange[1][0], | |
2282 | idx[0] + 1, idx[1] + 1); | |
2283 | else if (wi::ltu_p (wi::to_wide (maxobjsize, szprec), prod)) | |
2284 | warned = warning_at (loc, OPT_Walloc_size_larger_than_, | |
2285 | "product %<%E * %E%> of arguments %i and %i " | |
2286 | "exceeds maximum object size %E", | |
2287 | argrange[0][0], argrange[1][0], | |
2288 | idx[0] + 1, idx[1] + 1, | |
2289 | maxobjsize); | |
2290 | ||
2291 | if (warned) | |
2292 | { | |
2293 | /* Print the full range of each of the two arguments to make | |
2294 | it clear when it is, in fact, in a range and not constant. */ | |
2295 | if (argrange[0][0] != argrange [0][1]) | |
2296 | inform (loc, "argument %i in the range [%E, %E]", | |
2297 | idx[0] + 1, argrange[0][0], argrange[0][1]); | |
2298 | if (argrange[1][0] != argrange [1][1]) | |
2299 | inform (loc, "argument %i in the range [%E, %E]", | |
2300 | idx[1] + 1, argrange[1][0], argrange[1][1]); | |
2301 | } | |
2302 | } | |
2303 | ||
2304 | if (warned && fn) | |
2305 | { | |
2306 | location_t fnloc = DECL_SOURCE_LOCATION (fn); | |
2307 | ||
2308 | if (DECL_IS_UNDECLARED_BUILTIN (fn)) | |
2309 | inform (loc, | |
2310 | "in a call to built-in allocation function %qD", fn); | |
2311 | else | |
2312 | inform (fnloc, | |
2313 | "in a call to allocation function %qD declared here", fn); | |
2314 | } | |
2315 | } | |
2316 | ||
2317 | /* Check a call to an alloca function for an excessive size. */ | |
2318 | ||
ece28da9 MS |
2319 | void |
2320 | pass_waccess::check_alloca (gcall *stmt) | |
b48d4e68 MS |
2321 | { |
2322 | if ((warn_vla_limit >= HOST_WIDE_INT_MAX | |
2323 | && warn_alloc_size_limit < warn_vla_limit) | |
2324 | || (warn_alloca_limit >= HOST_WIDE_INT_MAX | |
2325 | && warn_alloc_size_limit < warn_alloca_limit)) | |
2326 | { | |
2327 | /* -Walloca-larger-than and -Wvla-larger-than settings of less | |
2328 | than HWI_MAX override the more general -Walloc-size-larger-than | |
2329 | so unless either of the former options is smaller than the last | |
2330 | one (wchich would imply that the call was already checked), check | |
2331 | the alloca arguments for overflow. */ | |
2332 | const tree alloc_args[] = { call_arg (stmt, 0), NULL_TREE }; | |
2333 | const int idx[] = { 0, -1 }; | |
2334 | maybe_warn_alloc_args_overflow (stmt, alloc_args, idx); | |
2335 | } | |
2336 | } | |
2337 | ||
2338 | /* Check a call to an allocation function for an excessive size. */ | |
2339 | ||
ece28da9 MS |
2340 | void |
2341 | pass_waccess::check_alloc_size_call (gcall *stmt) | |
b48d4e68 | 2342 | { |
b48d4e68 MS |
2343 | tree fndecl = gimple_call_fndecl (stmt); |
2344 | if (fndecl && gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) | |
2345 | { | |
2346 | /* Alloca is handled separately. */ | |
2347 | switch (DECL_FUNCTION_CODE (fndecl)) | |
2348 | { | |
2349 | case BUILT_IN_ALLOCA: | |
2350 | case BUILT_IN_ALLOCA_WITH_ALIGN: | |
2351 | case BUILT_IN_ALLOCA_WITH_ALIGN_AND_MAX: | |
2352 | return; | |
2353 | default: | |
2354 | break; | |
2355 | } | |
2356 | } | |
2357 | ||
2358 | tree fntype = gimple_call_fntype (stmt); | |
2359 | tree fntypeattrs = TYPE_ATTRIBUTES (fntype); | |
2360 | ||
2361 | tree alloc_size = lookup_attribute ("alloc_size", fntypeattrs); | |
2362 | if (!alloc_size) | |
2363 | return; | |
2364 | ||
2365 | /* Extract attribute alloc_size from the type of the called expression | |
2366 | (which could be a function or a function pointer) and if set, store | |
2367 | the indices of the corresponding arguments in ALLOC_IDX, and then | |
2368 | the actual argument(s) at those indices in ALLOC_ARGS. */ | |
2369 | int idx[2] = { -1, -1 }; | |
2370 | tree alloc_args[] = { NULL_TREE, NULL_TREE }; | |
eacdfaf7 | 2371 | unsigned nargs = gimple_call_num_args (stmt); |
b48d4e68 MS |
2372 | |
2373 | tree args = TREE_VALUE (alloc_size); | |
2374 | idx[0] = TREE_INT_CST_LOW (TREE_VALUE (args)) - 1; | |
eacdfaf7 JJ |
2375 | /* Avoid invalid calls to functions without a prototype. */ |
2376 | if ((unsigned) idx[0] >= nargs) | |
2377 | return; | |
b48d4e68 MS |
2378 | alloc_args[0] = call_arg (stmt, idx[0]); |
2379 | if (TREE_CHAIN (args)) | |
2380 | { | |
2381 | idx[1] = TREE_INT_CST_LOW (TREE_VALUE (TREE_CHAIN (args))) - 1; | |
eacdfaf7 JJ |
2382 | if ((unsigned) idx[1] >= nargs) |
2383 | return; | |
b48d4e68 MS |
2384 | alloc_args[1] = call_arg (stmt, idx[1]); |
2385 | } | |
2386 | ||
2387 | maybe_warn_alloc_args_overflow (stmt, alloc_args, idx); | |
2388 | } | |
2389 | ||
81d6cdd3 MS |
2390 | /* Check a call STMT to strcat() for overflow and warn if it does. */ |
2391 | ||
ece28da9 MS |
2392 | void |
2393 | pass_waccess::check_strcat (gcall *stmt) | |
81d6cdd3 | 2394 | { |
b48d4e68 | 2395 | if (!warn_stringop_overflow && !warn_stringop_overread) |
81d6cdd3 MS |
2396 | return; |
2397 | ||
2398 | tree dest = call_arg (stmt, 0); | |
2399 | tree src = call_arg (stmt, 1); | |
2400 | ||
2401 | /* There is no way here to determine the length of the string in | |
2402 | the destination to which the SRC string is being appended so | |
2403 | just diagnose cases when the souce string is longer than | |
2404 | the destination object. */ | |
9a27acc3 MS |
2405 | access_data data (m_ptr_qry.rvals, stmt, access_read_write, NULL_TREE, |
2406 | true, NULL_TREE, true); | |
81d6cdd3 | 2407 | const int ost = warn_stringop_overflow ? warn_stringop_overflow - 1 : 1; |
9a27acc3 MS |
2408 | compute_objsize (src, stmt, ost, &data.src, &m_ptr_qry); |
2409 | tree destsize = compute_objsize (dest, stmt, ost, &data.dst, &m_ptr_qry); | |
81d6cdd3 MS |
2410 | |
2411 | check_access (stmt, /*dstwrite=*/NULL_TREE, /*maxread=*/NULL_TREE, | |
9a27acc3 | 2412 | src, destsize, data.mode, &data, m_ptr_qry.rvals); |
81d6cdd3 MS |
2413 | } |
2414 | ||
2415 | /* Check a call STMT to strcat() for overflow and warn if it does. */ | |
2416 | ||
ece28da9 MS |
2417 | void |
2418 | pass_waccess::check_strncat (gcall *stmt) | |
81d6cdd3 | 2419 | { |
b48d4e68 | 2420 | if (!warn_stringop_overflow && !warn_stringop_overread) |
81d6cdd3 MS |
2421 | return; |
2422 | ||
2423 | tree dest = call_arg (stmt, 0); | |
2424 | tree src = call_arg (stmt, 1); | |
2425 | /* The upper bound on the number of bytes to write. */ | |
2426 | tree maxread = call_arg (stmt, 2); | |
2427 | ||
2428 | /* Detect unterminated source (only). */ | |
2429 | if (!check_nul_terminated_array (stmt, src, maxread)) | |
2430 | return; | |
2431 | ||
2432 | /* The length of the source sequence. */ | |
2433 | tree slen = c_strlen (src, 1); | |
2434 | ||
2435 | /* Try to determine the range of lengths that the source expression | |
2436 | refers to. Since the lengths are only used for warning and not | |
2437 | for code generation disable strict mode below. */ | |
2438 | tree maxlen = slen; | |
2439 | if (!maxlen) | |
2440 | { | |
2441 | c_strlen_data lendata = { }; | |
2442 | get_range_strlen (src, &lendata, /* eltsize = */ 1); | |
2443 | maxlen = lendata.maxbound; | |
2444 | } | |
2445 | ||
9a27acc3 | 2446 | access_data data (m_ptr_qry.rvals, stmt, access_read_write); |
81d6cdd3 MS |
2447 | /* Try to verify that the destination is big enough for the shortest |
2448 | string. First try to determine the size of the destination object | |
2449 | into which the source is being copied. */ | |
