Line data Source code
1 : /* String length optimization
2 : Copyright (C) 2011-2026 Free Software Foundation, Inc.
3 : Contributed by Jakub Jelinek <jakub@redhat.com>
4 :
5 : This file is part of GCC.
6 :
7 : GCC is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3, or (at your option)
10 : any later version.
11 :
12 : GCC is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with GCC; see the file COPYING3. If not see
19 : <http://www.gnu.org/licenses/>. */
20 :
21 : #include "config.h"
22 : #include "system.h"
23 : #include "coretypes.h"
24 : #include "backend.h"
25 : #include "rtl.h"
26 : #include "tree.h"
27 : #include "gimple.h"
28 : #include "alloc-pool.h"
29 : #include "tree-pass.h"
30 : #include "ssa.h"
31 : #include "cgraph.h"
32 : #include "gimple-pretty-print.h"
33 : #include "gimple-ssa-warn-access.h"
34 : #include "gimple-ssa-warn-restrict.h"
35 : #include "fold-const.h"
36 : #include "stor-layout.h"
37 : #include "gimple-iterator.h"
38 : #include "gimple-fold.h"
39 : #include "tree-eh.h"
40 : #include "gimplify.h"
41 : #include "gimplify-me.h"
42 : #include "expr.h"
43 : #include "tree-cfg.h"
44 : #include "tree-dfa.h"
45 : #include "domwalk.h"
46 : #include "tree-ssa-alias.h"
47 : #include "tree-ssa-propagate.h"
48 : #include "tree-ssa-strlen.h"
49 : #include "tree-hash-traits.h"
50 : #include "builtins.h"
51 : #include "pointer-query.h"
52 : #include "target.h"
53 : #include "diagnostic-core.h"
54 : #include "diagnostic.h"
55 : #include "intl.h"
56 : #include "attribs.h"
57 : #include "calls.h"
58 : #include "cfgloop.h"
59 : #include "tree-ssa-loop.h"
60 : #include "tree-scalar-evolution.h"
61 : #include "vr-values.h"
62 : #include "gimple-range.h"
63 : #include "tree-ssa.h"
64 :
65 : /* A vector indexed by SSA_NAME_VERSION. 0 means unknown, positive value
66 : is an index into strinfo vector, negative value stands for
67 : string length of a string literal (~strlen). */
68 : static vec<int> ssa_ver_to_stridx;
69 :
70 : /* Number of currently active string indexes plus one. */
71 : static int max_stridx;
72 :
73 : /* Set to true to optimize, false when just checking. */
74 : static bool strlen_optimize;
75 :
76 : /* String information record. */
77 : struct strinfo
78 : {
79 : /* Number of leading characters that are known to be nonzero. This is
80 : also the length of the string if FULL_STRING_P.
81 :
82 : The values in a list of related string pointers must be consistent;
83 : that is, if strinfo B comes X bytes after strinfo A, it must be
84 : the case that A->nonzero_chars == X + B->nonzero_chars. */
85 : tree nonzero_chars;
86 : /* Any of the corresponding pointers for querying alias oracle. */
87 : tree ptr;
88 : /* STMT is used for two things:
89 :
90 : - To record the statement that should be used for delayed length
91 : computations. We maintain the invariant that all related strinfos
92 : have delayed lengths or none do.
93 :
94 : - To record the malloc or calloc call that produced this result
95 : to optimize away malloc/memset sequences. STMT is reset after
96 : a calloc-allocated object has been stored a non-zero value into. */
97 : gimple *stmt;
98 : /* Set to the dynamic allocation statement for the object (alloca,
99 : calloc, malloc, or VLA). Unlike STMT, once set for a strinfo
100 : object, ALLOC doesn't change. */
101 : gimple *alloc;
102 : /* Pointer to '\0' if known, if NULL, it can be computed as
103 : ptr + length. */
104 : tree endptr;
105 : /* Reference count. Any changes to strinfo entry possibly shared
106 : with dominating basic blocks need unshare_strinfo first, except
107 : for dont_invalidate which affects only the immediately next
108 : maybe_invalidate. */
109 : int refcount;
110 : /* Copy of index. get_strinfo (si->idx) should return si; */
111 : int idx;
112 : /* These 3 fields are for chaining related string pointers together.
113 : E.g. for
114 : bl = strlen (b); dl = strlen (d); strcpy (a, b); c = a + bl;
115 : strcpy (c, d); e = c + dl;
116 : strinfo(a) -> strinfo(c) -> strinfo(e)
117 : All have ->first field equal to strinfo(a)->idx and are doubly
118 : chained through prev/next fields. The later strinfos are required
119 : to point into the same string with zero or more bytes after
120 : the previous pointer and all bytes in between the two pointers
121 : must be non-zero. Functions like strcpy or memcpy are supposed
122 : to adjust all previous strinfo lengths, but not following strinfo
123 : lengths (those are uncertain, usually invalidated during
124 : maybe_invalidate, except when the alias oracle knows better).
125 : Functions like strcat on the other side adjust the whole
126 : related strinfo chain.
