Line data Source code
1 : /* String length optimization
2 : Copyright (C) 2011-2026 Free Software Foundation, Inc.
3 : Contributed by Jakub Jelinek <jakub@redhat.com>
4 :
5 : This file is part of GCC.
6 :
7 : GCC is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3, or (at your option)
10 : any later version.
11 :
12 : GCC is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with GCC; see the file COPYING3. If not see
19 : <http://www.gnu.org/licenses/>. */
20 :
21 : #include "config.h"
22 : #include "system.h"
23 : #include "coretypes.h"
24 : #include "backend.h"
25 : #include "rtl.h"
26 : #include "tree.h"
27 : #include "gimple.h"
28 : #include "alloc-pool.h"
29 : #include "tree-pass.h"
30 : #include "ssa.h"
31 : #include "cgraph.h"
32 : #include "gimple-pretty-print.h"
33 : #include "gimple-ssa-warn-access.h"
34 : #include "gimple-ssa-warn-restrict.h"
35 : #include "fold-const.h"
36 : #include "stor-layout.h"
37 : #include "gimple-iterator.h"
38 : #include "gimple-fold.h"
39 : #include "tree-eh.h"
40 : #include "gimplify.h"
41 : #include "gimplify-me.h"
42 : #include "expr.h"
43 : #include "tree-cfg.h"
44 : #include "tree-dfa.h"
45 : #include "domwalk.h"
46 : #include "tree-ssa-alias.h"
47 : #include "tree-ssa-propagate.h"
48 : #include "tree-ssa-strlen.h"
49 : #include "tree-hash-traits.h"
50 : #include "builtins.h"
51 : #include "pointer-query.h"
52 : #include "target.h"
53 : #include "diagnostic-core.h"
54 : #include "diagnostic.h"
55 : #include "intl.h"
56 : #include "attribs.h"
57 : #include "calls.h"
58 : #include "cfgloop.h"
59 : #include "tree-ssa-loop.h"
60 : #include "tree-scalar-evolution.h"
61 : #include "vr-values.h"
62 : #include "gimple-range.h"
63 : #include "tree-ssa.h"
64 :
65 : /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
66 : is an index into strinfo vector, negative value stands for
67 : string length of a string literal (~strlen). */
68 : static vec<int> ssa_ver_to_stridx;
69 :
70 : /* Number of currently active string indexes plus one. */
71 : static int max_stridx;
72 :
73 : /* Set to true to optimize, false when just checking. */
74 : static bool strlen_optimize;
75 :
76 : /* String information record. */
77 : struct strinfo
78 : {
79 : /* Number of leading characters that are known to be nonzero. This is
80 : also the length of the string if FULL_STRING_P.
81 :
82 : The values in a list of related string pointers must be consistent;
83 : that is, if strinfo B comes X bytes after strinfo A, it must be
84 : the case that A->nonzero_chars == X + B->nonzero_chars. */
85 : tree nonzero_chars;
86 : /* Any of the corresponding pointers for querying alias oracle. */
87 : tree ptr;
88 : /* STMT is used for two things:
89 :
90 : - To record the statement that should be used for delayed length
91 : computations. We maintain the invariant that all related strinfos
92 : have delayed lengths or none do.
93 :
94 : - To record the malloc or calloc call that produced this result
95 : to optimize away malloc/memset sequences. STMT is reset after
96 : a calloc-allocated object has been stored a non-zero value into. */
97 : gimple *stmt;
98 : /* Set to the dynamic allocation statement for the object (alloca,
99 : calloc, malloc, or VLA). Unlike STMT, once set for a strinfo
100 : object, ALLOC doesn't change. */
101 : gimple *alloc;
102 : /* Pointer to '\0' if known, if NULL, it can be computed as
103 : ptr + length. */
104 : tree endptr;
105 : /* Reference count. Any changes to strinfo entry possibly shared
106 : with dominating basic blocks need unshare_strinfo first, except
107 : for dont_invalidate which affects only the immediately next
108 : maybe_invalidate. */
109 : int refcount;
110 : /* Copy of index. get_strinfo (si->idx) should return si; */
111 : int idx;
112 : /* These 3 fields are for chaining related string pointers together.
113 : E.g. for
114 : bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
115 : strcpy (c, d); e = c + dl;
116 : strinfo(a) -> strinfo(c) -> strinfo(e)
117 : All have ->first field equal to strinfo(a)->idx and are doubly
118 : chained through prev/next fields. The later strinfos are required
119 : to point into the same string with zero or more bytes after
120 : the previous pointer and all bytes in between the two pointers
121 : must be non-zero. Functions like strcpy or memcpy are supposed
122 : to adjust all previous strinfo lengths, but not following strinfo
123 : lengths (those are uncertain, usually invalidated during
124 : maybe_invalidate, except when the alias oracle knows better).
125 : Functions like strcat on the other side adjust the whole
126 : related strinfo chain.
127 : They are updated lazily, so to use the chain the same first fields
128 : and si->prev->next == si->idx needs to be verified. */
129 : int first;
130 : int next;
131 : int prev;
132 : /* A flag whether the string is known to be written in the current
133 : function. */
134 : bool writable;
135 : /* A flag for the next maybe_invalidate that this strinfo shouldn't
136 : be invalidated. Always cleared by maybe_invalidate. */
137 : bool dont_invalidate;
138 : /* True if the string is known to be nul-terminated after NONZERO_CHARS
139 : characters. False is useful when detecting strings that are built
140 : up via successive memcpys. */
141 : bool full_string_p;
142 : };
143 :
144 : /* Pool for allocating strinfo_struct entries. */
145 : static object_allocator<strinfo> strinfo_pool ("strinfo pool");
146 :
147 : /* Vector mapping positive string indexes to strinfo, for the
148 : current basic block. The first pointer in the vector is special,
149 : it is either NULL, meaning the vector isn't shared, or it is
150 : a basic block pointer to the owner basic_block if shared.
151 : If some other bb wants to modify the vector, the vector needs
152 : to be unshared first, and only the owner bb is supposed to free it. */
153 : static vec<strinfo *, va_heap, vl_embed> *stridx_to_strinfo;
154 :
155 : /* One OFFSET->IDX mapping. */
156 : struct stridxlist
157 : {
158 : struct stridxlist *next;
159 : HOST_WIDE_INT offset;
160 : int idx;
161 : };
162 :
163 : /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
164 : struct decl_stridxlist_map
165 : {
166 : struct tree_map_base base;
167 : struct stridxlist list;
168 : };
169 :
170 : /* Hash table for mapping decls to a chained list of offset -> idx
171 : mappings. */
172 : typedef hash_map<tree_decl_hash, stridxlist> decl_to_stridxlist_htab_t;
173 : static decl_to_stridxlist_htab_t *decl_to_stridxlist_htab;
174 :
175 : /* Hash table mapping strlen (or strnlen with constant bound and return
176 : smaller than bound) calls to stridx instances describing
177 : the calls' arguments. Non-null only when warn_stringop_truncation
178 : is non-zero. */
179 : typedef std::pair<int, location_t> stridx_strlenloc;
180 : static hash_map<tree, stridx_strlenloc> *strlen_to_stridx;
181 :
182 : /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
183 : static struct obstack stridx_obstack;
184 :
185 : /* Last memcpy statement if it could be adjusted if the trailing
186 : '\0' written is immediately overwritten, or
187 : *x = '\0' store that could be removed if it is immediately overwritten. */
188 : struct laststmt_struct
189 : {
190 : gimple *stmt;
191 : tree len;
192 : int stridx;
193 : } laststmt;
194 :
195 : static int get_stridx_plus_constant (strinfo *, unsigned HOST_WIDE_INT, tree);
196 : static bool get_range_strlen_dynamic (tree, gimple *, c_strlen_data *,
197 : bitmap, pointer_query *, unsigned *);
198 :
199 : /* Sets MINMAX to either the constant value or the range VAL is in
200 : and returns either the constant value or VAL on success or null
201 : when the range couldn't be determined. Uses RVALS or CFUN for
202 : range info, whichever is nonnull. */
203 :
204 : tree
205 5016706 : get_range (tree val, gimple *stmt, wide_int minmax[2],
206 : range_query *rvals /* = NULL */)
207 : {
208 5016706 : if (!rvals)
209 : {
210 99787 : if (!cfun)
211 : /* When called from front ends for global initializers CFUN
212 : may be null. */
213 : return NULL_TREE;
214 :
215 99781 : rvals = get_range_query (cfun);
216 : }
217 :
218 5016700 : value_range vr (TREE_TYPE (val));
219 5016700 : if (!rvals->range_of_expr (vr, val, stmt))
220 : return NULL_TREE;
221 :
222 5016700 : tree vrmin, vrmax;
223 5016700 : value_range_kind rng = get_legacy_range (vr, vrmin, vrmax);
224 5016700 : if (rng == VR_RANGE)
225 : {
226 : /* Only handle straight ranges. */
227 4813629 : minmax[0] = wi::to_wide (vrmin);
228 4813629 : minmax[1] = wi::to_wide (vrmax);
229 4813629 : return val;
230 : }
231 :
232 : return NULL_TREE;
233 5016700 : }
234 :
235 : class strlen_pass : public dom_walker
236 : {
237 : public:
238 1105220 : strlen_pass (function *fun, cdi_direction direction)
239 1105220 : : dom_walker (direction),
240 1105220 : ptr_qry (get_range_query (fun)),
241 1105220 : m_cleanup_cfg (false)
242 : {
243 1105220 : }
244 :
245 : ~strlen_pass ();
246 :
247 : edge before_dom_children (basic_block) final override;
248 : void after_dom_children (basic_block) final override;
249 :
250 : bool check_and_optimize_stmt (bool *cleanup_eh);
251 : bool check_and_optimize_call (bool *zero_write);
252 : bool handle_assign (tree lhs, tree rhs, bool *zero_write);
253 : bool handle_store (bool *zero_write);
254 : void handle_pointer_plus ();
255 : void handle_builtin_strlen ();
256 : void handle_builtin_strchr ();
257 : void handle_builtin_strcpy (built_in_function);
258 : void handle_integral_assign (bool *cleanup_eh);
259 : void handle_builtin_stxncpy_strncat (bool append_p);
260 : void handle_builtin_memcpy (built_in_function bcode);
261 : void handle_builtin_strcat (built_in_function bcode);
262 : void handle_builtin_strncat (built_in_function);
263 : bool handle_builtin_memset (bool *zero_write);
264 : bool handle_builtin_memcmp ();
265 : bool handle_builtin_string_cmp ();
266 : void handle_alloc_call (built_in_function);
267 : void maybe_warn_overflow (gimple *stmt, bool call_lhs, tree len,
268 : strinfo *si = NULL, bool plus_one = false,
269 : bool rawmem = false);
270 : void maybe_warn_overflow (gimple *stmt, bool call_lhs,
271 : unsigned HOST_WIDE_INT len,
272 : strinfo *si = NULL,
273 : bool plus_one = false, bool rawmem = false);
274 : void adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat);
275 : tree strxcmp_eqz_result (gimple *stmt, tree arg1, int idx1,
276 : tree arg2, int idx2,
277 : unsigned HOST_WIDE_INT bound,
278 : unsigned HOST_WIDE_INT len[2],
279 : unsigned HOST_WIDE_INT *psize);
280 : bool count_nonzero_bytes (tree expr_or_type,
281 : gimple *stmt,
282 : unsigned lenrange[3], bool *nulterm,
283 : bool *allnul, bool *allnonnul);
284 : bool count_nonzero_bytes (tree exp, tree vuse,
285 : gimple *stmt,
286 : unsigned HOST_WIDE_INT offset,
287 : unsigned HOST_WIDE_INT nbytes,
288 : unsigned lenrange[3], bool *nulterm,
289 : bool *allnul, bool *allnonnul,
290 : ssa_name_limit_t &snlim);
291 : bool count_nonzero_bytes_addr (tree exp, tree vuse,
292 : gimple *stmt,
293 : unsigned HOST_WIDE_INT offset,
294 : unsigned HOST_WIDE_INT nbytes,
295 : unsigned lenrange[3], bool *nulterm,
296 : bool *allnul, bool *allnonnul,
297 : ssa_name_limit_t &snlim);
298 : bool get_len_or_size (gimple *stmt, tree arg, int idx,
299 : unsigned HOST_WIDE_INT lenrng[2],
300 : unsigned HOST_WIDE_INT *size, bool *nulterm);
301 :
302 : /* A pointer_query object to store information about pointers and
303 : their targets in. */
304 : pointer_query ptr_qry;
305 :
306 : gimple_stmt_iterator m_gsi;
307 :
308 : /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
309 : execute function. */
310 : bool m_cleanup_cfg;
311 : };
312 :
313 : /* Return:
314 :
315 : * +1 if SI is known to start with more than OFF nonzero characters.
316 :
317 : * 0 if SI is known to start with exactly OFF nonzero characters.
318 :
319 : * -1 if SI either does not start with OFF nonzero characters
320 : or the relationship between the number of leading nonzero
321 : characters in SI and OFF is unknown. */
322 :
323 : static int
324 5399 : compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off)
325 : {
326 5399 : if (si->nonzero_chars
327 5067 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
328 5026 : return compare_tree_int (si->nonzero_chars, off);
329 : else
330 : return -1;
331 : }
332 :
333 : /* Same as above but suitable also for strings with non-constant lengths.
334 : Uses RVALS to determine length range. */
335 :
336 : static int
337 93743 : compare_nonzero_chars (strinfo *si, gimple *stmt,
338 : unsigned HOST_WIDE_INT off,
339 : range_query *rvals)
340 : {
341 93743 : if (!si->nonzero_chars)
342 : return -1;
343 :
344 88085 : if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
345 87596 : return compare_tree_int (si->nonzero_chars, off);
346 :
347 489 : if (!rvals || TREE_CODE (si->nonzero_chars) != SSA_NAME)
348 : return -1;
349 :
350 185 : int_range_max vr;
351 185 : if (!rvals->range_of_expr (vr, si->nonzero_chars, stmt)
352 185 : || vr.varying_p ()
353 370 : || vr.undefined_p ())
354 : return -1;
355 :
356 : /* If the offset is less than the minimum length or if the bounds
357 : of the length range are equal return the result of the comparison
358 : same as in the constant case. Otherwise return a conservative
359 : result. */
360 185 : signop sign = TYPE_SIGN (vr.type ());
361 185 : unsigned prec = TYPE_PRECISION (vr.type ());
362 185 : int cmpmin = wi::cmp (vr.lower_bound (), wi::uhwi (off, prec), sign);
363 185 : if (cmpmin > 0 || vr.singleton_p ())
364 133 : return cmpmin;
365 :
366 : return -1;
367 185 : }
368 :
369 : /* Return true if SI is known to be a zero-length string. */
370 :
371 : static inline bool
372 3317 : zero_length_string_p (strinfo *si)
373 : {
374 3317 : return si->full_string_p && integer_zerop (si->nonzero_chars);
375 : }
376 :
377 : /* Return strinfo vector entry IDX. */
378 :
379 : static inline strinfo *
380 337309 : get_strinfo (int idx)
381 : {
382 337309 : if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
383 : return NULL;
384 275325 : return (*stridx_to_strinfo)[idx];
385 : }
386 :
387 : /* Get the next strinfo in the chain after SI, or null if none. */
388 :
389 : static inline strinfo *
390 8714 : get_next_strinfo (strinfo *si)
391 : {
392 8714 : if (si->next == 0)
393 : return NULL;
394 6675 : strinfo *nextsi = get_strinfo (si->next);
395 6675 : if (nextsi == NULL || nextsi->first != si->first || nextsi->prev != si->idx)
396 12 : return NULL;
397 : return nextsi;
398 : }
399 :
400 : /* Helper function for get_stridx. Return the strinfo index of the address
401 : of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
402 : OK to return the index for some X <= &EXP and store &EXP - X in
403 : *OFFSET_OUT. When RVALS is nonnull uses it to determine range
404 : information. */
405 :
406 : static int
407 1844900 : get_addr_stridx (tree exp, gimple *stmt,
408 : tree ptr, unsigned HOST_WIDE_INT *offset_out,
409 : range_query *rvals = NULL)
410 : {
411 1844900 : HOST_WIDE_INT off;
412 1844900 : struct stridxlist *list, *last = NULL;
413 1844900 : tree base;
414 :
415 1844900 : if (!decl_to_stridxlist_htab)
416 : return 0;
417 :
418 596229 : poly_int64 poff;
419 596229 : base = get_addr_base_and_unit_offset (exp, &poff);
420 596229 : if (base == NULL || !DECL_P (base) || !poff.is_constant (&off))
421 : return 0;
422 :
423 340991 : list = decl_to_stridxlist_htab->get (base);
424 340991 : if (list == NULL)
425 : return 0;
426 :
427 319434 : do
428 : {
429 319434 : if (list->offset == off)
430 : {
431 88715 : if (offset_out)
432 37050 : *offset_out = 0;
433 88715 : return list->idx;
434 : }
435 230719 : if (list->offset > off)
436 : return 0;
437 198862 : last = list;
438 198862 : list = list->next;
439 : }
440 198862 : while (list);
441 :
442 61919 : if ((offset_out || ptr) && last && last->idx > 0)
443 : {
444 61919 : unsigned HOST_WIDE_INT rel_off
445 61919 : = (unsigned HOST_WIDE_INT) off - last->offset;
446 61919 : strinfo *si = get_strinfo (last->idx);
447 61919 : if (si && compare_nonzero_chars (si, stmt, rel_off, rvals) >= 0)
448 : {
449 16627 : if (offset_out)
450 : {
451 15195 : *offset_out = rel_off;
452 15195 : return last->idx;
453 : }
454 : else
455 1432 : return get_stridx_plus_constant (si, rel_off, ptr);
456 : }
457 : }
458 : return 0;
459 : }
460 :
461 : /* Returns string index for EXP. When EXP is an SSA_NAME that refers
462 : to a known strinfo with an offset and OFFRNG is non-null, sets
463 : both elements of the OFFRNG array to the range of the offset and
464 : returns the index of the known strinfo. In this case the result
465 : must not be used in for functions that modify the string.
466 : When nonnull, uses RVALS to determine range information. */
467 :
468 : static int
469 6537316 : get_stridx (tree exp, gimple *stmt,
470 : wide_int offrng[2] = NULL, range_query *rvals = NULL)
471 : {
472 6537316 : if (offrng)
473 29665 : offrng[0] = offrng[1] = wi::zero (TYPE_PRECISION (ptrdiff_type_node));
474 :
475 6537316 : if (TREE_CODE (exp) == SSA_NAME)
476 : {
477 2875654 : if (ssa_ver_to_stridx[SSA_NAME_VERSION (exp)])
478 : return ssa_ver_to_stridx[SSA_NAME_VERSION (exp)];
479 :
480 2715306 : tree e = exp;
481 2715306 : int last_idx = 0;
482 2715306 : HOST_WIDE_INT offset = 0;
483 : /* Follow a chain of at most 5 assignments. */
484 2924901 : for (int i = 0; i < 5; i++)
485 : {
486 2918283 : gimple *def_stmt = SSA_NAME_DEF_STMT (e);
487 2918283 : if (!is_gimple_assign (def_stmt))
488 : return last_idx;
489 :
490 1409803 : tree_code rhs_code = gimple_assign_rhs_code (def_stmt);
491 1409803 : tree ptr, off;
492 :
493 1409803 : if (rhs_code == ADDR_EXPR)
494 : {
495 : /* Handle indices/offsets into VLAs which are implemented
496 : as pointers to arrays. */
497 50508 : ptr = gimple_assign_rhs1 (def_stmt);
498 50508 : ptr = TREE_OPERAND (ptr, 0);
499 :
500 : /* Handle also VLAs of types larger than char. */
501 50508 : if (tree eltsize = TYPE_SIZE_UNIT (TREE_TYPE (ptr)))
502 : {
503 50323 : if (TREE_CODE (ptr) == ARRAY_REF)
504 : {
505 17007 : off = TREE_OPERAND (ptr, 1);
506 17007 : ptr = TREE_OPERAND (ptr, 0);
507 17007 : if (!integer_onep (eltsize))
508 : {
509 : /* Scale the array index by the size of the element
510 : type in the rare case that it's greater than
511 : the typical 1 for char, making sure both operands
512 : have the same type. */
513 9933 : eltsize = fold_convert (ssizetype, eltsize);
514 9933 : off = fold_convert (ssizetype, off);
515 9933 : off = fold_build2 (MULT_EXPR, ssizetype, off, eltsize);
516 : }
517 : }
518 : else
519 33316 : off = integer_zero_node;
520 : }
521 : else
522 : return 0;
523 :
524 50323 : if (TREE_CODE (ptr) != MEM_REF)
525 : return 0;
526 :
527 : /* Add the MEM_REF byte offset. */
528 13811 : tree mem_off = TREE_OPERAND (ptr, 1);
529 13811 : off = fold_build2 (PLUS_EXPR, TREE_TYPE (off), off, mem_off);
530 13811 : ptr = TREE_OPERAND (ptr, 0);
531 : }
532 1359295 : else if (rhs_code == POINTER_PLUS_EXPR)
533 : {
534 510427 : ptr = gimple_assign_rhs1 (def_stmt);
535 510427 : off = gimple_assign_rhs2 (def_stmt);
536 : }
537 : else
538 : return 0;
539 :
540 524238 : if (TREE_CODE (ptr) != SSA_NAME)
541 : return 0;
542 :
543 483328 : if (!tree_fits_shwi_p (off))
544 : {
545 272275 : if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
546 23467 : if (offrng)
547 : {
548 : /* Only when requested by setting OFFRNG to non-null,
549 : return the index corresponding to the SSA_NAME.
550 : Do this irrespective of the whether the offset
551 : is known. */
552 330 : if (get_range (off, def_stmt, offrng, rvals))
553 : {
554 : /* When the offset range is known, increment it
555 : it by the constant offset computed in prior
556 : iterations and store it in the OFFRNG array. */
557 217 : offrng[0] += offset;
558 217 : offrng[1] += offset;
559 : }
560 : else
561 : {
562 : /* When the offset range cannot be determined
563 : store [0, SIZE_MAX] and let the caller decide
564 : if the offset matters. */
565 113 : offrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
566 113 : offrng[0] = wi::zero (offrng[1].get_precision ());
567 : }
568 330 : return idx;
569 : }
570 : return 0;
571 : }
572 :
573 211053 : HOST_WIDE_INT this_off = tree_to_shwi (off);
574 211053 : if (offrng)
575 : {
576 1706 : offrng[0] += wi::shwi (this_off, offrng->get_precision ());
577 1706 : offrng[1] += offrng[0];
578 : }
579 :
580 211053 : if (this_off < 0)
581 : return last_idx;
582 :
583 211053 : offset = (unsigned HOST_WIDE_INT) offset + this_off;
584 211053 : if (offset < 0)
585 : return last_idx;
586 :
587 211053 : if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
588 : {
589 11711 : strinfo *si = get_strinfo (idx);
590 11711 : if (si)
591 : {
592 2509 : if (compare_nonzero_chars (si, offset) >= 0)
593 1458 : return get_stridx_plus_constant (si, offset, exp);
594 :
595 1051 : if (offrng)
596 209595 : last_idx = idx;
597 : }
598 : }
599 209595 : e = ptr;
600 : }
601 :
602 : return last_idx;
603 : }
604 :
605 3661662 : if (TREE_CODE (exp) == ADDR_EXPR)
606 : {
607 1227627 : int idx = get_addr_stridx (TREE_OPERAND (exp, 0), stmt, exp, NULL);
608 1227627 : if (idx != 0)
609 : return idx;
610 : }
611 :
612 3608565 : const char *p = c_getstr (exp);
613 3608565 : if (p)
614 421976 : return ~(int) strlen (p);
615 :
616 : return 0;
617 : }
618 :
619 : /* Return true if strinfo vector is shared with the immediate dominator. */
620 :
621 : static inline bool
622 3411908 : strinfo_shared (void)
623 : {
624 3411908 : return vec_safe_length (stridx_to_strinfo)
625 3411908 : && (*stridx_to_strinfo)[0] != NULL;
626 : }
627 :
628 : /* Unshare strinfo vector that is shared with the immediate dominator. */
629 :
630 : static void
631 326058 : unshare_strinfo_vec (void)
632 : {
633 326058 : strinfo *si;
634 326058 : unsigned int i = 0;
635 :
636 326058 : gcc_assert (strinfo_shared ());
637 326058 : stridx_to_strinfo = vec_safe_copy (stridx_to_strinfo);
638 6236698 : for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
639 5910640 : if (si != NULL)
640 1206446 : si->refcount++;
641 326058 : (*stridx_to_strinfo)[0] = NULL;
642 326058 : }
643 :
644 : /* Attempt to create a string index for exp, ADDR_EXPR's operand.
645 : Return a pointer to the location where the string index can
646 : be stored (if 0) or is stored, or NULL if this can't be tracked. */
647 :
648 : static int *
649 176270 : addr_stridxptr (tree exp)
650 : {
651 176270 : HOST_WIDE_INT off;
652 :
653 176270 : poly_int64 poff;
654 176270 : tree base = get_addr_base_and_unit_offset (exp, &poff);
655 176270 : if (base == NULL_TREE || !DECL_P (base) || !poff.is_constant (&off))
656 : return NULL;
657 :
658 150829 : if (!decl_to_stridxlist_htab)
659 : {
660 45794 : decl_to_stridxlist_htab
661 45794 : = new hash_map<tree_decl_hash, stridxlist> (64);
662 45794 : gcc_obstack_init (&stridx_obstack);
663 : }
664 :
665 150829 : bool existed;
666 150829 : stridxlist *list = &decl_to_stridxlist_htab->get_or_insert (base, &existed);
667 150829 : if (existed)
668 : {
669 : int i;
670 : stridxlist *before = NULL;
671 125625 : for (i = 0; i < 32; i++)
672 : {
673 124723 : if (list->offset == off)
674 0 : return &list->idx;
675 124723 : if (list->offset > off && before == NULL)
676 124723 : before = list;
677 124723 : if (list->next == NULL)
678 : break;
679 80331 : list = list->next;
680 : }
681 45294 : if (i == 32)
682 : return NULL;
683 44392 : if (before)
684 : {
685 4465 : list = before;
686 4465 : before = XOBNEW (&stridx_obstack, struct stridxlist);
687 4465 : *before = *list;
688 4465 : list->next = before;
689 4465 : list->offset = off;
690 4465 : list->idx = 0;
691 4465 : return &list->idx;
692 : }
693 39927 : list->next = XOBNEW (&stridx_obstack, struct stridxlist);
694 39927 : list = list->next;
695 : }
696 :
697 145462 : list->next = NULL;
698 145462 : list->offset = off;
699 145462 : list->idx = 0;
700 145462 : return &list->idx;
701 : }
702 :
703 : /* Create a new string index, or return 0 if reached limit. */
704 :
705 : static int
706 831145 : new_stridx (tree exp)
707 : {
708 831145 : int idx;
709 831145 : if (max_stridx >= param_max_tracked_strlens)
710 : return 0;
711 831145 : if (TREE_CODE (exp) == SSA_NAME)
712 : {
713 812106 : if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp))
714 : return 0;
715 812106 : idx = max_stridx++;
716 812106 : ssa_ver_to_stridx[SSA_NAME_VERSION (exp)] = idx;
717 812106 : return idx;
718 : }
719 19039 : if (TREE_CODE (exp) == ADDR_EXPR)
720 : {
721 19005 : int *pidx = addr_stridxptr (TREE_OPERAND (exp, 0));
722 19005 : if (pidx != NULL)
723 : {
724 18996 : gcc_assert (*pidx == 0);
725 18996 : *pidx = max_stridx++;
726 18996 : return *pidx;
727 : }
728 : }
729 : return 0;
730 : }
731 :
732 : /* Like new_stridx, but for ADDR_EXPR's operand instead. */
733 :
734 : static int
735 156194 : new_addr_stridx (tree exp)
736 : {
737 156194 : int *pidx;
738 156194 : if (max_stridx >= param_max_tracked_strlens)
739 : return 0;
740 156194 : pidx = addr_stridxptr (exp);
741 156194 : if (pidx != NULL)
742 : {
743 130931 : gcc_assert (*pidx == 0);
744 130931 : *pidx = max_stridx++;
745 130931 : return *pidx;
746 : }
747 : return 0;
748 : }
749 :
750 : /* Create a new strinfo. */
751 :
752 : static strinfo *
753 927440 : new_strinfo (tree ptr, int idx, tree nonzero_chars, bool full_string_p)
754 : {
755 927440 : strinfo *si = strinfo_pool.allocate ();
756 927440 : si->nonzero_chars = nonzero_chars;
757 927440 : STRIP_USELESS_TYPE_CONVERSION (ptr);
758 927440 : si->ptr = ptr;
759 927440 : si->stmt = NULL;
760 927440 : si->alloc = NULL;
761 927440 : si->endptr = NULL_TREE;
762 927440 : si->refcount = 1;
763 927440 : si->idx = idx;
764 927440 : si->first = 0;
765 927440 : si->prev = 0;
766 927440 : si->next = 0;
767 927440 : si->writable = false;
768 927440 : si->dont_invalidate = false;
769 927440 : si->full_string_p = full_string_p;
770 927440 : return si;
771 : }
772 :
773 : /* Decrease strinfo refcount and free it if not referenced anymore. */
774 :
775 : static inline void
776 12897348 : free_strinfo (strinfo *si)
777 : {
778 12897348 : if (si && --si->refcount == 0)
779 927440 : strinfo_pool.remove (si);
780 12897348 : }
781 :
782 : /* Set strinfo in the vector entry IDX to SI. */
783 :
784 : static inline void
785 1308220 : set_strinfo (int idx, strinfo *si)
786 : {
787 1308220 : if (vec_safe_length (stridx_to_strinfo) && (*stridx_to_strinfo)[0])
788 326058 : unshare_strinfo_vec ();
789 1308220 : if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
790 915772 : vec_safe_grow_cleared (stridx_to_strinfo, idx + 1, true);
791 1308220 : (*stridx_to_strinfo)[idx] = si;
792 1308220 : }
793 :
794 : /* Return the first strinfo in the related strinfo chain
795 : if all strinfos in between belong to the chain, otherwise NULL. */
796 :
797 : static strinfo *
798 27984 : verify_related_strinfos (strinfo *origsi)
799 : {
800 27984 : strinfo *si = origsi, *psi;
801 :
802 27984 : if (origsi->first == 0)
803 : return NULL;
804 7692 : for (; si->prev; si = psi)
805 : {
806 4679 : if (si->first != origsi->first)
807 : return NULL;
808 4679 : psi = get_strinfo (si->prev);
809 4679 : if (psi == NULL)
810 : return NULL;
811 4679 : if (psi->next != si->idx)
812 : return NULL;
813 : }
814 3013 : if (si->idx != si->first)
815 : return NULL;
816 : return si;
817 : }
818 :
819 : /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
820 : Use LOC for folding. */
821 :
822 : static void
823 30 : set_endptr_and_length (location_t loc, strinfo *si, tree endptr)
824 : {
825 30 : si->endptr = endptr;
826 30 : si->stmt = NULL;
827 30 : tree start_as_size = fold_convert_loc (loc, size_type_node, si->ptr);
828 30 : tree end_as_size = fold_convert_loc (loc, size_type_node, endptr);
829 30 : si->nonzero_chars = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
830 : end_as_size, start_as_size);
831 30 : si->full_string_p = true;
832 30 : }
833 :
834 : /* Return the string length, or NULL if it can't be computed.