ece28da9 | 2450 | const int ost = warn_stringop_overflow - 1; |
9a27acc3 | 2451 | tree destsize = compute_objsize (dest, stmt, ost, &data.dst, &m_ptr_qry); |
81d6cdd3 MS |
2452 | |
2453 | /* Add one for the terminating nul. */ | |
2454 | tree srclen = (maxlen | |
2455 | ? fold_build2 (PLUS_EXPR, size_type_node, maxlen, | |
2456 | size_one_node) | |
2457 | : NULL_TREE); | |
2458 | ||
2459 | /* The strncat function copies at most MAXREAD bytes and always appends | |
2460 | the terminating nul so the specified upper bound should never be equal | |
2461 | to (or greater than) the size of the destination. */ | |
2462 | if (tree_fits_uhwi_p (maxread) && tree_fits_uhwi_p (destsize) | |
2463 | && tree_int_cst_equal (destsize, maxread)) | |
2464 | { | |
2465 | location_t loc = get_location (stmt); | |
2466 | warning_at (loc, OPT_Wstringop_overflow_, | |
2467 | "%qD specified bound %E equals destination size", | |
2468 | get_callee_fndecl (stmt), maxread); | |
2469 | ||
2470 | return; | |
2471 | } | |
2472 | ||
2473 | if (!srclen | |
2474 | || (maxread && tree_fits_uhwi_p (maxread) | |
2475 | && tree_fits_uhwi_p (srclen) | |
2476 | && tree_int_cst_lt (maxread, srclen))) | |
2477 | srclen = maxread; | |
2478 | ||
2479 | check_access (stmt, /*dstwrite=*/NULL_TREE, maxread, srclen, | |
9a27acc3 | 2480 | destsize, data.mode, &data, m_ptr_qry.rvals); |
81d6cdd3 MS |
2481 | } |
2482 | ||
2483 | /* Check a call STMT to stpcpy() or strcpy() for overflow and warn | |
2484 | if it does. */ | |
2485 | ||
ece28da9 MS |
2486 | void |
2487 | pass_waccess::check_stxcpy (gcall *stmt) | |
81d6cdd3 MS |
2488 | { |
2489 | tree dst = call_arg (stmt, 0); | |
2490 | tree src = call_arg (stmt, 1); | |
2491 | ||
2492 | tree size; | |
2493 | bool exact; | |
2494 | if (tree nonstr = unterminated_array (src, &size, &exact)) | |
2495 | { | |
2496 | /* NONSTR refers to the non-nul terminated constant array. */ | |
2497 | warn_string_no_nul (get_location (stmt), stmt, NULL, src, nonstr, | |
2498 | size, exact); | |
2499 | return; | |
2500 | } | |
2501 | ||
2502 | if (warn_stringop_overflow) | |
2503 | { | |
9a27acc3 MS |
2504 | access_data data (m_ptr_qry.rvals, stmt, access_read_write, NULL_TREE, |
2505 | true, NULL_TREE, true); | |
81d6cdd3 | 2506 | const int ost = warn_stringop_overflow ? warn_stringop_overflow - 1 : 1; |
9a27acc3 MS |
2507 | compute_objsize (src, stmt, ost, &data.src, &m_ptr_qry); |
2508 | tree dstsize = compute_objsize (dst, stmt, ost, &data.dst, &m_ptr_qry); | |
81d6cdd3 MS |
2509 | check_access (stmt, /*dstwrite=*/ NULL_TREE, |
2510 | /*maxread=*/ NULL_TREE, /*srcstr=*/ src, | |
9a27acc3 | 2511 | dstsize, data.mode, &data, m_ptr_qry.rvals); |
81d6cdd3 MS |
2512 | } |
2513 | ||
2514 | /* Check to see if the argument was declared attribute nonstring | |
2515 | and if so, issue a warning since at this point it's not known | |
2516 | to be nul-terminated. */ | |
2517 | tree fndecl = get_callee_fndecl (stmt); | |
2518 | maybe_warn_nonstring_arg (fndecl, stmt); | |
2519 | } | |
2520 | ||
2521 | /* Check a call STMT to stpncpy() or strncpy() for overflow and warn | |
2522 | if it does. */ | |
2523 | ||
ece28da9 MS |
2524 | void |
2525 | pass_waccess::check_stxncpy (gcall *stmt) | |
81d6cdd3 MS |
2526 | { |
2527 | if (!warn_stringop_overflow) | |
2528 | return; | |
2529 | ||
2530 | tree dst = call_arg (stmt, 0); | |
2531 | tree src = call_arg (stmt, 1); | |
2532 | /* The number of bytes to write (not the maximum). */ | |
2533 | tree len = call_arg (stmt, 2); | |
2534 | ||
9a27acc3 MS |
2535 | access_data data (m_ptr_qry.rvals, stmt, access_read_write, len, true, len, |
2536 | true); | |
81d6cdd3 | 2537 | const int ost = warn_stringop_overflow ? warn_stringop_overflow - 1 : 1; |
9a27acc3 MS |
2538 | compute_objsize (src, stmt, ost, &data.src, &m_ptr_qry); |
2539 | tree dstsize = compute_objsize (dst, stmt, ost, &data.dst, &m_ptr_qry); | |
81d6cdd3 | 2540 | |
9a27acc3 MS |
2541 | check_access (stmt, /*dstwrite=*/len, /*maxread=*/len, src, dstsize, |
2542 | data.mode, &data, m_ptr_qry.rvals); | |
81d6cdd3 MS |
2543 | } |
2544 | ||
2545 | /* Check a call STMT to stpncpy() or strncpy() for overflow and warn | |
2546 | if it does. */ | |
2547 | ||
ece28da9 MS |
2548 | void |
2549 | pass_waccess::check_strncmp (gcall *stmt) | |
81d6cdd3 MS |
2550 | { |
2551 | if (!warn_stringop_overread) | |
2552 | return; | |
2553 | ||
2554 | tree arg1 = call_arg (stmt, 0); | |
2555 | tree arg2 = call_arg (stmt, 1); | |
2556 | tree bound = call_arg (stmt, 2); | |
2557 | ||
2558 | /* First check each argument separately, considering the bound. */ | |
2559 | if (!check_nul_terminated_array (stmt, arg1, bound) | |
2560 | || !check_nul_terminated_array (stmt, arg2, bound)) | |
2561 | return; | |
2562 | ||
2563 | /* A strncmp read from each argument is constrained not just by | |
2564 | the bound but also by the length of the shorter string. Specifying | |
2565 | a bound that's larger than the size of either array makes no sense | |
2566 | and is likely a bug. When the length of neither of the two strings | |
2567 | is known but the sizes of both of the arrays they are stored in is, | |
2568 | issue a warning if the bound is larger than than the size of | |
2569 | the larger of the two arrays. */ | |
2570 | ||
2571 | c_strlen_data lendata1{ }, lendata2{ }; | |
2572 | tree len1 = c_strlen (arg1, 1, &lendata1); | |
2573 | tree len2 = c_strlen (arg2, 1, &lendata2); | |
2574 | ||
9a27acc3 MS |
2575 | if (len1 && TREE_CODE (len1) != INTEGER_CST) |
2576 | len1 = NULL_TREE; | |
2577 | if (len2 && TREE_CODE (len2) != INTEGER_CST) | |
2578 | len2 = NULL_TREE; | |
2579 | ||
81d6cdd3 MS |
2580 | if (len1 && len2) |
2581 | /* If the length of both arguments was computed they must both be | |
2582 | nul-terminated and no further checking is necessary regardless | |
2583 | of the bound. */ | |
2584 | return; | |
2585 | ||
2586 | /* Check to see if the argument was declared with attribute nonstring | |
2587 | and if so, issue a warning since at this point it's not known to be | |
2588 | nul-terminated. */ | |
2589 | if (maybe_warn_nonstring_arg (get_callee_fndecl (stmt), stmt)) | |
2590 | return; | |
2591 | ||
9a27acc3 MS |
2592 | access_data adata1 (m_ptr_qry.rvals, stmt, access_read_only, NULL_TREE, false, |
2593 | bound, true); | |
2594 | access_data adata2 (m_ptr_qry.rvals, stmt, access_read_only, NULL_TREE, false, | |
2595 | bound, true); | |
81d6cdd3 MS |
2596 | |
2597 | /* Determine the range of the bound first and bail if it fails; it's | |
2598 | cheaper than computing the size of the objects. */ | |
2599 | tree bndrng[2] = { NULL_TREE, NULL_TREE }; | |
f9379fcb | 2600 | get_size_range (m_ptr_qry.rvals, bound, stmt, bndrng, adata1.src_bndrng); |
81d6cdd3 MS |
2601 | if (!bndrng[0] || integer_zerop (bndrng[0])) |
2602 | return; | |
2603 | ||
2604 | if (len1 && tree_int_cst_lt (len1, bndrng[0])) | |
2605 | bndrng[0] = len1; | |
2606 | if (len2 && tree_int_cst_lt (len2, bndrng[0])) | |
2607 | bndrng[0] = len2; | |
2608 | ||
2609 | /* compute_objsize almost never fails (and ultimately should never | |
2610 | fail). Don't bother to handle the rare case when it does. */ | |
9a27acc3 MS |
2611 | if (!compute_objsize (arg1, stmt, 1, &adata1.src, &m_ptr_qry) |