127 : They are updated lazily, so to use the chain the same first fields
128 : and si->prev->next == si->idx needs to be verified. */
129 : int first;
130 : int next;
131 : int prev;
132 : /* A flag whether the string is known to be written in the current
133 : function. */
134 : bool writable;
135 : /* A flag for the next maybe_invalidate that this strinfo shouldn't
136 : be invalidated. Always cleared by maybe_invalidate. */
137 : bool dont_invalidate;
138 : /* True if the string is known to be nul-terminated after NONZERO_CHARS
139 : characters. False is useful when detecting strings that are built
140 : up via successive memcpys. */
141 : bool full_string_p;
142 : };
143 :
144 : /* Pool for allocating strinfo_struct entries. */
145 : static object_allocator<strinfo> strinfo_pool ("strinfo pool");
146 :
147 : /* Vector mapping positive string indexes to strinfo, for the
148 : current basic block. The first pointer in the vector is special,
149 : it is either NULL, meaning the vector isn't shared, or it is
150 : a basic block pointer to the owner basic_block if shared.
151 : If some other bb wants to modify the vector, the vector needs
152 : to be unshared first, and only the owner bb is supposed to free it. */
153 : static vec<strinfo *, va_heap, vl_embed> *stridx_to_strinfo;
154 :
155 : /* One OFFSET->IDX mapping. */
156 : struct stridxlist
157 : {
158 : struct stridxlist *next;
159 : HOST_WIDE_INT offset;
160 : int idx;
161 : };
162 :
163 : /* Hash table entry, mapping a DECL to a chain of OFFSET->IDX mappings. */
164 : struct decl_stridxlist_map
165 : {
166 : struct tree_map_base base;
167 : struct stridxlist list;
168 : };
169 :
170 : /* Hash table for mapping decls to a chained list of offset -> idx
171 : mappings. */
172 : typedef hash_map<tree_decl_hash, stridxlist> decl_to_stridxlist_htab_t;
173 : static decl_to_stridxlist_htab_t *decl_to_stridxlist_htab;
174 :
175 : /* Hash table mapping strlen (or strnlen with constant bound and return
176 : smaller than bound) calls to stridx instances describing
177 : the calls' arguments. Non-null only when warn_stringop_truncation
178 : is non-zero. */
179 : typedef std::pair<int, location_t> stridx_strlenloc;
180 : static hash_map<tree, stridx_strlenloc> *strlen_to_stridx;
181 :
182 : /* Obstack for struct stridxlist and struct decl_stridxlist_map. */
183 : static struct obstack stridx_obstack;
184 :
185 : /* Last memcpy statement if it could be adjusted if the trailing
186 : '\0' written is immediately overwritten, or
187 : *x = '\0' store that could be removed if it is immediately overwritten. */
188 : struct laststmt_struct
189 : {
190 : gimple *stmt;
191 : tree len;
192 : int stridx;
193 : } laststmt;
194 :
195 : static int get_stridx_plus_constant (strinfo *, unsigned HOST_WIDE_INT, tree);
196 : static bool get_range_strlen_dynamic (tree, gimple *, c_strlen_data *,
197 : bitmap, pointer_query *, unsigned *);
198 :
199 : /* Sets MINMAX to either the constant value or the range VAL is in
200 : and returns either the constant value or VAL on success or null
201 : when the range couldn't be determined. Uses RVALS or CFUN for
202 : range info, whichever is nonnull. */
203 :
204 : tree
205 4973645 : get_range (tree val, gimple *stmt, wide_int minmax[2],
206 : range_query *rvals /* = NULL */)
207 : {
208 4973645 : if (!rvals)
209 : {
210 100219 : if (!cfun)
211 : /* When called from front ends for global initializers CFUN
212 : may be null. */
213 : return NULL_TREE;
214 :
215 100213 : rvals = get_range_query (cfun);
216 : }
217 :
218 4973639 : value_range vr (TREE_TYPE (val));
219 4973639 : if (!rvals->range_of_expr (vr, val, stmt))
220 : return NULL_TREE;
221 :
222 4973639 : tree vrmin, vrmax;
223 4973639 : value_range_kind rng = get_legacy_range (vr, vrmin, vrmax);
224 4973639 : if (rng == VR_RANGE)
225 : {
226 : /* Only handle straight ranges. */
227 4779460 : minmax[0] = wi::to_wide (vrmin);