835 : The length may but need not be constant. Instead, it might be
836 : the result of a strlen() call. */
837 :
838 : static tree
839 6049 : get_string_length (strinfo *si)
840 : {
841 : /* If the length has already been computed return it if it's exact
842 : (i.e., the string is nul-terminated at NONZERO_CHARS), or return
843 : null if it isn't. */
844 6049 : if (si->nonzero_chars)
845 11833 : return si->full_string_p ? si->nonzero_chars : NULL;
846 :
847 : /* If the string is the result of one of the built-in calls below
848 : attempt to compute the length from the call statement. */
849 30 : if (si->stmt)
850 : {
851 29 : gimple *stmt = si->stmt, *lenstmt;
852 29 : tree callee, lhs, fn, tem;
853 29 : location_t loc;
854 29 : gimple_stmt_iterator gsi;
855 :
856 29 : gcc_assert (is_gimple_call (stmt));
857 29 : callee = gimple_call_fndecl (stmt);
858 29 : gcc_assert (callee && fndecl_built_in_p (callee, BUILT_IN_NORMAL));
859 29 : lhs = gimple_call_lhs (stmt);
860 : /* unshare_strinfo is intentionally not called here. The (delayed)
861 : transformation of strcpy or strcat into stpcpy is done at the place
862 : of the former strcpy/strcat call and so can affect all the strinfos
863 : with the same stmt. If they were unshared before and transformation
864 : has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
865 : just compute the right length. */
866 29 : switch (DECL_FUNCTION_CODE (callee))
867 : {
868 3 : case BUILT_IN_STRCAT:
869 3 : case BUILT_IN_STRCAT_CHK:
870 3 : gsi = gsi_for_stmt (stmt);
871 3 : fn = builtin_decl_implicit (BUILT_IN_STRLEN);
872 3 : gcc_assert (lhs == NULL_TREE);
873 3 : tem = unshare_expr (gimple_call_arg (stmt, 0));
874 3 : lenstmt = gimple_build_call (fn, 1, tem);
875 3 : lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), lenstmt);
876 3 : gimple_call_set_lhs (lenstmt, lhs);
877 6 : gimple_set_vuse (lenstmt, gimple_vuse (stmt));
878 3 : gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
879 3 : tem = gimple_call_arg (stmt, 0);
880 3 : if (!ptrofftype_p (TREE_TYPE (lhs)))
881 : {
882 0 : lhs = convert_to_ptrofftype (lhs);
883 0 : lhs = force_gimple_operand_gsi (&gsi, lhs, true, NULL_TREE,
884 : true, GSI_SAME_STMT);
885 : }
886 3 : lenstmt = gimple_build_assign
887 3 : (make_ssa_name (TREE_TYPE (gimple_call_arg (stmt, 0))),
888 : POINTER_PLUS_EXPR,tem, lhs);
889 3 : gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
890 3 : gimple_call_set_arg (stmt, 0, gimple_assign_lhs (lenstmt));
891 3 : lhs = NULL_TREE;
892 : /* FALLTHRU */
893 27 : case BUILT_IN_STRCPY:
894 27 : case BUILT_IN_STRCPY_CHK:
895 27 : gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY));
896 27 : if (gimple_call_num_args (stmt) == 2)
897 : fn = builtin_decl_implicit (BUILT_IN_STPCPY);
898 : else
899 1 : fn = builtin_decl_explicit (BUILT_IN_STPCPY_CHK);
900 27 : gcc_assert (lhs == NULL_TREE);
901 27 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
902 : {
903 0 : fprintf (dump_file, "Optimizing: ");
904 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
905 : }
906 27 : gimple_call_set_fndecl (stmt, fn);
907 27 : lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt);
908 27 : gimple_call_set_lhs (stmt, lhs);
909 27 : update_stmt (stmt);
910 27 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
911 : {
912 0 : fprintf (dump_file, "into: ");
913 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
914 : }
915 : /* FALLTHRU */
916 27 : case BUILT_IN_STPCPY:
917 27 : case BUILT_IN_STPCPY_CHK:
918 27 : gcc_assert (lhs != NULL_TREE);
919 27 : loc = gimple_location (stmt);
920 27 : set_endptr_and_length (loc, si, lhs);
921 27 : for (strinfo *chainsi = verify_related_strinfos (si);
922 38 : chainsi != NULL;
923 11 : chainsi = get_next_strinfo (chainsi))
924 11 : if (chainsi->nonzero_chars == NULL)
925 3 : set_endptr_and_length (loc, chainsi, lhs);
926 : break;
927 : case BUILT_IN_ALLOCA:
928 : case BUILT_IN_ALLOCA_WITH_ALIGN:
929 : case BUILT_IN_MALLOC:
930 : break;
931 : /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
932 0 : default:
933 0 : gcc_unreachable ();
934 29 : break;
935 : }
936 : }
937 :
938 30 : return si->nonzero_chars;
939 : }
940 :
941 : /* Dump strlen data to FP for statement STMT. When non-null, RVALS
942 : points to the valuation engine used to calculate ranges, and is
943 : used to dump strlen range for non-constant results. */
944 :
945 : DEBUG_FUNCTION void
946 0 : dump_strlen_info (FILE *fp, gimple *stmt, range_query *rvals)
947 : {
948 0 : if (stmt)
949 : {
950 0 : fprintf (fp, "\nDumping strlen pass data after ");
951 0 : print_gimple_expr (fp, stmt, TDF_LINENO);
952 0 : fputc ('\n', fp);
953 : }
954 : else
955 0 : fprintf (fp, "\nDumping strlen pass data\n");
956 :
957 0 : fprintf (fp, "max_stridx = %i\n", max_stridx);
958 0 : fprintf (fp, "ssa_ver_to_stridx has %u elements\n",
959 : ssa_ver_to_stridx.length ());
960 0 : fprintf (fp, "stridx_to_strinfo");
961 0 : if (stridx_to_strinfo)
962 : {
963 0 : fprintf (fp, " has %u elements\n", stridx_to_strinfo->length ());
964 0 : for (unsigned i = 0; i != stridx_to_strinfo->length (); ++i)
965 : {
966 0 : if (strinfo *si = (*stridx_to_strinfo)[i])
967 : {
968 0 : if (!si->idx)
969 0 : continue;
970 0 : fprintf (fp, " idx = %i", si->idx);
971 0 : if (si->ptr)
972 : {
973 0 : fprintf (fp, ", ptr = ");
974 0 : print_generic_expr (fp, si->ptr);
975 : }
976 :
977 0 : if (si->nonzero_chars)
978 : {
979 0 : fprintf (fp, ", nonzero_chars = ");
980 0 : print_generic_expr (fp, si->nonzero_chars);
981 0 : if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
982 : {
983 0 : int_range_max vr;
984 0 : if (rvals)
985 0 : rvals->range_of_expr (vr, si->nonzero_chars,
986 : si->stmt);
987 : else
988 0 : get_range_query (cfun)->range_of_expr (vr,
989 : si->nonzero_chars);
990 0 : vr.dump (fp);
991 0 : }
992 : }
993 :
994 0 : fprintf (fp, ", refcount = %i", si->refcount);
995 0 : if (si->stmt)
996 : {
997 0 : fprintf (fp, ", stmt = ");
998 0 : print_gimple_expr (fp, si->stmt, 0);
999 : }
1000 0 : if (si->alloc)
1001 : {
1002 0 : fprintf (fp, ", alloc = ");
1003 0 : print_gimple_expr (fp, si->alloc, 0);
1004 : }
1005 0 : if (si->writable)
1006 0 : fprintf (fp, ", writable");
1007 0 : if (si->dont_invalidate)
1008 0 : fprintf (fp, ", dont_invalidate");
1009 0 : if (si->full_string_p)
1010 0 : fprintf (fp, ", full_string_p");
1011 0 : if (strinfo *next = get_next_strinfo (si))
1012 : {
1013 0 : fprintf (fp, ", {");
1014 0 : do
1015 0 : fprintf (fp, "%i%s", next->idx, next->first ? ", " : "");
1016 0 : while ((next = get_next_strinfo (next)));
1017 0 : fprintf (fp, "}");
1018 : }
1019 0 : fputs ("\n", fp);
1020 : }
1021 : }
1022 : }
1023 : else
1024 0 : fprintf (fp, " = null\n");
1025 :
1026 0 : fprintf (fp, "decl_to_stridxlist_htab");
1027 0 : if (decl_to_stridxlist_htab)
1028 : {
1029 0 : fputs ("\n", fp);
1030 0 : typedef decl_to_stridxlist_htab_t::iterator iter_t;
1031 0 : for (iter_t it = decl_to_stridxlist_htab->begin ();
1032 0 : it != decl_to_stridxlist_htab->end (); ++it)
1033 : {
1034 0 : tree decl = (*it).first;
1035 0 : stridxlist *list = &(*it).second;
1036 0 : fprintf (fp, " decl = ");
1037 0 : print_generic_expr (fp, decl);
1038 0 : if (list)
1039 : {
1040 0 : fprintf (fp, ", offsets = {");
1041 0 : for (; list; list = list->next)
1042 0 : fprintf (fp, "%lli%s", (long long) list->offset,
1043 0 : list->next ? ", " : "");
1044 0 : fputs ("}", fp);
1045 : }
1046 0 : fputs ("\n", fp);
1047 : }
1048 : }
1049 : else
1050 0 : fprintf (fp, " = null\n");
1051 :
1052 0 : if (laststmt.stmt)
1053 : {
1054 0 : fprintf (fp, "laststmt = ");
1055 0 : print_gimple_expr (fp, laststmt.stmt, 0);
1056 0 : fprintf (fp, ", len = ");
1057 0 : print_generic_expr (fp, laststmt.len);
1058 0 : fprintf (fp, ", stridx = %i\n", laststmt.stridx);
1059 : }
1060 0 : }
1061 :
1062 : /* Helper of get_range_strlen_dynamic(). See below. */
1063 :
1064 : static bool
1065 3048 : get_range_strlen_phi (tree src, gphi *phi,
1066 : c_strlen_data *pdata, bitmap visited,
1067 : pointer_query *ptr_qry, unsigned *pssa_def_max)
1068 : {
1069 3048 : if (!bitmap_set_bit (visited, SSA_NAME_VERSION (src)))
1070 : return true;
1071 :
1072 2933 : if (*pssa_def_max == 0)
1073 : return false;
1074 :
1075 2923 : --*pssa_def_max;
1076 :
1077 : /* Iterate over the PHI arguments and determine the minimum and maximum
1078 : length/size of each and incorporate them into the overall result. */
1079 12581 : for (unsigned i = 0; i != gimple_phi_num_args (phi); ++i)
1080 : {
1081 9658 : tree arg = gimple_phi_arg_def (phi, i);
1082 9658 : if (arg == gimple_phi_result (phi))
1083 3491 : continue;
1084 :
1085 9658 : c_strlen_data argdata = { };
1086 9658 : if (!get_range_strlen_dynamic (arg, phi, &argdata, visited, ptr_qry,
1087 : pssa_def_max))
1088 : {
1089 323 : pdata->maxlen = build_all_ones_cst (size_type_node);
1090 323 : continue;
1091 : }
1092 :
1093 : /* Set the DECL of an unterminated array this argument refers to
1094 : if one hasn't been found yet. */
1095 9335 : if (!pdata->decl && argdata.decl)
1096 9 : pdata->decl = argdata.decl;
1097 :
1098 12503 : if (!argdata.minlen
1099 9335 : || (integer_zerop (argdata.minlen)
1100 3521 : && (!argdata.maxbound
1101 867 : || integer_all_onesp (argdata.maxbound))
1102 2654 : && integer_all_onesp (argdata.maxlen)))
1103 : {
1104 : /* Set the upper bound of the length to unbounded. */
1105 3168 : pdata->maxlen = build_all_ones_cst (size_type_node);
1106 3168 : continue;
1107 : }
1108 :
1109 : /* Adjust the minimum and maximum length determined so far and
1110 : the upper bound on the array size. */
1111 6167 : if (TREE_CODE (argdata.minlen) == INTEGER_CST
1112 6167 : && (!pdata->minlen
1113 4665 : || tree_int_cst_lt (argdata.minlen, pdata->minlen)))
1114 2946 : pdata->minlen = argdata.minlen;
1115 :
1116 6167 : if (TREE_CODE (argdata.maxlen) == INTEGER_CST
1117 6167 : && (!pdata->maxlen
1118 : || (argdata.maxlen
1119 4807 : && tree_int_cst_lt (pdata->maxlen, argdata.maxlen))))
1120 2133 : pdata->maxlen = argdata.maxlen;
1121 :
1122 6167 : if (!pdata->maxbound
1123 6050 : || TREE_CODE (pdata->maxbound) != INTEGER_CST
1124 10818 : || (argdata.maxbound
1125 4649 : && tree_int_cst_lt (pdata->maxbound, argdata.maxbound)
1126 859 : && !integer_all_onesp (argdata.maxbound)))
1127 2375 : pdata->maxbound = argdata.maxbound;
1128 : }
1129 :
1130 : return true;
1131 : }
1132 :
1133 : /* Return the maximum possible length of the string PTR that's less
1134 : than MAXLEN given the size of the object of subobject it points
1135 : to at the given STMT. MAXLEN is the maximum length of the string
1136 : determined so far. Return null when no such maximum can be
1137 : determined. */
1138 :
1139 : static tree
1140 1834 : get_maxbound (tree ptr, gimple *stmt, offset_int maxlen,
1141 : pointer_query *ptr_qry)
1142 : {
1143 1834 : access_ref aref;
1144 1834 : if (!ptr_qry->get_ref (ptr, stmt, &aref))
1145 : return NULL_TREE;
1146 :
1147 1834 : offset_int sizrem = aref.size_remaining ();
1148 1834 : if (sizrem <= 0)
1149 : return NULL_TREE;
1150 :
1151 1834 : if (sizrem < maxlen)
1152 426 : maxlen = sizrem - 1;
1153 :
1154 : /* Try to determine the maximum from the subobject at the offset.
1155 : This handles MEM [&some-struct, member-offset] that's often
1156 : the result of folding COMPONENT_REF [some-struct, member]. */
1157 1834 : tree reftype = TREE_TYPE (aref.ref);
1158 1834 : if (!RECORD_OR_UNION_TYPE_P (reftype)
1159 9 : || aref.offrng[0] != aref.offrng[1]
1160 1843 : || !wi::fits_shwi_p (aref.offrng[0]))
1161 1825 : return wide_int_to_tree (size_type_node, maxlen);
1162 :
1163 9 : HOST_WIDE_INT off = aref.offrng[0].to_shwi ();
1164 9 : tree fld = field_at_offset (reftype, NULL_TREE, off);
1165 9 : if (!fld || !DECL_SIZE_UNIT (fld))
1166 1 : return wide_int_to_tree (size_type_node, maxlen);
1167 :
1168 8 : offset_int size = wi::to_offset (DECL_SIZE_UNIT (fld));
1169 8 : if (maxlen < size)
1170 0 : return wide_int_to_tree (size_type_node, maxlen);
1171 :
1172 8 : return wide_int_to_tree (size_type_node, size - 1);
1173 : }
1174 :
1175 : /* Attempt to determine the length of the string SRC. On success, store
1176 : the length in *PDATA and return true. Otherwise, return false.
1177 : VISITED is a bitmap of visited PHI nodes. RVALS points to the valuation
1178 : engine used to calculate ranges. PSSA_DEF_MAX to an SSA_NAME
1179 : assignment limit used to prevent runaway recursion. */
1180 :
1181 : static bool
1182 535540 : get_range_strlen_dynamic (tree src, gimple *stmt,
1183 : c_strlen_data *pdata, bitmap visited,
1184 : pointer_query *ptr_qry, unsigned *pssa_def_max)
1185 : {
1186 535540 : int idx = get_stridx (src, stmt);
1187 535540 : if (!idx)
1188 : {
1189 275513 : if (TREE_CODE (src) == SSA_NAME)
1190 : {
1191 269791 : gimple *def_stmt = SSA_NAME_DEF_STMT (src);
1192 269791 : if (gphi *phi = dyn_cast<gphi *>(def_stmt))
1193 3048 : return get_range_strlen_phi (src, phi, pdata, visited, ptr_qry,
1194 3048 : pssa_def_max);
1195 : }
1196 :
1197 : /* Return success regardless of the result and handle *PDATA
1198 : in the caller. */
1199 272465 : get_range_strlen (src, pdata, 1);
1200 272465 : return true;
1201 : }
1202 :
1203 260027 : if (idx < 0)
1204 : {
1205 : /* SRC is a string of constant length. */
1206 254137 : pdata->minlen = build_int_cst (size_type_node, ~idx);
1207 254137 : pdata->maxlen = pdata->minlen;
1208 254137 : pdata->maxbound = pdata->maxlen;
1209 254137 : return true;
1210 : }
1211 :
1212 5890 : if (strinfo *si = get_strinfo (idx))
1213 : {
1214 2064 : pdata->minlen = get_string_length (si);
1215 2064 : if (!pdata->minlen && si->nonzero_chars)
1216 : {
1217 39 : if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
1218 39 : pdata->minlen = si->nonzero_chars;
1219 0 : else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
1220 : {
1221 0 : int_range_max vr;
1222 0 : ptr_qry->rvals->range_of_expr (vr, si->nonzero_chars, si->stmt);
1223 0 : if (vr.undefined_p () || vr.varying_p ())
1224 0 : pdata->minlen = build_zero_cst (size_type_node);
1225 : else
1226 : {
1227 0 : tree type = vr.type ();
1228 0 : pdata->minlen = wide_int_to_tree (type, vr.lower_bound ());
1229 : }
1230 0 : }
1231 : else
1232 0 : pdata->minlen = build_zero_cst (size_type_node);
1233 :
1234 39 : tree base = si->ptr;
1235 39 : if (TREE_CODE (base) == ADDR_EXPR)
1236 39 : base = TREE_OPERAND (base, 0);
1237 :
1238 39 : HOST_WIDE_INT off;
1239 39 : poly_int64 poff;
1240 39 : base = get_addr_base_and_unit_offset (base, &poff);
1241 39 : if (base
1242 39 : && DECL_P (base)
1243 39 : && TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE
1244 37 : && TYPE_SIZE_UNIT (TREE_TYPE (base))
1245 39 : && poff.is_constant (&off))
1246 : {
1247 30 : tree basetype = TREE_TYPE (base);
1248 30 : tree size = TYPE_SIZE_UNIT (basetype);
1249 30 : if (TREE_CODE (size) == INTEGER_CST)
1250 : {
1251 30 : ++off; /* Increment for the terminating nul. */
1252 30 : tree toffset = build_int_cst (size_type_node, off);
1253 30 : pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node,
1254 : size, toffset);
1255 30 : if (tree_int_cst_lt (pdata->maxlen, pdata->minlen))
1256 : /* This can happen when triggering UB, when base is an
1257 : array which is known to be filled with at least size
1258 : non-zero bytes. E.g. for
1259 : char a[2]; memcpy (a, "12", sizeof a);
1260 : We don't want to create an invalid range [2, 1]
1261 : where 2 comes from the number of non-zero bytes and
1262 : 1 from longest valid zero-terminated string that can
1263 : be stored in such an array, so pick just one of
1264 : those, pdata->minlen. See PR110603. */
1265 3 : pdata->maxlen = build_all_ones_cst (size_type_node);
1266 : else
1267 27 : pdata->maxbound = pdata->maxlen;
1268 : }
1269 : else
1270 0 : pdata->maxlen = build_all_ones_cst (size_type_node);
1271 : }
1272 : else
1273 9 : pdata->maxlen = build_all_ones_cst (size_type_node);
1274 39 : }
1275 2025 : else if (pdata->minlen && TREE_CODE (pdata->minlen) == SSA_NAME)
1276 : {
1277 1834 : int_range_max vr;
1278 1834 : ptr_qry->rvals->range_of_expr (vr, si->nonzero_chars, stmt);
1279 1834 : if (vr.varying_p () || vr.undefined_p ())
1280 : {
1281 0 : pdata->minlen = build_zero_cst (size_type_node);
1282 0 : pdata->maxlen = build_all_ones_cst (size_type_node);
1283 : }
1284 : else
1285 : {
1286 1834 : tree type = vr.type ();
1287 1834 : pdata->minlen = wide_int_to_tree (type, vr.lower_bound ());
1288 1834 : pdata->maxlen = wide_int_to_tree (type, vr.upper_bound ());
1289 1834 : offset_int max = offset_int::from (vr.upper_bound (0), SIGNED);
1290 1834 : if (tree maxbound = get_maxbound (si->ptr, stmt, max, ptr_qry))
1291 1834 : pdata->maxbound = maxbound;
1292 : else
1293 0 : pdata->maxbound = pdata->maxlen;
1294 : }
1295 1834 : }
1296 191 : else if (pdata->minlen && TREE_CODE (pdata->minlen) == INTEGER_CST)
1297 : {
1298 184 : pdata->maxlen = pdata->minlen;
1299 184 : pdata->maxbound = pdata->minlen;
1300 : }
1301 : else
1302 : {
1303 : /* For PDATA->MINLEN that's a non-constant expression such
1304 : as PLUS_EXPR whose value range is unknown, set the bounds
1305 : to zero and SIZE_MAX. */
1306 7 : pdata->minlen = build_zero_cst (size_type_node);
1307 7 : pdata->maxlen = build_all_ones_cst (size_type_node);
1308 : }
1309 :
1310 2064 : return true;
1311 : }
1312 :
1313 : return false;
1314 : }
1315 :
1316 : /* Analogous to get_range_strlen but for dynamically created strings,
1317 : i.e., those created by calls to strcpy as opposed to just string
1318 : constants.
1319 : Try to obtain the range of the lengths of the string(s) referenced
1320 : by SRC, or the size of the largest array SRC refers to if the range
1321 : of lengths cannot be determined, and store all in *PDATA. RVALS
1322 : points to the valuation engine used to calculate ranges. */
1323 :
1324 : void
1325 525882 : get_range_strlen_dynamic (tree src, gimple *stmt, c_strlen_data *pdata,
1326 : pointer_query &ptr_qry)
1327 : {
1328 525882 : auto_bitmap visited;
1329 525882 : tree maxbound = pdata->maxbound;
1330 :
1331 525882 : unsigned limit = param_ssa_name_def_chain_limit;
1332 525882 : if (!get_range_strlen_dynamic (src, stmt, pdata, visited, &ptr_qry, &limit))
1333 : {
1334 : /* On failure extend the length range to an impossible maximum
1335 : (a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other
1336 : members can stay unchanged regardless. */
1337 3513 : pdata->minlen = ssize_int (0);
1338 3513 : pdata->maxlen = build_all_ones_cst (size_type_node);
1339 : }
1340 522369 : else if (!pdata->minlen)
1341 1018 : pdata->minlen = ssize_int (0);
1342 :
1343 : /* If it's unchanged from it initial non-null value, set the conservative
1344 : MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */
1345 525882 : if (maxbound && pdata->maxbound == maxbound)
1346 4547 : pdata->maxbound = build_all_ones_cst (size_type_node);
1347 525882 : }
1348 :
1349 : /* Invalidate string length information for strings whose length might
1350 : change due to stores in STMT, except those marked DONT_INVALIDATE.
1351 : For string-modifying statements, ZERO_WRITE is set when the statement
1352 : wrote only zeros.
1353 : Returns true if any STRIDX_TO_STRINFO entries were considered
1354 : for invalidation. */
1355 :
1356 : static bool
1357 11681278 : maybe_invalidate (gimple *stmt, bool zero_write = false)
1358 : {
1359 11681278 : if (dump_file && (dump_flags & TDF_DETAILS))
1360 : {
1361 0 : fprintf (dump_file, "%s called for ", __func__);
1362 0 : print_gimple_stmt (dump_file, stmt, TDF_LINENO);
1363 : }
1364 :
1365 : strinfo *si;
1366 : bool nonempty = false;
1367 :
1368 70900367 : for (unsigned i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
1369 : {
1370 59219089 : if (si == NULL || !POINTER_TYPE_P (TREE_TYPE (si->ptr)))
1371 56470707 : continue;
1372 :
1373 3491543 : nonempty = true;
1374 :
1375 : /* Unconditionally reset DONT_INVALIDATE. */
1376 3491543 : bool dont_invalidate = si->dont_invalidate;
1377 3491543 : si->dont_invalidate = false;
1378 :
1379 3491543 : if (dont_invalidate)
1380 362381 : continue;
1381 :
1382 3129162 : ao_ref r;
1383 3129162 : tree size = si->nonzero_chars;
1384 3129162 : ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
1385 : /* Include the terminating nul in the size of the string
1386 : to consider when determining possible clobber. But do not
1387 : add it to 'size' since we don't know whether it would
1388 : actually fit the allocated area. */
1389 3129162 : if (known_size_p (r.size))
1390 : {
1391 2726047 : if (known_le (r.size, HOST_WIDE_INT_MAX - BITS_PER_UNIT))
1392 2726047 : r.max_size += BITS_PER_UNIT;
1393 : else
1394 0 : r.max_size = -1;
1395 : }
1396 3129162 : if (stmt_may_clobber_ref_p_1 (stmt, &r))
1397 : {
1398 380780 : if (dump_file && (dump_flags & TDF_DETAILS))
1399 : {
1400 0 : fputs (" statement may clobber object ", dump_file);
1401 0 : print_generic_expr (dump_file, si->ptr);
1402 0 : if (size && tree_fits_uhwi_p (size))
1403 0 : fprintf (dump_file, " " HOST_WIDE_INT_PRINT_UNSIGNED
1404 : " bytes in size", tree_to_uhwi (size));
1405 0 : fputc ('\n', dump_file);
1406 : }
1407 :
1408 380780 : set_strinfo (i, NULL);
1409 380780 : free_strinfo (si);
1410 380780 : continue;
1411 : }
1412 :
1413 2748382 : if (size
1414 2748382 : && !zero_write
1415 2409442 : && si->stmt
1416 5373 : && is_gimple_call (si->stmt)
1417 2753755 : && (DECL_FUNCTION_CODE (gimple_call_fndecl (si->stmt))
1418 : == BUILT_IN_CALLOC))
1419 : {
1420 : /* If the clobber test above considered the length of
1421 : the string (including the nul), then for (potentially)
1422 : non-zero writes that might modify storage allocated by
1423 : calloc consider the whole object and if it might be
1424 : clobbered by the statement reset the statement. */
1425 5373 : ao_ref_init_from_ptr_and_size (&r, si->ptr, NULL_TREE);
1426 5373 : if (stmt_may_clobber_ref_p_1 (stmt, &r))
1427 62 : si->stmt = NULL;
1428 : }
1429 : }
1430 :
1431 11681278 : if (dump_file && (dump_flags & TDF_DETAILS))
1432 0 : fprintf (dump_file, "%s returns %i\n", __func__, nonempty);
1433 :
1434 11681278 : return nonempty;
1435 : }
1436 :
1437 : /* Unshare strinfo record SI, if it has refcount > 1 or
1438 : if stridx_to_strinfo vector is shared with some other
1439 : bbs. */
1440 :
1441 : static strinfo *
1442 42167 : unshare_strinfo (strinfo *si)
1443 : {
1444 42167 : strinfo *nsi;
1445 :
1446 42167 : if (si->refcount == 1 && !strinfo_shared ())
1447 : return si;
1448 :
1449 8008 : nsi = new_strinfo (si->ptr, si->idx, si->nonzero_chars, si->full_string_p);
1450 8008 : nsi->stmt = si->stmt;
1451 8008 : nsi->alloc = si->alloc;
1452 8008 : nsi->endptr = si->endptr;
1453 8008 : nsi->first = si->first;
1454 8008 : nsi->prev = si->prev;
1455 8008 : nsi->next = si->next;
1456 8008 : nsi->writable = si->writable;
1457 8008 : set_strinfo (si->idx, nsi);
1458 8008 : free_strinfo (si);
1459 8008 : return nsi;
1460 : }
1461 :
1462 : /* Attempt to create a new strinfo for BASESI + OFF, or find existing
1463 : strinfo if there is any. Return it's idx, or 0 if no strinfo has
1464 : been created. */
1465 :
1466 : static int
1467 2890 : get_stridx_plus_constant (strinfo *basesi, unsigned HOST_WIDE_INT off,
1468 : tree ptr)
1469 : {
1470 2890 : if (TREE_CODE (ptr) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1471 : return 0;
1472 :
1473 2890 : if (compare_nonzero_chars (basesi, off) < 0
1474 2890 : || !tree_fits_uhwi_p (basesi->nonzero_chars))
1475 : return 0;
1476 :
1477 2890 : unsigned HOST_WIDE_INT nonzero_chars
1478 2890 : = tree_to_uhwi (basesi->nonzero_chars) - off;
1479 2890 : strinfo *si = basesi, *chainsi;
1480 2890 : if (si->first || si->prev || si->next)
1481 653 : si = verify_related_strinfos (basesi);
1482 653 : if (si == NULL
1483 2890 : || si->nonzero_chars == NULL_TREE
1484 2890 : || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1485 : return 0;
1486 :
1487 2890 : if (TREE_CODE (ptr) == SSA_NAME
1488 4348 : && ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1489 0 : ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1490 :
1491 2890 : gcc_checking_assert (compare_tree_int (si->nonzero_chars, off) != -1);
1492 5106 : for (chainsi = si; chainsi->next; chainsi = si)
1493 : {
1494 2216 : si = get_next_strinfo (chainsi);
1495 2216 : if (si == NULL
1496 2216 : || si->nonzero_chars == NULL_TREE
1497 2216 : || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1498 : break;
1499 2216 : int r = compare_tree_int (si->nonzero_chars, nonzero_chars);
1500 2216 : if (r != 1)
1501 : {
1502 0 : if (r == 0)
1503 : {
1504 0 : if (TREE_CODE (ptr) == SSA_NAME)
1505 0 : ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = si->idx;
1506 : else
1507 : {
1508 0 : int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1509 0 : if (pidx != NULL && *pidx == 0)
1510 0 : *pidx = si->idx;
1511 : }
1512 0 : return si->idx;
1513 : }
1514 : break;
1515 : }
1516 : }
1517 :
1518 2890 : int idx = new_stridx (ptr);
1519 2890 : if (idx == 0)
1520 : return 0;
1521 2890 : si = new_strinfo (ptr, idx, build_int_cst (size_type_node, nonzero_chars),
1522 2890 : basesi->full_string_p);
1523 2890 : set_strinfo (idx, si);
1524 2890 : if (strinfo *nextsi = get_strinfo (chainsi->next))
1525 : {
1526 0 : nextsi = unshare_strinfo (nextsi);
1527 0 : si->next = nextsi->idx;
1528 0 : nextsi->prev = idx;
1529 : }
1530 2890 : chainsi = unshare_strinfo (chainsi);
1531 2890 : if (chainsi->first == 0)
1532 2237 : chainsi->first = chainsi->idx;
1533 2890 : chainsi->next = idx;
1534 2890 : if (chainsi->endptr == NULL_TREE && zero_length_string_p (si))
1535 126 : chainsi->endptr = ptr;
1536 2890 : si->endptr = chainsi->endptr;
1537 2890 : si->prev = chainsi->idx;
1538 2890 : si->first = chainsi->first;
1539 2890 : si->writable = chainsi->writable;
1540 2890 : return si->idx;
1541 : }
1542 :
1543 : /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
1544 : to a zero-length string and if possible chain it to a related strinfo
1545 : chain whose part is or might be CHAINSI. */
1546 :
1547 : static strinfo *
1548 2170 : zero_length_string (tree ptr, strinfo *chainsi)
1549 : {
1550 2170 : strinfo *si;
1551 2170 : int idx;
1552 4340 : if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1553 0 : ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1554 2170 : gcc_checking_assert (TREE_CODE (ptr) == SSA_NAME
1555 : && ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] == 0);
1556 :
1557 2170 : if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1558 : return NULL;
1559 2170 : if (chainsi != NULL)
1560 : {
1561 2170 : si = verify_related_strinfos (chainsi);
1562 2170 : if (si)
1563 : {
1564 265 : do
1565 : {
1566 : /* We shouldn't mix delayed and non-delayed lengths. */
1567 265 : gcc_assert (si->full_string_p);
1568 265 : if (si->endptr == NULL_TREE)
1569 : {
1570 221 : si = unshare_strinfo (si);
1571 221 : si->endptr = ptr;
1572 : }
1573 265 : chainsi = si;
1574 265 : si = get_next_strinfo (si);
1575 : }
1576 265 : while (si != NULL);
1577 108 : if (zero_length_string_p (chainsi))
1578 : {
1579 16 : if (chainsi->next)
1580 : {
1581 0 : chainsi = unshare_strinfo (chainsi);
1582 0 : chainsi->next = 0;
1583 : }
1584 16 : ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = chainsi->idx;
1585 16 : return chainsi;
1586 : }
1587 : }
1588 : else
1589 : {
1590 : /* We shouldn't mix delayed and non-delayed lengths. */
1591 2062 : gcc_assert (chainsi->full_string_p);
1592 2062 : if (chainsi->first || chainsi->prev || chainsi->next)
1593 : {
1594 0 : chainsi = unshare_strinfo (chainsi);
1595 0 : chainsi->first = 0;
1596 0 : chainsi->prev = 0;
1597 0 : chainsi->next = 0;
1598 : }
1599 : }
1600 : }
1601 2154 : idx = new_stridx (ptr);
1602 2154 : if (idx == 0)
1603 : return NULL;
1604 2154 : si = new_strinfo (ptr, idx, build_int_cst (size_type_node, 0), true);
1605 2154 : set_strinfo (idx, si);
1606 2154 : si->endptr = ptr;
1607 2154 : if (chainsi != NULL)
1608 : {
1609 2154 : chainsi = unshare_strinfo (chainsi);
1610 2154 : if (chainsi->first == 0)
1611 2062 : chainsi->first = chainsi->idx;
1612 2154 : chainsi->next = idx;
1613 2154 : if (chainsi->endptr == NULL_TREE)
1614 1635 : chainsi->endptr = ptr;