2612 | || !compute_objsize (arg2, stmt, 1, &adata2.src, &m_ptr_qry)) | |
81d6cdd3 MS |
2613 | return; |
2614 | ||
2615 | /* Compute the size of the remaining space in each array after | |
2616 | subtracting any offset into it. */ | |
2617 | offset_int rem1 = adata1.src.size_remaining (); | |
2618 | offset_int rem2 = adata2.src.size_remaining (); | |
2619 | ||
2620 | /* Cap REM1 and REM2 at the other if the other's argument is known | |
2621 | to be an unterminated array, either because there's no space | |
2622 | left in it after adding its offset or because it's constant and | |
2623 | has no nul. */ | |
2624 | if (rem1 == 0 || (rem1 < rem2 && lendata1.decl)) | |
2625 | rem2 = rem1; | |
2626 | else if (rem2 == 0 || (rem2 < rem1 && lendata2.decl)) | |
2627 | rem1 = rem2; | |
2628 | ||
2629 | /* Point PAD at the array to reference in the note if a warning | |
2630 | is issued. */ | |
2631 | access_data *pad = len1 ? &adata2 : &adata1; | |
2632 | offset_int maxrem = wi::max (rem1, rem2, UNSIGNED); | |
2633 | if (lendata1.decl || lendata2.decl | |
2634 | || maxrem < wi::to_offset (bndrng[0])) | |
2635 | { | |
2636 | /* Warn when either argument isn't nul-terminated or the maximum | |
2637 | remaining space in the two arrays is less than the bound. */ | |
2638 | tree func = get_callee_fndecl (stmt); | |
2639 | location_t loc = gimple_location (stmt); | |
2640 | maybe_warn_for_bound (OPT_Wstringop_overread, loc, stmt, func, | |
2641 | bndrng, wide_int_to_tree (sizetype, maxrem), | |
2642 | pad); | |
2643 | } | |
2644 | } | |
2645 | ||
ece28da9 MS |
2646 | /* Determine and check the sizes of the source and the destination |
2647 | of calls to __builtin_{bzero,memcpy,mempcpy,memset} calls. STMT is | |
2648 | the call statement, DEST is the destination argument, SRC is the source | |
2649 | argument or null, and SIZE is the number of bytes being accessed. Use | |
2650 | Object Size type-0 regardless of the OPT_Wstringop_overflow_ setting. | |
2651 | Return true on success (no overflow or invalid sizes), false otherwise. */ | |
2652 | ||
2653 | void | |
2654 | pass_waccess::check_memop_access (gimple *stmt, tree dest, tree src, tree size) | |
2655 | { | |
2656 | /* For functions like memset and memcpy that operate on raw memory | |
2657 | try to determine the size of the largest source and destination | |
2658 | object using type-0 Object Size regardless of the object size | |
2659 | type specified by the option. */ | |
9a27acc3 | 2660 | access_data data (m_ptr_qry.rvals, stmt, access_read_write); |
ece28da9 | 2661 | tree srcsize |
9a27acc3 MS |
2662 | = src ? compute_objsize (src, stmt, 0, &data.src, &m_ptr_qry) : NULL_TREE; |
2663 | tree dstsize = compute_objsize (dest, stmt, 0, &data.dst, &m_ptr_qry); | |
2664 | ||
2665 | check_access (stmt, size, /*maxread=*/NULL_TREE, srcsize, dstsize, | |
2666 | data.mode, &data, m_ptr_qry.rvals); | |
2667 | } | |
2668 | ||
2669 | /* A convenience wrapper for check_access to check access by a read-only | |
2670 | function like puts or strcmp. */ | |
2671 | ||
2672 | void | |
2673 | pass_waccess::check_read_access (gimple *stmt, tree src, | |
2674 | tree bound /* = NULL_TREE */, | |
2675 | int ost /* = 1 */) | |
2676 | { | |
2677 | if (!warn_stringop_overread) | |
2678 | return; | |
2679 | ||
2680 | if (bound && !useless_type_conversion_p (size_type_node, TREE_TYPE (bound))) | |
2681 | bound = fold_convert (size_type_node, bound); | |
2682 | ||
2683 | tree fndecl = get_callee_fndecl (stmt); | |
2684 | maybe_warn_nonstring_arg (fndecl, stmt); | |
ece28da9 | 2685 | |
9a27acc3 MS |
2686 | access_data data (m_ptr_qry.rvals, stmt, access_read_only, NULL_TREE, |
2687 | false, bound, true); | |
2688 | compute_objsize (src, stmt, ost, &data.src, &m_ptr_qry); | |
2689 | check_access (stmt, /*dstwrite=*/ NULL_TREE, /*maxread=*/ bound, | |
2690 | /*srcstr=*/ src, /*dstsize=*/ NULL_TREE, data.mode, | |
2691 | &data, m_ptr_qry.rvals); | |
ece28da9 MS |
2692 | } |
2693 | ||
5a431b60 MS |
2694 | /* Return true if memory model ORD is constant in the context of STMT and |
2695 | set *CSTVAL to the constant value. Otherwise return false. Warn for | |
2696 | invalid ORD. */ | |
2697 | ||
2698 | bool | |
2699 | memmodel_to_uhwi (tree ord, gimple *stmt, unsigned HOST_WIDE_INT *cstval) | |
2700 | { | |
2701 | unsigned HOST_WIDE_INT val; | |
2702 | ||
2703 | if (TREE_CODE (ord) == INTEGER_CST) | |
2704 | { | |
2705 | if (!tree_fits_uhwi_p (ord)) | |
2706 | return false; | |
2707 | val = tree_to_uhwi (ord); | |
2708 | } | |
2709 | else | |
2710 | { | |
2711 | /* Use the range query to determine constant values in the absence | |
2712 | of constant proppagation (such as at -O0). */ | |
2713 | value_range rng; | |
2714 | if (!get_range_query (cfun)->range_of_expr (rng, ord, stmt) | |
2715 | || !rng.constant_p () | |
2716 | || !rng.singleton_p (&ord)) | |
2717 | return false; | |
2718 | ||
2719 | wide_int lob = rng.lower_bound (); | |
2720 | if (!wi::fits_uhwi_p (lob)) | |
2721 | return false; | |
2722 | ||
2723 | val = lob.to_shwi (); | |
2724 | } | |
2725 | ||
2726 | if (targetm.memmodel_check) | |
2727 | /* This might warn for an invalid VAL but return a conservatively | |
2728 | valid result. */ | |
2729 | val = targetm.memmodel_check (val); | |
2730 | else if (val & ~MEMMODEL_MASK) | |
2731 | { | |
2732 | tree fndecl = gimple_call_fndecl (stmt); | |
2733 | location_t loc = gimple_location (stmt); | |
2734 | loc = expansion_point_location_if_in_system_header (loc); | |
2735 | ||
2736 | warning_at (loc, OPT_Winvalid_memory_model, | |
2737 | "unknown architecture specifier in memory model " | |
2738 | "%wi for %qD", val, fndecl); | |
2739 | return false; | |
2740 | } | |
2741 | ||
2742 | *cstval = val; | |
2743 | ||
2744 | return true; | |
2745 | } | |
2746 | ||
2747 | /* Valid memory model for each set of atomic built-in functions. */ | |
2748 | ||
2749 | struct memmodel_pair | |
2750 | { | |
2751 | memmodel modval; | |
2752 | const char* modname; | |
2753 | ||
2754 | #define MEMMODEL_PAIR(val, str) \ | |
2755 | { MEMMODEL_ ## val, "memory_order_" str } | |
2756 | }; | |
2757 | ||
2758 | /* Valid memory models in the order of increasing strength. */ | |
2759 | ||
2760 | static const memmodel_pair memory_models[] = | |
2761 | { MEMMODEL_PAIR (RELAXED, "relaxed"), | |
2762 | MEMMODEL_PAIR (SEQ_CST, "seq_cst"), | |
2763 | MEMMODEL_PAIR (ACQUIRE, "acquire"), | |
2764 | MEMMODEL_PAIR (CONSUME, "consume"), | |
2765 | MEMMODEL_PAIR (RELEASE, "release"), | |
2766 | MEMMODEL_PAIR (ACQ_REL, "acq_rel") | |
2767 | }; | |
2768 | ||
2769 | /* Return the name of the memory model VAL. */ | |
2770 | ||
2771 | static const char* | |
2772 | memmodel_name (unsigned HOST_WIDE_INT val) | |
2773 | { | |
2774 | val = memmodel_base (val); | |
2775 | ||
2776 | for (unsigned i = 0; i != sizeof memory_models / sizeof *memory_models; ++i) | |
2777 | { | |
2778 | if (val == memory_models[i].modval) | |
2779 | return memory_models[i].modname; | |
2780 | } | |
2781 | return NULL; | |
2782 | } | |
2783 | ||
2784 | /* Indices of valid MEMORY_MODELS above for corresponding atomic operations. */ | |
2785 | static const unsigned char load_models[] = { 0, 1, 2, 3, UCHAR_MAX }; | |
2786 | static const unsigned char store_models[] = { 0, 1, 4, UCHAR_MAX }; | |