228 4779460 : minmax[1] = wi::to_wide (vrmax);
229 4779460 : return val;
230 : }
231 :
232 : return NULL_TREE;
233 4973639 : }
234 :
235 : class strlen_pass : public dom_walker
236 : {
237 : public:
238 1103062 : strlen_pass (function *fun, cdi_direction direction)
239 1103062 : : dom_walker (direction),
240 1103062 : ptr_qry (get_range_query (fun)),
241 1103062 : m_cleanup_cfg (false)
242 : {
243 1103062 : }
244 :
245 : ~strlen_pass ();
246 :
247 : edge before_dom_children (basic_block) final override;
248 : void after_dom_children (basic_block) final override;
249 :
250 : bool check_and_optimize_stmt (bool *cleanup_eh);
251 : bool check_and_optimize_call (bool *zero_write);
252 : bool handle_assign (tree lhs, tree rhs, bool *zero_write);
253 : bool handle_store (bool *zero_write);
254 : void handle_pointer_plus ();
255 : void handle_builtin_strlen ();
256 : void handle_builtin_strchr ();
257 : void handle_builtin_strcpy (built_in_function);
258 : void handle_integral_assign (bool *cleanup_eh);
259 : void handle_builtin_stxncpy_strncat (bool append_p);
260 : void handle_builtin_memcpy (built_in_function bcode);
261 : void handle_builtin_strcat (built_in_function bcode);
262 : void handle_builtin_strncat (built_in_function);
263 : bool handle_builtin_memset (bool *zero_write);
264 : bool handle_builtin_memcmp ();
265 : bool handle_builtin_string_cmp ();
266 : void handle_alloc_call (built_in_function);
267 : void maybe_warn_overflow (gimple *stmt, bool call_lhs, tree len,
268 : strinfo *si = NULL, bool plus_one = false,
269 : bool rawmem = false);
270 : void maybe_warn_overflow (gimple *stmt, bool call_lhs,
271 : unsigned HOST_WIDE_INT len,
272 : strinfo *si = NULL,
273 : bool plus_one = false, bool rawmem = false);
274 : void adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat);
275 : tree strxcmp_eqz_result (gimple *stmt, tree arg1, int idx1,
276 : tree arg2, int idx2,
277 : unsigned HOST_WIDE_INT bound,
278 : unsigned HOST_WIDE_INT len[2],
279 : unsigned HOST_WIDE_INT *psize);
280 : bool count_nonzero_bytes (tree expr_or_type,
281 : gimple *stmt,
282 : unsigned lenrange[3], bool *nulterm,
283 : bool *allnul, bool *allnonnul);
284 : bool count_nonzero_bytes (tree exp, tree vuse,
285 : gimple *stmt,
286 : unsigned HOST_WIDE_INT offset,
287 : unsigned HOST_WIDE_INT nbytes,
288 : unsigned lenrange[3], bool *nulterm,
289 : bool *allnul, bool *allnonnul,
290 : ssa_name_limit_t &snlim);
291 : bool count_nonzero_bytes_addr (tree exp, tree vuse,
292 : gimple *stmt,
293 : unsigned HOST_WIDE_INT offset,
294 : unsigned HOST_WIDE_INT nbytes,
295 : unsigned lenrange[3], bool *nulterm,
296 : bool *allnul, bool *allnonnul,
297 : ssa_name_limit_t &snlim);
298 : bool get_len_or_size (gimple *stmt, tree arg, int idx,
299 : unsigned HOST_WIDE_INT lenrng[2],
300 : unsigned HOST_WIDE_INT *size, bool *nulterm);
301 :
302 : /* A pointer_query object to store information about pointers and
303 : their targets in. */
304 : pointer_query ptr_qry;
305 :
306 : gimple_stmt_iterator m_gsi;
307 :
308 : /* Flag that will trigger TODO_cleanup_cfg to be returned in strlen
309 : execute function. */
310 : bool m_cleanup_cfg;
311 : };
312 :
313 : /* Return:
314 :
315 : * +1 if SI is known to start with more than OFF nonzero characters.
316 :
317 : * 0 if SI is known to start with exactly OFF nonzero characters.
318 :
319 : * -1 if SI either does not start with OFF nonzero characters
320 : or the relationship between the number of leading nonzero
321 : characters in SI and OFF is unknown. */
322 :
323 : static int
324 6040 : compare_nonzero_chars (strinfo *si, unsigned HOST_WIDE_INT off)
325 : {
326 6040 : if (si->nonzero_chars
327 5686 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
328 5645 : return compare_tree_int (si->nonzero_chars, off);
329 : else
330 : return -1;
331 : }
332 :
333 : /* Same as above but suitable also for strings with non-constant lengths.