1615 2154 : si->prev = chainsi->idx;
1616 2154 : si->first = chainsi->first;
1617 2154 : si->writable = chainsi->writable;
1618 : }
1619 : return si;
1620 : }
1621 :
1622 : /* For strinfo ORIGSI whose length has been just updated, adjust other
1623 : related strinfos so that they match the new ORIGSI. This involves:
1624 :
1625 : - adding ADJ to the nonzero_chars fields
1626 : - copying full_string_p from the new ORIGSI. */
1627 :
1628 : static void
1629 24825 : adjust_related_strinfos (location_t loc, strinfo *origsi, tree adj)
1630 : {
1631 24825 : strinfo *si = verify_related_strinfos (origsi);
1632 :
1633 24825 : if (si == NULL)
1634 : return;
1635 :
1636 6046 : while (1)
1637 : {
1638 6046 : strinfo *nsi;
1639 :
1640 6046 : if (si != origsi)
1641 : {
1642 4111 : tree tem;
1643 :
1644 4111 : si = unshare_strinfo (si);
1645 : /* We shouldn't see delayed lengths here; the caller must
1646 : have calculated the old length in order to calculate
1647 : the adjustment. */
1648 4111 : gcc_assert (si->nonzero_chars);
1649 4111 : tem = fold_convert_loc (loc, TREE_TYPE (si->nonzero_chars), adj);
1650 4111 : si->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
1651 4111 : TREE_TYPE (si->nonzero_chars),
1652 : si->nonzero_chars, tem);
1653 4111 : si->full_string_p = origsi->full_string_p;
1654 :
1655 4111 : si->endptr = NULL_TREE;
1656 4111 : si->dont_invalidate = true;
1657 : }
1658 6046 : nsi = get_next_strinfo (si);
1659 6046 : if (nsi == NULL)
1660 : return;
1661 : si = nsi;
1662 : }
1663 : }
1664 :
1665 : /* Find if there are other SSA_NAME pointers equal to PTR
1666 : for which we don't track their string lengths yet. If so, use
1667 : IDX for them. */
1668 :
1669 : static void
1670 38007 : find_equal_ptrs (tree ptr, int idx)
1671 : {
1672 38007 : if (TREE_CODE (ptr) != SSA_NAME)
1673 : return;
1674 17776 : while (1)
1675 : {
1676 17776 : gimple *stmt = SSA_NAME_DEF_STMT (ptr);
1677 17776 : if (!is_gimple_assign (stmt))
1678 : return;
1679 9890 : ptr = gimple_assign_rhs1 (stmt);
1680 9890 : switch (gimple_assign_rhs_code (stmt))
1681 : {
1682 : case SSA_NAME:
1683 : break;
1684 695 : CASE_CONVERT:
1685 695 : if (!POINTER_TYPE_P (TREE_TYPE (ptr)))
1686 : return;
1687 0 : if (TREE_CODE (ptr) == SSA_NAME)
1688 : break;
1689 0 : if (TREE_CODE (ptr) != ADDR_EXPR)
1690 : return;
1691 : /* FALLTHRU */
1692 1071 : case ADDR_EXPR:
1693 1071 : {
1694 1071 : int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1695 1071 : if (pidx != NULL && *pidx == 0)
1696 0 : *pidx = idx;
1697 : return;
1698 : }
1699 : default:
1700 : return;
1701 : }
1702 :
1703 : /* We might find an endptr created in this pass. Grow the
1704 : vector in that case. */
1705 0 : if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1706 0 : ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1707 :
1708 0 : if (ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] != 0)
1709 : return;
1710 0 : ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = idx;
1711 0 : }
1712 : }
1713 :
1714 : /* Return true if STMT is a call to a builtin function with the right
1715 : arguments and attributes that should be considered for optimization
1716 : by this pass. */
1717 :
1718 : static bool
1719 4400923 : valid_builtin_call (gimple *stmt)
1720 : {
1721 4400923 : if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
1722 : return false;
1723 :
1724 970981 : tree callee = gimple_call_fndecl (stmt);
1725 970981 : switch (DECL_FUNCTION_CODE (callee))
1726 : {
1727 206064 : case BUILT_IN_MEMCMP:
1728 206064 : case BUILT_IN_MEMCMP_EQ:
1729 206064 : case BUILT_IN_STRCMP:
1730 206064 : case BUILT_IN_STRNCMP:
1731 206064 : case BUILT_IN_STRCHR:
1732 206064 : case BUILT_IN_STRLEN:
1733 206064 : case BUILT_IN_STRNLEN:
1734 : /* The above functions should be pure. Punt if they aren't. */
1735 4048134 : if (gimple_vdef (stmt) || gimple_vuse (stmt) == NULL_TREE)
1736 : return false;
1737 : break;
1738 :
1739 149693 : case BUILT_IN_ALLOCA:
1740 149693 : case BUILT_IN_ALLOCA_WITH_ALIGN:
1741 149693 : case BUILT_IN_CALLOC:
1742 149693 : case BUILT_IN_MALLOC:
1743 149693 : case BUILT_IN_MEMCPY:
1744 149693 : case BUILT_IN_MEMCPY_CHK:
1745 149693 : case BUILT_IN_MEMPCPY:
1746 149693 : case BUILT_IN_MEMPCPY_CHK:
1747 149693 : case BUILT_IN_MEMSET:
1748 149693 : case BUILT_IN_STPCPY:
1749 149693 : case BUILT_IN_STPCPY_CHK:
1750 149693 : case BUILT_IN_STPNCPY:
1751 149693 : case BUILT_IN_STPNCPY_CHK:
1752 149693 : case BUILT_IN_STRCAT:
1753 149693 : case BUILT_IN_STRCAT_CHK:
1754 149693 : case BUILT_IN_STRCPY:
1755 149693 : case BUILT_IN_STRCPY_CHK:
1756 149693 : case BUILT_IN_STRNCAT:
1757 149693 : case BUILT_IN_STRNCAT_CHK:
1758 149693 : case BUILT_IN_STRNCPY:
1759 149693 : case BUILT_IN_STRNCPY_CHK:
1760 : /* The above functions should be neither const nor pure. Punt if they
1761 : aren't. */
1762 3729328 : if (gimple_vdef (stmt) == NULL_TREE || gimple_vuse (stmt) == NULL_TREE)
1763 : return false;
1764 : break;
1765 :
1766 : default:
1767 : break;
1768 : }
1769 :
1770 : return true;
1771 : }
1772 :
1773 : /* If the last .MEM setter statement before STMT is
1774 : memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1775 : and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1776 : just memcpy (x, y, strlen (y)). SI must be the zero length
1777 : strinfo. */
1778 :
1779 : void
1780 9278 : strlen_pass::adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat)
1781 : {
1782 9278 : tree vuse, callee, len;
1783 9278 : struct laststmt_struct last = laststmt;
1784 9278 : strinfo *lastsi, *firstsi;
1785 9278 : unsigned len_arg_no = 2;
1786 :
1787 9278 : laststmt.stmt = NULL;
1788 9278 : laststmt.len = NULL_TREE;
1789 9278 : laststmt.stridx = 0;
1790 :
1791 9278 : if (last.stmt == NULL)
1792 9073 : return;
1793 :
1794 12226 : vuse = gimple_vuse (stmt);
1795 3153 : if (vuse == NULL_TREE
1796 3153 : || SSA_NAME_DEF_STMT (vuse) != last.stmt
1797 3987 : || !has_single_use (vuse))
1798 : return;
1799 :
1800 422 : gcc_assert (last.stridx > 0);
1801 422 : lastsi = get_strinfo (last.stridx);
1802 422 : if (lastsi == NULL)
1803 : return;
1804 :
1805 422 : if (lastsi != si)
1806 : {
1807 328 : if (lastsi->first == 0 || lastsi->first != si->first)
1808 : return;
1809 :
1810 307 : firstsi = verify_related_strinfos (si);
1811 307 : if (firstsi == NULL)
1812 : return;
1813 483 : while (firstsi != lastsi)
1814 : {
1815 176 : firstsi = get_next_strinfo (firstsi);
1816 176 : if (firstsi == NULL)
1817 : return;
1818 : }
1819 : }
1820 :
1821 401 : if (!is_strcat && !zero_length_string_p (si))
1822 : return;
1823 :
1824 320 : if (is_gimple_assign (last.stmt))
1825 : {
1826 29 : gimple_stmt_iterator gsi;
1827 :
1828 29 : if (!integer_zerop (gimple_assign_rhs1 (last.stmt)))
1829 : return;
1830 16 : if (stmt_could_throw_p (cfun, last.stmt))
1831 : return;
1832 16 : gsi = gsi_for_stmt (last.stmt);
1833 16 : unlink_stmt_vdef (last.stmt);
1834 16 : release_defs (last.stmt);
1835 16 : gsi_remove (&gsi, true);
1836 16 : return;
1837 : }
1838 :
1839 291 : if (!valid_builtin_call (last.stmt))
1840 : return;
1841 :
1842 291 : callee = gimple_call_fndecl (last.stmt);
1843 291 : switch (DECL_FUNCTION_CODE (callee))
1844 : {
1845 291 : case BUILT_IN_MEMCPY:
1846 291 : case BUILT_IN_MEMCPY_CHK:
1847 291 : break;
1848 : default:
1849 : return;
1850 : }
1851 :
1852 291 : len = gimple_call_arg (last.stmt, len_arg_no);
1853 291 : if (tree_fits_uhwi_p (len))
1854 : {
1855 214 : if (!tree_fits_uhwi_p (last.len)
1856 214 : || integer_zerop (len)
1857 428 : || tree_to_uhwi (len) != tree_to_uhwi (last.len) + 1)
1858 86 : return;
1859 : /* Don't adjust the length if it is divisible by 4, it is more efficient
1860 : to store the extra '\0' in that case. */
1861 214 : if ((tree_to_uhwi (len) & 3) == 0)
1862 : return;
1863 :
1864 : /* Don't fold away an out of bounds access, as this defeats proper
1865 : warnings. */
1866 139 : tree dst = gimple_call_arg (last.stmt, 0);
1867 :
1868 139 : access_ref aref;
1869 139 : tree size = compute_objsize (dst, stmt, 1, &aref, &ptr_qry);
1870 139 : if (size && tree_int_cst_lt (size, len))
1871 : return;
1872 : }
1873 77 : else if (TREE_CODE (len) == SSA_NAME)
1874 : {
1875 77 : gimple *def_stmt = SSA_NAME_DEF_STMT (len);
1876 77 : if (!is_gimple_assign (def_stmt)
1877 77 : || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
1878 77 : || gimple_assign_rhs1 (def_stmt) != last.len
1879 154 : || !integer_onep (gimple_assign_rhs2 (def_stmt)))
1880 0 : return;
1881 : }
1882 : else
1883 : return;
1884 :
1885 205 : gimple_call_set_arg (last.stmt, len_arg_no, last.len);
1886 205 : update_stmt (last.stmt);
1887 : }
1888 :
1889 : /* For an LHS that is an SSA_NAME that is the result of a strlen()
1890 : call, or when BOUND is non-null, of a strnlen() call, set LHS
1891 : range info to [0, min (MAX, BOUND)] when the range includes more
1892 : than one value and return LHS. Otherwise, when the range
1893 : [MIN, MAX] is such that MIN == MAX, return the tree representation
1894 : of (MIN). The latter allows callers to fold suitable strnlen() calls
1895 : to constants. */
1896 :
1897 : tree
1898 150486 : set_strlen_range (tree lhs, wide_int min, wide_int max,
1899 : tree bound /* = NULL_TREE */)
1900 : {
1901 150486 : if (TREE_CODE (lhs) != SSA_NAME
1902 150486 : || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1903 : return NULL_TREE;
1904 :
1905 146644 : if (bound)
1906 : {
1907 : /* For strnlen, adjust MIN and MAX as necessary. If the bound
1908 : is less than the size of the array set MAX to it. It it's
1909 : greater than MAX and MAX is non-zero bump MAX down to account
1910 : for the necessary terminating nul. Otherwise leave it alone. */
1911 511 : if (TREE_CODE (bound) == INTEGER_CST)
1912 : {
1913 330 : wide_int wibnd = wi::to_wide (bound);
1914 330 : int cmp = wi::cmpu (wibnd, max);
1915 330 : if (cmp < 0)
1916 260 : max = wibnd;
1917 124 : else if (cmp && wi::ne_p (max, min))
1918 54 : --max;
1919 330 : }
1920 181 : else if (TREE_CODE (bound) == SSA_NAME)
1921 : {
1922 181 : int_range_max r;
1923 362 : get_range_query (cfun)->range_of_expr (r, bound);
1924 181 : if (!r.undefined_p ())
1925 : {
1926 : /* For a bound in a known range, adjust the range determined
1927 : above as necessary. For a bound in some anti-range or
1928 : in an unknown range, use the range determined by callers. */
1929 181 : if (wi::ltu_p (r.lower_bound (), min))
1930 0 : min = r.lower_bound ();
1931 181 : if (wi::ltu_p (r.upper_bound (), max))
1932 30 : max = r.upper_bound ();
1933 : }
1934 181 : }
1935 : }
1936 :
1937 146644 : if (min == max)
1938 14 : return wide_int_to_tree (size_type_node, min);
1939 :
1940 146630 : int_range_max vr (TREE_TYPE (lhs), min, max);
1941 146630 : set_range_info (lhs, vr);
1942 146630 : return lhs;
1943 146630 : }
1944 :
1945 : /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1946 : SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1947 : a character array A[N] with unknown length bounded by N, and for
1948 : strnlen(), by min (N, BOUND). */
1949 :
1950 : static tree
1951 11687 : maybe_set_strlen_range (tree lhs, tree src, tree bound)
1952 : {
1953 11687 : if (TREE_CODE (lhs) != SSA_NAME
1954 11687 : || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1955 : return NULL_TREE;
1956 :
1957 11687 : if (TREE_CODE (src) == SSA_NAME)
1958 : {
1959 8472 : gimple *def = SSA_NAME_DEF_STMT (src);
1960 8472 : if (is_gimple_assign (def)
1961 8472 : && gimple_assign_rhs_code (def) == ADDR_EXPR)
1962 130 : src = gimple_assign_rhs1 (def);
1963 : }
1964 :
1965 : /* The longest string is PTRDIFF_MAX - 1 bytes including the final
1966 : NUL so that the difference between a pointer to just past it and
1967 : one to its beginning is positive. */
1968 11687 : wide_int max = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
1969 :
1970 11687 : if (TREE_CODE (src) == ADDR_EXPR)
1971 : {
1972 : /* The last array member of a struct can be bigger than its size
1973 : suggests if it's treated as a poor-man's flexible array member. */
1974 3345 : src = TREE_OPERAND (src, 0);
1975 3345 : if (TREE_CODE (src) != MEM_REF
1976 3345 : && !array_ref_flexible_size_p (src))
1977 : {
1978 2310 : tree type = TREE_TYPE (src);
1979 2310 : tree size = TYPE_SIZE_UNIT (type);
1980 2310 : if (size
1981 2257 : && TREE_CODE (size) == INTEGER_CST
1982 4567 : && !integer_zerop (size))
1983 : {
1984 : /* Even though such uses of strlen would be undefined,
1985 : avoid relying on arrays of arrays in case some genius
1986 : decides to call strlen on an unterminated array element
1987 : that's followed by a terminated one. Likewise, avoid
1988 : assuming that a struct array member is necessarily
1989 : nul-terminated (the nul may be in the member that
1990 : follows). In those cases, assume that the length
1991 : of the string stored in such an array is bounded
1992 : by the size of the enclosing object if one can be
1993 : determined. */
1994 2251 : tree base = get_base_address (src);
1995 2251 : if (VAR_P (base))
1996 : {
1997 2188 : if (tree size = DECL_SIZE_UNIT (base))
1998 2188 : if (size
1999 2188 : && TREE_CODE (size) == INTEGER_CST
2000 2188 : && !POINTER_TYPE_P (TREE_TYPE (base)))
2001 2188 : max = wi::to_wide (size);
2002 : }
2003 : }
2004 :
2005 : /* For strlen() the upper bound above is equal to
2006 : the longest string that can be stored in the array
2007 : (i.e., it accounts for the terminating nul. For
2008 : strnlen() bump up the maximum by one since the array
2009 : need not be nul-terminated. */
2010 2310 : if (!bound && max != 0)
2011 2114 : --max;
2012 : }
2013 : }
2014 :
2015 11687 : wide_int min = wi::zero (max.get_precision ());
2016 11687 : return set_strlen_range (lhs, min, max, bound);
2017 11687 : }
2018 :
2019 : /* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes,
2020 : either into a region allocated for the object SI when non-null,
2021 : or into an object designated by the LHS of STMT otherwise.
2022 : For a call STMT, when CALL_LHS is set use its left hand side
2023 : as the destination, otherwise use argument zero.
2024 : When nonnull uses RVALS to determine range information.
2025 : RAWMEM may be set by memcpy and other raw memory functions
2026 : to allow accesses across subobject boundaries. */
2027 :
2028 : void
2029 386044 : strlen_pass::maybe_warn_overflow (gimple *stmt, bool call_lhs, tree len,
2030 : strinfo *si, bool plus_one, bool rawmem)
2031 : {
2032 386044 : if (!len || warning_suppressed_p (stmt, OPT_Wstringop_overflow_))
2033 385194 : return;
2034 :
2035 : /* The DECL of the function performing the write if it is done
2036 : by one. */
2037 384740 : tree writefn = NULL_TREE;
2038 : /* The destination expression involved in the store or call STMT. */
2039 384740 : tree dest = NULL_TREE;
2040 :
2041 384740 : if (is_gimple_assign (stmt))
2042 334084 : dest = gimple_assign_lhs (stmt);
2043 50656 : else if (is_gimple_call (stmt))
2044 : {
2045 50656 : if (call_lhs)
2046 31424 : dest = gimple_call_lhs (stmt);
2047 : else
2048 : {
2049 19232 : gcc_assert (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL));
2050 19232 : dest = gimple_call_arg (stmt, 0);
2051 : }
2052 :
2053 50656 : if (!dest)
2054 : return;
2055 50656 : writefn = gimple_call_fndecl (stmt);
2056 : }
2057 : else
2058 : return;
2059 :
2060 384740 : if (warning_suppressed_p (dest, OPT_Wstringop_overflow_))
2061 : return;
2062 :
2063 384568 : const int ostype = rawmem ? 0 : 1;
2064 :
2065 : /* Use maximum precision to avoid overflow in the addition below.
2066 : Make sure all operands have the same precision to keep wide_int
2067 : from ICE'ing. */
2068 :
2069 384568 : access_ref aref;
2070 : /* The size of the destination region (which is smaller than
2071 : the destination object for stores at a non-zero offset). */
2072 384568 : tree destsize = compute_objsize (dest, stmt, ostype, &aref, &ptr_qry);
2073 :
2074 384568 : if (!destsize)
2075 : {
2076 3 : aref.sizrng[0] = 0;
2077 3 : aref.sizrng[1] = wi::to_offset (max_object_size ());
2078 : }
2079 :
2080 : /* Return early if the DESTSIZE size expression is the same as LEN
2081 : and the offset into the destination is zero. This might happen
2082 : in the case of a pair of malloc and memset calls to allocate
2083 : an object and clear it as if by calloc. */
2084 384568 : if (destsize == len && !plus_one
2085 384876 : && aref.offrng[0] == 0 && aref.offrng[0] == aref.offrng[1])
2086 308 : return;
2087 :
2088 1921300 : wide_int rng[2];
2089 384260 : if (!get_range (len, stmt, rng, ptr_qry.rvals))
2090 1150230 : return;
2091 :
2092 383252 : widest_int lenrng[2] =
2093 1149756 : { widest_int::from (rng[0], SIGNED), widest_int::from (rng[1], SIGNED) };
2094 :
2095 383252 : if (plus_one)
2096 : {
2097 1630 : lenrng[0] += 1;
2098 1630 : lenrng[1] += 1;
2099 : }
2100 :
2101 : /* The size of the remaining space in the destination computed
2102 : as the size of the latter minus the offset into it. */
2103 1916260 : widest_int spcrng[2];
2104 : {
2105 383252 : offset_int remrng[2];
2106 383252 : remrng[1] = aref.size_remaining (remrng);
2107 1145181 : spcrng[0] = remrng[0] == -1 ? 0 : widest_int::from (remrng[0], UNSIGNED);
2108 383252 : spcrng[1] = widest_int::from (remrng[1], UNSIGNED);
2109 : }
2110 :
2111 383252 : if (wi::leu_p (lenrng[0], spcrng[0])
2112 649209 : && wi::leu_p (lenrng[1], spcrng[1]))
2113 1147206 : return;
2114 :
2115 119614 : location_t loc = gimple_or_expr_nonartificial_location (stmt, dest);
2116 119614 : bool warned = false;
2117 119614 : if (wi::leu_p (lenrng[0], spcrng[1]))
2118 : {
2119 118445 : if (len != destsize
2120 118445 : && (!si || rawmem || !is_strlen_related_p (si->ptr, len)))
2121 118439 : return;
2122 :
2123 12 : warned = (writefn
2124 6 : ? warning_at (loc, OPT_Wstringop_overflow_,
2125 : "%qD writing one too many bytes into a region "
2126 : "of a size that depends on %<strlen%>",
2127 : writefn)
2128 6 : : warning_at (loc, OPT_Wstringop_overflow_,
2129 : "writing one too many bytes into a region "
2130 : "of a size that depends on %<strlen%>"));
2131 : }
2132 1169 : else if (lenrng[0] == lenrng[1])
2133 : {
2134 1167 : if (spcrng[0] == spcrng[1])
2135 1073 : warned = (writefn
2136 1304 : ? warning_n (loc, OPT_Wstringop_overflow_,
2137 : lenrng[0].to_uhwi (),
2138 : "%qD writing %wu byte into a region "
2139 : "of size %wu",
2140 : "%qD writing %wu bytes into a region "
2141 : "of size %wu",
2142 : writefn, lenrng[0].to_uhwi (),
2143 : spcrng[0].to_uhwi ())
2144 1073 : : warning_n (loc, OPT_Wstringop_overflow_,
2145 : lenrng[0].to_uhwi (),
2146 : "writing %wu byte into a region "
2147 : "of size %wu",
2148 : "writing %wu bytes into a region "
2149 : "of size %wu",
2150 : lenrng[0].to_uhwi (),
2151 : spcrng[0].to_uhwi ()));
2152 : else
2153 94 : warned = (writefn
2154 185 : ? warning_n (loc, OPT_Wstringop_overflow_,
2155 : lenrng[0].to_uhwi (),
2156 : "%qD writing %wu byte into a region "
2157 : "of size between %wu and %wu",
2158 : "%qD writing %wu bytes into a region "
2159 : "of size between %wu and %wu",
2160 : writefn, lenrng[0].to_uhwi (),
2161 : spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2162 94 : : warning_n (loc, OPT_Wstringop_overflow_,
2163 : lenrng[0].to_uhwi (),
2164 : "writing %wu byte into a region "
2165 : "of size between %wu and %wu",
2166 : "writing %wu bytes into a region "
2167 : "of size between %wu and %wu",
2168 : lenrng[0].to_uhwi (),
2169 : spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2170 : }
2171 2 : else if (spcrng[0] == spcrng[1])
2172 2 : warned = (writefn
2173 4 : ? warning_at (loc, OPT_Wstringop_overflow_,
2174 : "%qD writing between %wu and %wu bytes "
2175 : "into a region of size %wu",
2176 : writefn, lenrng[0].to_uhwi (),
2177 : lenrng[1].to_uhwi (),
2178 : spcrng[0].to_uhwi ())
2179 2 : : warning_at (loc, OPT_Wstringop_overflow_,
2180 : "writing between %wu and %wu bytes "
2181 : "into a region of size %wu",
2182 : lenrng[0].to_uhwi (),
2183 : lenrng[1].to_uhwi (),
2184 : spcrng[0].to_uhwi ()));
2185 : else
2186 0 : warned = (writefn
2187 0 : ? warning_at (loc, OPT_Wstringop_overflow_,
2188 : "%qD writing between %wu and %wu bytes "
2189 : "into a region of size between %wu and %wu",
2190 : writefn, lenrng[0].to_uhwi (),
2191 : lenrng[1].to_uhwi (),
2192 : spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2193 0 : : warning_at (loc, OPT_Wstringop_overflow_,
2194 : "writing between %wu and %wu bytes "
2195 : "into a region of size between %wu and %wu",
2196 : lenrng[0].to_uhwi (),
2197 : lenrng[1].to_uhwi (),
2198 : spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2199 :
2200 1175 : if (!warned)
2201 : return;
2202 :
2203 850 : suppress_warning (stmt, OPT_Wstringop_overflow_);
2204 :
2205 850 : aref.inform_access (access_write_only);
2206 3452292 : }
2207 :
2208 : /* Convenience wrapper for the above. */
2209 :
2210 : void
2211 365633 : strlen_pass::maybe_warn_overflow (gimple *stmt, bool call_lhs,
2212 : unsigned HOST_WIDE_INT len,
2213 : strinfo *si, bool plus_one, bool rawmem)
2214 : {
2215 365633 : tree tlen = build_int_cst (size_type_node, len);
2216 365633 : maybe_warn_overflow (stmt, call_lhs, tlen, si, plus_one, rawmem);
2217 365633 : }
2218 :
2219 : /* Handle a strlen call. If strlen of the argument is known, replace
2220 : the strlen call with the known value, otherwise remember that strlen
2221 : of the argument is stored in the lhs SSA_NAME. */
2222 :
2223 : void
2224 13714 : strlen_pass::handle_builtin_strlen ()
2225 : {
2226 13714 : gimple *stmt = gsi_stmt (m_gsi);
2227 13714 : tree lhs = gimple_call_lhs (stmt);
2228 :
2229 13714 : if (lhs == NULL_TREE)
2230 2002 : return;
2231 :
2232 13714 : location_t loc = gimple_location (stmt);
2233 13714 : tree callee = gimple_call_fndecl (stmt);
2234 13714 : tree src = gimple_call_arg (stmt, 0);
2235 13714 : tree bound = (DECL_FUNCTION_CODE (callee) == BUILT_IN_STRNLEN
2236 13714 : ? gimple_call_arg (stmt, 1) : NULL_TREE);
2237 13714 : int idx = get_stridx (src, stmt);
2238 13714 : if (idx || (bound && integer_zerop (bound)))
2239 : {
2240 3870 : strinfo *si = NULL;
2241 3870 : tree rhs;
2242 :
2243 3870 : if (idx < 0)
2244 285 : rhs = build_int_cst (TREE_TYPE (lhs), ~idx);
2245 3585 : else if (idx == 0)
2246 : rhs = bound;
2247 : else
2248 : {
2249 3555 : rhs = NULL_TREE;
2250 3555 : si = get_strinfo (idx);
2251 3555 : if (si != NULL)
2252 : {
2253 1687 : rhs = get_string_length (si);
2254 : /* For strnlen, if bound is constant, even if si is not known
2255 : to be zero terminated, if we know at least bound bytes are
2256 : not zero, the return value will be bound. */
2257 1687 : if (rhs == NULL_TREE
2258 1687 : && bound != NULL_TREE
2259 18 : && TREE_CODE (bound) == INTEGER_CST
2260 16 : && si->nonzero_chars != NULL_TREE
2261 16 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST
2262 1703 : && tree_int_cst_le (bound, si->nonzero_chars))
2263 : rhs = bound;
2264 : }
2265 : }
2266 2002 : if (rhs != NULL_TREE)
2267 : {
2268 1839 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2269 : {
2270 0 : fprintf (dump_file, "Optimizing: ");
2271 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2272 : }
2273 1839 : rhs = unshare_expr (rhs);
2274 1839 : if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
2275 0 : rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2276 :
2277 1839 : if (bound)
2278 333 : rhs = fold_build2_loc (loc, MIN_EXPR, TREE_TYPE (rhs), rhs, bound);
2279 :
2280 1839 : gimplify_and_update_call_from_tree (&m_gsi, rhs);
2281 1839 : stmt = gsi_stmt (m_gsi);
2282 1839 : update_stmt (stmt);
2283 1839 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2284 : {
2285 0 : fprintf (dump_file, "into: ");
2286 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2287 : }
2288 :
2289 1839 : if (si != NULL
2290 : /* Don't update anything for strnlen. */
2291 1839 : && bound == NULL_TREE
2292 1494 : && TREE_CODE (si->nonzero_chars) != SSA_NAME
2293 883 : && TREE_CODE (si->nonzero_chars) != INTEGER_CST
2294 1904 : && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2295 : {
2296 65 : si = unshare_strinfo (si);
2297 65 : si->nonzero_chars = lhs;
2298 65 : gcc_assert (si->full_string_p);
2299 : }
2300 :
2301 1839 : if (strlen_to_stridx
2302 1839 : && (bound == NULL_TREE
2303 : /* For strnlen record this only if the call is proven
2304 : to return the same value as strlen would. */
2305 333 : || (TREE_CODE (bound) == INTEGER_CST
2306 237 : && TREE_CODE (rhs) == INTEGER_CST
2307 237 : && tree_int_cst_lt (rhs, bound))))
2308 1655 : strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2309 :
2310 1839 : return;
2311 : }
2312 : }
2313 11875 : if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2314 : return;
2315 :
2316 11875 : if (idx == 0)
2317 9844 : idx = new_stridx (src);
2318 : else
2319 : {
2320 2031 : strinfo *si = get_strinfo (idx);
2321 2031 : if (si != NULL)
2322 : {
2323 163 : if (!si->full_string_p && !si->stmt)
2324 : {
2325 : /* Until now we only had a lower bound on the string length.
2326 : Install LHS as the actual length. */
2327 161 : si = unshare_strinfo (si);
2328 161 : tree old = si->nonzero_chars;
2329 161 : si->nonzero_chars = lhs;
2330 161 : si->full_string_p = true;
2331 161 : if (old && TREE_CODE (old) == INTEGER_CST)
2332 : {
2333 158 : old = fold_convert_loc (loc, TREE_TYPE (lhs), old);
2334 158 : tree adj = fold_build2_loc (loc, MINUS_EXPR,
2335 158 : TREE_TYPE (lhs), lhs, old);
2336 158 : adjust_related_strinfos (loc, si, adj);
2337 : /* Use the constant minimum length as the lower bound
2338 : of the non-constant length. */
2339 158 : wide_int min = wi::to_wide (old);
2340 158 : wide_int max
2341 158 : = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
2342 158 : if (wi::gtu_p (min, max))
2343 1 : max = wi::to_wide (TYPE_MAX_VALUE (TREE_TYPE (lhs)));
2344 158 : set_strlen_range (lhs, min, max);
2345 158 : }
2346 : else
2347 : {
2348 3 : si->first = 0;
2349 3 : si->prev = 0;
2350 3 : si->next = 0;
2351 : }
2352 : }
2353 163 : return;
2354 : }
2355 : }
2356 11712 : if (idx)
2357 : {
2358 11687 : if (!bound)
2359 : {
2360 : /* Only store the new length information for calls to strlen(),
2361 : not for those to strnlen(). */
2362 11176 : strinfo *si = new_strinfo (src, idx, lhs, true);
2363 11176 : set_strinfo (idx, si);
2364 11176 : find_equal_ptrs (src, idx);
2365 : }
2366 :
2367 : /* For SRC that is an array of N elements, set LHS's range
2368 : to [0, min (N, BOUND)]. A constant return value means
2369 : the range would have consisted of a single value. In
2370 : that case, fold the result into the returned constant. */
2371 11687 : if (tree ret = maybe_set_strlen_range (lhs, src, bound))
2372 11687 : if (TREE_CODE (ret) == INTEGER_CST)
2373 : {
2374 13 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2375 : {
2376 0 : fprintf (dump_file, "Optimizing: ");
2377 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2378 : }
2379 13 : if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (ret)))
2380 0 : ret = fold_convert_loc (loc, TREE_TYPE (lhs), ret);
2381 13 : gimplify_and_update_call_from_tree (&m_gsi, ret);
2382 13 : stmt = gsi_stmt (m_gsi);
2383 13 : update_stmt (stmt);
2384 13 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2385 : {
2386 0 : fprintf (dump_file, "into: ");
2387 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2388 : }
2389 : }
2390 :
2391 11687 : if (strlen_to_stridx && !bound)
2392 11174 : strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2393 : }
2394 : }
2395 :
2396 : /* Handle a strchr call. If strlen of the first argument is known, replace
2397 : the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
2398 : that lhs of the call is endptr and strlen of the argument is endptr - x. */
2399 :
2400 : void
2401 487 : strlen_pass::handle_builtin_strchr ()
2402 : {
2403 487 : gimple *stmt = gsi_stmt (m_gsi);
2404 487 : tree lhs = gimple_call_lhs (stmt);
2405 :
2406 487 : if (lhs == NULL_TREE)
2407 : return;
2408 :
2409 487 : if (!integer_zerop (gimple_call_arg (stmt, 1)))
2410 : return;
2411 :
2412 0 : tree src = gimple_call_arg (stmt, 0);
2413 :
2414 : /* Avoid folding if the first argument is not a nul-terminated array.