2787 | static const unsigned char xchg_models[] = { 0, 1, 3, 4, 5, UCHAR_MAX }; | |
2788 | static const unsigned char flag_clr_models[] = { 0, 1, 4, UCHAR_MAX }; | |
2789 | static const unsigned char all_models[] = { 0, 1, 2, 3, 4, 5, UCHAR_MAX }; | |
2790 | ||
2791 | /* Check the success memory model argument ORD_SUCS to the call STMT to | |
2792 | an atomic function and warn if it's invalid. If nonnull, also check | |
2793 | the failure memory model ORD_FAIL and warn if it's invalid. Return | |
2794 | true if a warning has been issued. */ | |
2795 | ||
2796 | bool | |
2797 | pass_waccess::maybe_warn_memmodel (gimple *stmt, tree ord_sucs, | |
2798 | tree ord_fail, const unsigned char *valid) | |
2799 | { | |
2800 | unsigned HOST_WIDE_INT sucs, fail = 0; | |
2801 | if (!memmodel_to_uhwi (ord_sucs, stmt, &sucs) | |
2802 | || (ord_fail && !memmodel_to_uhwi (ord_fail, stmt, &fail))) | |
2803 | return false; | |
2804 | ||
2805 | bool is_valid = false; | |
2806 | if (valid) | |
2807 | for (unsigned i = 0; valid[i] != UCHAR_MAX; ++i) | |
2808 | { | |
2809 | memmodel model = memory_models[valid[i]].modval; | |
2810 | if (memmodel_base (sucs) == model) | |
2811 | { | |
2812 | is_valid = true; | |
2813 | break; | |
2814 | } | |
2815 | } | |
2816 | else | |
2817 | is_valid = true; | |
2818 | ||
2819 | tree fndecl = gimple_call_fndecl (stmt); | |
2820 | location_t loc = gimple_location (stmt); | |
2821 | loc = expansion_point_location_if_in_system_header (loc); | |
2822 | ||
2823 | if (!is_valid) | |
2824 | { | |
2825 | bool warned = false; | |
2826 | if (const char *modname = memmodel_name (sucs)) | |
2827 | warned = warning_at (loc, OPT_Winvalid_memory_model, | |
2828 | "invalid memory model %qs for %qD", | |
2829 | modname, fndecl); | |
2830 | else | |
2831 | warned = warning_at (loc, OPT_Winvalid_memory_model, | |
2832 | "invalid memory model %wi for %qD", | |
2833 | sucs, fndecl); | |
2834 | ||
2835 | if (!warned) | |
2836 | return false; | |
2837 | ||
2838 | /* Print a note with the valid memory models. */ | |
2839 | pretty_printer pp; | |
2840 | pp_show_color (&pp) = pp_show_color (global_dc->printer); | |
2841 | for (unsigned i = 0; valid[i] != UCHAR_MAX; ++i) | |
2842 | { | |
2843 | const char *modname = memory_models[valid[i]].modname; | |
194f712f | 2844 | pp_printf (&pp, "%s%qs", i ? ", " : "", modname); |
5a431b60 MS |
2845 | } |
2846 | ||
2847 | inform (loc, "valid models are %s", pp_formatted_text (&pp)); | |
2848 | return true; | |
2849 | } | |
2850 | ||
2851 | if (!ord_fail) | |
2852 | return false; | |
2853 | ||
2854 | if (fail == MEMMODEL_RELEASE || fail == MEMMODEL_ACQ_REL) | |
2855 | if (const char *failname = memmodel_name (fail)) | |
2856 | { | |
2857 | /* If both memory model arguments are valid but their combination | |
2858 | is not, use their names in the warning. */ | |
2859 | if (!warning_at (loc, OPT_Winvalid_memory_model, | |
2860 | "invalid failure memory model %qs for %qD", | |
2861 | failname, fndecl)) | |
2862 | return false; | |
2863 | ||
2864 | inform (loc, | |
2865 | "valid failure models are %qs, %qs, %qs, %qs", | |
2866 | "memory_order_relaxed", "memory_order_seq_cst", | |
2867 | "memory_order_acquire", "memory_order_consume"); | |
2868 | return true; | |
2869 | } | |
2870 | ||
2871 | if (memmodel_base (fail) <= memmodel_base (sucs)) | |
2872 | return false; | |
2873 | ||
2874 | if (const char *sucsname = memmodel_name (sucs)) | |
2875 | if (const char *failname = memmodel_name (fail)) | |
2876 | { | |
2877 | /* If both memory model arguments are valid but their combination | |
2878 | is not, use their names in the warning. */ | |
2879 | if (!warning_at (loc, OPT_Winvalid_memory_model, | |
2880 | "failure memory model %qs cannot be stronger " | |
2881 | "than success memory model %qs for %qD", | |
2882 | failname, sucsname, fndecl)) | |
2883 | return false; | |
2884 | ||
2885 | /* Print a note with the valid failure memory models which are | |
2886 | those with a value less than or equal to the success mode. */ | |
2887 | char buf[120]; | |
2888 | *buf = '\0'; | |
2889 | for (unsigned i = 0; | |
2890 | memory_models[i].modval <= memmodel_base (sucs); ++i) | |
2891 | { | |
2892 | if (*buf) | |
2893 | strcat (buf, ", "); | |
2894 | ||
2895 | const char *modname = memory_models[valid[i]].modname; | |
2896 | sprintf (buf + strlen (buf), "'%s'", modname); | |
2897 | } | |
2898 | ||
2899 | inform (loc, "valid models are %s", buf); | |
2900 | return true; | |
2901 | } | |
2902 | ||
2903 | /* If either memory model argument value is invalid use the numerical | |
2904 | value of both in the message. */ | |
2905 | return warning_at (loc, OPT_Winvalid_memory_model, | |
2906 | "failure memory model %wi cannot be stronger " | |
2907 | "than success memory model %wi for %qD", | |
2908 | fail, sucs, fndecl); | |
2909 | } | |
2910 | ||
2911 | /* Wrapper for the above. */ | |
2912 | ||
2913 | void | |
2914 | pass_waccess::check_atomic_memmodel (gimple *stmt, tree ord_sucs, | |
2915 | tree ord_fail, const unsigned char *valid) | |
2916 | { | |
2917 | if (warning_suppressed_p (stmt, OPT_Winvalid_memory_model)) | |
2918 | return; | |
2919 | ||
2920 | if (maybe_warn_memmodel (stmt, ord_sucs, ord_fail, valid)) | |
2921 | return; | |
2922 | ||
2923 | suppress_warning (stmt, OPT_Winvalid_memory_model); | |
2924 | } | |
9a27acc3 | 2925 | |
88b504b7 MS |
2926 | /* Check a call STMT to an atomic or sync built-in. */ |
2927 | ||
2928 | bool | |
2929 | pass_waccess::check_atomic_builtin (gcall *stmt) | |
2930 | { | |
2931 | tree callee = gimple_call_fndecl (stmt); | |
2932 | if (!callee) | |
2933 | return false; | |
2934 | ||
2935 | /* The size in bytes of the access by the function, and the number | |
2936 | of the second argument to check (if any). */ | |
2937 | unsigned bytes = 0, arg2 = UINT_MAX; | |
5a431b60 MS |
2938 | unsigned sucs_arg = UINT_MAX, fail_arg = UINT_MAX; |
2939 | /* Points to the array of indices of valid memory models. */ | |
2940 | const unsigned char *pvalid_models = NULL; | |
88b504b7 MS |
2941 | |
2942 | switch (DECL_FUNCTION_CODE (callee)) | |
2943 | { | |
2944 | #define BUILTIN_ACCESS_SIZE_FNSPEC(N) \ | |
5a431b60 | 2945 | BUILT_IN_SYNC_FETCH_AND_ADD_ ## N: \ |
88b504b7 MS |
2946 | case BUILT_IN_SYNC_FETCH_AND_SUB_ ## N: \ |
2947 | case BUILT_IN_SYNC_FETCH_AND_OR_ ## N: \ | |
2948 | case BUILT_IN_SYNC_FETCH_AND_AND_ ## N: \ | |
2949 | case BUILT_IN_SYNC_FETCH_AND_XOR_ ## N: \ | |
2950 | case BUILT_IN_SYNC_FETCH_AND_NAND_ ## N: \ | |
2951 | case BUILT_IN_SYNC_ADD_AND_FETCH_ ## N: \ | |
2952 | case BUILT_IN_SYNC_SUB_AND_FETCH_ ## N: \ | |
2953 | case BUILT_IN_SYNC_OR_AND_FETCH_ ## N: \ | |
2954 | case BUILT_IN_SYNC_AND_AND_FETCH_ ## N: \ | |
2955 | case BUILT_IN_SYNC_XOR_AND_FETCH_ ## N: \ | |
2956 | case BUILT_IN_SYNC_NAND_AND_FETCH_ ## N: \ | |
2957 | case BUILT_IN_SYNC_LOCK_TEST_AND_SET_ ## N: \ | |
2958 | case BUILT_IN_SYNC_BOOL_COMPARE_AND_SWAP_ ## N: \ | |
2959 | case BUILT_IN_SYNC_VAL_COMPARE_AND_SWAP_ ## N: \ | |
2960 | case BUILT_IN_SYNC_LOCK_RELEASE_ ## N: \ | |
5a431b60 MS |
2961 | bytes = N; \ |
2962 | break; \ | |
2963 | case BUILT_IN_ATOMIC_LOAD_ ## N: \ | |
2964 | pvalid_models = load_models; \ | |
2965 | sucs_arg = 1; \ | |