334 : Uses RVALS to determine length range. */
335 :
336 : static int
337 94936 : compare_nonzero_chars (strinfo *si, gimple *stmt,
338 : unsigned HOST_WIDE_INT off,
339 : range_query *rvals)
340 : {
341 94936 : if (!si->nonzero_chars)
342 : return -1;
343 :
344 88546 : if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
345 88057 : return compare_tree_int (si->nonzero_chars, off);
346 :
347 489 : if (!rvals || TREE_CODE (si->nonzero_chars) != SSA_NAME)
348 : return -1;
349 :
350 185 : int_range_max vr;
351 185 : if (!rvals->range_of_expr (vr, si->nonzero_chars, stmt)
352 185 : || vr.varying_p ()
353 370 : || vr.undefined_p ())
354 : return -1;
355 :
356 : /* If the offset is less than the minimum length or if the bounds
357 : of the length range are equal return the result of the comparison
358 : same as in the constant case. Otherwise return a conservative
359 : result. */
360 185 : signop sign = TYPE_SIGN (vr.type ());
361 185 : unsigned prec = TYPE_PRECISION (vr.type ());
362 185 : int cmpmin = wi::cmp (vr.lower_bound (), wi::uhwi (off, prec), sign);
363 185 : if (cmpmin > 0 || vr.singleton_p ())
364 133 : return cmpmin;
365 :
366 : return -1;
367 185 : }
368 :
369 : /* Return true if SI is known to be a zero-length string. */
370 :
371 : static inline bool
372 3652 : zero_length_string_p (strinfo *si)
373 : {
374 3652 : return si->full_string_p && integer_zerop (si->nonzero_chars);
375 : }
376 :
377 : /* Return strinfo vector entry IDX. */
378 :
379 : static inline strinfo *
380 335995 : get_strinfo (int idx)
381 : {
382 335995 : if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
383 : return NULL;
384 280734 : return (*stridx_to_strinfo)[idx];
385 : }
386 :
387 : /* Get the next strinfo in the chain after SI, or null if none. */
388 :
389 : static inline strinfo *
390 8629 : get_next_strinfo (strinfo *si)
391 : {
392 8629 : if (si->next == 0)
393 : return NULL;
394 6643 : strinfo *nextsi = get_strinfo (si->next);
395 6643 : if (nextsi == NULL || nextsi->first != si->first || nextsi->prev != si->idx)
396 12 : return NULL;
397 : return nextsi;
398 : }
399 :
400 : /* Helper function for get_stridx. Return the strinfo index of the address
401 : of EXP, which is available in PTR if nonnull. If OFFSET_OUT, it is
402 : OK to return the index for some X <= &EXP and store &EXP - X in
403 : *OFFSET_OUT. When RVALS is nonnull uses it to determine range
404 : information. */
405 :
406 : static int
407 1844659 : get_addr_stridx (tree exp, gimple *stmt,
408 : tree ptr, unsigned HOST_WIDE_INT *offset_out,
409 : range_query *rvals = NULL)
410 : {
411 1844659 : HOST_WIDE_INT off;
412 1844659 : struct stridxlist *list, *last = NULL;
413 1844659 : tree base;
414 :
415 1844659 : if (!decl_to_stridxlist_htab)
416 : return 0;
417 :
418 596007 : poly_int64 poff;
419 596007 : base = get_addr_base_and_unit_offset (exp, &poff);
420 596007 : if (base == NULL || !DECL_P (base) || !poff.is_constant (&off))
421 : return 0;
422 :
423 352867 : list = decl_to_stridxlist_htab->get (base);
424 352867 : if (list == NULL)
425 : return 0;
426 :
427 322296 : do
428 : {
429 322296 : if (list->offset == off)
430 : {
431 80830 : if (offset_out)
432 33332 : *offset_out = 0;
433 80830 : return list->idx;
434 : }
435 241466 : if (list->offset > off)
436 : return 0;
437 198508 : last = list;
438 198508 : list = list->next;
439 : }
440 198508 : while (list);
441 :
442 61616 : if ((offset_out || ptr) && last && last->idx > 0)
443 : {
444 61616 : unsigned HOST_WIDE_INT rel_off
445 61616 : = (unsigned HOST_WIDE_INT) off - last->offset;
446 61616 : strinfo *si = get_strinfo (last->idx);
447 61616 : if (si && compare_nonzero_chars (si, stmt, rel_off, rvals) >= 0)
448 : {
449 16670 : if (offset_out)
450 : {
451 15176 : *offset_out = rel_off;
452 15176 : return last->idx;
453 : }
454 : else
455 1494 : return get_stridx_plus_constant (si, rel_off, ptr);
456 : }
457 : }
458 : return 0;
459 : }
460 :
461 : /* Returns string index for EXP. When EXP is an SSA_NAME that refers
462 : to a known strinfo with an offset and OFFRNG is non-null, sets
463 : both elements of the OFFRNG array to the range of the offset and
464 : returns the index of the known strinfo. In this case the result
465 : must not be used in for functions that modify the string.