2415 : Defer warning until later. */
2416 0 : if (!check_nul_terminated_array (NULL_TREE, src))
2417 : return;
2418 :
2419 0 : int idx = get_stridx (src, stmt);
2420 0 : if (idx)
2421 : {
2422 0 : strinfo *si = NULL;
2423 0 : tree rhs;
2424 :
2425 0 : if (idx < 0)
2426 0 : rhs = build_int_cst (size_type_node, ~idx);
2427 : else
2428 : {
2429 0 : rhs = NULL_TREE;
2430 0 : si = get_strinfo (idx);
2431 0 : if (si != NULL)
2432 0 : rhs = get_string_length (si);
2433 : }
2434 0 : if (rhs != NULL_TREE)
2435 : {
2436 0 : location_t loc = gimple_location (stmt);
2437 :
2438 0 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2439 : {
2440 0 : fprintf (dump_file, "Optimizing: ");
2441 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2442 : }
2443 0 : if (si != NULL && si->endptr != NULL_TREE)
2444 : {
2445 0 : rhs = unshare_expr (si->endptr);
2446 0 : if (!useless_type_conversion_p (TREE_TYPE (lhs),
2447 0 : TREE_TYPE (rhs)))
2448 0 : rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2449 : }
2450 : else
2451 : {
2452 0 : rhs = fold_convert_loc (loc, sizetype, unshare_expr (rhs));
2453 0 : rhs = fold_build2_loc (loc, POINTER_PLUS_EXPR,
2454 0 : TREE_TYPE (src), src, rhs);
2455 0 : if (!useless_type_conversion_p (TREE_TYPE (lhs),
2456 0 : TREE_TYPE (rhs)))
2457 0 : rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2458 : }
2459 0 : gimplify_and_update_call_from_tree (&m_gsi, rhs);
2460 0 : stmt = gsi_stmt (m_gsi);
2461 0 : update_stmt (stmt);
2462 0 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2463 : {
2464 0 : fprintf (dump_file, "into: ");
2465 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2466 : }
2467 0 : if (si != NULL
2468 0 : && si->endptr == NULL_TREE
2469 0 : && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2470 : {
2471 0 : si = unshare_strinfo (si);
2472 0 : si->endptr = lhs;
2473 : }
2474 0 : zero_length_string (lhs, si);
2475 0 : return;
2476 : }
2477 : }
2478 0 : if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2479 : return;
2480 0 : if (TREE_CODE (src) != SSA_NAME || !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src))
2481 : {
2482 0 : if (idx == 0)
2483 0 : idx = new_stridx (src);
2484 0 : else if (get_strinfo (idx) != NULL)
2485 : {
2486 0 : zero_length_string (lhs, NULL);
2487 0 : return;
2488 : }
2489 0 : if (idx)
2490 : {
2491 0 : location_t loc = gimple_location (stmt);
2492 0 : tree lhsu = fold_convert_loc (loc, size_type_node, lhs);
2493 0 : tree srcu = fold_convert_loc (loc, size_type_node, src);
2494 0 : tree length = fold_build2_loc (loc, MINUS_EXPR,
2495 : size_type_node, lhsu, srcu);
2496 0 : strinfo *si = new_strinfo (src, idx, length, true);
2497 0 : si->endptr = lhs;
2498 0 : set_strinfo (idx, si);
2499 0 : find_equal_ptrs (src, idx);
2500 0 : zero_length_string (lhs, si);
2501 : }
2502 : }
2503 : else
2504 0 : zero_length_string (lhs, NULL);
2505 : }
2506 :
2507 : /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
2508 : If strlen of the second argument is known, strlen of the first argument
2509 : is the same after this call. Furthermore, attempt to convert it to
2510 : memcpy. Uses RVALS to determine range information. */
2511 :
2512 : void
2513 2809 : strlen_pass::handle_builtin_strcpy (built_in_function bcode)
2514 : {
2515 2809 : int idx, didx;
2516 2809 : tree src, dst, srclen, len, lhs, type, fn, oldlen;
2517 2809 : bool success;
2518 2809 : gimple *stmt = gsi_stmt (m_gsi);
2519 2809 : strinfo *si, *dsi, *olddsi, *zsi;
2520 2809 : location_t loc;
2521 :
2522 2809 : src = gimple_call_arg (stmt, 1);
2523 2809 : dst = gimple_call_arg (stmt, 0);
2524 2809 : lhs = gimple_call_lhs (stmt);
2525 2809 : idx = get_stridx (src, stmt);
2526 2809 : si = NULL;
2527 2809 : if (idx > 0)
2528 1707 : si = get_strinfo (idx);
2529 :
2530 2809 : didx = get_stridx (dst, stmt);
2531 2809 : olddsi = NULL;
2532 2809 : oldlen = NULL_TREE;
2533 2809 : if (didx > 0)
2534 1300 : olddsi = get_strinfo (didx);
2535 1509 : else if (didx < 0)
2536 : return;
2537 :
2538 1300 : if (olddsi != NULL)
2539 480 : adjust_last_stmt (olddsi, stmt, false);
2540 :
2541 2809 : srclen = NULL_TREE;
2542 2809 : if (si != NULL)
2543 1621 : srclen = get_string_length (si);
2544 1188 : else if (idx < 0)
2545 9 : srclen = build_int_cst (size_type_node, ~idx);
2546 :
2547 2809 : maybe_warn_overflow (stmt, false, srclen, olddsi, true);
2548 :
2549 2809 : if (olddsi != NULL)
2550 480 : adjust_last_stmt (olddsi, stmt, false);
2551 :
2552 2809 : loc = gimple_location (stmt);
2553 2809 : if (srclen == NULL_TREE)
2554 1179 : switch (bcode)
2555 : {
2556 866 : case BUILT_IN_STRCPY:
2557 866 : case BUILT_IN_STRCPY_CHK:
2558 866 : if (lhs != NULL_TREE || !builtin_decl_implicit_p (BUILT_IN_STPCPY))
2559 : return;
2560 : break;
2561 313 : case BUILT_IN_STPCPY:
2562 313 : case BUILT_IN_STPCPY_CHK:
2563 313 : if (lhs == NULL_TREE)
2564 : return;
2565 : else
2566 : {
2567 313 : tree lhsuint = fold_convert_loc (loc, size_type_node, lhs);
2568 313 : srclen = fold_convert_loc (loc, size_type_node, dst);
2569 313 : srclen = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
2570 : lhsuint, srclen);
2571 : }
2572 313 : break;
2573 0 : default:
2574 0 : gcc_unreachable ();
2575 : }
2576 :
2577 2223 : if (didx == 0)
2578 : {
2579 1109 : didx = new_stridx (dst);
2580 1109 : if (didx == 0)
2581 : return;
2582 : }
2583 2221 : if (olddsi != NULL)
2584 : {
2585 464 : oldlen = olddsi->nonzero_chars;
2586 464 : dsi = unshare_strinfo (olddsi);
2587 464 : dsi->nonzero_chars = srclen;
2588 464 : dsi->full_string_p = (srclen != NULL_TREE);
2589 : /* Break the chain, so adjust_related_strinfo on later pointers in
2590 : the chain won't adjust this one anymore. */
2591 464 : dsi->next = 0;
2592 464 : dsi->stmt = NULL;
2593 464 : dsi->endptr = NULL_TREE;
2594 : }
2595 : else
2596 : {
2597 1757 : dsi = new_strinfo (dst, didx, srclen, srclen != NULL_TREE);
2598 1757 : set_strinfo (didx, dsi);
2599 1757 : find_equal_ptrs (dst, didx);
2600 : }
2601 2221 : dsi->writable = true;
2602 2221 : dsi->dont_invalidate = true;
2603 :
2604 2221 : if (dsi->nonzero_chars == NULL_TREE)
2605 : {
2606 280 : strinfo *chainsi;
2607 :
2608 : /* If string length of src is unknown, use delayed length
2609 : computation. If string length of dst will be needed, it
2610 : can be computed by transforming this strcpy call into
2611 : stpcpy and subtracting dst from the return value. */
2612 :
2613 : /* Look for earlier strings whose length could be determined if
2614 : this strcpy is turned into an stpcpy. */
2615 :
2616 280 : if (dsi->prev != 0 && (chainsi = verify_related_strinfos (dsi)) != NULL)
2617 : {
2618 5 : for (; chainsi && chainsi != dsi; chainsi = get_strinfo (chainsi->next))
2619 : {
2620 : /* When setting a stmt for delayed length computation
2621 : prevent all strinfos through dsi from being
2622 : invalidated. */
2623 3 : chainsi = unshare_strinfo (chainsi);
2624 3 : chainsi->stmt = stmt;
2625 3 : chainsi->nonzero_chars = NULL_TREE;
2626 3 : chainsi->full_string_p = false;
2627 3 : chainsi->endptr = NULL_TREE;
2628 3 : chainsi->dont_invalidate = true;
2629 : }
2630 : }
2631 280 : dsi->stmt = stmt;
2632 :
2633 : /* Try to detect overlap before returning. This catches cases
2634 : like strcpy (d, d + n) where n is non-constant whose range
2635 : is such that (n <= strlen (d) holds).
2636 :
2637 : OLDDSI->NONZERO_chars may have been reset by this point with
2638 : oldlen holding it original value. */
2639 280 : if (olddsi && oldlen)
2640 : {
2641 : /* Add 1 for the terminating NUL. */
2642 111 : tree type = TREE_TYPE (oldlen);
2643 111 : oldlen = fold_build2 (PLUS_EXPR, type, oldlen,
2644 : build_int_cst (type, 1));
2645 111 : check_bounds_or_overlap (stmt, olddsi->ptr, src, oldlen, NULL_TREE);
2646 : }
2647 :
2648 280 : return;
2649 : }
2650 :
2651 1941 : if (olddsi != NULL)
2652 : {
2653 353 : tree adj = NULL_TREE;
2654 353 : if (oldlen == NULL_TREE)
2655 : ;
2656 74 : else if (integer_zerop (oldlen))
2657 : adj = srclen;
2658 61 : else if (TREE_CODE (oldlen) == INTEGER_CST
2659 3 : || TREE_CODE (srclen) == INTEGER_CST)
2660 116 : adj = fold_build2_loc (loc, MINUS_EXPR,
2661 58 : TREE_TYPE (srclen), srclen,
2662 58 : fold_convert_loc (loc, TREE_TYPE (srclen),
2663 : oldlen));
2664 71 : if (adj != NULL_TREE)
2665 71 : adjust_related_strinfos (loc, dsi, adj);
2666 : else
2667 282 : dsi->prev = 0;
2668 : }
2669 : /* strcpy src may not overlap dst, so src doesn't need to be
2670 : invalidated either. */
2671 1941 : if (si != NULL)
2672 1621 : si->dont_invalidate = true;
2673 :
2674 1941 : fn = NULL_TREE;
2675 1941 : zsi = NULL;
2676 1941 : switch (bcode)
2677 : {
2678 1525 : case BUILT_IN_STRCPY:
2679 1525 : fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
2680 1525 : if (lhs)
2681 95 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2682 : break;
2683 1 : case BUILT_IN_STRCPY_CHK:
2684 1 : fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
2685 1 : if (lhs)
2686 0 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2687 : break;
2688 343 : case BUILT_IN_STPCPY:
2689 : /* This would need adjustment of the lhs (subtract one),
2690 : or detection that the trailing '\0' doesn't need to be
2691 : written, if it will be immediately overwritten.
2692 : fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
2693 343 : if (lhs)
2694 : {
2695 343 : dsi->endptr = lhs;
2696 343 : zsi = zero_length_string (lhs, dsi);
2697 : }
2698 : break;
2699 72 : case BUILT_IN_STPCPY_CHK:
2700 : /* This would need adjustment of the lhs (subtract one),
2701 : or detection that the trailing '\0' doesn't need to be
2702 : written, if it will be immediately overwritten.
2703 : fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
2704 72 : if (lhs)
2705 : {
2706 72 : dsi->endptr = lhs;
2707 72 : zsi = zero_length_string (lhs, dsi);
2708 : }
2709 : break;
2710 0 : default:
2711 0 : gcc_unreachable ();
2712 : }
2713 510 : if (zsi != NULL)
2714 415 : zsi->dont_invalidate = true;
2715 :
2716 1941 : if (fn)
2717 : {
2718 1526 : tree args = TYPE_ARG_TYPES (TREE_TYPE (fn));
2719 1526 : type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
2720 : }
2721 : else
2722 415 : type = size_type_node;
2723 :
2724 1941 : len = fold_convert_loc (loc, type, unshare_expr (srclen));
2725 1941 : len = fold_build2_loc (loc, PLUS_EXPR, type, len, build_int_cst (type, 1));
2726 :
2727 : /* Disable warning for the transformed statement? */
2728 1941 : opt_code no_warning_opt = no_warning;
2729 :
2730 1941 : if (const strinfo *chksi = si ? olddsi ? olddsi : dsi : NULL)
2731 : {
2732 1621 : no_warning_opt = check_bounds_or_overlap (stmt, chksi->ptr, si->ptr,
2733 : NULL_TREE, len);
2734 1621 : if (no_warning_opt)
2735 247 : suppress_warning (stmt, no_warning_opt);
2736 : }
2737 :
2738 1941 : if (fn == NULL_TREE)
2739 : return;
2740 :
2741 1526 : len = force_gimple_operand_gsi (&m_gsi, len, true, NULL_TREE, true,
2742 : GSI_SAME_STMT);
2743 1526 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2744 : {
2745 0 : fprintf (dump_file, "Optimizing: ");
2746 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2747 : }
2748 1526 : if (gimple_call_num_args (stmt) == 2)
2749 1525 : success = update_gimple_call (&m_gsi, fn, 3, dst, src, len);
2750 : else
2751 1 : success = update_gimple_call (&m_gsi, fn, 4, dst, src, len,
2752 : gimple_call_arg (stmt, 2));
2753 1526 : if (success)
2754 : {
2755 1526 : stmt = gsi_stmt (m_gsi);
2756 1526 : update_stmt (stmt);
2757 1526 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2758 : {
2759 0 : fprintf (dump_file, "into: ");
2760 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2761 : }
2762 : /* Allow adjust_last_stmt to decrease this memcpy's size. */
2763 1526 : laststmt.stmt = stmt;
2764 1526 : laststmt.len = srclen;
2765 1526 : laststmt.stridx = dsi->idx;
2766 : }
2767 0 : else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2768 0 : fprintf (dump_file, "not possible.\n");
2769 :
2770 1526 : if (no_warning_opt)
2771 247 : suppress_warning (stmt, no_warning_opt);
2772 : }
2773 :
2774 : /* Check the size argument to the built-in forms of stpncpy and strncpy
2775 : for out-of-bounds offsets or overlapping access, and to see if the
2776 : size argument is derived from a call to strlen() on the source argument,
2777 : and if so, issue an appropriate warning. */
2778 :
2779 : void
2780 805 : strlen_pass::handle_builtin_strncat (built_in_function)
2781 : {
2782 : /* Same as stxncpy(). */
2783 805 : handle_builtin_stxncpy_strncat (true);
2784 805 : }
2785 :
2786 : /* Return true if LEN depends on a call to strlen(SRC) in an interesting
2787 : way. LEN can either be an integer expression, or a pointer (to char).
2788 : When it is the latter (such as in recursive calls to self) it is
2789 : assumed to be the argument in some call to strlen() whose relationship
2790 : to SRC is being ascertained. */
2791 :
2792 : bool
2793 875 : is_strlen_related_p (tree src, tree len)
2794 : {
2795 2523 : if (POINTER_TYPE_P (TREE_TYPE (len))
2796 1333 : && operand_equal_p (src, len, 0))
2797 : return true;
2798 :
2799 1196 : if (TREE_CODE (len) != SSA_NAME)
2800 : return false;
2801 :
2802 826 : if (TREE_CODE (src) == SSA_NAME)
2803 : {
2804 578 : gimple *srcdef = SSA_NAME_DEF_STMT (src);
2805 578 : if (is_gimple_assign (srcdef))
2806 : {
2807 : /* Handle bitwise AND used in conversions from wider size_t
2808 : to narrower unsigned types. */
2809 244 : tree_code code = gimple_assign_rhs_code (srcdef);
2810 244 : if (code == BIT_AND_EXPR
2811 244 : || code == NOP_EXPR)
2812 151 : return is_strlen_related_p (gimple_assign_rhs1 (srcdef), len);
2813 :
2814 : return false;
2815 : }
2816 :
2817 334 : if (gimple_call_builtin_p (srcdef, BUILT_IN_NORMAL))
2818 : {
2819 : /* If SRC is the result of a call to an allocation function
2820 : or strlen, use the function's argument instead. */
2821 97 : tree func = gimple_call_fndecl (srcdef);
2822 97 : built_in_function code = DECL_FUNCTION_CODE (func);
2823 97 : if (code == BUILT_IN_ALLOCA
2824 97 : || code == BUILT_IN_ALLOCA_WITH_ALIGN
2825 16 : || code == BUILT_IN_MALLOC
2826 16 : || code == BUILT_IN_STRLEN)
2827 95 : return is_strlen_related_p (gimple_call_arg (srcdef, 0), len);
2828 :
2829 : /* FIXME: Handle other functions with attribute alloc_size. */
2830 : return false;
2831 : }
2832 : }
2833 :
2834 485 : gimple *lendef = SSA_NAME_DEF_STMT (len);
2835 485 : if (!lendef)
2836 : return false;
2837 :
2838 485 : if (is_gimple_call (lendef))
2839 : {
2840 68 : tree func = gimple_call_fndecl (lendef);
2841 68 : if (!valid_builtin_call (lendef)
2842 68 : || DECL_FUNCTION_CODE (func) != BUILT_IN_STRLEN)
2843 : return false;
2844 :
2845 68 : tree arg = gimple_call_arg (lendef, 0);
2846 68 : return is_strlen_related_p (src, arg);
2847 : }
2848 :
2849 417 : if (!is_gimple_assign (lendef))
2850 : return false;
2851 :
2852 213 : tree_code code = gimple_assign_rhs_code (lendef);
2853 213 : tree rhs1 = gimple_assign_rhs1 (lendef);
2854 213 : tree rhstype = TREE_TYPE (rhs1);
2855 :
2856 213 : if ((POINTER_TYPE_P (rhstype) && code == POINTER_PLUS_EXPR)
2857 213 : || (INTEGRAL_TYPE_P (rhstype)
2858 213 : && (code == BIT_AND_EXPR
2859 213 : || code == NOP_EXPR)))
2860 : {
2861 : /* Pointer plus (an integer), and truncation are considered among
2862 : the (potentially) related expressions to strlen. */
2863 : return is_strlen_related_p (src, rhs1);
2864 : }
2865 :
2866 81 : if (tree rhs2 = gimple_assign_rhs2 (lendef))
2867 : {
2868 : /* Integer subtraction is considered strlen-related when both
2869 : arguments are integers and second one is strlen-related. */
2870 78 : rhstype = TREE_TYPE (rhs2);
2871 78 : if (INTEGRAL_TYPE_P (rhstype) && code == MINUS_EXPR)
2872 : return is_strlen_related_p (src, rhs2);
2873 : }
2874 :
2875 : return false;
2876 : }
2877 :
2878 : /* Called by handle_builtin_stxncpy_strncat and by
2879 : gimple_fold_builtin_strncpy in gimple-fold.cc.
2880 : Check to see if the specified bound is a) equal to the size of
2881 : the destination DST and if so, b) if it's immediately followed by
2882 : DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
2883 : do nothing. Return true if diagnostic has been issued.
2884 :
2885 : The purpose is to diagnose calls to strncpy and stpncpy that do
2886 : not nul-terminate the copy while allowing for the idiom where
2887 : such a call is immediately followed by setting the last element
2888 : to nul, as in:
2889 : char a[32];
2890 : strncpy (a, s, sizeof a);
2891 : a[sizeof a - 1] = '\0';
2892 : */
2893 :
2894 : bool
2895 3629 : maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi, tree src, tree cnt,
2896 : pointer_query *ptr_qry /* = NULL */)
2897 : {
2898 3629 : gimple *stmt = gsi_stmt (gsi);
2899 3629 : if (warning_suppressed_p (stmt, OPT_Wstringop_truncation))
2900 : return false;
2901 :
2902 18055 : wide_int cntrange[2];
2903 3611 : int_range_max r;
2904 7222 : if (!get_range_query (cfun)->range_of_expr (r, cnt)
2905 3611 : || r.varying_p ()
2906 6778 : || r.undefined_p ())
2907 : return false;
2908 :
2909 3167 : tree min, max;
2910 3167 : value_range_kind kind = get_legacy_range (r, min, max);
2911 3167 : cntrange[0] = wi::to_wide (min);
2912 3167 : cntrange[1] = wi::to_wide (max);
2913 3167 : if (kind == VR_ANTI_RANGE)
2914 : {
2915 178 : wide_int maxobjsize = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
2916 :
2917 178 : if (wi::ltu_p (cntrange[1], maxobjsize))
2918 : {
2919 0 : cntrange[0] = cntrange[1] + 1;
2920 0 : cntrange[1] = maxobjsize;
2921 : }
2922 : else
2923 : {
2924 178 : cntrange[1] = cntrange[0] - 1;
2925 178 : cntrange[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt)));
2926 : }
2927 178 : }
2928 :
2929 : /* Negative value is the constant string length. If it's less than
2930 : the lower bound there is no truncation. Avoid calling get_stridx()
2931 : when ssa_ver_to_stridx is empty. That implies the caller isn't
2932 : running under the control of this pass and ssa_ver_to_stridx hasn't
2933 : been created yet. */
2934 3167 : int sidx = ssa_ver_to_stridx.length () ? get_stridx (src, stmt) : 0;
2935 2472 : if (sidx < 0 && wi::gtu_p (cntrange[0], ~sidx))
2936 199 : return false;
2937 :
2938 2968 : tree dst = gimple_call_arg (stmt, 0);
2939 2968 : tree dstdecl = dst;
2940 2968 : if (TREE_CODE (dstdecl) == ADDR_EXPR)
2941 1107 : dstdecl = TREE_OPERAND (dstdecl, 0);
2942 :
2943 2968 : tree ref = NULL_TREE;
2944 :
2945 2968 : if (!sidx)
2946 : {
2947 : /* If the source is a non-string return early to avoid warning
2948 : for possible truncation (if the truncation is certain SIDX
2949 : is non-zero). */
2950 2401 : tree srcdecl = gimple_call_arg (stmt, 1);
2951 2401 : if (TREE_CODE (srcdecl) == ADDR_EXPR)
2952 1231 : srcdecl = TREE_OPERAND (srcdecl, 0);
2953 2401 : if (get_attr_nonstring_decl (srcdecl, &ref))
2954 : return false;
2955 : }
2956 :
2957 : /* Likewise, if the destination refers to an array/pointer declared
2958 : nonstring return early. */
2959 2558 : if (get_attr_nonstring_decl (dstdecl, &ref))
2960 : return false;
2961 :
2962 : /* Look for dst[i] = '\0'; after the stxncpy() call and if found
2963 : avoid the truncation warning. */
2964 1948 : gsi_next_nondebug (&gsi);
2965 1948 : gimple *next_stmt = gsi_stmt (gsi);
2966 1948 : if (!next_stmt)
2967 : {
2968 : /* When there is no statement in the same basic block check
2969 : the immediate successor block. */
2970 56 : if (basic_block bb = gimple_bb (stmt))
2971 : {
2972 31 : if (single_succ_p (bb))
2973 : {
2974 : /* For simplicity, ignore blocks with multiple outgoing
2975 : edges for now and only consider successor blocks along
2976 : normal edges. */
2977 31 : edge e = EDGE_SUCC (bb, 0);
2978 31 : if (!(e->flags & EDGE_ABNORMAL))
2979 : {
2980 31 : gsi = gsi_start_bb (e->dest);
2981 31 : next_stmt = gsi_stmt (gsi);
2982 31 : if (next_stmt && is_gimple_debug (next_stmt))
2983 : {
2984 22 : gsi_next_nondebug (&gsi);
2985 22 : next_stmt = gsi_stmt (gsi);
2986 : }
2987 : }
2988 : }
2989 : }
2990 : }
2991 :
2992 1948 : if (next_stmt && is_gimple_assign (next_stmt))
2993 : {
2994 465 : tree lhs = gimple_assign_lhs (next_stmt);
2995 465 : tree_code code = TREE_CODE (lhs);
2996 465 : if (code == ARRAY_REF || code == MEM_REF)
2997 117 : lhs = TREE_OPERAND (lhs, 0);
2998 :
2999 465 : tree func = gimple_call_fndecl (stmt);
3000 465 : if (DECL_FUNCTION_CODE (func) == BUILT_IN_STPNCPY)
3001 : {
3002 65 : tree ret = gimple_call_lhs (stmt);
3003 65 : if (ret && operand_equal_p (ret, lhs, 0))
3004 105 : return false;
3005 : }
3006 :
3007 : /* Determine the base address and offset of the reference,
3008 : ignoring the innermost array index. */
3009 449 : if (TREE_CODE (ref) == ARRAY_REF)
3010 61 : ref = TREE_OPERAND (ref, 0);
3011 :
3012 449 : poly_int64 dstoff;
3013 449 : tree dstbase = get_addr_base_and_unit_offset (ref, &dstoff);
3014 :
3015 449 : poly_int64 lhsoff;
3016 449 : tree lhsbase = get_addr_base_and_unit_offset (lhs, &lhsoff);
3017 449 : if (lhsbase
3018 449 : && dstbase
3019 446 : && known_eq (dstoff, lhsoff)
3020 815 : && operand_equal_p (dstbase, lhsbase, 0))
3021 : return false;
3022 : }
3023 :
3024 1843 : int prec = TYPE_PRECISION (TREE_TYPE (cnt));
3025 11058 : wide_int lenrange[2];
3026 1843 : if (strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL)
3027 : {
3028 109 : lenrange[0] = (sisrc->nonzero_chars
3029 109 : && TREE_CODE (sisrc->nonzero_chars) == INTEGER_CST
3030 218 : ? wi::to_wide (sisrc->nonzero_chars)
3031 9 : : wi::zero (prec));
3032 109 : lenrange[1] = lenrange[0];
3033 : }
3034 1734 : else if (sidx < 0)
3035 375 : lenrange[0] = lenrange[1] = wi::shwi (~sidx, prec);
3036 : else
3037 : {
3038 1359 : c_strlen_data lendata = { };
3039 : /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
3040 : to have it set to the length of the longest string in a PHI. */
3041 1359 : lendata.maxbound = src;
3042 1359 : get_range_strlen (src, &lendata, /* eltsize = */1);
3043 1359 : if (TREE_CODE (lendata.minlen) == INTEGER_CST
3044 1359 : && TREE_CODE (lendata.maxbound) == INTEGER_CST)
3045 : {
3046 : /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
3047 : which stores the length of the shortest known string. */
3048 1359 : if (integer_all_onesp (lendata.maxlen))
3049 613 : lenrange[0] = wi::shwi (0, prec);
3050 : else
3051 746 : lenrange[0] = wi::to_wide (lendata.minlen, prec);
3052 1359 : lenrange[1] = wi::to_wide (lendata.maxbound, prec);
3053 : }
3054 : else
3055 : {
3056 0 : lenrange[0] = wi::shwi (0, prec);
3057 0 : lenrange[1] = wi::shwi (-1, prec);
3058 : }
3059 : }
3060 :
3061 1843 : location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
3062 1843 : tree func = gimple_call_fndecl (stmt);
3063 :
3064 1843 : if (lenrange[0] != 0 || !wi::neg_p (lenrange[1]))
3065 : {
3066 : /* If the longest source string is shorter than the lower bound
3067 : of the specified count the copy is definitely nul-terminated. */
3068 1261 : if (wi::ltu_p (lenrange[1], cntrange[0]))
3069 : return false;
3070 :
3071 916 : if (wi::neg_p (lenrange[1]))
3072 : {
3073 : /* The length of one of the strings is unknown but at least
3074 : one has non-zero length and that length is stored in
3075 : LENRANGE[1]. Swap the bounds to force a "may be truncated"
3076 : warning below. */
3077 0 : lenrange[1] = lenrange[0];
3078 0 : lenrange[0] = wi::shwi (0, prec);
3079 : }
3080 :
3081 : /* Set to true for strncat whose bound is derived from the length
3082 : of the destination (the expected usage pattern). */
3083 916 : bool cat_dstlen_bounded = false;
3084 916 : if (DECL_FUNCTION_CODE (func) == BUILT_IN_STRNCAT)
3085 160 : cat_dstlen_bounded = is_strlen_related_p (dst, cnt);
3086 :
3087 1128 : if (lenrange[0] == cntrange[1] && cntrange[0] == cntrange[1])
3088 203 : return warning_n (callloc, OPT_Wstringop_truncation,
3089 : cntrange[0].to_uhwi (),
3090 : "%qD output truncated before terminating "
3091 : "nul copying %E byte from a string of the "
3092 : "same length",
3093 : "%qD output truncated before terminating nul "
3094 : "copying %E bytes from a string of the same "
3095 : "length",
3096 : func, cnt);
3097 713 : else if (!cat_dstlen_bounded)
3098 : {
3099 709 : if (wi::geu_p (lenrange[0], cntrange[1]))
3100 : {
3101 : /* The shortest string is longer than the upper bound of
3102 : the count so the truncation is certain. */
3103 345 : if (cntrange[0] == cntrange[1])
3104 304 : return warning_n (callloc, OPT_Wstringop_truncation,
3105 : cntrange[0].to_uhwi (),
3106 : "%qD output truncated copying %E byte "
3107 : "from a string of length %wu",
3108 : "%qD output truncated copying %E bytes "
3109 : "from a string of length %wu",
3110 : func, cnt, lenrange[0].to_uhwi ());
3111 :
3112 41 : return warning_at (callloc, OPT_Wstringop_truncation,
3113 : "%qD output truncated copying between %wu "
3114 : "and %wu bytes from a string of length %wu",
3115 : func, cntrange[0].to_uhwi (),
3116 : cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3117 : }
3118 364 : else if (wi::geu_p (lenrange[1], cntrange[1]))
3119 : {
3120 : /* The longest string is longer than the upper bound of
3121 : the count so the truncation is possible. */
3122 80 : if (cntrange[0] == cntrange[1])
3123 60 : return warning_n (callloc, OPT_Wstringop_truncation,
3124 : cntrange[0].to_uhwi (),
3125 : "%qD output may be truncated copying %E "
3126 : "byte from a string of length %wu",
3127 : "%qD output may be truncated copying %E "
3128 : "bytes from a string of length %wu",
3129 : func, cnt, lenrange[1].to_uhwi ());
3130 :
3131 20 : return warning_at (callloc, OPT_Wstringop_truncation,
3132 : "%qD output may be truncated copying between "
3133 : "%wu and %wu bytes from a string of length %wu",
3134 : func, cntrange[0].to_uhwi (),
3135 : cntrange[1].to_uhwi (), lenrange[1].to_uhwi ());
3136 : }
3137 : }
3138 :
3139 284 : if (!cat_dstlen_bounded
3140 284 : && cntrange[0] != cntrange[1]
3141 284 : && wi::leu_p (cntrange[0], lenrange[0])
3142 555 : && wi::leu_p (cntrange[1], lenrange[0] + 1))
3143 : {
3144 : /* If the source (including the terminating nul) is longer than
3145 : the lower bound of the specified count but shorter than the
3146 : upper bound the copy may (but need not) be truncated. */
3147 20 : return warning_at (callloc, OPT_Wstringop_truncation,
3148 : "%qD output may be truncated copying between "
3149 : "%wu and %wu bytes from a string of length %wu",
3150 : func, cntrange[0].to_uhwi (),
3151 : cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3152 : }
3153 : }
3154 :
3155 850 : access_ref aref;
3156 850 : if (tree dstsize = compute_objsize (dst, stmt, 1, &aref, ptr_qry))
3157 : {
3158 : /* The source length is unknown. Try to determine the destination
3159 : size and see if it matches the specified bound. If not, bail.
3160 : Otherwise go on to see if it should be diagnosed for possible
3161 : truncation. */
3162 850 : if (!dstsize)
3163 : return false;
3164 :
3165 850 : if (wi::to_wide (dstsize) != cntrange[1])
3166 : return false;
3167 :
3168 : /* Avoid warning for strncpy(a, b, N) calls where the following
3169 : equalities hold:
3170 : N == sizeof a && N == sizeof b */
3171 264 : if (tree srcsize = compute_objsize (src, stmt, 1, &aref, ptr_qry))
3172 264 : if (wi::to_wide (srcsize) == cntrange[1])
3173 : return false;
3174 :
3175 250 : if (cntrange[0] == cntrange[1])
3176 193 : return warning_at (callloc, OPT_Wstringop_truncation,
3177 : "%qD specified bound %E equals destination size",
3178 : func, cnt);
3179 : }
3180 :
3181 : return false;
3182 16362 : }
3183 :
3184 : /* Check the arguments to the built-in forms of stpncpy, strncpy, and
3185 : strncat, for out-of-bounds offsets or overlapping access, and to see
3186 : if the size is derived from calling strlen() on the source argument,
3187 : and if so, issue the appropriate warning.