2966 | /* FALLTHROUGH */ \ | |
88b504b7 | 2967 | case BUILT_IN_ATOMIC_STORE_ ## N: \ |
5a431b60 MS |
2968 | if (!pvalid_models) \ |
2969 | pvalid_models = store_models; \ | |
2970 | /* FALLTHROUGH */ \ | |
88b504b7 MS |
2971 | case BUILT_IN_ATOMIC_ADD_FETCH_ ## N: \ |
2972 | case BUILT_IN_ATOMIC_SUB_FETCH_ ## N: \ | |
2973 | case BUILT_IN_ATOMIC_AND_FETCH_ ## N: \ | |
2974 | case BUILT_IN_ATOMIC_NAND_FETCH_ ## N: \ | |
2975 | case BUILT_IN_ATOMIC_XOR_FETCH_ ## N: \ | |
2976 | case BUILT_IN_ATOMIC_OR_FETCH_ ## N: \ | |
2977 | case BUILT_IN_ATOMIC_FETCH_ADD_ ## N: \ | |
2978 | case BUILT_IN_ATOMIC_FETCH_SUB_ ## N: \ | |
2979 | case BUILT_IN_ATOMIC_FETCH_AND_ ## N: \ | |
2980 | case BUILT_IN_ATOMIC_FETCH_NAND_ ## N: \ | |
2981 | case BUILT_IN_ATOMIC_FETCH_OR_ ## N: \ | |
2982 | case BUILT_IN_ATOMIC_FETCH_XOR_ ## N: \ | |
2983 | bytes = N; \ | |
5a431b60 MS |
2984 | if (sucs_arg == UINT_MAX) \ |
2985 | sucs_arg = 2; \ | |
2986 | if (!pvalid_models) \ | |
2987 | pvalid_models = all_models; \ | |
2988 | break; \ | |
2989 | case BUILT_IN_ATOMIC_EXCHANGE_ ## N: \ | |
2990 | bytes = N; \ | |
2991 | sucs_arg = 3; \ | |
2992 | pvalid_models = xchg_models; \ | |
88b504b7 MS |
2993 | break; \ |
2994 | case BUILT_IN_ATOMIC_COMPARE_EXCHANGE_ ## N: \ | |
2995 | bytes = N; \ | |
5a431b60 MS |
2996 | sucs_arg = 4; \ |
2997 | fail_arg = 5; \ | |
2998 | pvalid_models = all_models; \ | |
88b504b7 MS |
2999 | arg2 = 1 |
3000 | ||
3001 | case BUILTIN_ACCESS_SIZE_FNSPEC (1); | |
3002 | break; | |
3003 | case BUILTIN_ACCESS_SIZE_FNSPEC (2); | |
3004 | break; | |
3005 | case BUILTIN_ACCESS_SIZE_FNSPEC (4); | |
3006 | break; | |
3007 | case BUILTIN_ACCESS_SIZE_FNSPEC (8); | |
3008 | break; | |
3009 | case BUILTIN_ACCESS_SIZE_FNSPEC (16); | |
3010 | break; | |
3011 | ||
5a431b60 MS |
3012 | case BUILT_IN_ATOMIC_CLEAR: |
3013 | sucs_arg = 1; | |
3014 | pvalid_models = flag_clr_models; | |
3015 | break; | |
3016 | ||
88b504b7 MS |
3017 | default: |
3018 | return false; | |
3019 | } | |
3020 | ||
5a431b60 MS |
3021 | unsigned nargs = gimple_call_num_args (stmt); |
3022 | if (sucs_arg < nargs) | |
3023 | { | |
3024 | tree ord_sucs = gimple_call_arg (stmt, sucs_arg); | |
3025 | tree ord_fail = NULL_TREE; | |
3026 | if (fail_arg < nargs) | |
3027 | ord_fail = gimple_call_arg (stmt, fail_arg); | |
3028 | check_atomic_memmodel (stmt, ord_sucs, ord_fail, pvalid_models); | |
3029 | } | |
3030 | ||
3031 | if (!bytes) | |
3032 | return true; | |
3033 | ||
88b504b7 MS |
3034 | tree size = build_int_cstu (sizetype, bytes); |
3035 | tree dst = gimple_call_arg (stmt, 0); | |
3036 | check_memop_access (stmt, dst, NULL_TREE, size); | |
3037 | ||
3038 | if (arg2 != UINT_MAX) | |
3039 | { | |
3040 | tree dst = gimple_call_arg (stmt, arg2); | |
3041 | check_memop_access (stmt, dst, NULL_TREE, size); | |
3042 | } | |
3043 | ||
3044 | return true; | |
3045 | } | |
3046 | ||
81d6cdd3 MS |
3047 | /* Check call STMT to a built-in function for invalid accesses. Return |
3048 | true if a call has been handled. */ | |
3049 | ||
3050 | bool | |
3051 | pass_waccess::check_builtin (gcall *stmt) | |
3052 | { | |
3053 | tree callee = gimple_call_fndecl (stmt); | |
3054 | if (!callee) | |
3055 | return false; | |
3056 | ||
3057 | switch (DECL_FUNCTION_CODE (callee)) | |
3058 | { | |
b48d4e68 MS |
3059 | case BUILT_IN_ALLOCA: |
3060 | case BUILT_IN_ALLOCA_WITH_ALIGN: | |
3061 | case BUILT_IN_ALLOCA_WITH_ALIGN_AND_MAX: | |
3062 | check_alloca (stmt); | |
3063 | return true; | |
3064 | ||
9a27acc3 MS |
3065 | case BUILT_IN_EXECL: |
3066 | case BUILT_IN_EXECLE: | |
3067 | case BUILT_IN_EXECLP: | |
3068 | case BUILT_IN_EXECV: | |
3069 | case BUILT_IN_EXECVE: | |
3070 | case BUILT_IN_EXECVP: | |
3071 | check_read_access (stmt, call_arg (stmt, 0)); | |
3072 | return true; | |
3073 | ||
81d6cdd3 MS |
3074 | case BUILT_IN_GETTEXT: |
3075 | case BUILT_IN_PUTS: | |
3076 | case BUILT_IN_PUTS_UNLOCKED: | |
3077 | case BUILT_IN_STRDUP: | |
3078 | check_read_access (stmt, call_arg (stmt, 0)); | |
3079 | return true; | |
3080 | ||
3081 | case BUILT_IN_INDEX: | |
3082 | case BUILT_IN_RINDEX: | |
3083 | case BUILT_IN_STRCHR: | |
3084 | case BUILT_IN_STRRCHR: | |
3085 | case BUILT_IN_STRLEN: | |
3086 | check_read_access (stmt, call_arg (stmt, 0)); | |
3087 | return true; | |
3088 | ||
3089 | case BUILT_IN_FPUTS: | |
3090 | case BUILT_IN_FPUTS_UNLOCKED: | |
3091 | check_read_access (stmt, call_arg (stmt, 0)); | |
3092 | return true; | |
3093 | ||
3094 | case BUILT_IN_STRNDUP: | |
3095 | case BUILT_IN_STRNLEN: | |
9a27acc3 MS |
3096 | { |
3097 | tree str = call_arg (stmt, 0); | |
3098 | tree len = call_arg (stmt, 1); | |
3099 | check_read_access (stmt, str, len); | |
3100 | return true; | |
3101 | } | |
81d6cdd3 MS |
3102 | |
3103 | case BUILT_IN_STRCAT: | |
3104 | check_strcat (stmt); | |
3105 | return true; | |
3106 | ||
3107 | case BUILT_IN_STRNCAT: | |
3108 | check_strncat (stmt); | |
3109 | return true; | |
3110 | ||
3111 | case BUILT_IN_STPCPY: | |
3112 | case BUILT_IN_STRCPY: | |
3113 | check_stxcpy (stmt); | |
3114 | return true; | |
3115 | ||
3116 | case BUILT_IN_STPNCPY: | |
3117 | case BUILT_IN_STRNCPY: | |
3118 | check_stxncpy (stmt); | |
3119 | return true; | |
3120 | ||
3121 | case BUILT_IN_STRCASECMP: | |
3122 | case BUILT_IN_STRCMP: | |
3123 | case BUILT_IN_STRPBRK: | |
3124 | case BUILT_IN_STRSPN: | |
3125 | case BUILT_IN_STRCSPN: | |
3126 | case BUILT_IN_STRSTR: | |
3127 | check_read_access (stmt, call_arg (stmt, 0)); | |
3128 | check_read_access (stmt, call_arg (stmt, 1)); | |
3129 | return true; | |
3130 | ||
3131 | case BUILT_IN_STRNCASECMP: | |
3132 | case BUILT_IN_STRNCMP: | |
3133 | check_strncmp (stmt); | |
3134 | return true; | |
3135 | ||
3136 | case BUILT_IN_MEMCMP: | |
3137 | { | |
3138 | tree a1 = call_arg (stmt, 0); | |
3139 | tree a2 = call_arg (stmt, 1); | |
3140 | tree len = call_arg (stmt, 2); | |
3141 | check_read_access (stmt, a1, len, 0); | |
3142 | check_read_access (stmt, a2, len, 0); | |
3143 | return true; | |
3144 | } | |
3145 | ||
3146 | case BUILT_IN_MEMCPY: | |
3147 | case BUILT_IN_MEMPCPY: | |
3148 | case BUILT_IN_MEMMOVE: | |
3149 | { | |
3150 | tree dst = call_arg (stmt, 0); | |
3151 | tree src = call_arg (stmt, 1); | |
3152 | tree len = call_arg (stmt, 2); | |
3153 | check_memop_access (stmt, dst, src, len); | |
3154 | return true; | |
3155 | } | |
3156 | ||
3157 | case BUILT_IN_MEMCHR: | |
3158 | { | |
3159 | tree src = call_arg (stmt, 0); | |
3160 | tree len = call_arg (stmt, 2); | |
3161 | check_read_access (stmt, src, len, 0); | |
3162 | return true; | |
3163 | } | |
3164 | ||
3165 | case BUILT_IN_MEMSET: | |
3166 | { | |
3167 | tree dst = call_arg (stmt, 0); | |
3168 | tree len = call_arg (stmt, 2); | |
3169 | check_memop_access (stmt, dst, NULL_TREE, len); | |
3170 | return true; | |
3171 | } | |
3172 | ||
3173 | default: | |
88b504b7 MS |
3174 | if (check_atomic_builtin (stmt)) |
3175 | return true; | |
3176 | break; | |
81d6cdd3 | 3177 | } |
88b504b7 | 3178 | return false; |
81d6cdd3 MS |
3179 | } |
3180 | ||
b48d4e68 MS |
3181 | /* Returns the type of the argument ARGNO to function with type FNTYPE |
3182 | or null when the typoe cannot be determined or no such argument exists. */ | |
3183 | ||
3184 | static tree | |