466 : When nonnull, uses RVALS to determine range information. */
467 :
468 : static int
469 6461411 : get_stridx (tree exp, gimple *stmt,
470 : wide_int offrng[2] = NULL, range_query *rvals = NULL)
471 : {
472 6461411 : if (offrng)
473 29116 : offrng[0] = offrng[1] = wi::zero (TYPE_PRECISION (ptrdiff_type_node));
474 :
475 6461411 : if (TREE_CODE (exp) == SSA_NAME)
476 : {
477 2821875 : if (ssa_ver_to_stridx[SSA_NAME_VERSION (exp)])
478 : return ssa_ver_to_stridx[SSA_NAME_VERSION (exp)];
479 :
480 2658096 : tree e = exp;
481 2658096 : int last_idx = 0;
482 2658096 : HOST_WIDE_INT offset = 0;
483 : /* Follow a chain of at most 5 assignments. */
484 2863945 : for (int i = 0; i < 5; i++)
485 : {
486 2857105 : gimple *def_stmt = SSA_NAME_DEF_STMT (e);
487 2857105 : if (!is_gimple_assign (def_stmt))
488 : return last_idx;
489 :
490 1375604 : tree_code rhs_code = gimple_assign_rhs_code (def_stmt);
491 1375604 : tree ptr, off;
492 :
493 1375604 : if (rhs_code == ADDR_EXPR)
494 : {
495 : /* Handle indices/offsets into VLAs which are implemented
496 : as pointers to arrays. */
497 50735 : ptr = gimple_assign_rhs1 (def_stmt);
498 50735 : ptr = TREE_OPERAND (ptr, 0);
499 :
500 : /* Handle also VLAs of types larger than char. */
501 50735 : if (tree eltsize = TYPE_SIZE_UNIT (TREE_TYPE (ptr)))
502 : {
503 50550 : if (TREE_CODE (ptr) == ARRAY_REF)
504 : {
505 16915 : off = TREE_OPERAND (ptr, 1);
506 16915 : ptr = TREE_OPERAND (ptr, 0);
507 16915 : if (!integer_onep (eltsize))
508 : {
509 : /* Scale the array index by the size of the element
510 : type in the rare case that it's greater than
511 : the typical 1 for char, making sure both operands
512 : have the same type. */
513 9817 : eltsize = fold_convert (ssizetype, eltsize);
514 9817 : off = fold_convert (ssizetype, off);
515 9817 : off = fold_build2 (MULT_EXPR, ssizetype, off, eltsize);
516 : }
517 : }
518 : else
519 33635 : off = integer_zero_node;
520 : }
521 : else
522 : return 0;
523 :
524 50550 : if (TREE_CODE (ptr) != MEM_REF)
525 : return 0;
526 :
527 : /* Add the MEM_REF byte offset. */
528 13690 : tree mem_off = TREE_OPERAND (ptr, 1);
529 13690 : off = fold_build2 (PLUS_EXPR, TREE_TYPE (off), off, mem_off);
530 13690 : ptr = TREE_OPERAND (ptr, 0);
531 : }
532 1324869 : else if (rhs_code == POINTER_PLUS_EXPR)
533 : {
534 493799 : ptr = gimple_assign_rhs1 (def_stmt);
535 493799 : off = gimple_assign_rhs2 (def_stmt);
536 : }
537 : else
538 : return 0;
539 :
540 507489 : if (TREE_CODE (ptr) != SSA_NAME)
541 : return 0;
542 :
543 469350 : if (!tree_fits_shwi_p (off))
544 : {
545 261770 : if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
546 24232 : if (offrng)
547 : {
548 : /* Only when requested by setting OFFRNG to non-null,
549 : return the index corresponding to the SSA_NAME.
550 : Do this irrespective of the whether the offset
551 : is known. */
552 332 : if (get_range (off, def_stmt, offrng, rvals))
553 : {
554 : /* When the offset range is known, increment it
555 : it by the constant offset computed in prior
556 : iterations and store it in the OFFRNG array. */
557 219 : offrng[0] += offset;
558 219 : offrng[1] += offset;
559 : }
560 : else
561 : {
562 : /* When the offset range cannot be determined
563 : store [0, SIZE_MAX] and let the caller decide
564 : if the offset matters. */
565 113 : offrng[1] = wi::to_wide (TYPE_MAX_VALUE (sizetype));
566 113 : offrng[0] = wi::zero (offrng[1].get_precision ());
567 : }
568 332 : return idx;
569 : }
570 : return 0;
571 : }
572 :
573 207580 : HOST_WIDE_INT this_off = tree_to_shwi (off);
574 207580 : if (offrng)
575 : {
576 1714 : offrng[0] += wi::shwi (this_off, offrng->get_precision ());
577 1714 : offrng[1] += offrng[0];
578 : }
579 :
580 207580 : if (this_off < 0)
581 : return last_idx;
582 :
583 207580 : offset = (unsigned HOST_WIDE_INT) offset + this_off;
584 207580 : if (offset < 0)
585 : return last_idx;
586 :
587 207580 : if (int idx = ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)])
588 : {
589 12359 : strinfo *si = get_strinfo (idx);
590 12359 : if (si)
591 : {
592 2815 : if (compare_nonzero_chars (si, offset) >= 0)
593 1731 : return get_stridx_plus_constant (si, offset, exp);
594 :
595 1084 : if (offrng)
596 205849 : last_idx = idx;
597 : }
598 : }
599 205849 : e = ptr;
600 : }
601 :
602 : return last_idx;
603 : }
604 :
605 3639536 : if (TREE_CODE (exp) == ADDR_EXPR)
606 : {
607 1246713 : int idx = get_addr_stridx (TREE_OPERAND (exp, 0), stmt, exp, NULL);
608 1246713 : if (idx != 0)
609 : return idx;
610 : }
611 :
612 3590544 : const char *p = c_getstr (exp);
613 3590544 : if (p)
614 421156 : return ~(int) strlen (p);
615 :
616 : return 0;
617 : }
618 :
619 : /* Return true if strinfo vector is shared with the immediate dominator. */
620 :
621 : static inline bool
622 3442541 : strinfo_shared (void)
623 : {
624 3442541 : return vec_safe_length (stridx_to_strinfo)
625 3442541 : && (*stridx_to_strinfo)[0] != NULL;
626 : }
627 :
628 : /* Unshare strinfo vector that is shared with the immediate dominator. */
629 :
630 : static void
631 342033 : unshare_strinfo_vec (void)
632 : {
633 342033 : strinfo *si;
634 342033 : unsigned int i = 0;
635 :
636 342033 : gcc_assert (strinfo_shared ());
637 342033 : stridx_to_strinfo = vec_safe_copy (stridx_to_strinfo);
638 6899594 : for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
639 6557561 : if (si != NULL)
640 1226368 : si->refcount++;
641 342033 : (*stridx_to_strinfo)[0] = NULL;
642 342033 : }
643 :
644 : /* Attempt to create a string index for exp, ADDR_EXPR's operand.