3188 : APPEND_P is true for strncat. */
3189 :
3190 : void
3191 3292 : strlen_pass::handle_builtin_stxncpy_strncat (bool append_p)
3192 : {
3193 3292 : if (!strlen_to_stridx)
3194 3188 : return;
3195 :
3196 3249 : gimple *stmt = gsi_stmt (m_gsi);
3197 :
3198 3249 : tree dst = gimple_call_arg (stmt, 0);
3199 3249 : tree src = gimple_call_arg (stmt, 1);
3200 3249 : tree len = gimple_call_arg (stmt, 2);
3201 : /* An upper bound of the size of the destination. */
3202 3249 : tree dstsize = NULL_TREE;
3203 : /* The length of the destination and source strings (plus 1 for those
3204 : whose FULL_STRING_P is set, i.e., whose length is exact rather than
3205 : a lower bound). */
3206 3249 : tree dstlenp1 = NULL_TREE, srclenp1 = NULL_TREE;;
3207 :
3208 3249 : int didx = get_stridx (dst, stmt);
3209 3249 : if (strinfo *sidst = didx > 0 ? get_strinfo (didx) : NULL)
3210 : {
3211 : /* Compute the size of the destination string including the nul
3212 : if it is known to be nul-terminated. */
3213 310 : if (sidst->nonzero_chars)
3214 : {
3215 268 : if (sidst->full_string_p)
3216 : {
3217 : /* String is known to be nul-terminated. */
3218 250 : tree type = TREE_TYPE (sidst->nonzero_chars);
3219 250 : dstlenp1 = fold_build2 (PLUS_EXPR, type, sidst->nonzero_chars,
3220 : build_int_cst (type, 1));
3221 : }
3222 : else
3223 : dstlenp1 = sidst->nonzero_chars;
3224 : }
3225 42 : else if (TREE_CODE (sidst->ptr) == SSA_NAME)
3226 : {
3227 42 : gimple *def_stmt = SSA_NAME_DEF_STMT (sidst->ptr);
3228 42 : dstsize = gimple_call_alloc_size (def_stmt);
3229 : }
3230 :
3231 310 : dst = sidst->ptr;
3232 : }
3233 :
3234 3249 : int sidx = get_stridx (src, stmt);
3235 3249 : strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL;
3236 365 : if (sisrc)
3237 : {
3238 : /* strncat() and strncpy() can modify the source string by writing
3239 : over the terminating nul so SISRC->DONT_INVALIDATE must be left
3240 : clear. */
3241 :
3242 : /* Compute the size of the source string including the terminating
3243 : nul if its known to be nul-terminated. */
3244 342 : if (sisrc->nonzero_chars)
3245 : {
3246 342 : if (sisrc->full_string_p)
3247 : {
3248 334 : tree type = TREE_TYPE (sisrc->nonzero_chars);
3249 334 : srclenp1 = fold_build2 (PLUS_EXPR, type, sisrc->nonzero_chars,
3250 : build_int_cst (type, 1));
3251 : }
3252 : else
3253 : srclenp1 = sisrc->nonzero_chars;
3254 : }
3255 :
3256 342 : src = sisrc->ptr;
3257 : }
3258 : else
3259 : srclenp1 = NULL_TREE;
3260 :
3261 3249 : opt_code opt = check_bounds_or_overlap (stmt, dst, src, dstlenp1, srclenp1);
3262 3249 : if (opt != no_warning)
3263 : {
3264 211 : suppress_warning (stmt, opt);
3265 211 : return;
3266 : }
3267 :
3268 : /* If the length argument was computed from strlen(S) for some string
3269 : S retrieve the strinfo index for the string (PSS->FIRST) along with
3270 : the location of the strlen() call (PSS->SECOND). */
3271 3038 : stridx_strlenloc *pss = strlen_to_stridx->get (len);
3272 3038 : if (!pss || pss->first <= 0)
3273 : {
3274 2934 : if (maybe_diag_stxncpy_trunc (m_gsi, src, len))
3275 241 : suppress_warning (stmt, OPT_Wstringop_truncation);
3276 :
3277 2934 : return;
3278 : }
3279 :
3280 : /* Retrieve the strinfo data for the string S that LEN was computed
3281 : from as some function F of strlen (S) (i.e., LEN need not be equal
3282 : to strlen(S)). */
3283 104 : strinfo *silen = get_strinfo (pss->first);
3284 :
3285 104 : location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
3286 :
3287 104 : tree func = gimple_call_fndecl (stmt);
3288 :
3289 104 : bool warned = false;
3290 :
3291 : /* When -Wstringop-truncation is set, try to determine truncation
3292 : before diagnosing possible overflow. Truncation is implied by
3293 : the LEN argument being equal to strlen(SRC), regardless of
3294 : whether its value is known. Otherwise, when appending, or
3295 : when copying into a destination of known size, issue the more
3296 : generic -Wstringop-overflow which triggers for LEN arguments
3297 : that in any meaningful way depend on strlen(SRC). */
3298 104 : if (!append_p
3299 104 : && sisrc == silen
3300 60 : && is_strlen_related_p (src, len)
3301 148 : && warning_at (callloc, OPT_Wstringop_truncation,
3302 : "%qD output truncated before terminating nul "
3303 : "copying as many bytes from a string as its length",
3304 : func))
3305 : warned = true;
3306 1 : else if ((append_p || !dstsize || len == dstlenp1)
3307 76 : && silen && is_strlen_related_p (src, silen->ptr))
3308 : {
3309 : /* Issue -Wstringop-overflow when appending or when writing into
3310 : a destination of a known size. Otherwise, when copying into
3311 : a destination of an unknown size, it's truncation. */
3312 31 : opt_code opt = (append_p || dstsize
3313 75 : ? OPT_Wstringop_overflow_ : OPT_Wstringop_truncation);
3314 75 : warned = warning_at (callloc, opt,
3315 : "%qD specified bound depends on the length "
3316 : "of the source argument",
3317 : func);
3318 : }
3319 103 : if (warned)
3320 : {
3321 83 : location_t strlenloc = pss->second;
3322 83 : if (strlenloc != UNKNOWN_LOCATION && strlenloc != callloc)
3323 83 : inform (strlenloc, "length computed here");
3324 : }
3325 : }
3326 :
3327 : /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
3328 : If strlen of the second argument is known and length of the third argument
3329 : is that plus one, strlen of the first argument is the same after this
3330 : call. Uses RVALS to determine range information. */
3331 :
3332 : void
3333 79058 : strlen_pass::handle_builtin_memcpy (built_in_function bcode)
3334 : {
3335 79058 : tree lhs, oldlen, newlen;
3336 79058 : gimple *stmt = gsi_stmt (m_gsi);
3337 79058 : strinfo *si, *dsi;
3338 :
3339 79058 : tree len = gimple_call_arg (stmt, 2);
3340 79058 : tree src = gimple_call_arg (stmt, 1);
3341 79058 : tree dst = gimple_call_arg (stmt, 0);
3342 :
3343 79058 : int didx = get_stridx (dst, stmt);
3344 79058 : strinfo *olddsi = NULL;
3345 79058 : if (didx > 0)
3346 23561 : olddsi = get_strinfo (didx);
3347 55497 : else if (didx < 0)
3348 : return;
3349 :
3350 23561 : if (olddsi != NULL
3351 23561 : && !integer_zerop (len))
3352 : {
3353 16862 : maybe_warn_overflow (stmt, false, len, olddsi, false, true);
3354 16862 : if (tree_fits_uhwi_p (len))
3355 6713 : adjust_last_stmt (olddsi, stmt, false);
3356 : }
3357 :
3358 79058 : int idx = get_stridx (src, stmt);
3359 79058 : if (idx == 0)
3360 : return;
3361 :
3362 24477 : bool full_string_p;
3363 24477 : if (idx > 0)
3364 : {
3365 7663 : gimple *def_stmt;
3366 :
3367 : /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
3368 : is known. */
3369 7663 : si = get_strinfo (idx);
3370 7663 : if (si == NULL || si->nonzero_chars == NULL_TREE)
3371 : return;
3372 3104 : if (TREE_CODE (len) == INTEGER_CST
3373 1387 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
3374 : {
3375 1376 : if (tree_int_cst_le (len, si->nonzero_chars))
3376 : {
3377 : /* Copying LEN nonzero characters, where LEN is constant. */
3378 : newlen = len;
3379 : full_string_p = false;
3380 : }
3381 : else
3382 : {
3383 : /* Copying the whole of the analyzed part of SI. */
3384 213 : newlen = si->nonzero_chars;
3385 213 : full_string_p = si->full_string_p;
3386 : }
3387 : }
3388 : else
3389 : {
3390 1728 : if (!si->full_string_p)
3391 : return;
3392 1697 : if (TREE_CODE (len) != SSA_NAME)
3393 : return;
3394 1686 : def_stmt = SSA_NAME_DEF_STMT (len);
3395 1686 : if (!is_gimple_assign (def_stmt)
3396 217 : || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
3397 113 : || gimple_assign_rhs1 (def_stmt) != si->nonzero_chars
3398 1789 : || !integer_onep (gimple_assign_rhs2 (def_stmt)))
3399 1583 : return;
3400 : /* Copying variable-length string SI (and no more). */
3401 103 : newlen = si->nonzero_chars;
3402 103 : full_string_p = true;
3403 : }
3404 : }
3405 : else
3406 : {
3407 16814 : si = NULL;
3408 : /* Handle memcpy (x, "abcd", 5) or
3409 : memcpy (x, "abc\0uvw", 7). */
3410 16814 : if (!tree_fits_uhwi_p (len))
3411 82 : return;
3412 :
3413 16732 : unsigned HOST_WIDE_INT clen = tree_to_uhwi (len);
3414 16732 : unsigned HOST_WIDE_INT nonzero_chars = ~idx;
3415 30418 : newlen = build_int_cst (size_type_node, MIN (nonzero_chars, clen));
3416 16732 : full_string_p = clen > nonzero_chars;
3417 : }
3418 :
3419 18211 : if (!full_string_p
3420 18211 : && olddsi
3421 3397 : && olddsi->nonzero_chars
3422 437 : && TREE_CODE (olddsi->nonzero_chars) == INTEGER_CST
3423 18648 : && tree_int_cst_le (newlen, olddsi->nonzero_chars))
3424 : {
3425 : /* The SRC substring being written strictly overlaps
3426 : a subsequence of the existing string OLDDSI. */
3427 162 : newlen = olddsi->nonzero_chars;
3428 162 : full_string_p = olddsi->full_string_p;
3429 : }
3430 :
3431 18211 : if (olddsi != NULL && TREE_CODE (len) == SSA_NAME)
3432 74 : adjust_last_stmt (olddsi, stmt, false);
3433 :
3434 18211 : if (didx == 0)
3435 : {
3436 11655 : didx = new_stridx (dst);
3437 11655 : if (didx == 0)
3438 : return;
3439 : }
3440 18208 : oldlen = NULL_TREE;
3441 18208 : if (olddsi != NULL)
3442 : {
3443 4893 : dsi = unshare_strinfo (olddsi);
3444 4893 : oldlen = olddsi->nonzero_chars;
3445 4893 : dsi->nonzero_chars = newlen;
3446 4893 : dsi->full_string_p = full_string_p;
3447 : /* Break the chain, so adjust_related_strinfo on later pointers in
3448 : the chain won't adjust this one anymore. */
3449 4893 : dsi->next = 0;
3450 4893 : dsi->stmt = NULL;
3451 4893 : dsi->endptr = NULL_TREE;
3452 : }
3453 : else
3454 : {
3455 13315 : dsi = new_strinfo (dst, didx, newlen, full_string_p);
3456 13315 : set_strinfo (didx, dsi);
3457 13315 : find_equal_ptrs (dst, didx);
3458 : }
3459 18208 : dsi->writable = true;
3460 18208 : dsi->dont_invalidate = true;
3461 18208 : if (olddsi != NULL)
3462 : {
3463 4893 : tree adj = NULL_TREE;
3464 4893 : location_t loc = gimple_location (stmt);
3465 4893 : if (oldlen == NULL_TREE)
3466 : ;
3467 1325 : else if (integer_zerop (oldlen))
3468 : adj = newlen;
3469 600 : else if (TREE_CODE (oldlen) == INTEGER_CST
3470 6 : || TREE_CODE (newlen) == INTEGER_CST)
3471 600 : adj = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (newlen), newlen,
3472 600 : fold_convert_loc (loc, TREE_TYPE (newlen),
3473 : oldlen));
3474 1325 : if (adj != NULL_TREE)
3475 1325 : adjust_related_strinfos (loc, dsi, adj);
3476 : else
3477 3568 : dsi->prev = 0;
3478 : }
3479 : /* memcpy src may not overlap dst, so src doesn't need to be
3480 : invalidated either. */
3481 18208 : if (si != NULL)
3482 1479 : si->dont_invalidate = true;
3483 :
3484 18208 : if (full_string_p)
3485 : {
3486 3336 : lhs = gimple_call_lhs (stmt);
3487 3336 : switch (bcode)
3488 : {
3489 3280 : case BUILT_IN_MEMCPY:
3490 3280 : case BUILT_IN_MEMCPY_CHK:
3491 : /* Allow adjust_last_stmt to decrease this memcpy's size. */
3492 3280 : laststmt.stmt = stmt;
3493 3280 : laststmt.len = dsi->nonzero_chars;
3494 3280 : laststmt.stridx = dsi->idx;
3495 3280 : if (lhs)
3496 323 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
3497 : break;
3498 : case BUILT_IN_MEMPCPY:
3499 : case BUILT_IN_MEMPCPY_CHK:
3500 : break;
3501 0 : default:
3502 0 : gcc_unreachable ();
3503 : }
3504 : }
3505 : }
3506 :
3507 : /* Handle a strcat-like ({strcat,__strcat_chk}) call.
3508 : If strlen of the second argument is known, strlen of the first argument
3509 : is increased by the length of the second argument. Furthermore, attempt
3510 : to convert it to memcpy/strcpy if the length of the first argument
3511 : is known. */
3512 :
3513 : void
3514 825 : strlen_pass::handle_builtin_strcat (built_in_function bcode)
3515 : {
3516 825 : int idx, didx;
3517 825 : tree srclen, args, type, fn, objsz, endptr;
3518 825 : bool success;
3519 825 : gimple *stmt = gsi_stmt (m_gsi);
3520 825 : strinfo *si, *dsi;
3521 825 : location_t loc = gimple_location (stmt);
3522 :
3523 825 : tree src = gimple_call_arg (stmt, 1);
3524 825 : tree dst = gimple_call_arg (stmt, 0);
3525 :
3526 : /* Bail if the source is the same as destination. It will be diagnosed
3527 : elsewhere. */
3528 825 : if (operand_equal_p (src, dst, 0))
3529 : return;
3530 :
3531 786 : tree lhs = gimple_call_lhs (stmt);
3532 :
3533 786 : didx = get_stridx (dst, stmt);
3534 786 : if (didx < 0)
3535 : return;
3536 :
3537 786 : dsi = NULL;
3538 786 : if (didx > 0)
3539 468 : dsi = get_strinfo (didx);
3540 :
3541 786 : srclen = NULL_TREE;
3542 786 : si = NULL;
3543 786 : idx = get_stridx (src, stmt);
3544 786 : if (idx < 0)
3545 84 : srclen = build_int_cst (size_type_node, ~idx);
3546 702 : else if (idx > 0)
3547 : {
3548 394 : si = get_strinfo (idx);
3549 394 : if (si != NULL)
3550 353 : srclen = get_string_length (si);
3551 : }
3552 :
3553 : /* Disable warning for the transformed statement? */
3554 786 : opt_code no_warning_opt = no_warning;
3555 :
3556 786 : if (dsi == NULL || get_string_length (dsi) == NULL_TREE)
3557 : {
3558 463 : {
3559 : /* The concatenation always involves copying at least one byte
3560 : (the terminating nul), even if the source string is empty.
3561 : If the source is unknown assume it's one character long and
3562 : used that as both sizes. */
3563 463 : tree slen = srclen;
3564 463 : if (slen)
3565 : {
3566 197 : tree type = TREE_TYPE (slen);
3567 197 : slen = fold_build2 (PLUS_EXPR, type, slen, build_int_cst (type, 1));
3568 : }
3569 :
3570 463 : tree sptr = si && si->ptr ? si->ptr : src;
3571 463 : no_warning_opt = check_bounds_or_overlap (stmt, dst, sptr, NULL_TREE,
3572 : slen);
3573 463 : if (no_warning_opt)
3574 49 : suppress_warning (stmt, no_warning_opt);
3575 : }
3576 :
3577 : /* strcat (p, q) can be transformed into
3578 : tmp = p + strlen (p); endptr = stpcpy (tmp, q);
3579 : with length endptr - p if we need to compute the length
3580 : later on. Don't do this transformation if we don't need
3581 : it. */
3582 600 : if (builtin_decl_implicit_p (BUILT_IN_STPCPY) && lhs == NULL_TREE)
3583 : {
3584 69 : if (didx == 0)
3585 : {
3586 41 : didx = new_stridx (dst);
3587 41 : if (didx == 0)
3588 : return;
3589 : }
3590 69 : if (dsi == NULL)
3591 : {
3592 69 : dsi = new_strinfo (dst, didx, NULL_TREE, false);
3593 69 : set_strinfo (didx, dsi);
3594 69 : find_equal_ptrs (dst, didx);
3595 : }
3596 : else
3597 : {
3598 0 : dsi = unshare_strinfo (dsi);
3599 0 : dsi->nonzero_chars = NULL_TREE;
3600 0 : dsi->full_string_p = false;
3601 0 : dsi->next = 0;
3602 0 : dsi->endptr = NULL_TREE;
3603 : }
3604 69 : dsi->writable = true;
3605 69 : dsi->stmt = stmt;
3606 69 : dsi->dont_invalidate = true;
3607 : }
3608 463 : return;
3609 : }
3610 :
3611 323 : tree dstlen = dsi->nonzero_chars;
3612 323 : endptr = dsi->endptr;
3613 :
3614 323 : dsi = unshare_strinfo (dsi);
3615 323 : dsi->endptr = NULL_TREE;
3616 323 : dsi->stmt = NULL;
3617 323 : dsi->writable = true;
3618 :
3619 323 : if (srclen != NULL_TREE)
3620 : {
3621 240 : dsi->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
3622 240 : TREE_TYPE (dsi->nonzero_chars),
3623 : dsi->nonzero_chars, srclen);
3624 240 : gcc_assert (dsi->full_string_p);
3625 240 : adjust_related_strinfos (loc, dsi, srclen);
3626 240 : dsi->dont_invalidate = true;
3627 : }
3628 : else
3629 : {
3630 83 : dsi->nonzero_chars = NULL;
3631 83 : dsi->full_string_p = false;
3632 83 : if (lhs == NULL_TREE && builtin_decl_implicit_p (BUILT_IN_STPCPY))
3633 63 : dsi->dont_invalidate = true;
3634 : }
3635 :
3636 323 : if (si != NULL)
3637 : /* strcat src may not overlap dst, so src doesn't need to be
3638 : invalidated either. */
3639 191 : si->dont_invalidate = true;
3640 :
3641 : /* For now. Could remove the lhs from the call and add
3642 : lhs = dst; afterwards. */
3643 323 : if (lhs)
3644 : return;
3645 :
3646 189 : fn = NULL_TREE;
3647 189 : objsz = NULL_TREE;
3648 189 : switch (bcode)
3649 : {
3650 174 : case BUILT_IN_STRCAT:
3651 174 : if (srclen != NULL_TREE)
3652 94 : fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
3653 : else
3654 80 : fn = builtin_decl_implicit (BUILT_IN_STRCPY);
3655 : break;
3656 15 : case BUILT_IN_STRCAT_CHK:
3657 15 : if (srclen != NULL_TREE)
3658 14 : fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
3659 : else
3660 1 : fn = builtin_decl_explicit (BUILT_IN_STRCPY_CHK);
3661 15 : objsz = gimple_call_arg (stmt, 2);
3662 15 : break;
3663 0 : default:
3664 0 : gcc_unreachable ();
3665 : }
3666 :
3667 189 : if (fn == NULL_TREE)
3668 : return;
3669 :
3670 189 : if (dsi && dstlen)
3671 : {
3672 189 : tree type = TREE_TYPE (dstlen);
3673 :
3674 : /* Compute the size of the source sequence, including the nul. */
3675 189 : tree srcsize = srclen ? srclen : size_zero_node;
3676 189 : tree one = build_int_cst (type, 1);
3677 189 : srcsize = fold_build2 (PLUS_EXPR, type, srcsize, one);
3678 189 : tree dstsize = fold_build2 (PLUS_EXPR, type, dstlen, one);
3679 189 : tree sptr = si && si->ptr ? si->ptr : src;
3680 :
3681 189 : no_warning_opt = check_bounds_or_overlap (stmt, dst, sptr, dstsize,
3682 : srcsize);
3683 189 : if (no_warning_opt)
3684 71 : suppress_warning (stmt, no_warning_opt);
3685 : }
3686 :
3687 189 : tree len = NULL_TREE;
3688 189 : if (srclen != NULL_TREE)
3689 : {
3690 108 : args = TYPE_ARG_TYPES (TREE_TYPE (fn));
3691 108 : type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
3692 :
3693 108 : len = fold_convert_loc (loc, type, unshare_expr (srclen));
3694 108 : len = fold_build2_loc (loc, PLUS_EXPR, type, len,
3695 : build_int_cst (type, 1));
3696 108 : len = force_gimple_operand_gsi (&m_gsi, len, true, NULL_TREE, true,
3697 : GSI_SAME_STMT);
3698 : }
3699 189 : if (endptr)
3700 24 : dst = fold_convert_loc (loc, TREE_TYPE (dst), unshare_expr (endptr));
3701 : else
3702 165 : dst = fold_build2_loc (loc, POINTER_PLUS_EXPR, TREE_TYPE (dst), dst,
3703 : fold_convert_loc (loc, sizetype,
3704 : unshare_expr (dstlen)));
3705 189 : dst = force_gimple_operand_gsi (&m_gsi, dst, true, NULL_TREE, true,
3706 : GSI_SAME_STMT);
3707 189 : if (objsz)
3708 : {
3709 30 : objsz = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (objsz), objsz,
3710 15 : fold_convert_loc (loc, TREE_TYPE (objsz),
3711 : unshare_expr (dstlen)));
3712 15 : objsz = force_gimple_operand_gsi (&m_gsi, objsz, true, NULL_TREE, true,
3713 : GSI_SAME_STMT);
3714 : }
3715 189 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3716 : {
3717 0 : fprintf (dump_file, "Optimizing: ");
3718 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3719 : }
3720 189 : if (srclen != NULL_TREE)
3721 202 : success = update_gimple_call (&m_gsi, fn, 3 + (objsz != NULL_TREE),
3722 : dst, src, len, objsz);
3723 : else
3724 161 : success = update_gimple_call (&m_gsi, fn, 2 + (objsz != NULL_TREE),
3725 : dst, src, objsz);
3726 189 : if (success)
3727 : {
3728 189 : stmt = gsi_stmt (m_gsi);
3729 189 : update_stmt (stmt);
3730 189 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3731 : {
3732 0 : fprintf (dump_file, "into: ");
3733 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3734 : }
3735 : /* If srclen == NULL, note that current string length can be
3736 : computed by transforming this strcpy into stpcpy. */
3737 189 : if (srclen == NULL_TREE && dsi->dont_invalidate)
3738 63 : dsi->stmt = stmt;
3739 189 : adjust_last_stmt (dsi, stmt, true);
3740 189 : if (srclen != NULL_TREE)
3741 : {
3742 108 : laststmt.stmt = stmt;
3743 108 : laststmt.len = srclen;
3744 108 : laststmt.stridx = dsi->idx;
3745 : }
3746 : }
3747 0 : else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3748 0 : fprintf (dump_file, "not possible.\n");
3749 :
3750 189 : if (no_warning_opt)
3751 71 : suppress_warning (stmt, no_warning_opt);
3752 : }
3753 :
3754 : /* Handle a call to an allocation function like alloca, malloc or calloc,
3755 : or an ordinary allocation function declared with attribute alloc_size. */
3756 :
3757 : void
3758 94203 : strlen_pass::handle_alloc_call (built_in_function bcode)
3759 : {
3760 94203 : gimple *stmt = gsi_stmt (m_gsi);
3761 94203 : tree lhs = gimple_call_lhs (stmt);
3762 94203 : if (lhs == NULL_TREE)
3763 : return;
3764 :
3765 94111 : gcc_assert (get_stridx (lhs, stmt) == 0);
3766 94111 : int idx = new_stridx (lhs);
3767 94111 : tree length = NULL_TREE;
3768 94111 : if (bcode == BUILT_IN_CALLOC)
3769 483 : length = build_int_cst (size_type_node, 0);
3770 94111 : strinfo *si = new_strinfo (lhs, idx, length, length != NULL_TREE);
3771 94111 : if (bcode == BUILT_IN_CALLOC)
3772 : {
3773 : /* Only set STMT for calloc and malloc. */
3774 483 : si->stmt = stmt;
3775 : /* Only set ENDPTR for calloc. */
3776 483 : si->endptr = lhs;
3777 : }
3778 93628 : else if (bcode == BUILT_IN_MALLOC)
3779 27076 : si->stmt = stmt;
3780 :
3781 : /* Set ALLOC is set for all allocation functions. */
3782 94111 : si->alloc = stmt;
3783 94111 : set_strinfo (idx, si);
3784 94111 : si->writable = true;
3785 94111 : si->dont_invalidate = true;
3786 : }
3787 :
3788 : /* Returns true of the last statement of the bb is a conditional
3789 : that checks ptr for null-ness. */
3790 : static bool
3791 235 : last_stmt_ptr_check (tree ptr, basic_block bb)
3792 : {
3793 235 : gimple_stmt_iterator gsi = gsi_last_nondebug_bb (bb);
3794 270 : gcond *cstmt = dyn_cast <gcond *>(gsi_stmt (gsi));
3795 234 : if (!cstmt)
3796 : return false;
3797 234 : if (gimple_cond_code (cstmt) != EQ_EXPR && gimple_cond_code (cstmt) != NE_EXPR)
3798 : return false;
3799 204 : if (!integer_zerop (gimple_cond_rhs (cstmt)))
3800 : return false;
3801 204 : if (!operand_equal_p (gimple_cond_lhs (cstmt), ptr))
3802 : return false;
3803 : return true;
3804 : }
3805 :
3806 : /* Check if doing a malloc+memset to calloc is a good idea. PTR is the
3807 : return value of the malloc/where the memset happens. MALLOC_BB is
3808 : the basic block of the malloc. MEMSET_BB is basic block of the memset. */
3809 :
3810 : static bool
3811 390 : allow_memset_malloc_to_calloc (tree ptr, basic_block malloc_bb,
3812 : basic_block memset_bb)
3813 : {
3814 : /* If the malloc and memset are in the same block, then always
3815 : allow the transformation. Don't need post dominator calculation. */
3816 390 : if (malloc_bb == memset_bb)
3817 : return true;
3818 :
3819 234 : if (!dom_info_available_p (cfun, CDI_POST_DOMINATORS))
3820 184 : calculate_dominance_info (CDI_POST_DOMINATORS);
3821 :
3822 : /* If the memset is always executed after the malloc, then allow
3823 : to optimize to calloc. */
3824 234 : if (dominated_by_p (CDI_POST_DOMINATORS, malloc_bb, memset_bb))
3825 : return true;
3826 :
3827 : /* If the malloc bb ends in a ptr check, then we need to check if
3828 : either successor is post dominated by the memset bb. */
3829 221 : if (last_stmt_ptr_check (ptr, malloc_bb))
3830 : {
3831 198 : if (dominated_by_p (CDI_POST_DOMINATORS, EDGE_SUCC (malloc_bb, 0)->dest, memset_bb))
3832 : return true;
3833 188 : if (dominated_by_p (CDI_POST_DOMINATORS, EDGE_SUCC (malloc_bb, 1)->dest, memset_bb))
3834 : return true;
3835 : }
3836 :
3837 : /* At this point we want to only handle:
3838 : malloc();
3839 : ...
3840 : if (ptr) goto memset_bb; */
3841 106 : if (!single_pred_p (memset_bb))
3842 : return false;
3843 :
3844 : /* If the predecessor of the memset bb is not post dominated by malloc, then the memset is
3845 : conditionalized by something more than just the checking if ptr is non-null. */
3846 56 : if (!dominated_by_p (CDI_POST_DOMINATORS, malloc_bb, single_pred_edge (memset_bb)->src))
3847 : return false;
3848 :
3849 14 : return last_stmt_ptr_check (ptr, single_pred_edge (memset_bb)->src);
3850 : }
3851 :
3852 : /* Handle a call to memset.
3853 : After a call to calloc, memset(,0,) is unnecessary.
3854 : memset(malloc(n),0,n) is calloc(n,1).
3855 : return true when the call is transformed, false otherwise.