3185 | fntype_argno_type (tree fntype, unsigned argno) | |
3186 | { | |
3187 | if (!prototype_p (fntype)) | |
3188 | return NULL_TREE; | |
3189 | ||
3190 | tree argtype; | |
3191 | function_args_iterator it; | |
3192 | FOREACH_FUNCTION_ARGS (fntype, argtype, it) | |
3193 | if (argno-- == 0) | |
3194 | return argtype; | |
3195 | ||
3196 | return NULL_TREE; | |
3197 | } | |
3198 | ||
3199 | /* Helper to append the "human readable" attribute access specification | |
3200 | described by ACCESS to the array ATTRSTR with size STRSIZE. Used in | |
3201 | diagnostics. */ | |
3202 | ||
3203 | static inline void | |
3204 | append_attrname (const std::pair<int, attr_access> &access, | |
3205 | char *attrstr, size_t strsize) | |
3206 | { | |
3207 | if (access.second.internal_p) | |
3208 | return; | |
3209 | ||
3210 | tree str = access.second.to_external_string (); | |
3211 | gcc_assert (strsize >= (size_t) TREE_STRING_LENGTH (str)); | |
3212 | strcpy (attrstr, TREE_STRING_POINTER (str)); | |
3213 | } | |
3214 | ||
3215 | /* Iterate over attribute access read-only, read-write, and write-only | |
3216 | arguments and diagnose past-the-end accesses and related problems | |
3217 | in the function call EXP. */ | |
3218 | ||
ece28da9 MS |
3219 | void |
3220 | pass_waccess::maybe_check_access_sizes (rdwr_map *rwm, tree fndecl, tree fntype, | |
3221 | gimple *stmt) | |
b48d4e68 MS |
3222 | { |
3223 | auto_diagnostic_group adg; | |
3224 | ||
3225 | /* Set if a warning has been issued for any argument (used to decide | |
3226 | whether to emit an informational note at the end). */ | |
3227 | opt_code opt_warned = no_warning; | |
3228 | ||
3229 | /* A string describing the attributes that the warnings issued by this | |
3230 | function apply to. Used to print one informational note per function | |
3231 | call, rather than one per warning. That reduces clutter. */ | |
3232 | char attrstr[80]; | |
3233 | attrstr[0] = 0; | |
3234 | ||
3235 | for (rdwr_map::iterator it = rwm->begin (); it != rwm->end (); ++it) | |
3236 | { | |
3237 | std::pair<int, attr_access> access = *it; | |
3238 | ||
3239 | /* Get the function call arguments corresponding to the attribute's | |
3240 | positional arguments. When both arguments have been specified | |
3241 | there will be two entries in *RWM, one for each. They are | |
3242 | cross-referenced by their respective argument numbers in | |
3243 | ACCESS.PTRARG and ACCESS.SIZARG. */ | |
3244 | const int ptridx = access.second.ptrarg; | |
3245 | const int sizidx = access.second.sizarg; | |
3246 | ||
3247 | gcc_assert (ptridx != -1); | |
3248 | gcc_assert (access.first == ptridx || access.first == sizidx); | |
3249 | ||
3250 | /* The pointer is set to null for the entry corresponding to | |
3251 | the size argument. Skip it. It's handled when the entry | |
3252 | corresponding to the pointer argument comes up. */ | |
3253 | if (!access.second.ptr) | |
3254 | continue; | |
3255 | ||
3256 | tree ptrtype = fntype_argno_type (fntype, ptridx); | |
ea9e0d6c MS |
3257 | if (!ptrtype) |
3258 | /* A function with a prototype was redeclared without one and | |
3259 | the protype has been lost. See pr102759. Avoid dealing | |
3260 | with this pathological case. */ | |
3261 | return; | |
3262 | ||
b48d4e68 MS |
3263 | tree argtype = TREE_TYPE (ptrtype); |
3264 | ||
ea9e0d6c MS |
3265 | /* The size of the access by the call in elements. */ |
3266 | tree access_nelts; | |
b48d4e68 MS |
3267 | if (sizidx == -1) |
3268 | { | |
3269 | /* If only the pointer attribute operand was specified and | |
3270 | not size, set SIZE to the greater of MINSIZE or size of | |
3271 | one element of the pointed to type to detect smaller | |
3272 | objects (null pointers are diagnosed in this case only | |
3273 | if the pointer is also declared with attribute nonnull. */ | |
3274 | if (access.second.minsize | |
3275 | && access.second.minsize != HOST_WIDE_INT_M1U) | |
ea9e0d6c | 3276 | access_nelts = build_int_cstu (sizetype, access.second.minsize); |
9eeca99c MS |
3277 | else if (VOID_TYPE_P (argtype) && access.second.mode == access_none) |
3278 | /* Treat access mode none on a void* argument as expecting | |
3279 | as little as zero bytes. */ | |
3280 | access_nelts = size_zero_node; | |
b48d4e68 | 3281 | else |
ea9e0d6c | 3282 | access_nelts = size_one_node; |
b48d4e68 MS |
3283 | } |
3284 | else | |
ea9e0d6c | 3285 | access_nelts = rwm->get (sizidx)->size; |
b48d4e68 MS |
3286 | |
3287 | /* Format the value or range to avoid an explosion of messages. */ | |
3288 | char sizstr[80]; | |
3289 | tree sizrng[2] = { size_zero_node, build_all_ones_cst (sizetype) }; | |
ea9e0d6c | 3290 | if (get_size_range (m_ptr_qry.rvals, access_nelts, stmt, sizrng, 1)) |
b48d4e68 MS |
3291 | { |
3292 | char *s0 = print_generic_expr_to_str (sizrng[0]); | |
3293 | if (tree_int_cst_equal (sizrng[0], sizrng[1])) | |
3294 | { | |
3295 | gcc_checking_assert (strlen (s0) < sizeof sizstr); | |
3296 | strcpy (sizstr, s0); | |
3297 | } | |
3298 | else | |
3299 | { | |
3300 | char *s1 = print_generic_expr_to_str (sizrng[1]); | |
3301 | gcc_checking_assert (strlen (s0) + strlen (s1) | |
3302 | < sizeof sizstr - 4); | |
6b8b9596 | 3303 | sprintf (sizstr, "[%.37s, %.37s]", s0, s1); |
b48d4e68 MS |
3304 | free (s1); |
3305 | } | |
3306 | free (s0); | |
3307 | } | |
3308 | else | |
3309 | *sizstr = '\0'; | |
3310 | ||
3311 | /* Set if a warning has been issued for the current argument. */ | |
3312 | opt_code arg_warned = no_warning; | |
3313 | location_t loc = get_location (stmt); | |
3314 | tree ptr = access.second.ptr; | |
3315 | if (*sizstr | |
3316 | && tree_int_cst_sgn (sizrng[0]) < 0 | |
3317 | && tree_int_cst_sgn (sizrng[1]) < 0) | |
3318 | { | |
3319 | /* Warn about negative sizes. */ | |
3320 | if (access.second.internal_p) | |
3321 | { | |
3322 | const std::string argtypestr | |
3323 | = access.second.array_as_string (ptrtype); | |
3324 | ||
3325 | if (warning_at (loc, OPT_Wstringop_overflow_, | |
3326 | "bound argument %i value %s is " | |
3327 | "negative for a variable length array " | |
3328 | "argument %i of type %s", | |
3329 | sizidx + 1, sizstr, | |
3330 | ptridx + 1, argtypestr.c_str ())) | |
3331 | arg_warned = OPT_Wstringop_overflow_; | |
3332 | } | |
3333 | else if (warning_at (loc, OPT_Wstringop_overflow_, | |
3334 | "argument %i value %s is negative", | |
3335 | sizidx + 1, sizstr)) | |
3336 | arg_warned = OPT_Wstringop_overflow_; | |
3337 | ||
3338 | if (arg_warned != no_warning) | |
3339 | { | |
3340 | append_attrname (access, attrstr, sizeof attrstr); | |
3341 | /* Remember a warning has been issued and avoid warning | |
3342 | again below for the same attribute. */ | |
3343 | opt_warned = arg_warned; | |
3344 | continue; | |
3345 | } | |
3346 | } | |
3347 | ||
ea9e0d6c MS |
3348 | /* The size of the access by the call in bytes. */ |
3349 | tree access_size = NULL_TREE; | |
b48d4e68 MS |
3350 | if (tree_int_cst_sgn (sizrng[0]) >= 0) |
3351 | { | |
3352 | if (COMPLETE_TYPE_P (argtype)) | |
3353 | { | |
3354 | /* Multiply ACCESS_SIZE by the size of the type the pointer | |
3355 | argument points to. If it's incomplete the size is used | |
3356 | as is. */ | |
3357 | if (tree argsize = TYPE_SIZE_UNIT (argtype)) | |
3358 | if (TREE_CODE (argsize) == INTEGER_CST) | |
