GCC Middle and Back End API Reference
gimple-ssa-sprintf.cc File Reference
#include "config.h"
#include "system.h"
#include "coretypes.h"
#include "backend.h"
#include "tree.h"
#include "gimple.h"
#include "tree-pass.h"
#include "ssa.h"
#include "gimple-iterator.h"
#include "gimple-fold.h"
#include "gimple-pretty-print.h"
#include "diagnostic-core.h"
#include "fold-const.h"
#include "tree-ssa.h"
#include "tree-object-size.h"
#include "tree-cfg.h"
#include "tree-ssa-propagate.h"
#include "calls.h"
#include "cfgloop.h"
#include "tree-scalar-evolution.h"
#include "tree-ssa-loop.h"
#include "intl.h"
#include "langhooks.h"
#include "attribs.h"
#include "builtins.h"
#include "pointer-query.h"
#include "stor-layout.h"
#include "realmpfr.h"
#include "target.h"
#include "cpplib.h"
#include "input.h"
#include "toplev.h"
#include "substring-locations.h"
#include "diagnostic.h"
#include "domwalk.h"
#include "alloc-pool.h"
#include "vr-values.h"
#include "tree-ssa-strlen.h"
#include "tree-dfa.h"
Include dependency graph for gimple-ssa-sprintf.cc:

Macros

#define target_mb_len_max()
#define IEEE_MAX_10_EXP   4932
#define target_dir_max()

Functions

bool handle_printf_call (gimple_stmt_iterator *gsi, pointer_query &ptr_qry)

Macro Definition Documentation

◆ IEEE_MAX_10_EXP

#define IEEE_MAX_10_EXP   4932
The maximum number of bytes a single non-string directive can result in. This is the result of printf("%.*Lf", INT_MAX, -LDBL_MAX) for LDBL_MAX_10_EXP of 4932.

◆ target_dir_max

#define target_dir_max ( )
Value:
(target_int_max () + IEEE_MAX_10_EXP + 2)
#define IEEE_MAX_10_EXP
Definition gimple-ssa-sprintf.cc:99

◆ target_mb_len_max

#define target_mb_len_max ( )
Value:
6
Copyright (C) 2016-2025 Free Software Foundation, Inc. Contributed by Martin Sebor <msebor@redhat.com>. This file is part of GCC. GCC is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. GCC is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>.
This file implements the printf-return-value pass. The pass does two things: 1) it analyzes calls to formatted output functions like sprintf looking for possible buffer overflows and calls to bounded functions like snprintf for early truncation (and under the control of the -Wformat-length option issues warnings), and 2) under the control of the -fprintf-return-value option it folds the return value of safe calls into constants, making it possible to eliminate code that depends on the value of those constants. For all functions (bounded or not) the pass uses the size of the destination object. That means that it will diagnose calls to snprintf not on the basis of the size specified by the function's second argument but rather on the basis of the size the first argument points to (if possible). For bound-checking built-ins like __builtin___snprintf_chk the pass uses the size typically determined by __builtin_object_size and passed to the built-in by the Glibc inline wrapper. The pass handles all forms standard sprintf format directives, including character, integer, floating point, pointer, and strings, with the standard C flags, widths, and precisions. For integers and strings it computes the length of output itself. For floating point it uses MPFR to format known constants with up and down rounding and uses the resulting range of output lengths. For strings it uses the length of string literals and the sizes of character arrays that a character pointer may point to as a bound on the longest string.
The likely worst case value of MB_LEN_MAX for the target, large enough for UTF-8. Ideally, this would be obtained by a target hook if it were to be used for optimization but it's good enough as is for warnings.

Function Documentation

◆ handle_printf_call()