645 : Return a pointer to the location where the string index can
646 : be stored (if 0) or is stored, or NULL if this can't be tracked. */
647 :
648 : static int *
649 174594 : addr_stridxptr (tree exp)
650 : {
651 174594 : HOST_WIDE_INT off;
652 :
653 174594 : poly_int64 poff;
654 174594 : tree base = get_addr_base_and_unit_offset (exp, &poff);
655 174594 : if (base == NULL_TREE || !DECL_P (base) || !poff.is_constant (&off))
656 : return NULL;
657 :
658 149839 : if (!decl_to_stridxlist_htab)
659 : {
660 44743 : decl_to_stridxlist_htab
661 44743 : = new hash_map<tree_decl_hash, stridxlist> (64);
662 44743 : gcc_obstack_init (&stridx_obstack);
663 : }
664 :
665 149839 : bool existed;
666 149839 : stridxlist *list = &decl_to_stridxlist_htab->get_or_insert (base, &existed);
667 149839 : if (existed)
668 : {
669 : int i;
670 : stridxlist *before = NULL;
671 127413 : for (i = 0; i < 32; i++)
672 : {
673 126525 : if (list->offset == off)
674 0 : return &list->idx;
675 126525 : if (list->offset > off && before == NULL)
676 126525 : before = list;
677 126525 : if (list->next == NULL)
678 : break;
679 82330 : list = list->next;
680 : }
681 45083 : if (i == 32)
682 : return NULL;
683 44195 : if (before)
684 : {
685 4429 : list = before;
686 4429 : before = XOBNEW (&stridx_obstack, struct stridxlist);
687 4429 : *before = *list;
688 4429 : list->next = before;
689 4429 : list->offset = off;
690 4429 : list->idx = 0;
691 4429 : return &list->idx;
692 : }
693 39766 : list->next = XOBNEW (&stridx_obstack, struct stridxlist);
694 39766 : list = list->next;
695 : }
696 :
697 144522 : list->next = NULL;
698 144522 : list->offset = off;
699 144522 : list->idx = 0;
700 144522 : return &list->idx;
701 : }
702 :
703 : /* Create a new string index, or return 0 if reached limit. */
704 :
705 : static int
706 869265 : new_stridx (tree exp)
707 : {
708 869265 : int idx;
709 869265 : if (max_stridx >= param_max_tracked_strlens)
710 : return 0;
711 869265 : if (TREE_CODE (exp) == SSA_NAME)
712 : {
713 849961 : if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (exp))
714 : return 0;
715 849961 : idx = max_stridx++;
716 849961 : ssa_ver_to_stridx[SSA_NAME_VERSION (exp)] = idx;
717 849961 : return idx;
718 : }
719 19304 : if (TREE_CODE (exp) == ADDR_EXPR)
720 : {
721 19270 : int *pidx = addr_stridxptr (TREE_OPERAND (exp, 0));
722 19270 : if (pidx != NULL)
723 : {
724 19261 : gcc_assert (*pidx == 0);
725 19261 : *pidx = max_stridx++;
726 19261 : return *pidx;
727 : }
728 : }
729 : return 0;
730 : }
731 :
732 : /* Like new_stridx, but for ADDR_EXPR's operand instead. */
733 :
734 : static int
735 154254 : new_addr_stridx (tree exp)
736 : {
737 154254 : int *pidx;
738 154254 : if (max_stridx >= param_max_tracked_strlens)
739 : return 0;
740 154254 : pidx = addr_stridxptr (exp);
741 154254 : if (pidx != NULL)
742 : {
743 129690 : gcc_assert (*pidx == 0);
744 129690 : *pidx = max_stridx++;
745 129690 : return *pidx;
746 : }
747 : return 0;
748 : }
749 :
750 : /* Create a new strinfo. */
751 :
752 : static strinfo *
753 964332 : new_strinfo (tree ptr, int idx, tree nonzero_chars, bool full_string_p)
754 : {
755 964332 : strinfo *si = strinfo_pool.allocate ();
756 964332 : si->nonzero_chars = nonzero_chars;
757 964332 : STRIP_USELESS_TYPE_CONVERSION (ptr);
758 964332 : si->ptr = ptr;
759 964332 : si->stmt = NULL;
760 964332 : si->alloc = NULL;
761 964332 : si->endptr = NULL_TREE;
762 964332 : si->refcount = 1;
763 964332 : si->idx = idx;
764 964332 : si->first = 0;
765 964332 : si->prev = 0;
766 964332 : si->next = 0;
767 964332 : si->writable = false;
768 964332 : si->dont_invalidate = false;
769 964332 : si->full_string_p = full_string_p;
770 964332 : return si;
771 : }
772 :
773 : /* Decrease strinfo refcount and free it if not referenced anymore. */
774 :
775 : static inline void
776 14349128 : free_strinfo (strinfo *si)