3359 | { | |
3360 | const int prec = TYPE_PRECISION (sizetype); | |
3361 | wide_int minsize = wi::to_wide (sizrng[0], prec); | |
3362 | minsize *= wi::to_wide (argsize, prec); | |
3363 | access_size = wide_int_to_tree (sizetype, minsize); | |
3364 | } | |
3365 | } | |
ea9e0d6c MS |
3366 | else |
3367 | access_size = access_nelts; | |
b48d4e68 | 3368 | } |
b48d4e68 MS |
3369 | |
3370 | if (integer_zerop (ptr)) | |
3371 | { | |
3372 | if (sizidx >= 0 && tree_int_cst_sgn (sizrng[0]) > 0) | |
3373 | { | |
3374 | /* Warn about null pointers with positive sizes. This is | |
3375 | different from also declaring the pointer argument with | |
3376 | attribute nonnull when the function accepts null pointers | |
3377 | only when the corresponding size is zero. */ | |
3378 | if (access.second.internal_p) | |
3379 | { | |
3380 | const std::string argtypestr | |
3381 | = access.second.array_as_string (ptrtype); | |
3382 | ||
3383 | if (warning_at (loc, OPT_Wnonnull, | |
3384 | "argument %i of variable length " | |
3385 | "array %s is null but " | |
3386 | "the corresponding bound argument " | |
3387 | "%i value is %s", | |
3388 | ptridx + 1, argtypestr.c_str (), | |
3389 | sizidx + 1, sizstr)) | |
3390 | arg_warned = OPT_Wnonnull; | |
3391 | } | |
3392 | else if (warning_at (loc, OPT_Wnonnull, | |
3393 | "argument %i is null but " | |
3394 | "the corresponding size argument " | |
3395 | "%i value is %s", | |
3396 | ptridx + 1, sizidx + 1, sizstr)) | |
3397 | arg_warned = OPT_Wnonnull; | |
3398 | } | |
3399 | else if (access_size && access.second.static_p) | |
3400 | { | |
3401 | /* Warn about null pointers for [static N] array arguments | |
3402 | but do not warn for ordinary (i.e., nonstatic) arrays. */ | |
3403 | if (warning_at (loc, OPT_Wnonnull, | |
3404 | "argument %i to %<%T[static %E]%> " | |
3405 | "is null where non-null expected", | |
3406 | ptridx + 1, argtype, access_size)) | |
3407 | arg_warned = OPT_Wnonnull; | |
3408 | } | |
3409 | ||
3410 | if (arg_warned != no_warning) | |
3411 | { | |
3412 | append_attrname (access, attrstr, sizeof attrstr); | |
3413 | /* Remember a warning has been issued and avoid warning | |
3414 | again below for the same attribute. */ | |
3415 | opt_warned = OPT_Wnonnull; | |
3416 | continue; | |
3417 | } | |
3418 | } | |
3419 | ||
9a27acc3 MS |
3420 | access_data data (m_ptr_qry.rvals, stmt, access.second.mode, |
3421 | NULL_TREE, false, NULL_TREE, false); | |
b48d4e68 MS |
3422 | access_ref* const pobj = (access.second.mode == access_write_only |
3423 | ? &data.dst : &data.src); | |
9a27acc3 | 3424 | tree objsize = compute_objsize (ptr, stmt, 1, pobj, &m_ptr_qry); |
b48d4e68 MS |
3425 | |
3426 | /* The size of the destination or source object. */ | |
3427 | tree dstsize = NULL_TREE, srcsize = NULL_TREE; | |
3428 | if (access.second.mode == access_read_only | |
3429 | || access.second.mode == access_none) | |
3430 | { | |
3431 | /* For a read-only argument there is no destination. For | |
3432 | no access, set the source as well and differentiate via | |
3433 | the access flag below. */ | |
3434 | srcsize = objsize; | |
3435 | if (access.second.mode == access_read_only | |
3436 | || access.second.mode == access_none) | |
3437 | { | |
3438 | /* For a read-only attribute there is no destination so | |
3439 | clear OBJSIZE. This emits "reading N bytes" kind of | |
3440 | diagnostics instead of the "writing N bytes" kind, | |
3441 | unless MODE is none. */ | |
3442 | objsize = NULL_TREE; | |
3443 | } | |
3444 | } | |
3445 | else | |
3446 | dstsize = objsize; | |
3447 | ||
3448 | /* Clear the no-warning bit in case it was set by check_access | |
3449 | in a prior iteration so that accesses via different arguments | |
3450 | are diagnosed. */ | |
3451 | suppress_warning (stmt, OPT_Wstringop_overflow_, false); | |
3452 | access_mode mode = data.mode; | |
3453 | if (mode == access_deferred) | |
3454 | mode = TYPE_READONLY (argtype) ? access_read_only : access_read_write; | |
3455 | check_access (stmt, access_size, /*maxread=*/ NULL_TREE, srcsize, | |
9a27acc3 | 3456 | dstsize, mode, &data, m_ptr_qry.rvals); |
b48d4e68 MS |
3457 | |
3458 | if (warning_suppressed_p (stmt, OPT_Wstringop_overflow_)) | |
3459 | opt_warned = OPT_Wstringop_overflow_; | |
3460 | if (opt_warned != no_warning) | |
3461 | { | |
3462 | if (access.second.internal_p) | |
ea9e0d6c MS |
3463 | { |
3464 | unsigned HOST_WIDE_INT nelts = | |
3465 | access_nelts ? access.second.minsize : HOST_WIDE_INT_M1U; | |
3466 | tree arrtype = build_printable_array_type (argtype, nelts); | |
3467 | inform (loc, "referencing argument %u of type %qT", | |
3468 | ptridx + 1, arrtype); | |
3469 | } | |
b48d4e68 MS |
3470 | else |
3471 | /* If check_access issued a warning above, append the relevant | |
3472 | attribute to the string. */ | |
3473 | append_attrname (access, attrstr, sizeof attrstr); | |
3474 | } | |
3475 | } | |
3476 | ||
3477 | if (*attrstr) | |
3478 | { | |
3479 | if (fndecl) | |
3480 | inform (get_location (fndecl), | |
3481 | "in a call to function %qD declared with attribute %qs", | |
3482 | fndecl, attrstr); | |
3483 | else | |
3484 | inform (get_location (stmt), | |
3485 | "in a call with type %qT and attribute %qs", | |
3486 | fntype, attrstr); | |
3487 | } | |
3488 | else if (opt_warned != no_warning) | |
3489 | { | |
3490 | if (fndecl) | |
3491 | inform (get_location (fndecl), | |
3492 | "in a call to function %qD", fndecl); | |
3493 | else | |
3494 | inform (get_location (stmt), | |
3495 | "in a call with type %qT", fntype); | |
3496 | } | |
3497 | ||
3498 | /* Set the bit in case if was cleared and not set above. */ | |
3499 | if (opt_warned != no_warning) | |
3500 | suppress_warning (stmt, opt_warned); | |
3501 | } | |
3502 | ||
3503 | /* Check call STMT to an ordinary (non-built-in) function for invalid | |
3504 | accesses. Return true if a call has been handled. */ | |
3505 | ||
3506 | bool | |
3507 | pass_waccess::check_call (gcall *stmt) | |
3508 | { | |
3509 | tree fntype = gimple_call_fntype (stmt); | |
3510 | if (!fntype) | |
3511 | return false; | |
3512 | ||
3513 | tree fntypeattrs = TYPE_ATTRIBUTES (fntype); | |
3514 | if (!fntypeattrs) | |
3515 | return false; | |
3516 | ||
3517 | /* Map of attribute accewss specifications for function arguments. */ | |
3518 | rdwr_map rdwr_idx; | |
3519 | init_attr_rdwr_indices (&rdwr_idx, fntypeattrs); | |
3520 | ||
3521 | unsigned nargs = call_nargs (stmt); | |
3522 | for (unsigned i = 0; i != nargs; ++i) | |
3523 | { | |
3524 | tree arg = call_arg (stmt, i); | |
3525 | ||
3526 | /* Save the actual argument that corresponds to the access attribute | |
3527 | operand for later processing. */ | |
3528 | if (attr_access *access = rdwr_idx.get (i)) | |
3529 | { | |
3530 | if (POINTER_TYPE_P (TREE_TYPE (arg))) | |
3531 | { | |
3532 | access->ptr = arg; | |
3533 | // A nonnull ACCESS->SIZE contains VLA bounds. */ | |
3534 | } | |
3535 | else | |
3536 | { | |
3537 | access->size = arg; | |
3538 | gcc_assert (access->ptr == NULL_TREE); | |
3539 | } | |
3540 | } | |
3541 | } | |
3542 | ||
3543 | /* Check attribute access arguments. */ | |
3544 | tree fndecl = gimple_call_fndecl (stmt); | |
ece28da9 | 3545 | maybe_check_access_sizes (&rdwr_idx, fndecl, fntype, stmt); |