3856 : When nonnull uses RVALS to determine range information. */
3857 :
3858 : bool
3859 26123 : strlen_pass::handle_builtin_memset (bool *zero_write)
3860 : {
3861 26123 : gimple *memset_stmt = gsi_stmt (m_gsi);
3862 26123 : tree ptr = gimple_call_arg (memset_stmt, 0);
3863 26123 : tree memset_val = gimple_call_arg (memset_stmt, 1);
3864 26123 : tree memset_size = gimple_call_arg (memset_stmt, 2);
3865 :
3866 : /* Set to the non-constant offset added to PTR. */
3867 130615 : wide_int offrng[2];
3868 26123 : int idx1 = get_stridx (ptr, memset_stmt, offrng, ptr_qry.rvals);
3869 26123 : if (idx1 == 0
3870 17293 : && TREE_CODE (memset_val) == INTEGER_CST
3871 42425 : && ((TREE_CODE (memset_size) == INTEGER_CST
3872 8248 : && !integer_zerop (memset_size))
3873 8054 : || TREE_CODE (memset_size) == SSA_NAME))
3874 : {
3875 16302 : unsigned HOST_WIDE_INT mask = (HOST_WIDE_INT_1U << CHAR_TYPE_SIZE) - 1;
3876 16302 : bool full_string_p = (wi::to_wide (memset_val) & mask) == 0;
3877 :
3878 : /* We only handle symbolic lengths when writing non-zero values. */
3879 16302 : if (full_string_p && TREE_CODE (memset_size) != INTEGER_CST)
3880 : return false;
3881 :
3882 11703 : idx1 = new_stridx (ptr);
3883 11703 : if (idx1 == 0)
3884 : return false;
3885 11690 : tree newlen;
3886 11690 : if (full_string_p)
3887 6264 : newlen = build_int_cst (size_type_node, 0);
3888 5426 : else if (TREE_CODE (memset_size) == INTEGER_CST)
3889 1971 : newlen = fold_convert (size_type_node, memset_size);
3890 : else
3891 : newlen = memset_size;
3892 :
3893 11690 : strinfo *dsi = new_strinfo (ptr, idx1, newlen, full_string_p);
3894 11690 : set_strinfo (idx1, dsi);
3895 11690 : find_equal_ptrs (ptr, idx1);
3896 11690 : dsi->dont_invalidate = true;
3897 11690 : dsi->writable = true;
3898 11690 : return false;
3899 : }
3900 :
3901 9821 : if (idx1 <= 0)
3902 : return false;
3903 8830 : strinfo *si1 = get_strinfo (idx1);
3904 8830 : if (!si1)
3905 : return false;
3906 3893 : gimple *alloc_stmt = si1->alloc;
3907 3893 : if (!alloc_stmt || !is_gimple_call (alloc_stmt))
3908 : return false;
3909 2412 : tree callee1 = gimple_call_fndecl (alloc_stmt);
3910 2412 : if (!valid_builtin_call (alloc_stmt))
3911 : return false;
3912 740 : tree alloc_size = gimple_call_arg (alloc_stmt, 0);
3913 :
3914 : /* Check for overflow. */
3915 740 : maybe_warn_overflow (memset_stmt, false, memset_size, NULL, false, true);
3916 :
3917 : /* Bail when there is no statement associated with the destination
3918 : (the statement may be null even when SI1->ALLOC is not). */
3919 740 : if (!si1->stmt)
3920 : return false;
3921 :
3922 : /* Avoid optimizing if store is at a variable offset from the beginning
3923 : of the allocated object. */
3924 1023 : if (offrng[0] != 0 || offrng[0] != offrng[1])
3925 55 : return false;
3926 :
3927 : /* Bail when the call writes a non-zero value. */
3928 475 : if (!integer_zerop (memset_val))
3929 : return false;
3930 :
3931 : /* Let the caller know the memset call cleared the destination. */
3932 393 : *zero_write = true;
3933 :
3934 393 : enum built_in_function code1 = DECL_FUNCTION_CODE (callee1);
3935 393 : if (code1 == BUILT_IN_CALLOC)
3936 : /* Not touching alloc_stmt */ ;
3937 385 : else if (!allow_memset_malloc_to_calloc (ptr, gimple_bb (si1->stmt), gimple_bb (memset_stmt)))
3938 : return false;
3939 322 : else if (code1 == BUILT_IN_MALLOC
3940 322 : && operand_equal_p (memset_size, alloc_size, 0))
3941 : {
3942 : /* Replace the malloc + memset calls with calloc. */
3943 282 : gimple_stmt_iterator gsi1 = gsi_for_stmt (si1->stmt);
3944 564 : update_gimple_call (&gsi1, builtin_decl_implicit (BUILT_IN_CALLOC), 2,
3945 : alloc_size, build_one_cst (size_type_node));
3946 282 : si1->nonzero_chars = build_int_cst (size_type_node, 0);
3947 282 : si1->full_string_p = true;
3948 282 : si1->stmt = gsi_stmt (gsi1);
3949 : }
3950 : else
3951 40 : return false;
3952 290 : tree lhs = gimple_call_lhs (memset_stmt);
3953 290 : unlink_stmt_vdef (memset_stmt);
3954 290 : if (lhs)
3955 : {
3956 1 : gimple *assign = gimple_build_assign (lhs, ptr);
3957 1 : gsi_replace (&m_gsi, assign, false);
3958 : }
3959 : else
3960 : {
3961 289 : gsi_remove (&m_gsi, true);
3962 289 : release_defs (memset_stmt);
3963 : }
3964 :
3965 : return true;
3966 78369 : }
3967 :
3968 : /* Return first such statement if RES is used in statements testing its
3969 : equality to zero, and null otherwise. If EXCLUSIVE is true, return
3970 : nonnull if and only RES is used in such expressions exclusively and
3971 : in none other. */
3972 :
3973 : gimple *
3974 478759 : use_in_zero_equality (tree res, bool exclusive)
3975 : {
3976 478759 : gimple *first_use = NULL;
3977 :
3978 478759 : use_operand_p use_p;
3979 478759 : imm_use_iterator iter;
3980 :
3981 1424226 : FOR_EACH_IMM_USE_FAST (use_p, iter, res)
3982 : {
3983 494510 : gimple *use_stmt = USE_STMT (use_p);
3984 :
3985 494510 : if (is_gimple_debug (use_stmt))
3986 14609 : continue;
3987 :
3988 479901 : if (gimple_code (use_stmt) == GIMPLE_ASSIGN)
3989 : {
3990 66217 : tree_code code = gimple_assign_rhs_code (use_stmt);
3991 66217 : if (code == COND_EXPR)
3992 : {
3993 0 : tree cond_expr = gimple_assign_rhs1 (use_stmt);
3994 0 : if ((TREE_CODE (cond_expr) != EQ_EXPR
3995 0 : && (TREE_CODE (cond_expr) != NE_EXPR))
3996 0 : || !integer_zerop (TREE_OPERAND (cond_expr, 1)))
3997 : {
3998 0 : if (exclusive)
3999 : return NULL;
4000 0 : continue;
4001 : }
4002 : }
4003 66217 : else if (code == EQ_EXPR || code == NE_EXPR)
4004 : {
4005 52342 : if (!integer_zerop (gimple_assign_rhs2 (use_stmt)))
4006 : {
4007 11 : if (exclusive)
4008 : return NULL;
4009 1 : continue;
4010 : }
4011 : }
4012 13875 : else if (exclusive)
4013 : return NULL;
4014 : else
4015 18 : continue;
4016 : }
4017 413684 : else if (gimple_code (use_stmt) == GIMPLE_COND)
4018 : {
4019 401091 : tree_code code = gimple_cond_code (use_stmt);
4020 401093 : if ((code != EQ_EXPR && code != NE_EXPR)
4021 401091 : || !integer_zerop (gimple_cond_rhs (use_stmt)))
4022 : {
4023 1445 : if (exclusive)
4024 : return NULL;
4025 2 : continue;
4026 : }
4027 : }
4028 12593 : else if (exclusive)
4029 : return NULL;
4030 : else
4031 101 : continue;
4032 :
4033 451977 : if (!first_use)
4034 466708 : first_use = use_stmt;
4035 27802 : }
4036 :
4037 450957 : return first_use;
4038 : }
4039 :
4040 : /* Given strinfo IDX for ARG, sets LENRNG[] to the range of lengths
4041 : of the string(s) referenced by ARG if it can be determined.
4042 : If the length cannot be determined, sets *SIZE to the size of
4043 : the array the string is stored in, if any. If no such array is
4044 : known, sets *SIZE to -1. When the strings are nul-terminated sets
4045 : *NULTERM to true, otherwise to false. When nonnull uses RVALS to
4046 : determine range information. Returns true on success. */
4047 :
4048 : bool
4049 513199 : strlen_pass::get_len_or_size (gimple *stmt, tree arg, int idx,
4050 : unsigned HOST_WIDE_INT lenrng[2],
4051 : unsigned HOST_WIDE_INT *size, bool *nulterm)
4052 : {
4053 : /* Invalidate. */
4054 513199 : *size = HOST_WIDE_INT_M1U;
4055 :
4056 513199 : if (idx < 0)
4057 : {
4058 : /* IDX is the inverted constant string length. */
4059 253697 : lenrng[0] = ~idx;
4060 253697 : lenrng[1] = lenrng[0];
4061 253697 : *nulterm = true;
4062 253697 : return true;
4063 : }
4064 :
4065 : /* Set so that both LEN and ~LEN are invalid lengths, i.e., maximum
4066 : possible length + 1. */
4067 259502 : lenrng[0] = lenrng[1] = HOST_WIDE_INT_MAX;
4068 :
4069 259502 : if (strinfo *si = idx ? get_strinfo (idx) : NULL)
4070 : {
4071 : /* FIXME: Handle all this in_range_strlen_dynamic. */
4072 1080 : if (!si->nonzero_chars)
4073 : ;
4074 1077 : else if (tree_fits_uhwi_p (si->nonzero_chars))
4075 : {
4076 964 : lenrng[0] = tree_to_uhwi (si->nonzero_chars);
4077 964 : *nulterm = si->full_string_p;
4078 : /* Set the upper bound only if the string is known to be
4079 : nul-terminated, otherwise leave it at maximum + 1. */
4080 964 : if (*nulterm)
4081 608 : lenrng[1] = lenrng[0];
4082 : }
4083 113 : else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
4084 : {
4085 110 : int_range_max r;
4086 220 : if (get_range_query (cfun)->range_of_expr (r, si->nonzero_chars)
4087 110 : && !r.undefined_p ()
4088 220 : && !r.varying_p ())
4089 : {
4090 110 : lenrng[0] = r.lower_bound ().to_uhwi ();
4091 110 : lenrng[1] = r.upper_bound ().to_uhwi ();
4092 110 : *nulterm = si->full_string_p;
4093 : }
4094 110 : }
4095 : }
4096 :
4097 259502 : if (lenrng[0] != HOST_WIDE_INT_MAX)
4098 : return true;
4099 :
4100 : /* Compute the minimum and maximum real or possible lengths. */
4101 258428 : c_strlen_data lendata = { };
4102 : /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
4103 : to have it set to the length of the longest string in a PHI. */
4104 258428 : lendata.maxbound = arg;
4105 258428 : get_range_strlen_dynamic (arg, stmt, &lendata, ptr_qry);
4106 :
4107 258428 : unsigned HOST_WIDE_INT maxbound = HOST_WIDE_INT_M1U;
4108 258428 : if (tree_fits_uhwi_p (lendata.maxbound)
4109 258428 : && !integer_all_onesp (lendata.maxbound))
4110 2112 : maxbound = tree_to_uhwi (lendata.maxbound);
4111 :
4112 258428 : if (tree_fits_uhwi_p (lendata.minlen) && tree_fits_uhwi_p (lendata.maxlen))
4113 : {
4114 258428 : unsigned HOST_WIDE_INT minlen = tree_to_uhwi (lendata.minlen);
4115 258428 : unsigned HOST_WIDE_INT maxlen = tree_to_uhwi (lendata.maxlen);
4116 :
4117 : /* The longest string in this data model. */
4118 258428 : const unsigned HOST_WIDE_INT lenmax
4119 258428 : = tree_to_uhwi (max_object_size ()) - 2;
4120 :
4121 258428 : if (maxbound == HOST_WIDE_INT_M1U)
4122 : {
4123 256316 : lenrng[0] = minlen;
4124 256316 : lenrng[1] = maxlen;
4125 256316 : *nulterm = minlen == maxlen;
4126 : }
4127 2112 : else if (maxlen < lenmax)
4128 : {
4129 1835 : *size = maxbound + 1;
4130 1835 : *nulterm = false;
4131 : }
4132 : else
4133 : return false;
4134 :
4135 258151 : return true;
4136 : }
4137 :
4138 0 : if (maxbound != HOST_WIDE_INT_M1U
4139 0 : && lendata.maxlen
4140 0 : && !integer_all_onesp (lendata.maxlen))
4141 : {
4142 : /* Set *SIZE to LENDATA.MAXBOUND which is a conservative estimate
4143 : of the longest string based on the sizes of the arrays referenced
4144 : by ARG. */
4145 0 : *size = maxbound + 1;
4146 0 : *nulterm = false;
4147 0 : return true;
4148 : }
4149 :
4150 : return false;
4151 : }
4152 :
4153 : /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return
4154 : the result of 0 == strncmp (A, B, BOUND) (which is the same as strcmp
4155 : for a sufficiently large BOUND). If the result is based on the length
4156 : of one string being greater than the longest string that would fit in
4157 : the array pointer to by the argument, set *PLEN and *PSIZE to
4158 : the corresponding length (or its complement when the string is known
4159 : to be at least as long and need not be nul-terminated) and size.
4160 : Otherwise return null. */
4161 :
4162 : tree
4163 129030 : strlen_pass::strxcmp_eqz_result (gimple *stmt, tree arg1, int idx1,
4164 : tree arg2, int idx2,
4165 : unsigned HOST_WIDE_INT bound,
4166 : unsigned HOST_WIDE_INT len[2],
4167 : unsigned HOST_WIDE_INT *psize)
4168 : {
4169 : /* Determine the range the length of each string is in and whether it's
4170 : known to be nul-terminated, or the size of the array it's stored in. */
4171 129030 : bool nul1, nul2;
4172 129030 : unsigned HOST_WIDE_INT siz1, siz2;
4173 129030 : unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4174 129030 : if (!get_len_or_size (stmt, arg1, idx1, len1rng, &siz1, &nul1)
4175 129030 : || !get_len_or_size (stmt, arg2, idx2, len2rng, &siz2, &nul2))
4176 196 : return NULL_TREE;
4177 :
4178 : /* BOUND is set to HWI_M1U for strcmp and less to strncmp, and LENiRNG
4179 : to HWI_MAX when invalid. Adjust the length of each string to consider
4180 : to be no more than BOUND. */
4181 128834 : if (len1rng[0] < HOST_WIDE_INT_MAX && len1rng[0] > bound)
4182 33 : len1rng[0] = bound;
4183 128834 : if (len1rng[1] < HOST_WIDE_INT_MAX && len1rng[1] > bound)
4184 70 : len1rng[1] = bound;
4185 128834 : if (len2rng[0] < HOST_WIDE_INT_MAX && len2rng[0] > bound)
4186 109 : len2rng[0] = bound;
4187 128834 : if (len2rng[1] < HOST_WIDE_INT_MAX && len2rng[1] > bound)
4188 109 : len2rng[1] = bound;
4189 :
4190 : /* Two empty strings are equal. */
4191 128834 : if (len1rng[1] == 0 && len2rng[1] == 0)
4192 3 : return integer_one_node;
4193 :
4194 : /* The strings are definitely unequal when the lower bound of the length
4195 : of one of them is greater than the length of the longest string that
4196 : would fit into the other array. */
4197 128831 : if (len1rng[0] == HOST_WIDE_INT_MAX
4198 800 : && len2rng[0] != HOST_WIDE_INT_MAX
4199 693 : && ((len2rng[0] < bound && len2rng[0] >= siz1)
4200 620 : || len2rng[0] > siz1))
4201 : {
4202 99 : *psize = siz1;
4203 99 : len[0] = len1rng[0];
4204 : /* Set LEN[0] to the lower bound of ARG1's length when it's
4205 : nul-terminated or to the complement of its minimum length
4206 : otherwise, */
4207 99 : len[1] = nul2 ? len2rng[0] : ~len2rng[0];
4208 99 : return integer_zero_node;
4209 : }
4210 :
4211 128732 : if (len2rng[0] == HOST_WIDE_INT_MAX
4212 353 : && len1rng[0] != HOST_WIDE_INT_MAX
4213 246 : && ((len1rng[0] < bound && len1rng[0] >= siz2)
4214 186 : || len1rng[0] > siz2))
4215 : {
4216 82 : *psize = siz2;
4217 82 : len[0] = nul1 ? len1rng[0] : ~len1rng[0];
4218 82 : len[1] = len2rng[0];
4219 82 : return integer_zero_node;
4220 : }
4221 :
4222 : /* The strings are also definitely unequal when their lengths are unequal
4223 : and at least one is nul-terminated. */
4224 128650 : if (len1rng[0] != HOST_WIDE_INT_MAX
4225 127949 : && len2rng[0] != HOST_WIDE_INT_MAX
4226 127785 : && ((len1rng[1] < len2rng[0] && nul1)
4227 127766 : || (len2rng[1] < len1rng[0] && nul2)))
4228 : {
4229 28 : if (bound <= len1rng[0] || bound <= len2rng[0])
4230 6 : *psize = bound;
4231 : else
4232 22 : *psize = HOST_WIDE_INT_M1U;
4233 :
4234 28 : len[0] = len1rng[0];
4235 28 : len[1] = len2rng[0];
4236 28 : return integer_zero_node;
4237 : }
4238 :
4239 : /* The string lengths may be equal or unequal. Even when equal and
4240 : both strings nul-terminated, without the string contents there's
4241 : no way to determine whether they are equal. */
4242 : return NULL_TREE;
4243 : }
4244 :
4245 : /* Diagnose pointless calls to strcmp or strncmp STMT with string
4246 : arguments of lengths LEN or size SIZ and (for strncmp) BOUND,
4247 : whose result is used in equality expressions that evaluate to
4248 : a constant due to one argument being longer than the size of
4249 : the other. */
4250 :
4251 : static void
4252 209 : maybe_warn_pointless_strcmp (gimple *stmt, HOST_WIDE_INT bound,
4253 : unsigned HOST_WIDE_INT len[2],
4254 : unsigned HOST_WIDE_INT siz)
4255 : {
4256 209 : tree lhs = gimple_call_lhs (stmt);
4257 209 : gimple *use = use_in_zero_equality (lhs, /* exclusive = */ false);
4258 209 : if (!use)
4259 : return;
4260 :
4261 102 : bool at_least = false;
4262 :
4263 : /* Excessive LEN[i] indicates a lower bound. */
4264 102 : if (len[0] > HOST_WIDE_INT_MAX)
4265 : {
4266 3 : at_least = true;
4267 3 : len[0] = ~len[0];
4268 : }
4269 :
4270 102 : if (len[1] > HOST_WIDE_INT_MAX)
4271 : {
4272 0 : at_least = true;
4273 0 : len[1] = ~len[1];
4274 : }
4275 :
4276 102 : unsigned HOST_WIDE_INT minlen = MIN (len[0], len[1]);
4277 :
4278 : /* FIXME: Include a note pointing to the declaration of the smaller
4279 : array. */
4280 102 : location_t stmt_loc = gimple_or_expr_nonartificial_location (stmt, lhs);
4281 :
4282 102 : tree callee = gimple_call_fndecl (stmt);
4283 102 : bool warned = false;
4284 102 : if (siz <= minlen && bound == -1)
4285 119 : warned = warning_at (stmt_loc, OPT_Wstring_compare,
4286 : (at_least
4287 : ? G_("%qD of a string of length %wu or more and "
4288 : "an array of size %wu evaluates to nonzero")
4289 : : G_("%qD of a string of length %wu and an array "
4290 : "of size %wu evaluates to nonzero")),
4291 : callee, minlen, siz);
4292 41 : else if (!at_least && siz <= HOST_WIDE_INT_MAX)
4293 : {
4294 21 : if (len[0] != HOST_WIDE_INT_MAX && len[1] != HOST_WIDE_INT_MAX)
4295 6 : warned = warning_at (stmt_loc, OPT_Wstring_compare,
4296 : "%qD of strings of length %wu and %wu "
4297 : "and bound of %wu evaluates to nonzero",
4298 : callee, len[0], len[1], bound);
4299 : else
4300 15 : warned = warning_at (stmt_loc, OPT_Wstring_compare,
4301 : "%qD of a string of length %wu, an array "
4302 : "of size %wu and bound of %wu evaluates to "
4303 : "nonzero",
4304 : callee, minlen, siz, bound);
4305 : }
4306 :
4307 82 : if (!warned)
4308 44 : return;
4309 :
4310 58 : location_t use_loc = gimple_location (use);
4311 58 : if (LOCATION_LINE (stmt_loc) != LOCATION_LINE (use_loc))
4312 12 : inform (use_loc, "in this expression");
4313 : }
4314 :
4315 :
4316 : /* Optimize a call to strcmp or strncmp either by folding it to a constant
4317 : when possible or by transforming the latter to the former. Warn about
4318 : calls where the length of one argument is greater than the size of
4319 : the array to which the other argument points if the latter's length
4320 : is not known. Return true when the call has been transformed into
4321 : another and false otherwise. */
4322 :
4323 : bool
4324 129544 : strlen_pass::handle_builtin_string_cmp ()
4325 : {
4326 129544 : gcall *stmt = as_a <gcall *> (gsi_stmt (m_gsi));
4327 129544 : tree lhs = gimple_call_lhs (stmt);
4328 :
4329 129544 : if (!lhs)
4330 : return false;
4331 :
4332 129544 : tree arg1 = gimple_call_arg (stmt, 0);
4333 129544 : tree arg2 = gimple_call_arg (stmt, 1);
4334 129544 : int idx1 = get_stridx (arg1, stmt);
4335 129544 : int idx2 = get_stridx (arg2, stmt);
4336 :
4337 : /* For strncmp set to the value of the third argument if known. */
4338 129544 : HOST_WIDE_INT bound = -1;
4339 129544 : tree len = NULL_TREE;
4340 : /* Extract the strncmp bound. */
4341 129544 : if (gimple_call_num_args (stmt) == 3)
4342 : {
4343 1780 : len = gimple_call_arg (stmt, 2);
4344 1780 : if (tree_fits_shwi_p (len))
4345 1273 : bound = tree_to_shwi (len);
4346 :
4347 : /* If the bound argument is NOT known, do nothing. */
4348 1273 : if (bound < 0)
4349 : return false;
4350 : }
4351 :
4352 : /* Avoid folding if either argument is not a nul-terminated array.
4353 : Defer warning until later. */
4354 129037 : if (!check_nul_terminated_array (NULL_TREE, arg1, len)
4355 129037 : || !check_nul_terminated_array (NULL_TREE, arg2, len))
4356 7 : return false;
4357 :
4358 129030 : {
4359 : /* Set to the length of one argument (or its complement if it's
4360 : the lower bound of a range) and the size of the array storing
4361 : the other if the result is based on the former being equal to
4362 : or greater than the latter. */
4363 129030 : unsigned HOST_WIDE_INT len[2] = { HOST_WIDE_INT_MAX, HOST_WIDE_INT_MAX };
4364 129030 : unsigned HOST_WIDE_INT siz = HOST_WIDE_INT_M1U;
4365 :
4366 : /* Try to determine if the two strings are either definitely equal
4367 : or definitely unequal and if so, either fold the result to zero
4368 : (when equal) or set the range of the result to ~[0, 0] otherwise. */
4369 129030 : if (tree eqz = strxcmp_eqz_result (stmt, arg1, idx1, arg2, idx2, bound,
4370 : len, &siz))
4371 : {
4372 212 : if (integer_zerop (eqz))
4373 : {
4374 209 : maybe_warn_pointless_strcmp (stmt, bound, len, siz);
4375 :
4376 : /* When the lengths of the first two string arguments are
4377 : known to be unequal set the range of the result to non-zero.
4378 : This allows the call to be eliminated if its result is only
4379 : used in tests for equality to zero. */
4380 209 : int_range_max nz;
4381 209 : nz.set_nonzero (TREE_TYPE (lhs));
4382 209 : set_range_info (lhs, nz);
4383 209 : return false;
4384 209 : }
4385 : /* When the two strings are definitely equal (such as when they
4386 : are both empty) fold the call to the constant result. */
4387 3 : replace_call_with_value (&m_gsi, integer_zero_node);
4388 3 : return true;
4389 : }
4390 : }
4391 :
4392 : /* Return if nothing is known about the strings pointed to by ARG1
4393 : and ARG2. */
4394 128818 : if (idx1 == 0 && idx2 == 0)
4395 : return false;
4396 :
4397 : /* Determine either the length or the size of each of the strings,
4398 : whichever is available. */
4399 127684 : HOST_WIDE_INT cstlen1 = -1, cstlen2 = -1;
4400 127684 : HOST_WIDE_INT arysiz1 = -1, arysiz2 = -1;
4401 :
4402 127684 : {
4403 127684 : unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4404 127684 : unsigned HOST_WIDE_INT arsz1, arsz2;
4405 127684 : bool nulterm[2];
4406 :
4407 127684 : if (!get_len_or_size (stmt, arg1, idx1, len1rng, &arsz1, nulterm)
4408 127684 : || !get_len_or_size (stmt, arg2, idx2, len2rng, &arsz2, nulterm + 1))
4409 81 : return false;
4410 :
4411 127603 : if (len1rng[0] == len1rng[1] && len1rng[0] < HOST_WIDE_INT_MAX)
4412 508 : cstlen1 = len1rng[0];
4413 127095 : else if (arsz1 < HOST_WIDE_INT_M1U)
4414 544 : arysiz1 = arsz1;
4415 :
4416 127603 : if (len2rng[0] == len2rng[1] && len2rng[0] < HOST_WIDE_INT_MAX)
4417 126522 : cstlen2 = len2rng[0];
4418 1081 : else if (arsz2 < HOST_WIDE_INT_M1U)
4419 130 : arysiz2 = arsz2;
4420 : }
4421 :
4422 : /* Bail if neither the string length nor the size of the array
4423 : it is stored in can be determined. */
4424 127603 : if ((cstlen1 < 0 && arysiz1 < 0)
4425 1052 : || (cstlen2 < 0 && arysiz2 < 0)
4426 586 : || (cstlen1 < 0 && cstlen2 < 0))
4427 : return false;
4428 :
4429 586 : if (cstlen1 >= 0)
4430 367 : ++cstlen1;
4431 586 : if (cstlen2 >= 0)
4432 468 : ++cstlen2;
4433 :
4434 : /* The exact number of characters to compare. */
4435 586 : HOST_WIDE_INT cmpsiz;
4436 586 : if (cstlen1 >= 0 && cstlen2 >= 0)
4437 249 : cmpsiz = MIN (cstlen1, cstlen2);
4438 337 : else if (cstlen1 >= 0)
4439 : cmpsiz = cstlen1;
4440 : else
4441 219 : cmpsiz = cstlen2;
4442 586 : if (bound >= 0)
4443 107 : cmpsiz = MIN (cmpsiz, bound);
4444 : /* The size of the array in which the unknown string is stored. */
4445 586 : HOST_WIDE_INT varsiz = arysiz1 < 0 ? arysiz2 : arysiz1;
4446 :
4447 586 : if ((varsiz < 0 || cmpsiz < varsiz) && use_in_zero_equality (lhs))
4448 : {
4449 : /* If the known length is less than the size of the other array
4450 : and the strcmp result is only used to test equality to zero,
4451 : transform the call to the equivalent _eq call. */
4452 455 : if (tree fn = builtin_decl_implicit (bound < 0 ? BUILT_IN_STRCMP_EQ
4453 : : BUILT_IN_STRNCMP_EQ))
4454 : {
4455 418 : tree n = build_int_cst (size_type_node, cmpsiz);
4456 418 : update_gimple_call (&m_gsi, fn, 3, arg1, arg2, n);
4457 418 : return true;
4458 : }
4459 : }
4460 :
4461 : return false;
4462 : }
4463 :
4464 : /* Handle a POINTER_PLUS_EXPR statement.
4465 : For p = "abcd" + 2; compute associated length, or if
4466 : p = q + off is pointing to a '\0' character of a string, call
4467 : zero_length_string on it. */
4468 :
4469 : void
4470 751872 : strlen_pass::handle_pointer_plus ()
4471 : {
4472 751872 : gimple *stmt = gsi_stmt (m_gsi);
4473 751872 : tree lhs = gimple_assign_lhs (stmt), off;
4474 751872 : int idx = get_stridx (gimple_assign_rhs1 (stmt), stmt);
4475 751872 : strinfo *si, *zsi;
4476 :
4477 751872 : if (idx == 0)
4478 : return;
4479 :
4480 80471 : if (idx < 0)
4481 : {
4482 2705 : tree off = gimple_assign_rhs2 (stmt);
4483 2705 : if (tree_fits_uhwi_p (off)
4484 64 : && tree_to_uhwi (off) <= (unsigned HOST_WIDE_INT) ~idx)
4485 59 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)]
4486 118 : = ~(~idx - (int) tree_to_uhwi (off));
4487 2705 : return;
4488 : }
4489 :
4490 77766 : si = get_strinfo (idx);
4491 77766 : if (si == NULL || si->nonzero_chars == NULL_TREE)
4492 : return;
4493 :
4494 7485 : off = gimple_assign_rhs2 (stmt);
4495 7485 : zsi = NULL;
4496 7485 : if (si->full_string_p && operand_equal_p (si->nonzero_chars, off, 0))
4497 1351 : zsi = zero_length_string (lhs, si);
4498 6134 : else if (TREE_CODE (off) == SSA_NAME)
4499 : {
4500 2537 : gimple *def_stmt = SSA_NAME_DEF_STMT (off);
4501 2537 : if (gimple_assign_single_p (def_stmt)
4502 442 : && si->full_string_p
4503 2975 : && operand_equal_p (si->nonzero_chars,
4504 438 : gimple_assign_rhs1 (def_stmt), 0))
4505 404 : zsi = zero_length_string (lhs, si);
4506 : }
4507 1755 : if (zsi != NULL
4508 1755 : && si->endptr != NULL_TREE
4509 1526 : && si->endptr != lhs
4510 37 : && TREE_CODE (si->endptr) == SSA_NAME)
4511 : {
4512 37 : enum tree_code rhs_code
4513 37 : = useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (si->endptr))
4514 37 : ? SSA_NAME : NOP_EXPR;
4515 37 : gimple_assign_set_rhs_with_ops (&m_gsi, rhs_code, si->endptr);
4516 37 : gcc_assert (gsi_stmt (m_gsi) == stmt);
4517 37 : update_stmt (stmt);
4518 : }
4519 : }
4520 :
4521 : /* Set LENRANGE to the number of nonzero bytes for a store of TYPE and
4522 : clear all flags. Return true on success and false on failure. */
4523 :
4524 : static bool
4525 83221 : nonzero_bytes_for_type (tree type, unsigned lenrange[3],
4526 : bool *nulterm, bool *allnul, bool *allnonnul)
4527 : {
4528 : /* Use the size of the type of the expression as the size of the store,
4529 : and set the upper bound of the length range to that of the size.
4530 : Nothing is known about the contents so clear all flags. */
4531 83221 : tree typesize = TYPE_SIZE_UNIT (type);
4532 83221 : if (!type)
4533 : return false;
4534 :
4535 83221 : if (!tree_fits_uhwi_p (typesize))
4536 : return false;
4537 :
4538 83208 : unsigned HOST_WIDE_INT sz = tree_to_uhwi (typesize);
4539 83208 : if (sz > UINT_MAX)
4540 : return false;
4541 :
4542 83208 : lenrange[2] = sz;
4543 83208 : lenrange[1] = lenrange[2] ? lenrange[2] - 1 : 0;
4544 83208 : lenrange[0] = 0;
4545 83208 : *nulterm = false;
4546 83208 : *allnul = false;
4547 83208 : *allnonnul = false;
4548 83208 : return true;
4549 : }
4550 :
4551 : /* Recursively determine the minimum and maximum number of leading nonzero
4552 : bytes in the representation of EXP at memory state VUSE and set
4553 : LENRANGE[0] and LENRANGE[1] to each.
4554 : Sets LENRANGE[2] to the total size of the access (which may be less
4555 : than LENRANGE[1] when what's being referenced by EXP is a pointer
4556 : rather than an array).
4557 : Sets *NULTERM if the representation contains a zero byte, sets *ALLNUL
4558 : if all the bytes are zero, and *ALLNONNUL is all are nonzero.
4559 : OFFSET and NBYTES are the offset into the representation and
4560 : the size of the access to it determined from an ADDR_EXPR (i.e.,
4561 : a pointer) or MEM_REF or zero for other expressions.
4562 : Uses RVALS to determine range information.
4563 : Avoids recursing deeper than the limits in SNLIM allow.