777 : {
778 14349128 : if (si && --si->refcount == 0)
779 964332 : strinfo_pool.remove (si);
780 14349128 : }
781 :
782 : /* Set strinfo in the vector entry IDX to SI. */
783 :
784 : static inline void
785 1351117 : set_strinfo (int idx, strinfo *si)
786 : {
787 1351117 : if (vec_safe_length (stridx_to_strinfo) && (*stridx_to_strinfo)[0])
788 342033 : unshare_strinfo_vec ();
789 1351117 : if (vec_safe_length (stridx_to_strinfo) <= (unsigned int) idx)
790 951805 : vec_safe_grow_cleared (stridx_to_strinfo, idx + 1, true);
791 1351117 : (*stridx_to_strinfo)[idx] = si;
792 1351117 : }
793 :
794 : /* Return the first strinfo in the related strinfo chain
795 : if all strinfos in between belong to the chain, otherwise NULL. */
796 :
797 : static strinfo *
798 28125 : verify_related_strinfos (strinfo *origsi)
799 : {
800 28125 : strinfo *si = origsi, *psi;
801 :
802 28125 : if (origsi->first == 0)
803 : return NULL;
804 7607 : for (; si->prev; si = psi)
805 : {
806 4646 : if (si->first != origsi->first)
807 : return NULL;
808 4646 : psi = get_strinfo (si->prev);
809 4646 : if (psi == NULL)
810 : return NULL;
811 4646 : if (psi->next != si->idx)
812 : return NULL;
813 : }
814 2961 : if (si->idx != si->first)
815 : return NULL;
816 : return si;
817 : }
818 :
819 : /* Set SI's endptr to ENDPTR and compute its length based on SI->ptr.
820 : Use LOC for folding. */
821 :
822 : static void
823 31 : set_endptr_and_length (location_t loc, strinfo *si, tree endptr)
824 : {
825 31 : si->endptr = endptr;
826 31 : si->stmt = NULL;
827 31 : tree start_as_size = fold_convert_loc (loc, size_type_node, si->ptr);
828 31 : tree end_as_size = fold_convert_loc (loc, size_type_node, endptr);
829 31 : si->nonzero_chars = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
830 : end_as_size, start_as_size);
831 31 : si->full_string_p = true;
832 31 : }
833 :
834 : /* Return the string length, or NULL if it can't be computed.
835 : The length may but need not be constant. Instead, it might be
836 : the result of a strlen() call. */
837 :
838 : static tree
839 6035 : get_string_length (strinfo *si)
840 : {
841 : /* If the length has already been computed return it if it's exact
842 : (i.e., the string is nul-terminated at NONZERO_CHARS), or return
843 : null if it isn't. */
844 6035 : if (si->nonzero_chars)
845 11803 : return si->full_string_p ? si->nonzero_chars : NULL;
846 :
847 : /* If the string is the result of one of the built-in calls below
848 : attempt to compute the length from the call statement. */
849 31 : if (si->stmt)
850 : {
851 30 : gimple *stmt = si->stmt, *lenstmt = NULL;
852 30 : tree callee, lhs, fn, tem;
853 30 : location_t loc;
854 30 : gimple_stmt_iterator gsi;
855 :
856 30 : gcc_assert (is_gimple_call (stmt));
857 30 : callee = gimple_call_fndecl (stmt);
858 30 : gcc_assert (callee && fndecl_built_in_p (callee, BUILT_IN_NORMAL));
859 30 : lhs = gimple_call_lhs (stmt);
860 : /* unshare_strinfo is intentionally not called here. The (delayed)
861 : transformation of strcpy or strcat into stpcpy is done at the place
862 : of the former strcpy/strcat call and so can affect all the strinfos
863 : with the same stmt. If they were unshared before and transformation
864 : has been already done, the handling of BUILT_IN_STPCPY{,_CHK} should
865 : just compute the right length. */
866 30 : switch (DECL_FUNCTION_CODE (callee))
867 : {
868 4 : case BUILT_IN_STRCAT:
869 4 : case BUILT_IN_STRCAT_CHK:
870 4 : gsi = gsi_for_stmt (stmt);
871 4 : fn = builtin_decl_implicit (BUILT_IN_STRLEN);
872 4 : gcc_assert (lhs == NULL_TREE);
873 4 : tem = unshare_expr (gimple_call_arg (stmt, 0));
874 4 : lenstmt = gimple_build_call (fn, 1, tem);
875 4 : lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), lenstmt);
876 4 : gimple_call_set_lhs (lenstmt, lhs);
877 8 : gimple_set_vuse (lenstmt, gimple_vuse (stmt));