b48d4e68 MS |
3546 | |
3547 | check_alloc_size_call (stmt); | |
3548 | return true; | |
3549 | } | |
3550 | ||
3551 | /* Check arguments in a call STMT for attribute nonstring. */ | |
3552 | ||
3553 | static void | |
3554 | check_nonstring_args (gcall *stmt) | |
3555 | { | |
3556 | tree fndecl = gimple_call_fndecl (stmt); | |
3557 | ||
3558 | /* Detect passing non-string arguments to functions expecting | |
3559 | nul-terminated strings. */ | |
3560 | maybe_warn_nonstring_arg (fndecl, stmt); | |
3561 | } | |
3562 | ||
ece28da9 MS |
3563 | /* Issue a warning if a deallocation function such as free, realloc, |
3564 | or C++ operator delete is called with an argument not returned by | |
3565 | a matching allocation function such as malloc or the corresponding | |
3566 | form of C++ operatorn new. */ | |
3567 | ||
3568 | void | |
3569 | pass_waccess::maybe_check_dealloc_call (gcall *call) | |
3570 | { | |
3571 | tree fndecl = gimple_call_fndecl (call); | |
3572 | if (!fndecl) | |
3573 | return; | |
3574 | ||
3575 | unsigned argno = fndecl_dealloc_argno (fndecl); | |
3576 | if ((unsigned) call_nargs (call) <= argno) | |
3577 | return; | |
3578 | ||
3579 | tree ptr = gimple_call_arg (call, argno); | |
3580 | if (integer_zerop (ptr)) | |
3581 | return; | |
3582 | ||
3583 | access_ref aref; | |
9a27acc3 | 3584 | if (!compute_objsize (ptr, call, 0, &aref, &m_ptr_qry)) |
ece28da9 MS |
3585 | return; |
3586 | ||
3587 | tree ref = aref.ref; | |
3588 | if (integer_zerop (ref)) | |
3589 | return; | |
3590 | ||
3591 | tree dealloc_decl = fndecl; | |
3592 | location_t loc = gimple_location (call); | |
3593 | ||
3594 | if (DECL_P (ref) || EXPR_P (ref)) | |
3595 | { | |
3596 | /* Diagnose freeing a declared object. */ | |
3597 | if (aref.ref_declared () | |
3598 | && warning_at (loc, OPT_Wfree_nonheap_object, | |
3599 | "%qD called on unallocated object %qD", | |
3600 | dealloc_decl, ref)) | |
3601 | { | |
3602 | inform (get_location (ref), "declared here"); | |
3603 | return; | |
3604 | } | |
3605 | ||
3606 | /* Diagnose freeing a pointer that includes a positive offset. | |
3607 | Such a pointer cannot refer to the beginning of an allocated | |
3608 | object. A negative offset may refer to it. */ | |
3609 | if (aref.sizrng[0] != aref.sizrng[1] | |
3610 | && warn_dealloc_offset (loc, call, aref)) | |
3611 | return; | |
3612 | } | |
3613 | else if (CONSTANT_CLASS_P (ref)) | |
3614 | { | |
3615 | if (warning_at (loc, OPT_Wfree_nonheap_object, | |
3616 | "%qD called on a pointer to an unallocated " | |
3617 | "object %qE", dealloc_decl, ref)) | |
3618 | { | |
3619 | if (TREE_CODE (ptr) == SSA_NAME) | |
3620 | { | |
3621 | gimple *def_stmt = SSA_NAME_DEF_STMT (ptr); | |
3622 | if (is_gimple_assign (def_stmt)) | |
3623 | { | |
3624 | location_t loc = gimple_location (def_stmt); | |
3625 | inform (loc, "assigned here"); | |
3626 | } | |
3627 | } | |
3628 | return; | |
3629 | } | |
3630 | } | |
3631 | else if (TREE_CODE (ref) == SSA_NAME) | |
3632 | { | |
3633 | /* Also warn if the pointer argument refers to the result | |
3634 | of an allocation call like alloca or VLA. */ | |
3635 | gimple *def_stmt = SSA_NAME_DEF_STMT (ref); | |
3636 | if (!def_stmt) | |
3637 | return; | |
3638 | ||
3639 | if (is_gimple_call (def_stmt)) | |
3640 | { | |
3641 | bool warned = false; | |
3642 | if (gimple_call_alloc_p (def_stmt)) | |
3643 | { | |
3644 | if (matching_alloc_calls_p (def_stmt, dealloc_decl)) | |
3645 | { | |
3646 | if (warn_dealloc_offset (loc, call, aref)) | |
3647 | return; | |
3648 | } | |
3649 | else | |
3650 | { | |
3651 | tree alloc_decl = gimple_call_fndecl (def_stmt); | |
3652 | const opt_code opt = | |
3653 | (DECL_IS_OPERATOR_NEW_P (alloc_decl) | |
3654 | || DECL_IS_OPERATOR_DELETE_P (dealloc_decl) | |
3655 | ? OPT_Wmismatched_new_delete | |
3656 | : OPT_Wmismatched_dealloc); | |
3657 | warned = warning_at (loc, opt, | |
3658 | "%qD called on pointer returned " | |
3659 | "from a mismatched allocation " | |
3660 | "function", dealloc_decl); | |
3661 | } | |
3662 | } | |
3663 | else if (gimple_call_builtin_p (def_stmt, BUILT_IN_ALLOCA) | |
3664 | || gimple_call_builtin_p (def_stmt, | |
3665 | BUILT_IN_ALLOCA_WITH_ALIGN)) | |
3666 | warned = warning_at (loc, OPT_Wfree_nonheap_object, | |
3667 | "%qD called on pointer to " | |
3668 | "an unallocated object", | |
3669 | dealloc_decl); | |
3670 | else if (warn_dealloc_offset (loc, call, aref)) | |
3671 | return; | |
3672 | ||
3673 | if (warned) | |
3674 | { | |
3675 | tree fndecl = gimple_call_fndecl (def_stmt); | |
3676 | inform (gimple_location (def_stmt), | |
3677 | "returned from %qD", fndecl); | |
3678 | return; | |
3679 | } | |
3680 | } | |
3681 | else if (gimple_nop_p (def_stmt)) | |
3682 | { | |
3683 | ref = SSA_NAME_VAR (ref); | |
3684 | /* Diagnose freeing a pointer that includes a positive offset. */ | |
3685 | if (TREE_CODE (ref) == PARM_DECL | |
3686 | && !aref.deref | |
3687 | && aref.sizrng[0] != aref.sizrng[1] | |
3688 | && aref.offrng[0] > 0 && aref.offrng[1] > 0 | |
3689 | && warn_dealloc_offset (loc, call, aref)) | |
3690 | return; | |
3691 | } | |
3692 | } | |
3693 | } | |
3694 | ||
2a837de2 MS |
3695 | /* Check call STMT for invalid accesses. */ |
3696 | ||
3697 | void | |
3698 | pass_waccess::check (gcall *stmt) | |
3699 | { | |
b48d4e68 MS |
3700 | if (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) |
3701 | check_builtin (stmt); | |
81d6cdd3 | 3702 | |
b48d4e68 MS |
3703 | if (is_gimple_call (stmt)) |
3704 | check_call (stmt); | |
3705 | ||
3706 | maybe_check_dealloc_call (stmt); | |
3707 | ||
3708 | check_nonstring_args (stmt); | |
2a837de2 MS |
3709 | } |
3710 | ||
3711 | /* Check basic block BB for invalid accesses. */ | |
3712 | ||
3713 | void | |
3714 | pass_waccess::check (basic_block bb) | |
3715 | { | |
3716 | /* Iterate over statements, looking for function calls. */ | |
3717 | for (auto si = gsi_start_bb (bb); !gsi_end_p (si); gsi_next (&si)) | |
3718 | { | |
3719 | if (gcall *call = dyn_cast <gcall *> (gsi_stmt (si))) | |
3720 | check (call); | |
3721 | } | |
3722 | } | |
3723 | ||
3724 | /* Check function FUN for invalid accesses. */ | |
3725 | ||
3726 | unsigned | |
3727 | pass_waccess::execute (function *fun) | |
3728 | { | |
81501087 | 3729 | /* Create a new ranger instance and associate it with FUN. */ |
ece28da9 | 3730 | m_ptr_qry.rvals = enable_ranger (fun); |
b48d4e68 | 3731 | |
2a837de2 MS |
3732 | basic_block bb; |
3733 | FOR_EACH_BB_FN (bb, fun) | |
3734 | check (bb); | |
3735 | ||
ece28da9 MS |
3736 | if (dump_file) |
3737 | m_ptr_qry.dump (dump_file, (dump_flags & TDF_DETAILS) != 0); | |
3738 | ||
3739 | m_ptr_qry.flush_cache (); | |
3740 | ||
3741 | /* Release the ranger instance and replace it with a global ranger. | |
3742 | Also reset the pointer since calling disable_ranger() deletes it. */ | |
81501087 | 3743 | disable_ranger (fun); |
ece28da9 | 3744 | m_ptr_qry.rvals = NULL; |
81501087 | 3745 | |
2a837de2 MS |
3746 | return 0; |
3747 | } | |
3748 | ||
3749 | } // namespace | |
3750 | ||
3751 | /* Return a new instance of the pass. */ | |
3752 | ||
3753 | gimple_opt_pass * | |
3754 | make_pass_warn_access (gcc::context *ctxt) | |
3755 | { | |
3756 | return new pass_waccess (ctxt); | |
3757 | } |