4564 : Returns true on success and false otherwise. */
4565 :
4566 : bool
4567 1380891 : strlen_pass::count_nonzero_bytes (tree exp, tree vuse, gimple *stmt,
4568 : unsigned HOST_WIDE_INT offset,
4569 : unsigned HOST_WIDE_INT nbytes,
4570 : unsigned lenrange[3], bool *nulterm,
4571 : bool *allnul, bool *allnonnul,
4572 : ssa_name_limit_t &snlim)
4573 : {
4574 1394065 : if (TREE_CODE (exp) == SSA_NAME)
4575 : {
4576 : /* Handle non-zero single-character stores specially. */
4577 171114 : tree type = TREE_TYPE (exp);
4578 171114 : if (TREE_CODE (type) == INTEGER_TYPE
4579 164777 : && TYPE_MODE (type) == TYPE_MODE (char_type_node)
4580 158792 : && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node)
4581 329906 : && tree_expr_nonzero_p (exp))
4582 : {
4583 : /* If the character EXP is known to be non-zero (even if its
4584 : exact value is not known) recurse once to set the range
4585 : for an arbitrary constant. */
4586 13174 : exp = build_int_cst (type, 1);
4587 13174 : return count_nonzero_bytes (exp, vuse, stmt,
4588 : offset, 1, lenrange,
4589 13174 : nulterm, allnul, allnonnul, snlim);
4590 : }
4591 :
4592 157940 : gimple *g = SSA_NAME_DEF_STMT (exp);
4593 157940 : if (gimple_assign_single_p (g))
4594 : {
4595 74368 : exp = gimple_assign_rhs1 (g);
4596 74368 : if (!DECL_P (exp)
4597 74089 : && TREE_CODE (exp) != CONSTRUCTOR
4598 73383 : && TREE_CODE (exp) != MEM_REF)
4599 : return false;
4600 : /* Handle DECLs, CONSTRUCTOR and MEM_REF below. */
4601 : stmt = g;
4602 : }
4603 83572 : else if (gimple_code (g) == GIMPLE_PHI)
4604 : {
4605 : /* Avoid processing an SSA_NAME that has already been visited
4606 : or if an SSA_NAME limit has been reached. Indicate success
4607 : if the former and failure if the latter. */
4608 33776 : if (int res = snlim.next_phi (exp))
4609 13149 : return res > 0;
4610 :
4611 : /* Determine the minimum and maximum from the PHI arguments. */
4612 20627 : unsigned int n = gimple_phi_num_args (g);
4613 72865 : for (unsigned i = 0; i != n; i++)
4614 : {
4615 59602 : tree def = gimple_phi_arg_def (g, i);
4616 59602 : if (!count_nonzero_bytes (def, vuse, g,
4617 : offset, nbytes, lenrange, nulterm,
4618 : allnul, allnonnul, snlim))
4619 : return false;
4620 : }
4621 :
4622 : return true;
4623 : }
4624 : }
4625 :
4626 1317587 : if (TREE_CODE (exp) == CONSTRUCTOR)
4627 : {
4628 42966 : if (nbytes)
4629 : /* If NBYTES has already been determined by an outer MEM_REF
4630 : fail rather than overwriting it (this shouldn't happen). */
4631 : return false;
4632 :
4633 42966 : tree type = TREE_TYPE (exp);
4634 42966 : tree size = TYPE_SIZE_UNIT (type);
4635 42966 : if (!size || !tree_fits_uhwi_p (size))
4636 : return false;
4637 :
4638 42966 : unsigned HOST_WIDE_INT byte_size = tree_to_uhwi (size);
4639 42966 : if (byte_size <= offset)
4640 : return false;
4641 :
4642 42966 : nbytes = byte_size - offset;
4643 : }
4644 :
4645 1317587 : if (TREE_CODE (exp) == MEM_REF)
4646 : {
4647 681990 : if (nbytes)
4648 : return false;
4649 :
4650 681546 : tree arg = TREE_OPERAND (exp, 0);
4651 681546 : tree off = TREE_OPERAND (exp, 1);
4652 :
4653 681546 : if (TREE_CODE (off) != INTEGER_CST || !tree_fits_uhwi_p (off))
4654 : return false;
4655 :
4656 681546 : unsigned HOST_WIDE_INT wioff = tree_to_uhwi (off);
4657 681546 : if (INT_MAX < wioff)
4658 : return false;
4659 :
4660 641779 : offset += wioff;
4661 641779 : if (INT_MAX < offset)
4662 : return false;
4663 :
4664 : /* The size of the MEM_REF access determines the number of bytes. */
4665 641779 : tree type = TREE_TYPE (exp);
4666 641779 : tree typesize = TYPE_SIZE_UNIT (type);
4667 641779 : if (!typesize || !tree_fits_uhwi_p (typesize))
4668 : return false;
4669 641779 : nbytes = tree_to_uhwi (typesize);
4670 641779 : if (!nbytes)
4671 : return false;
4672 :
4673 : /* Handle MEM_REF = SSA_NAME types of assignments. */
4674 641779 : return count_nonzero_bytes_addr (arg, vuse, stmt,
4675 : offset, nbytes, lenrange, nulterm,
4676 641779 : allnul, allnonnul, snlim);
4677 : }
4678 :
4679 635597 : if (VAR_P (exp) || TREE_CODE (exp) == CONST_DECL)
4680 : {
4681 : /* If EXP can be folded into a constant use the result. Otherwise
4682 : proceed to use EXP to determine a range of the result. */
4683 313105 : if (tree fold_exp = ctor_for_folding (exp))
4684 313103 : if (fold_exp != error_mark_node)
4685 635597 : exp = fold_exp;
4686 : }
4687 :
4688 635597 : const char *prep = NULL;
4689 635597 : if (TREE_CODE (exp) == STRING_CST)
4690 : {
4691 12247 : unsigned nchars = TREE_STRING_LENGTH (exp);
4692 12247 : if (nchars <= offset)
4693 : return false;
4694 :
4695 12241 : if (!nbytes)
4696 : /* If NBYTES hasn't been determined earlier, either from ADDR_EXPR
4697 : (i.e., it's the size of a pointer), or from MEM_REF (as the size
4698 : of the access), set it here to the size of the string, including
4699 : all internal and trailing nuls if the string has any. */
4700 8670 : nbytes = nchars - offset;
4701 3571 : else if (nchars - offset < nbytes)
4702 : return false;
4703 :
4704 12236 : prep = TREE_STRING_POINTER (exp) + offset;
4705 : }
4706 :
4707 635586 : unsigned char buf[256];
4708 12236 : if (!prep)
4709 : {
4710 623350 : if (CHAR_BIT != 8 || BITS_PER_UNIT != 8 || offset > INT_MAX)
4711 : return false;
4712 : /* If the pointer to representation hasn't been set above
4713 : for STRING_CST point it at the buffer. */
4714 623350 : prep = reinterpret_cast <char *>(buf);
4715 : /* Try to extract the representation of the constant object
4716 : or expression starting from the offset. */
4717 623350 : unsigned repsize = native_encode_expr (exp, buf, sizeof buf, offset);
4718 623350 : if (repsize < nbytes)
4719 : {
4720 : /* Handle vector { 0x12345678, 0x23003412, x_1(D), y_2(D) }
4721 : and similar cases. Even when not all the elements are constant,
4722 : we can perhaps figure out something from the constant ones
4723 : and assume the others can be anything. */
4724 324771 : if (TREE_CODE (exp) == CONSTRUCTOR
4725 4373 : && CONSTRUCTOR_NELTS (exp)
4726 2984 : && VECTOR_TYPE_P (TREE_TYPE (exp))
4727 325477 : && nbytes <= sizeof buf)
4728 : {
4729 706 : tree v0 = CONSTRUCTOR_ELT (exp, 0)->value;
4730 706 : unsigned HOST_WIDE_INT elt_sz
4731 706 : = int_size_in_bytes (TREE_TYPE (v0));
4732 706 : unsigned int i, s = 0;
4733 706 : tree v, idx;
4734 740 : FOR_EACH_CONSTRUCTOR_ELT (CONSTRUCTOR_ELTS (exp), i, idx, v)
4735 : {
4736 740 : if (idx
4737 740 : && (VECTOR_TYPE_P (TREE_TYPE (v0))
4738 15 : || !tree_fits_uhwi_p (idx)
4739 15 : || tree_to_uhwi (idx) != i))
4740 : {
4741 : s = 0;
4742 : break;
4743 : }
4744 740 : if ((i + 1) * elt_sz <= offset)
4745 0 : continue;
4746 740 : unsigned int o = 0;
4747 740 : if (i * elt_sz < offset)
4748 0 : o = offset % elt_sz;
4749 1480 : repsize = native_encode_expr (v, buf + s,
4750 740 : sizeof (buf) - s, o);
4751 740 : if (repsize != elt_sz - o)
4752 : break;
4753 34 : s += repsize;
4754 : }
4755 706 : if (s != 0 && s < nbytes)
4756 : {
4757 20 : unsigned HOST_WIDE_INT n = strnlen (prep, s);
4758 20 : if (n < lenrange[0])
4759 20 : lenrange[0] = n;
4760 20 : if (lenrange[1] < n && n != s)
4761 2 : lenrange[1] = n;
4762 20 : if (lenrange[2] < nbytes)
4763 20 : lenrange[2] = nbytes;
4764 : /* We haven't processed all bytes, the rest are unknown.
4765 : So, clear NULTERM if none of the initial bytes are
4766 : zero, and clear ALLNUL and ALLNONNULL because we don't
4767 : know about the remaining bytes. */
4768 20 : if (n == s)
4769 6 : *nulterm = false;
4770 20 : *allnul = false;
4771 20 : *allnonnul = false;
4772 20 : return true;
4773 : }
4774 686 : else if (s != nbytes)
4775 : {
4776 : /* See below. */
4777 686 : lenrange[0] = 0;
4778 686 : prep = NULL;
4779 : }
4780 : }
4781 : else
4782 : {
4783 : /* This should only happen when REPSIZE is zero because EXP
4784 : doesn't denote an object with a known initializer, except
4785 : perhaps when the reference reads past its end. */
4786 324065 : lenrange[0] = 0;
4787 324065 : prep = NULL;
4788 : }
4789 : }
4790 298579 : else if (!nbytes)
4791 : nbytes = repsize;
4792 54052 : else if (nbytes < repsize)
4793 : return false;
4794 : }
4795 :
4796 635566 : if (!nbytes)
4797 51769 : return nonzero_bytes_for_type (TREE_TYPE (exp), lenrange,
4798 51769 : nulterm, allnul, allnonnul);
4799 :
4800 : /* Compute the number of leading nonzero bytes in the representation
4801 : and update the minimum and maximum. */
4802 583797 : unsigned HOST_WIDE_INT n = prep ? strnlen (prep, nbytes) : nbytes;
4803 :
4804 583797 : if (n < lenrange[0])
4805 245273 : lenrange[0] = n;
4806 583797 : if (lenrange[1] < n)
4807 442166 : lenrange[1] = n;
4808 :
4809 : /* Set the size of the representation. */
4810 583797 : if (lenrange[2] < nbytes)
4811 566175 : lenrange[2] = nbytes;
4812 :
4813 : /* Clear NULTERM if none of the bytes is zero. */
4814 583797 : if (n == nbytes)
4815 438120 : *nulterm = false;
4816 :
4817 583797 : if (n)
4818 : {
4819 : /* When the initial number of non-zero bytes N is non-zero, reset
4820 : *ALLNUL; if N is less than that the size of the representation
4821 : also clear *ALLNONNUL. */
4822 448858 : *allnul = false;
4823 448858 : if (n < nbytes)
4824 10738 : *allnonnul = false;
4825 : }
4826 134939 : else if (*allnul || *allnonnul)
4827 : {
4828 128691 : *allnonnul = false;
4829 :
4830 128691 : if (*allnul)
4831 : {
4832 : /* When either ALLNUL is set and N is zero, also determine
4833 : whether all subsequent bytes after the first one (which
4834 : is nul) are zero or nonzero and clear ALLNUL if not. */
4835 983811 : for (const char *p = prep; p != prep + nbytes; ++p)
4836 862806 : if (*p)
4837 : {
4838 2557 : *allnul = false;
4839 2557 : break;
4840 : }
4841 : }
4842 : }
4843 :
4844 : return true;
4845 : }
4846 :
4847 : /* Like count_nonzero_bytes, but instead of counting bytes in EXP, count
4848 : bytes that are pointed to by EXP, which should be a pointer. */
4849 :
4850 : bool
4851 818599 : strlen_pass::count_nonzero_bytes_addr (tree exp, tree vuse, gimple *stmt,
4852 : unsigned HOST_WIDE_INT offset,
4853 : unsigned HOST_WIDE_INT nbytes,
4854 : unsigned lenrange[3], bool *nulterm,
4855 : bool *allnul, bool *allnonnul,
4856 : ssa_name_limit_t &snlim)
4857 : {
4858 818599 : int idx = get_stridx (exp, stmt);
4859 818599 : if (idx > 0)
4860 : {
4861 : /* get_strinfo reflects string lengths before the current statement,
4862 : where the current statement is the outermost count_nonzero_bytes
4863 : stmt. If there are any stores in between stmt and that
4864 : current statement, the string length information might describe
4865 : something significantly different. */
4866 24078 : if (gimple_vuse (stmt) != vuse)
4867 : return false;
4868 :
4869 9789 : strinfo *si = get_strinfo (idx);
4870 9789 : if (!si)
4871 : return false;
4872 :
4873 : /* Handle both constant lengths as well non-constant lengths
4874 : in some range. */
4875 3269 : unsigned HOST_WIDE_INT minlen, maxlen;
4876 3269 : if (tree_fits_shwi_p (si->nonzero_chars))
4877 1032 : minlen = maxlen = tree_to_shwi (si->nonzero_chars);
4878 2237 : else if (si->nonzero_chars
4879 2174 : && TREE_CODE (si->nonzero_chars) == SSA_NAME)
4880 : {
4881 2174 : int_range_max vr;
4882 2174 : if (!ptr_qry.rvals->range_of_expr (vr, si->nonzero_chars, stmt)
4883 2174 : || vr.undefined_p ()
4884 4339 : || vr.varying_p ())
4885 9 : return false;
4886 :
4887 2165 : minlen = vr.lower_bound ().to_uhwi ();
4888 2165 : maxlen = vr.upper_bound ().to_uhwi ();
4889 2174 : }
4890 : else
4891 : return false;
4892 :
4893 3197 : if (maxlen < offset)
4894 : return false;
4895 :
4896 2977 : minlen = minlen < offset ? 0 : minlen - offset;
4897 2977 : maxlen -= offset;
4898 2977 : if (maxlen + 1 < nbytes)
4899 : return false;
4900 :
4901 2539 : if (nbytes <= minlen || !si->full_string_p)
4902 2453 : *nulterm = false;
4903 :
4904 2539 : if (nbytes < minlen)
4905 : {
4906 159 : minlen = nbytes;
4907 159 : if (nbytes < maxlen)
4908 : maxlen = nbytes;
4909 : }
4910 :
4911 2539 : if (!si->full_string_p)
4912 313 : maxlen = nbytes;
4913 :
4914 2539 : if (minlen < lenrange[0])
4915 2539 : lenrange[0] = minlen;
4916 2539 : if (lenrange[1] < maxlen)
4917 2539 : lenrange[1] = maxlen;
4918 :
4919 2539 : if (lenrange[2] < nbytes)
4920 2539 : lenrange[2] = nbytes;
4921 :
4922 : /* Since only the length of the string are known and not its contents,
4923 : clear ALLNUL and ALLNONNUL purely on the basis of the length. */
4924 2539 : *allnul = false;
4925 2539 : if (minlen < nbytes)
4926 105 : *allnonnul = false;
4927 :
4928 2539 : return true;
4929 : }
4930 :
4931 806560 : if (TREE_CODE (exp) == ADDR_EXPR)
4932 326704 : return count_nonzero_bytes (TREE_OPERAND (exp, 0), vuse, stmt,
4933 : offset, nbytes,
4934 326704 : lenrange, nulterm, allnul, allnonnul, snlim);
4935 :
4936 479856 : if (TREE_CODE (exp) == SSA_NAME)
4937 : {
4938 477558 : gimple *g = SSA_NAME_DEF_STMT (exp);
4939 477558 : if (gimple_code (g) == GIMPLE_PHI)
4940 : {
4941 : /* Avoid processing an SSA_NAME that has already been visited
4942 : or if an SSA_NAME limit has been reached. Indicate success
4943 : if the former and failure if the latter. */
4944 103205 : if (int res = snlim.next_phi (exp))
4945 25466 : return res > 0;
4946 :
4947 : /* Determine the minimum and maximum from the PHI arguments. */
4948 77739 : unsigned int n = gimple_phi_num_args (g);
4949 250174 : for (unsigned i = 0; i != n; i++)
4950 : {
4951 176820 : tree def = gimple_phi_arg_def (g, i);
4952 176820 : if (!count_nonzero_bytes_addr (def, vuse, g,
4953 : offset, nbytes, lenrange,
4954 : nulterm, allnul, allnonnul,
4955 : snlim))
4956 : return false;
4957 : }
4958 :
4959 : return true;
4960 : }
4961 : }
4962 :
4963 : /* Otherwise we don't know anything. */
4964 376651 : lenrange[0] = 0;
4965 376651 : if (lenrange[1] < nbytes)
4966 304178 : lenrange[1] = nbytes;
4967 376651 : if (lenrange[2] < nbytes)
4968 302563 : lenrange[2] = nbytes;
4969 376651 : *nulterm = false;
4970 376651 : *allnul = false;
4971 376651 : *allnonnul = false;
4972 376651 : return true;
4973 : }
4974 :
4975 : /* Same as above except with an implicit SSA_NAME limit. When EXPR_OR_TYPE
4976 : is a type rather than an expression use its size to compute the range.
4977 : RVALS is used to determine ranges of dynamically computed string lengths
4978 : (the results of strlen). */
4979 :
4980 : bool
4981 1026037 : strlen_pass::count_nonzero_bytes (tree expr_or_type, gimple *stmt,
4982 : unsigned lenrange[3], bool *nulterm,
4983 : bool *allnul, bool *allnonnul)
4984 : {
4985 1026037 : if (TYPE_P (expr_or_type))
4986 31452 : return nonzero_bytes_for_type (expr_or_type, lenrange,
4987 31452 : nulterm, allnul, allnonnul);
4988 :
4989 : /* Set to optimistic values so the caller doesn't have to worry about
4990 : initializing these and to what. On success, the function will clear
4991 : these if it determines their values are different but being recursive
4992 : it never sets either to true. On failure, their values are
4993 : unspecified. */
4994 994585 : *nulterm = true;
4995 994585 : *allnul = true;
4996 994585 : *allnonnul = true;
4997 :
4998 994585 : ssa_name_limit_t snlim;
4999 994585 : tree expr = expr_or_type;
5000 1989170 : return count_nonzero_bytes (expr, gimple_vuse (stmt), stmt,
5001 : 0, 0, lenrange, nulterm, allnul, allnonnul,
5002 : snlim);
5003 994585 : }
5004 :
5005 : /* Handle a single or multibyte store other than by a built-in function,
5006 : either via a single character assignment or by multi-byte assignment
5007 : either via MEM_REF or via a type other than char (such as in
5008 : '*(int*)a = 12345'). Return true to let the caller advance *GSI to
5009 : the next statement in the basic block and false otherwise. */
5010 :
5011 : bool
5012 398597 : strlen_pass::handle_store (bool *zero_write)
5013 : {
5014 398597 : gimple *stmt = gsi_stmt (m_gsi);
5015 : /* The LHS and RHS of the store. The RHS is null if STMT is a function
5016 : call. STORETYPE is the type of the store (determined from either
5017 : the RHS of the assignment statement or the LHS of a function call. */
5018 398597 : tree lhs, rhs, storetype;
5019 398597 : if (is_gimple_assign (stmt))
5020 : {
5021 367145 : lhs = gimple_assign_lhs (stmt);
5022 367145 : rhs = gimple_assign_rhs1 (stmt);
5023 367145 : storetype = TREE_TYPE (rhs);
5024 : }
5025 31452 : else if (is_gimple_call (stmt))
5026 : {
5027 31452 : lhs = gimple_call_lhs (stmt);
5028 31452 : rhs = NULL_TREE;
5029 31452 : storetype = TREE_TYPE (lhs);
5030 : }
5031 : else
5032 : return true;
5033 :
5034 398597 : tree ssaname = NULL_TREE;
5035 398597 : strinfo *si = NULL;
5036 398597 : int idx = -1;
5037 :
5038 398597 : range_query *const rvals = ptr_qry.rvals;
5039 :
5040 : /* The offset of the first byte in LHS modified by the store. */
5041 398597 : unsigned HOST_WIDE_INT offset = 0;
5042 :
5043 398597 : if (TREE_CODE (lhs) == MEM_REF
5044 398597 : && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME)
5045 : {
5046 120209 : tree mem_offset = TREE_OPERAND (lhs, 1);
5047 120209 : if (tree_fits_uhwi_p (mem_offset))
5048 : {
5049 : /* Get the strinfo for the base, and use it if it starts with at
5050 : least OFFSET nonzero characters. This is trivially true if
5051 : OFFSET is zero. */
5052 120209 : offset = tree_to_uhwi (mem_offset);
5053 120209 : idx = get_stridx (TREE_OPERAND (lhs, 0), stmt);
5054 120209 : if (idx > 0)
5055 13640 : si = get_strinfo (idx);
5056 120209 : if (offset == 0)
5057 98429 : ssaname = TREE_OPERAND (lhs, 0);
5058 21780 : else if (si == NULL
5059 21780 : || compare_nonzero_chars (si, stmt, offset, rvals) < 0)
5060 : {
5061 19084 : *zero_write = rhs ? initializer_zerop (rhs) : false;
5062 :
5063 19084 : bool dummy;
5064 19084 : unsigned lenrange[] = { UINT_MAX, 0, 0 };
5065 19084 : if (count_nonzero_bytes (rhs ? rhs : storetype, stmt, lenrange,
5066 : &dummy, &dummy, &dummy))
5067 16893 : maybe_warn_overflow (stmt, true, lenrange[2]);
5068 :
5069 19084 : return true;
5070 : }
5071 : }
5072 : }
5073 : else
5074 : {
5075 278388 : idx = get_addr_stridx (lhs, stmt, NULL_TREE, &offset, rvals);
5076 278388 : if (idx > 0)
5077 46035 : si = get_strinfo (idx);
5078 : }
5079 :
5080 : /* Minimum and maximum leading non-zero bytes and the size of the store. */
5081 379513 : unsigned lenrange[] = { UINT_MAX, 0, 0 };
5082 :
5083 : /* Set to the minimum length of the string being assigned if known. */
5084 379513 : unsigned HOST_WIDE_INT rhs_minlen;
5085 :
5086 : /* STORING_NONZERO_P is true iff not all stored characters are zero.
5087 : STORING_ALL_NONZERO_P is true if all stored characters are zero.
5088 : STORING_ALL_ZEROS_P is true iff all stored characters are zero.
5089 : Both are false when it's impossible to determine which is true. */
5090 379513 : bool storing_nonzero_p;
5091 379513 : bool storing_all_nonzero_p;
5092 379513 : bool storing_all_zeros_p;
5093 : /* FULL_STRING_P is set when the stored sequence of characters form
5094 : a nul-terminated string. */
5095 379513 : bool full_string_p;
5096 :
5097 379513 : const bool ranges_valid
5098 410965 : = count_nonzero_bytes (rhs ? rhs : storetype, stmt,
5099 : lenrange, &full_string_p,
5100 : &storing_all_zeros_p, &storing_all_nonzero_p);
5101 :
5102 379513 : if (ranges_valid)
5103 : {
5104 348740 : rhs_minlen = lenrange[0];
5105 348740 : storing_nonzero_p = lenrange[1] > 0;
5106 348740 : *zero_write = storing_all_zeros_p;
5107 :
5108 348740 : maybe_warn_overflow (stmt, true, lenrange[2]);
5109 : }
5110 : else
5111 : {
5112 30773 : rhs_minlen = HOST_WIDE_INT_M1U;
5113 30773 : full_string_p = false;
5114 30773 : storing_nonzero_p = false;
5115 30773 : storing_all_zeros_p = false;
5116 30773 : storing_all_nonzero_p = false;
5117 : }
5118 :
5119 379513 : if (si != NULL)
5120 : {
5121 : /* The count_nonzero_bytes call above might have unshared si.
5122 : Fetch it again from the vector. */
5123 28444 : si = get_strinfo (idx);
5124 : /* The corresponding element is set to 1 if the first and last
5125 : element, respectively, of the sequence of characters being
5126 : written over the string described by SI ends before
5127 : the terminating nul (if it has one), to zero if the nul is
5128 : being overwritten but not beyond, or negative otherwise. */
5129 28444 : int store_before_nul[2];
5130 28444 : if (ranges_valid)
5131 : {
5132 : /* The offset of the last stored byte. */
5133 27678 : unsigned HOST_WIDE_INT endoff = offset + lenrange[2] - 1;
5134 27678 : store_before_nul[0]
5135 27678 : = compare_nonzero_chars (si, stmt, offset, rvals);
5136 27678 : if (endoff == offset)
5137 : store_before_nul[1] = store_before_nul[0];
5138 : else
5139 9295 : store_before_nul[1]
5140 9295 : = compare_nonzero_chars (si, stmt, endoff, rvals);
5141 : }
5142 : else
5143 : {
5144 766 : store_before_nul[0]
5145 766 : = compare_nonzero_chars (si, stmt, offset, rvals);
5146 766 : store_before_nul[1] = store_before_nul[0];
5147 766 : gcc_assert (offset == 0 || store_before_nul[0] >= 0);
5148 : }
5149 :
5150 28444 : if (storing_all_zeros_p
5151 14568 : && store_before_nul[0] == 0
5152 13714 : && store_before_nul[1] == 0
5153 11292 : && si->full_string_p)
5154 : {
5155 : /* When overwriting a '\0' with a '\0', the store can be removed
5156 : if we know it has been stored in the current function. */
5157 405 : if (!stmt_could_throw_p (cfun, stmt) && si->writable)
5158 : {
5159 403 : unlink_stmt_vdef (stmt);
5160 403 : release_defs (stmt);
5161 403 : gsi_remove (&m_gsi, true);
5162 403 : return false;
5163 : }
5164 : else
5165 : {
5166 2 : si->writable = true;
5167 2 : gsi_next (&m_gsi);
5168 2 : return false;
5169 : }
5170 : }
5171 :
5172 28039 : if (store_before_nul[1] > 0
5173 902 : && storing_nonzero_p
5174 554 : && lenrange[0] == lenrange[1]
5175 547 : && lenrange[0] == lenrange[2]
5176 543 : && TREE_CODE (storetype) == INTEGER_TYPE)
5177 : {
5178 : /* Handle a store of one or more non-nul characters that ends
5179 : before the terminating nul of the destination and so does
5180 : not affect its length
5181 : If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
5182 : and if we aren't storing '\0', we know that the length of
5183 : the string and any other zero terminated string in memory
5184 : remains the same. In that case we move to the next gimple
5185 : statement and return to signal the caller that it shouldn't
5186 : invalidate anything.
5187 :
5188 : This is beneficial for cases like:
5189 :
5190 : char p[20];
5191 : void foo (char *q)
5192 : {
5193 : strcpy (p, "foobar");
5194 : size_t len = strlen (p); // can be folded to 6
5195 : size_t len2 = strlen (q); // has to be computed
5196 : p[0] = 'X';
5197 : size_t len3 = strlen (p); // can be folded to 6
5198 : size_t len4 = strlen (q); // can be folded to len2
5199 : bar (len, len2, len3, len4);
5200 : } */
5201 270 : gsi_next (&m_gsi);
5202 270 : return false;
5203 : }
5204 :
5205 27421 : if (storing_nonzero_p
5206 15326 : || storing_all_zeros_p
5207 1163 : || (full_string_p && lenrange[1] == 0)
5208 892 : || (offset != 0 && store_before_nul[1] > 0))
5209 : {
5210 : /* When STORING_NONZERO_P, we know that the string will start
5211 : with at least OFFSET + 1 nonzero characters. If storing
5212 : a single character, set si->NONZERO_CHARS to the result.
5213 : If storing multiple characters, try to determine the number
5214 : of leading non-zero characters and set si->NONZERO_CHARS to
5215 : the result instead.
5216 :
5217 : When STORING_ALL_ZEROS_P, or the first byte written is zero,
5218 : i.e. FULL_STRING_P && LENRANGE[1] == 0, we know that the
5219 : string is now OFFSET characters long.
5220 :
5221 : Otherwise, we're storing an unknown value at offset OFFSET,
5222 : so need to clip the nonzero_chars to OFFSET.
5223 : Use the minimum length of the string (or individual character)
5224 : being stored if it's known. Otherwise, STORING_NONZERO_P
5225 : guarantees it's at least 1. */
5226 39325 : HOST_WIDE_INT len
5227 26882 : = storing_nonzero_p && ranges_valid ? lenrange[0] : 1;
5228 26882 : location_t loc = gimple_location (stmt);
5229 26882 : tree oldlen = si->nonzero_chars;
5230 26882 : if (store_before_nul[1] == 0 && si->full_string_p)
5231 : /* We're overwriting the nul terminator with a nonzero or
5232 : unknown character. If the previous stmt was a memcpy,
5233 : its length may be decreased. */
5234 1342 : adjust_last_stmt (si, stmt, false);
5235 26882 : si = unshare_strinfo (si);
5236 26882 : if (storing_nonzero_p)
5237 : {
5238 12443 : gcc_assert (len >= 0);
5239 12443 : si->nonzero_chars = build_int_cst (size_type_node, offset + len);
5240 : }
5241 : else
5242 14439 : si->nonzero_chars = build_int_cst (size_type_node, offset);
5243 :
5244 : /* Set FULL_STRING_P only if the length of the strings being
5245 : written is the same, and clear it if the strings have
5246 : different lengths. In the latter case the length stored
5247 : in si->NONZERO_CHARS becomes the lower bound.
5248 : FIXME: Handle the upper bound of the length if possible. */
5249 26882 : si->full_string_p = full_string_p && lenrange[0] == lenrange[1];
5250 :
5251 26882 : if (storing_all_zeros_p
5252 14163 : && ssaname
5253 27441 : && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
5254 559 : si->endptr = ssaname;
5255 : else
5256 26323 : si->endptr = NULL;
5257 26882 : si->next = 0;
5258 26882 : si->stmt = NULL;
5259 26882 : si->writable = true;
5260 26882 : si->dont_invalidate = true;
5261 26882 : if (oldlen)
5262 : {
5263 23031 : tree adj = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
5264 : si->nonzero_chars, oldlen);
5265 23031 : adjust_related_strinfos (loc, si, adj);
5266 : }
5267 : else
5268 3851 : si->prev = 0;
5269 : }
5270 : }
5271 351069 : else if (idx == 0 && (storing_all_zeros_p || storing_nonzero_p))
5272 : {
5273 225895 : if (ssaname)
5274 70198 : idx = new_stridx (ssaname);
5275 : else
5276 155697 : idx = new_addr_stridx (lhs);
5277 225895 : if (idx != 0)
5278 : {
5279 200632 : tree ptr = (ssaname ? ssaname : build_fold_addr_expr (lhs));
5280 :
5281 200632 : HOST_WIDE_INT slen;
5282 200632 : if (storing_all_zeros_p)
5283 : slen = 0;
5284 110374 : else if (storing_nonzero_p && ranges_valid)
5285 : {
5286 : /* FIXME: Handle the upper bound of the length when
5287 : LENRANGE[0] != LENRANGE[1]. */
5288 110374 : slen = lenrange[0];
5289 110374 : if (lenrange[0] != lenrange[1])
5290 : /* Set the minimum length but ignore the maximum
5291 : for now. */
5292 37096 : full_string_p = false;
5293 : }
5294 : else
5295 : slen = -1;
5296 :
5297 110374 : tree len = (slen <= 0
5298 110374 : ? size_zero_node
5299 200632 : : build_int_cst (size_type_node, slen));
5300 200632 : si = new_strinfo (ptr, idx, len, slen >= 0 && full_string_p);
5301 200632 : set_strinfo (idx, si);
5302 200632 : if (storing_all_zeros_p
5303 90258 : && ssaname
5304 231503 : && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
5305 30871 : si->endptr = ssaname;
5306 200632 : si->dont_invalidate = true;
5307 200632 : si->writable = true;
5308 : }
5309 : }
5310 95693 : else if (idx == 0
5311 95693 : && rhs_minlen < HOST_WIDE_INT_M1U
5312 68375 : && ssaname == NULL_TREE
5313 59354 : && TREE_CODE (TREE_TYPE (lhs)) == ARRAY_TYPE)
5314 : {
5315 497 : HOST_WIDE_INT a = int_size_in_bytes (TREE_TYPE (lhs));
5316 497 : if (a > 0 && (unsigned HOST_WIDE_INT) a > rhs_minlen)
5317 : {
5318 497 : int idx = new_addr_stridx (lhs);
5319 497 : if (idx != 0)
5320 : {
5321 497 : si = new_strinfo (build_fold_addr_expr (lhs), idx,
5322 497 : build_int_cst (size_type_node, rhs_minlen),
5323 : full_string_p);
5324 497 : set_strinfo (idx, si);
5325 497 : si->dont_invalidate = true;
5326 : }
5327 : }
5328 : }
5329 :
5330 405720 : if (si != NULL && offset == 0 && storing_all_zeros_p && lenrange[2] == 1)
5331 : {
5332 : /* For single-byte stores only, allow adjust_last_stmt to remove
5333 : the statement if the stored '\0' is immediately overwritten. */
5334 52985 : laststmt.stmt = stmt;
5335 52985 : laststmt.len = build_int_cst (size_type_node, 1);
5336 52985 : laststmt.stridx = si->idx;
5337 : }
5338 : return true;
5339 : }
5340 :
5341 : /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
5342 :
5343 : static void
5344 3429090 : fold_strstr_to_strncmp (tree rhs1, tree rhs2, gimple *stmt)
5345 : {
5346 3429090 : if (TREE_CODE (rhs1) != SSA_NAME
5347 3428564 : || TREE_CODE (rhs2) != SSA_NAME)
5348 : return;
5349 :
5350 2083277 : gimple *call_stmt = NULL;
5351 2083277 : for (int pass = 0; pass < 2; pass++)
5352 : {
5353 1388856 : gimple *g = SSA_NAME_DEF_STMT (rhs1);
5354 1388856 : if (gimple_call_builtin_p (g, BUILT_IN_STRSTR)
5355 28 : && has_single_use (rhs1)
5356 1388867 : && gimple_call_arg (g, 0) == rhs2)
5357 : {
5358 : call_stmt = g;
5359 : break;
5360 : }
5361 1388845 : std::swap (rhs1, rhs2);
5362 : }
5363 :
5364 694432 : if (call_stmt)
5365 : {
5366 11 : tree arg0 = gimple_call_arg (call_stmt, 0);
5367 :
5368 11 : if (arg0 == rhs2)
5369 : {
5370 11 : tree arg1 = gimple_call_arg (call_stmt, 1);
5371 11 : tree arg1_len = NULL_TREE;
5372 11 : int idx = get_stridx (arg1, call_stmt);
5373 :
5374 11 : if (idx)
5375 : {
5376 10 : if (idx < 0)
5377 9 : arg1_len = build_int_cst (size_type_node, ~idx);
5378 : else
5379 : {
5380 1 : strinfo *si = get_strinfo (idx);
5381 1 : if (si)
5382 1 : arg1_len = get_string_length (si);
5383 : }
5384 : }
5385 :
5386 10 : if (arg1_len != NULL_TREE)
5387 : {
5388 10 : gimple_stmt_iterator gsi = gsi_for_stmt (call_stmt);
5389 10 : tree strncmp_decl = builtin_decl_explicit (BUILT_IN_STRNCMP);
5390 :
5391 10 : if (!is_gimple_val (arg1_len))
5392 : {
5393 1 : tree arg1_len_tmp = make_ssa_name (TREE_TYPE (arg1_len));
5394 1 : gassign *arg1_stmt = gimple_build_assign (arg1_len_tmp,
5395 : arg1_len);
5396 1 : gsi_insert_before (&gsi, arg1_stmt, GSI_SAME_STMT);
5397 1 : arg1_len = arg1_len_tmp;
5398 : }
5399 :
5400 10 : gcall *strncmp_call = gimple_build_call (strncmp_decl, 3,
5401 : arg0, arg1, arg1_len);
5402 10 : tree strncmp_lhs = make_ssa_name (integer_type_node);
5403 20 : gimple_set_vuse (strncmp_call, gimple_vuse (call_stmt));
5404 10 : gimple_call_set_lhs (strncmp_call, strncmp_lhs);
5405 10 : gsi_remove (&gsi, true);
5406 10 : gsi_insert_before (&gsi, strncmp_call, GSI_SAME_STMT);
5407 10 : tree zero = build_zero_cst (TREE_TYPE (strncmp_lhs));
5408 :
5409 10 : if (is_gimple_assign (stmt))
5410 : {
5411 8 : if (gimple_assign_rhs_code (stmt) == COND_EXPR)
5412 : {
5413 0 : tree cond = gimple_assign_rhs1 (stmt);
5414 0 : TREE_OPERAND (cond, 0) = strncmp_lhs;
5415 0 : TREE_OPERAND (cond, 1) = zero;
5416 : }
5417 : else
5418 : {
5419 8 : gimple_assign_set_rhs1 (stmt, strncmp_lhs);
5420 8 : gimple_assign_set_rhs2 (stmt, zero);
5421 : }
5422 : }
5423 : else
5424 : {
5425 2 : gcond *cond = as_a<gcond *> (stmt);
5426 2 : gimple_cond_set_lhs (cond, strncmp_lhs);
5427 2 : gimple_cond_set_rhs (cond, zero);
5428 : }
5429 10 : update_stmt (stmt);
5430 : }
5431 : }
5432 : }
5433 : }
5434 :
5435 : /* Return true if TYPE corresponds to a narrow character type. */
5436 :
5437 : static bool
5438 9203492 : is_char_type (tree type)
5439 : {
5440 9203492 : return (TREE_CODE (type) == INTEGER_TYPE
5441 3088762 : && TYPE_MODE (type) == TYPE_MODE (char_type_node)
5442 9640215 : && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node));
5443 : }
5444 :
5445 : /* Check the built-in call at GSI for validity and optimize it.
5446 : Uses RVALS to determine range information.
5447 : Return true to let the caller advance *GSI to the next statement
5448 : in the basic block and false otherwise. */
5449 :
5450 : bool
5451 5384093 : strlen_pass::check_and_optimize_call (bool *zero_write)
5452 : {
5453 5384093 : gimple *stmt = gsi_stmt (m_gsi);
5454 :
5455 5384093 : if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
5456 : {
5457 4143654 : tree fntype = gimple_call_fntype (stmt);
5458 4143654 : if (!fntype)
5459 : return true;
5460 :
5461 4001293 : if (lookup_attribute ("alloc_size", TYPE_ATTRIBUTES (fntype)))
5462 : {
5463 57653 : handle_alloc_call (BUILT_IN_NONE);
5464 57653 : return true;
5465 : }
5466 :
5467 3943640 : if (tree lhs = gimple_call_lhs (stmt))
5468 1368276 : handle_assign (lhs, NULL_TREE, zero_write);
5469 :
5470 : /* Proceed to handle user-defined formatting functions. */
5471 : }
5472 :
5473 : /* When not optimizing we must be checking printf calls which
5474 : we do even for user-defined functions when they are declared
5475 : with attribute format. */
5476 5184079 : if (!flag_optimize_strlen
5477 4398147 : || !strlen_optimize
5478 9582226 : || !valid_builtin_call (stmt))
5479 4214202 : return !handle_printf_call (&m_gsi, ptr_qry);
5480 :
5481 969877 : tree callee = gimple_call_fndecl (stmt);
5482 969877 : switch (DECL_FUNCTION_CODE (callee))
5483 : {
5484 13714 : case BUILT_IN_STRLEN:
5485 13714 : case BUILT_IN_STRNLEN:
5486 13714 : handle_builtin_strlen ();
5487 13714 : break;
5488 487 : case BUILT_IN_STRCHR:
5489 487 : handle_builtin_strchr ();
5490 487 : break;
5491 2809 : case BUILT_IN_STRCPY:
5492 2809 : case BUILT_IN_STRCPY_CHK:
5493 2809 : case BUILT_IN_STPCPY:
5494 2809 : case BUILT_IN_STPCPY_CHK:
5495 2809 : handle_builtin_strcpy (DECL_FUNCTION_CODE (callee));
5496 2809 : break;
5497 :
5498 805 : case BUILT_IN_STRNCAT:
5499 805 : case BUILT_IN_STRNCAT_CHK:
5500 805 : handle_builtin_strncat (DECL_FUNCTION_CODE (callee));
5501 805 : break;
5502 :
5503 2487 : case BUILT_IN_STPNCPY:
5504 2487 : case BUILT_IN_STPNCPY_CHK:
5505 2487 : case BUILT_IN_STRNCPY:
5506 2487 : case BUILT_IN_STRNCPY_CHK:
5507 2487 : handle_builtin_stxncpy_strncat (false);
5508 2487 : break;
5509 :
5510 79058 : case BUILT_IN_MEMCPY:
5511 79058 : case BUILT_IN_MEMCPY_CHK:
5512 79058 : case BUILT_IN_MEMPCPY:
5513 79058 : case BUILT_IN_MEMPCPY_CHK:
5514 79058 : handle_builtin_memcpy (DECL_FUNCTION_CODE (callee));
5515 79058 : break;
5516 825 : case BUILT_IN_STRCAT:
5517 825 : case BUILT_IN_STRCAT_CHK:
5518 825 : handle_builtin_strcat (DECL_FUNCTION_CODE (callee));
5519 825 : break;
5520 36550 : case BUILT_IN_ALLOCA:
5521 36550 : case BUILT_IN_ALLOCA_WITH_ALIGN:
5522 36550 : case BUILT_IN_MALLOC:
5523 36550 : case BUILT_IN_CALLOC:
5524 36550 : handle_alloc_call (DECL_FUNCTION_CODE (callee));
5525 36550 : break;
5526 26123 : case BUILT_IN_MEMSET:
5527 26123 : if (handle_builtin_memset (zero_write))
5528 : return false;
5529 : break;
5530 129544 : case BUILT_IN_STRCMP:
5531 129544 : case BUILT_IN_STRNCMP:
5532 129544 : if (handle_builtin_string_cmp ())
5533 : return false;
5534 : break;
5535 677475 : default:
5536 677475 : if (handle_printf_call (&m_gsi, ptr_qry))
5537 : return false;
5538 : break;
5539 : }
5540 :
5541 : return true;
5542 : }
5543 :
5544 : /* Handle an assignment statement at *GSI to a LHS of integral type.
5545 : If GSI's basic block needs clean-up of EH, set *CLEANUP_EH to true. */
5546 :
5547 : void
5548 9174426 : strlen_pass::handle_integral_assign (bool *cleanup_eh)
5549 : {
5550 9174426 : gimple *stmt = gsi_stmt (m_gsi);
5551 9174426 : tree lhs = gimple_assign_lhs (stmt);
5552 9174426 : tree lhs_type = TREE_TYPE (lhs);
5553 :
5554 9174426 : enum tree_code code = gimple_assign_rhs_code (stmt);
5555 9174426 : if (code == COND_EXPR)
5556 : {
5557 10078 : tree cond = gimple_assign_rhs1 (stmt);
5558 10078 : enum tree_code cond_code = TREE_CODE (cond);
5559 :
5560 10078 : if (cond_code == EQ_EXPR || cond_code == NE_EXPR)
5561 0 : fold_strstr_to_strncmp (TREE_OPERAND (cond, 0),
5562 0 : TREE_OPERAND (cond, 1), stmt);
5563 : }
5564 9164348 : else if (code == EQ_EXPR || code == NE_EXPR)
5565 204512 : fold_strstr_to_strncmp (gimple_assign_rhs1 (stmt),
5566 : gimple_assign_rhs2 (stmt), stmt);
5567 8959836 : else if (gimple_assign_load_p (stmt)
5568 2548051 : && TREE_CODE (lhs_type) == INTEGER_TYPE
5569 2394686 : && TYPE_MODE (lhs_type) == TYPE_MODE (char_type_node)
5570 359004 : && (TYPE_PRECISION (lhs_type)
5571 359004 : == TYPE_PRECISION (char_type_node))
5572 9310271 : && !gimple_has_volatile_ops (stmt))
5573 : {
5574 339004 : tree off = integer_zero_node;
5575 339004 : unsigned HOST_WIDE_INT coff = 0;
5576 339004 : int idx = 0;
5577 339004 : tree rhs1 = gimple_assign_rhs1 (stmt);
5578 339004 : if (code == MEM_REF)
5579 : {
5580 161540 : idx = get_stridx (TREE_OPERAND (rhs1, 0), stmt);
5581 161540 : if (idx > 0)
5582 : {
5583 6029 : strinfo *si = get_strinfo (idx);
5584 6029 : if (si
5585 2336 : && si->nonzero_chars
5586 2326 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST
5587 6148 : && (wi::to_widest (si->nonzero_chars)
5588 238 : >= wi::to_widest (off)))
5589 119 : off = TREE_OPERAND (rhs1, 1);
5590 : else
5591 : /* This case is not useful. See if get_addr_stridx
5592 : returns something usable. */
5593 : idx = 0;
5594 : }
5595 : }
5596 5910 : if (idx <= 0)
5597 338885 : idx = get_addr_stridx (rhs1, stmt, NULL_TREE, &coff);
5598 339004 : if (idx > 0)
5599 : {
5600 6329 : strinfo *si = get_strinfo (idx);
5601 6329 : if (si
5602 654 : && si->nonzero_chars
5603 654 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
5604 : {
5605 158 : widest_int w1 = wi::to_widest (si->nonzero_chars);
5606 158 : widest_int w2 = wi::to_widest (off) + coff;
5607 158 : if (w1 == w2
5608 158 : && si->full_string_p)
5609 : {
5610 31 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5611 : {
5612 0 : fprintf (dump_file, "Optimizing: ");
5613 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5614 : }
5615 :
5616 : /* Reading the final '\0' character. */
5617 31 : tree zero = build_int_cst (lhs_type, 0);
5618 31 : gimple_set_vuse (stmt, NULL_TREE);
5619 31 : gimple_assign_set_rhs_from_tree (&m_gsi, zero);
5620 31 : *cleanup_eh
5621 31 : |= maybe_clean_or_replace_eh_stmt (stmt,
5622 : gsi_stmt (m_gsi));
5623 31 : stmt = gsi_stmt (m_gsi);
5624 31 : update_stmt (stmt);
5625 :
5626 31 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5627 : {
5628 0 : fprintf (dump_file, "into: ");
5629 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5630 : }
5631 : }
5632 127 : else if (w1 > w2)
5633 : {
5634 : /* Reading a character before the final '\0'
5635 : character. Just set the value range to ~[0, 0]
5636 : if we don't have anything better. */
5637 7 : int_range_max r;
5638 14 : if (!get_range_query (cfun)->range_of_expr (r, lhs)
5639 7 : || r.varying_p ())
5640 : {
5641 7 : r.set_nonzero (lhs_type);
5642 7 : set_range_info (lhs, r);
5643 : }
5644 7 : }
5645 158 : }
5646 : }
5647 : }
5648 8620832 : else if (code == MEM_REF && TREE_CODE (lhs) == SSA_NAME)
5649 : {
5650 627440 : if (int idx = new_stridx (lhs))
5651 : {
5652 : /* Record multi-byte assignments from MEM_REFs. */
5653 627440 : bool storing_all_nonzero_p;
5654 627440 : bool storing_all_zeros_p;
5655 627440 : bool full_string_p;
5656 627440 : unsigned lenrange[] = { UINT_MAX, 0, 0 };
5657 627440 : tree rhs = gimple_assign_rhs1 (stmt);
5658 627440 : const bool ranges_valid
5659 627440 : = count_nonzero_bytes (rhs, stmt,
5660 : lenrange, &full_string_p,
5661 : &storing_all_zeros_p,
5662 : &storing_all_nonzero_p);
5663 627440 : if (ranges_valid)
5664 : {
5665 581141 : tree length = build_int_cst (sizetype, lenrange[0]);
5666 581141 : strinfo *si = new_strinfo (lhs, idx, length, full_string_p);
5667 581141 : set_strinfo (idx, si);
5668 581141 : si->writable = true;
5669 581141 : si->dont_invalidate = true;
5670 : }
5671 : }
5672 : }
5673 :
5674 9174426 : if (strlen_to_stridx)
5675 : {
5676 9171818 : tree rhs1 = gimple_assign_rhs1 (stmt);
5677 9171818 : if (stridx_strlenloc *ps = strlen_to_stridx->get (rhs1))
5678 8079 : strlen_to_stridx->put (lhs, stridx_strlenloc (*ps));
5679 : }
5680 9174426 : }
5681 :
5682 : /* Handle assignment statement at *GSI to LHS. Set *ZERO_WRITE if
5683 : the assignment stores all zero bytes. RHS is the rhs of the
5684 : statement if not a call. */
5685 :
5686 : bool
5687 6329084 : strlen_pass::handle_assign (tree lhs, tree rhs, bool *zero_write)
5688 : {
5689 6329084 : tree type = TREE_TYPE (lhs);
5690 6329084 : if (TREE_CODE (type) == ARRAY_TYPE)
5691 114865 : type = TREE_TYPE (type);
5692 :
5693 4960808 : if (rhs && TREE_CODE (rhs) == CONSTRUCTOR
5694 85891 : && TREE_CODE (lhs) == MEM_REF
5695 43287 : && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME
5696 6332888 : && integer_zerop (TREE_OPERAND (lhs, 1)))
5697 : {
5698 : /* Set to the non-constant offset added to PTR. */
5699 17710 : wide_int offrng[2];
5700 3542 : gcc_assert (CONSTRUCTOR_NELTS (rhs) == 0);
5701 3542 : tree ptr = TREE_OPERAND (lhs, 0);
5702 3542 : tree len = TYPE_SIZE_UNIT (TREE_TYPE (lhs));
5703 3542 : int idx1 = get_stridx (ptr, gsi_stmt (m_gsi), offrng, ptr_qry.rvals);
5704 3542 : if (idx1 > 0)
5705 : {
5706 120 : strinfo *si1 = get_strinfo (idx1);
5707 10 : if (si1 && si1->stmt
5708 5 : && si1->alloc && is_gimple_call (si1->alloc)
5709 5 : && valid_builtin_call (si1->stmt)
5710 130 : && offrng[0] == 0 && offrng[1] == 0)
5711 : {
5712 5 : gimple *malloc_stmt = si1->stmt;
5713 5 : basic_block malloc_bb = gimple_bb (malloc_stmt);
5714 5 : if ((DECL_FUNCTION_CODE (gimple_call_fndecl (malloc_stmt))
5715 : == BUILT_IN_MALLOC)
5716 5 : && operand_equal_p (len, gimple_call_arg (malloc_stmt, 0), 0)
5717 10 : && allow_memset_malloc_to_calloc (ptr, malloc_bb,
5718 : gsi_bb (m_gsi)))
5719 : {
5720 5 : tree alloc_size = gimple_call_arg (malloc_stmt, 0);
5721 5 : gimple_stmt_iterator gsi1 = gsi_for_stmt (malloc_stmt);
5722 5 : tree calloc_decl = builtin_decl_implicit (BUILT_IN_CALLOC);
5723 5 : update_gimple_call (&gsi1, calloc_decl, 2, alloc_size,
5724 : build_one_cst (size_type_node));
5725 5 : si1->nonzero_chars = build_int_cst (size_type_node, 0);
5726 5 : si1->full_string_p = true;
5727 5 : si1->stmt = gsi_stmt (gsi1);
5728 5 : gimple *stmt = gsi_stmt (m_gsi);
5729 5 : unlink_stmt_vdef (stmt);
5730 5 : gsi_remove (&m_gsi, true);
5731 5 : release_defs (stmt);
5732 5 : return false;
5733 : }
5734 : }
5735 : }
5736 10626 : }
5737 :
5738 6329079 : bool is_char_store = is_char_type (type);
5739 6329079 : if (!is_char_store && TREE_CODE (lhs) == MEM_REF)
5740 : {
5741 : /* To consider stores into char objects via integer types other
5742 : than char but not those to non-character objects, determine
5743 : the type of the destination rather than just the type of
5744 : the access. */
5745 4277042 : for (int i = 0; i != 2; ++i)
5746 : {
5747 2874413 : tree ref = TREE_OPERAND (lhs, i);
5748 2874413 : type = TREE_TYPE (ref);
5749 2874413 : if (POINTER_TYPE_P (type))
5750 2874413 : type = TREE_TYPE (type);
5751 2874413 : if (TREE_CODE (type) == ARRAY_TYPE)
5752 161979 : type = TREE_TYPE (type);
5753 2874413 : if (is_char_type (type))
5754 : {
5755 : is_char_store = true;
5756 : break;
5757 : }
5758 : }
5759 : }
5760 :
5761 : /* Handle a single or multibyte assignment. */
5762 6329079 : if (is_char_store && !handle_store (zero_write))
5763 : return false;
5764 :
5765 : return true;
5766 : }
5767 :
5768 :
5769 : /* Attempt to check for validity of the performed access a single statement
5770 : at *GSI using string length knowledge, and to optimize it.
5771 : If the given basic block needs clean-up of EH, CLEANUP_EH is set to
5772 : true. Return true to let the caller advance *GSI to the next statement
5773 : in the basic block and false otherwise. */
5774 :
5775 : bool
5776 88444833 : strlen_pass::check_and_optimize_stmt (bool *cleanup_eh)
5777 : {
5778 88444833 : gimple *stmt = gsi_stmt (m_gsi);
5779 :
5780 : /* For statements that modify a string, set to true if the write
5781 : is only zeros. */
5782 88444833 : bool zero_write = false;
5783 :
5784 88444833 : if (is_gimple_call (stmt))
5785 : {
5786 5384093 : if (!check_and_optimize_call (&zero_write))
5787 : return false;
5788 : }
5789 83060740 : else if (!flag_optimize_strlen || !strlen_optimize)
5790 : return true;
5791 78375328 : else if (is_gimple_assign (stmt) && !gimple_clobber_p (stmt))
5792 : {
5793 : /* Handle non-clobbering assignment. */
5794 19879611 : tree lhs = gimple_assign_lhs (stmt);
5795 19879611 : tree lhs_type = TREE_TYPE (lhs);
5796 :
5797 19879611 : if (TREE_CODE (lhs) == SSA_NAME && POINTER_TYPE_P (lhs_type))
5798 : {
5799 3736570 : if (gimple_assign_single_p (stmt)
5800 3736570 : || (gimple_assign_cast_p (stmt)
5801 311417 : && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (stmt)))))
5802 : {
5803 2695941 : int idx = get_stridx (gimple_assign_rhs1 (stmt), stmt);
5804 2695941 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = idx;
5805 : }
5806 1040629 : else if (gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
5807 751872 : handle_pointer_plus ();
5808 : }
5809 16143041 : else if (TREE_CODE (lhs) == SSA_NAME && INTEGRAL_TYPE_P (lhs_type))
5810 : /* Handle assignment to a character. */
5811 9174426 : handle_integral_assign (cleanup_eh);
5812 6968615 : else if (TREE_CODE (lhs) != SSA_NAME && !TREE_SIDE_EFFECTS (lhs))
5813 4960808 : if (!handle_assign (lhs, gimple_assign_rhs1 (stmt), &zero_write))
5814 : return false;
5815 : }
5816 58495717 : else if (gcond *cond = dyn_cast<gcond *> (stmt))
5817 : {
5818 4125595 : enum tree_code code = gimple_cond_code (cond);
5819 4125595 : if (code == EQ_EXPR || code == NE_EXPR)
5820 3224578 : fold_strstr_to_strncmp (gimple_cond_lhs (stmt),
5821 : gimple_cond_rhs (stmt), stmt);
5822 : }
5823 :
5824 111067374 : if (gimple_vdef (stmt))
5825 10853743 : maybe_invalidate (stmt, zero_write);
5826 : return true;
5827 : }
5828 :
5829 : /* Recursively call maybe_invalidate on stmts that might be executed
5830 : in between dombb and current bb and that contain a vdef. Stop when
5831 : *count stmts are inspected, or if the whole strinfo vector has
5832 : been invalidated. */
5833 :
5834 : static void
5835 695368 : do_invalidate (basic_block dombb, gimple *phi, bitmap visited, int *count)
5836 : {
5837 695368 : unsigned int i, n = gimple_phi_num_args (phi);
5838 :
5839 1197131 : for (i = 0; i < n; i++)
5840 : {
5841 1028107 : tree vuse = gimple_phi_arg_def (phi, i);
5842 1028107 : gimple *stmt = SSA_NAME_DEF_STMT (vuse);
5843 1028107 : basic_block bb = gimple_bb (stmt);
5844 1340011 : if (bb == NULL
5845 1028107 : || bb == dombb
5846 887080 : || !bitmap_set_bit (visited, bb->index)
5847 1796802 : || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5848 311904 : continue;
5849 1019450 : while (1)
5850 : {
5851 1019450 : if (gimple_code (stmt) == GIMPLE_PHI)
5852 : {
5853 191362 : do_invalidate (dombb, stmt, visited, count);
5854 191362 : if (*count == 0)
5855 : return;
5856 : break;
5857 : }
5858 828088 : if (--*count == 0)
5859 : return;
5860 827535 : if (!maybe_invalidate (stmt))
5861 : {
5862 435363 : *count = 0;
5863 435363 : return;
5864 : }
5865 392172 : vuse = gimple_vuse (stmt);
5866 392172 : stmt = SSA_NAME_DEF_STMT (vuse);
5867 392172 : if (gimple_bb (stmt) != bb)
5868 : {
5869 135160 : bb = gimple_bb (stmt);
5870 135160 : if (bb == NULL
5871 135160 : || bb == dombb
5872 82714 : || !bitmap_set_bit (visited, bb->index)
5873 189175 : || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5874 : break;
5875 : }
5876 : }
5877 : }
5878 : }
5879 :
5880 : /* Release pointer_query cache. */
5881 :
5882 1105220 : strlen_pass::~strlen_pass ()
5883 : {
5884 1105220 : ptr_qry.flush_cache ();
5885 2210440 : }
5886 :
5887 : /* Callback for walk_dominator_tree. Attempt to optimize various
5888 : string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
5889 :
5890 : edge
5891 11926910 : strlen_pass::before_dom_children (basic_block bb)
5892 : {
5893 11926910 : basic_block dombb = get_immediate_dominator (CDI_DOMINATORS, bb);
5894 :
5895 11926910 : if (dombb == NULL)
5896 1105220 : stridx_to_strinfo = NULL;
5897 : else
5898 : {
5899 10821690 : stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) dombb->aux);
5900 10821690 : if (stridx_to_strinfo)
5901 : {
5902 2982364 : for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5903 491681 : gsi_next (&gsi))
5904 : {
5905 995687 : gphi *phi = gsi.phi ();
5906 1991374 : if (virtual_operand_p (gimple_phi_result (phi)))
5907 : {
5908 504006 : bitmap visited = BITMAP_ALLOC (NULL);
5909 504006 : int count_vdef = 100;
5910 504006 : do_invalidate (dombb, phi, visited, &count_vdef);
5911 504006 : BITMAP_FREE (visited);
5912 504006 : if (count_vdef == 0)
5913 : {
5914 : /* If there were too many vdefs in between immediate
5915 : dominator and current bb, invalidate everything.
5916 : If stridx_to_strinfo has been unshared, we need
5917 : to free it, otherwise just set it to NULL. */
5918 435916 : if (!strinfo_shared ())
5919 : {
5920 : unsigned int i;
5921 : strinfo *si;
5922 :
5923 583440 : for (i = 1;
5924 631900 : vec_safe_iterate (stridx_to_strinfo, i, &si);
5925 : ++i)
5926 : {
5927 583440 : free_strinfo (si);
5928 583440 : (*stridx_to_strinfo)[i] = NULL;
5929 : }
5930 : }
5931 : else
5932 387456 : stridx_to_strinfo = NULL;
5933 : }
5934 504006 : break;
5935 : }
5936 : }
5937 : }
5938 : }
5939 :
5940 : /* If all PHI arguments have the same string index, the PHI result
5941 : has it as well. */
5942 16855825 : for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5943 4928915 : gsi_next (&gsi))
5944 : {
5945 4928915 : gphi *phi = gsi.phi ();
5946 4928915 : tree result = gimple_phi_result (phi);
5947 9857830 : if (!virtual_operand_p (result) && POINTER_TYPE_P (TREE_TYPE (result)))
5948 : {
5949 842863 : int idx = get_stridx (gimple_phi_arg_def (phi, 0), phi);
5950 842863 : if (idx != 0)
5951 : {
5952 42558 : unsigned int i, n = gimple_phi_num_args (phi);
5953 52385 : for (i = 1; i < n; i++)
5954 39887 : if (idx != get_stridx (gimple_phi_arg_def (phi, i), phi))
5955 : break;
5956 42558 : if (i == n)
5957 12498 : ssa_ver_to_stridx[SSA_NAME_VERSION (result)] = idx;
5958 : }
5959 : }
5960 : }
5961 :
5962 11926910 : bool cleanup_eh = false;
5963 :
5964 : /* Attempt to optimize individual statements. */
5965 124225563 : for (m_gsi = gsi_start_bb (bb); !gsi_end_p (m_gsi); )
5966 : {
5967 : /* Reset search depth performance counter. */
5968 88444833 : ptr_qry.depth = 0;
5969 :
5970 88444833 : if (check_and_optimize_stmt (&cleanup_eh))
5971 88443429 : gsi_next (&m_gsi);
5972 : }
5973 :
5974 11926910 : if (cleanup_eh && gimple_purge_dead_eh_edges (bb))
5975 0 : m_cleanup_cfg = true;
5976 :
5977 11926910 : bb->aux = stridx_to_strinfo;
5978 11926910 : if (vec_safe_length (stridx_to_strinfo) && !strinfo_shared ())
5979 832024 : (*stridx_to_strinfo)[0] = (strinfo *) bb;
5980 11926910 : return NULL;
5981 : }
5982 :
5983 : /* Callback for walk_dominator_tree. Free strinfo vector if it is
5984 : owned by the current bb, clear bb->aux. */
5985 :
5986 : void
5987 11926910 : strlen_pass::after_dom_children (basic_block bb)
5988 : {
5989 11926910 : if (bb->aux)
5990 : {
5991 2609193 : stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) bb->aux);
5992 2609193 : if (vec_safe_length (stridx_to_strinfo)
5993 2609193 : && (*stridx_to_strinfo)[0] == (strinfo *) bb)
5994 : {
5995 : unsigned int i;
5996 : strinfo *si;
5997 :
5998 12757144 : for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
5999 11925120 : free_strinfo (si);
6000 832024 : vec_free (stridx_to_strinfo);
6001 : }
6002 2609193 : bb->aux = NULL;
6003 : }
6004 11926910 : }
6005 :
6006 : namespace {
6007 :
6008 : static unsigned int
6009 1105220 : printf_strlen_execute (function *fun, bool warn_only)
6010 : {
6011 1105220 : strlen_optimize = !warn_only;
6012 :
6013 1105220 : calculate_dominance_info (CDI_DOMINATORS);
6014 1105220 : loop_optimizer_init (LOOPS_NORMAL);
6015 1105220 : scev_initialize ();
6016 :
6017 1105220 : gcc_assert (!strlen_to_stridx);
6018 1105220 : if (warn_stringop_overflow || warn_stringop_truncation)
6019 1104977 : strlen_to_stridx = new hash_map<tree, stridx_strlenloc> ();
6020 :
6021 : /* This has to happen after initializing the loop optimizer
6022 : and initializing SCEV as they create new SSA_NAMEs. */
6023 2210440 : ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
6024 1105220 : max_stridx = 1;
6025 :
6026 1105220 : enable_ranger (fun);
6027 : /* String length optimization is implemented as a walk of the dominator
6028 : tree and a forward walk of statements within each block. */
6029 1105220 : strlen_pass walker (fun, CDI_DOMINATORS);
6030 1105220 : walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun));
6031 :
6032 1105220 : if (dump_file && (dump_flags & TDF_DETAILS))
6033 0 : walker.ptr_qry.dump (dump_file, true);
6034 :
6035 1105220 : ssa_ver_to_stridx.release ();
6036 1105220 : strinfo_pool.release ();
6037 1105220 : if (decl_to_stridxlist_htab)
6038 : {
6039 45794 : obstack_free (&stridx_obstack, NULL);
6040 91588 : delete decl_to_stridxlist_htab;
6041 45794 : decl_to_stridxlist_htab = NULL;
6042 : }
6043 1105220 : laststmt.stmt = NULL;
6044 1105220 : laststmt.len = NULL_TREE;
6045 1105220 : laststmt.stridx = 0;
6046 :
6047 1105220 : if (strlen_to_stridx)
6048 : {
6049 1104977 : strlen_to_stridx->empty ();
6050 2209954 : delete strlen_to_stridx;
6051 1104977 : strlen_to_stridx = NULL;
6052 : }
6053 :
6054 1105220 : disable_ranger (fun);
6055 1105220 : scev_finalize ();
6056 1105220 : loop_optimizer_finalize ();
6057 1105220 : free_dominance_info (CDI_POST_DOMINATORS);
6058 :
6059 1105220 : return walker.m_cleanup_cfg ? TODO_cleanup_cfg : 0;
6060 1105220 : }
6061 :
6062 : /* This file defines two passes: one for warnings that runs only when
6063 : optimization is disabled, and another that implements optimizations
6064 : and also issues warnings. */
6065 :
6066 : const pass_data pass_data_warn_printf =
6067 : {
6068 : GIMPLE_PASS, /* type */
6069 : "warn-printf", /* name */
6070 : OPTGROUP_NONE, /* optinfo_flags */
6071 : TV_NONE, /* tv_id */
6072 : /* Normally an optimization pass would require PROP_ssa but because
6073 : this pass runs early, with no optimization, to do sprintf format
6074 : checking, it only requires PROP_cfg. */
6075 : PROP_cfg, /* properties_required */
6076 : 0, /* properties_provided */
6077 : 0, /* properties_destroyed */
6078 : 0, /* todo_flags_start */
6079 : 0, /* todo_flags_finish */
6080 : };
6081 :
6082 : class pass_warn_printf : public gimple_opt_pass
6083 : {
6084 : public:
6085 285722 : pass_warn_printf (gcc::context *ctxt)
6086 571444 : : gimple_opt_pass (pass_data_warn_printf, ctxt)
6087 : {}
6088 :
6089 : bool gate (function *) final override;
6090 61115 : unsigned int execute (function *fun) final override
6091 : {
6092 61115 : return printf_strlen_execute (fun, true);
6093 : }
6094 : };
6095 :
6096 :
6097 : /* Return true to run the warning pass only when not optimizing and
6098 : iff either -Wformat-overflow or -Wformat-truncation is specified. */
6099 :
6100 : bool
6101 2848664 : pass_warn_printf::gate (function *)
6102 : {
6103 2848664 : return !optimize && (warn_format_overflow > 0 || warn_format_trunc > 0);
6104 : }
6105 :
6106 : const pass_data pass_data_strlen =
6107 : {
6108 : GIMPLE_PASS, /* type */
6109 : "strlen", /* name */
6110 : OPTGROUP_NONE, /* optinfo_flags */
6111 : TV_TREE_STRLEN, /* tv_id */
6112 : PROP_cfg | PROP_ssa, /* properties_required */
6113 : 0, /* properties_provided */
6114 : 0, /* properties_destroyed */
6115 : 0, /* todo_flags_start */
6116 : 0, /* todo_flags_finish */
6117 : };
6118 :
6119 : class pass_strlen : public gimple_opt_pass
6120 : {
6121 : public:
6122 571444 : pass_strlen (gcc::context *ctxt)
6123 1142888 : : gimple_opt_pass (pass_data_strlen, ctxt)
6124 : {}
6125 :
6126 285722 : opt_pass * clone () final override { return new pass_strlen (m_ctxt); }
6127 :
6128 : bool gate (function *) final override;
6129 1044105 : unsigned int execute (function *fun) final override
6130 : {
6131 1044105 : return printf_strlen_execute (fun, false);
6132 : }
6133 : };
6134 :
6135 : /* Return true to run the pass only when the sprintf and/or strlen
6136 : optimizations are enabled and -Wformat-overflow or -Wformat-truncation
6137 : are specified. */
6138 :
6139 : bool
6140 1044139 : pass_strlen::gate (function *)
6141 : {
6142 1044139 : return ((warn_format_overflow > 0
6143 931866 : || warn_format_trunc > 0
6144 931861 : || warn_restrict > 0
6145 931674 : || flag_optimize_strlen > 0
6146 122315 : || flag_printf_return_value)
6147 1975993 : && optimize > 0);
6148 : }
6149 :
6150 : } // anon namespace
6151 :
6152 : gimple_opt_pass *
6153 285722 : make_pass_warn_printf (gcc::context *ctxt)
6154 : {
6155 285722 : return new pass_warn_printf (ctxt);
6156 : }
6157 :
6158 : gimple_opt_pass *
6159 285722 : make_pass_strlen (gcc::context *ctxt)
6160 : {
6161 285722 : return new pass_strlen (ctxt);
6162 : }
|