878 4 : gsi_insert_before (&gsi, lenstmt, GSI_SAME_STMT);
879 4 : tem = gimple_call_arg (stmt, 0);
880 4 : lhs = gimple_convert_to_ptrofftype (&gsi, true, GSI_SAME_STMT,
881 : gimple_location (stmt), lhs);
882 4 : tem = gimple_build (&gsi, true, GSI_SAME_STMT,
883 : gimple_location (stmt), POINTER_PLUS_EXPR,
884 4 : TREE_TYPE (gimple_call_arg (stmt, 0)),
885 : tem, lhs);
886 4 : gimple_call_set_arg (stmt, 0, tem);
887 4 : lhs = NULL_TREE;
888 : /* FALLTHRU */
889 28 : case BUILT_IN_STRCPY:
890 28 : case BUILT_IN_STRCPY_CHK:
891 28 : gcc_assert (builtin_decl_implicit_p (BUILT_IN_STPCPY));
892 28 : if (gimple_call_num_args (stmt) == 2)
893 : fn = builtin_decl_implicit (BUILT_IN_STPCPY);
894 : else
895 2 : fn = builtin_decl_explicit (BUILT_IN_STPCPY_CHK);
896 28 : gcc_assert (lhs == NULL_TREE);
897 28 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
898 : {
899 0 : fprintf (dump_file, "Optimizing: ");
900 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
901 : }
902 28 : gimple_call_set_fndecl (stmt, fn);
903 28 : lhs = make_ssa_name (TREE_TYPE (TREE_TYPE (fn)), stmt);
904 28 : gimple_call_set_lhs (stmt, lhs);
905 28 : if (DECL_FUNCTION_CODE (callee) == BUILT_IN_STRCAT_CHK)
906 : {
907 1 : tree objsz = gimple_call_lhs (lenstmt);
908 1 : gimple *g
909 1 : = gimple_build_assign (make_ssa_name (TREE_TYPE (objsz)),
910 : MINUS_EXPR, gimple_call_arg (stmt, 2),
911 : objsz);
912 1 : gimple_set_location (g, gimple_location (stmt));
913 1 : gsi_insert_before (&gsi, g, GSI_SAME_STMT);
914 1 : gimple_call_set_arg (stmt, 2, gimple_assign_lhs (g));
915 : }
916 28 : update_stmt (stmt);
917 28 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
918 : {
919 0 : fprintf (dump_file, "into: ");
920 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
921 : }
922 : /* FALLTHRU */
923 28 : case BUILT_IN_STPCPY:
924 28 : case BUILT_IN_STPCPY_CHK:
925 28 : gcc_assert (lhs != NULL_TREE);
926 28 : loc = gimple_location (stmt);
927 28 : set_endptr_and_length (loc, si, lhs);
928 28 : for (strinfo *chainsi = verify_related_strinfos (si);
929 39 : chainsi != NULL;
930 11 : chainsi = get_next_strinfo (chainsi))
931 11 : if (chainsi->nonzero_chars == NULL)
932 3 : set_endptr_and_length (loc, chainsi, lhs);
933 : break;
934 : case BUILT_IN_ALLOCA:
935 : case BUILT_IN_ALLOCA_WITH_ALIGN:
936 : case BUILT_IN_MALLOC:
937 : break;
938 : /* BUILT_IN_CALLOC always has si->nonzero_chars set. */
939 0 : default:
940 0 : gcc_unreachable ();
941 30 : break;
942 : }
943 : }
944 :
945 31 : return si->nonzero_chars;
946 : }
947 :
948 : /* Dump strlen data to FP for statement STMT. When non-null, RVALS
949 : points to the valuation engine used to calculate ranges, and is
950 : used to dump strlen range for non-constant results. */
951 :
952 : DEBUG_FUNCTION void
953 0 : dump_strlen_info (FILE *fp, gimple *stmt, range_query *rvals)
954 : {
955 0 : if (stmt)
956 : {
957 0 : fprintf (fp, "\nDumping strlen pass data after ");
958 0 : print_gimple_expr (fp, stmt, TDF_LINENO);
959 0 : fputc ('\n', fp);
960 : }
961 : else
962 0 : fprintf (fp, "\nDumping strlen pass data\n");
963 :
964 0 : fprintf (fp, "max_stridx = %i\n", max_stridx);
965 0 : fprintf (fp, "ssa_ver_to_stridx has %u elements\n",
966 : ssa_ver_to_stridx.length ());
967 0 : fprintf (fp, "stridx_to_strinfo");
968 0 : if (stridx_to_strinfo)
969 : {
970 0 : fprintf (fp, " has %u elements\n", stridx_to_strinfo->length ());
971 0 : for (unsigned i = 0; i != stridx_to_strinfo->length (); ++i)
972 : {
973 0 : if (strinfo *si = (*stridx_to_strinfo)[i])
974 : {
975 0 : if (!si->idx)
976 0 : continue;
977 0 : fprintf (fp, " idx = %i", si->idx);
978 0 : if (si->ptr)
979 : {
980 0 : fprintf (fp, ", ptr = ");
981 0 : print_generic_expr (fp, si->ptr);
982 : }
983 :
984 0 : if (si->nonzero_chars)
985 : {
986 0 : fprintf (fp, ", nonzero_chars = ");
987 0 : print_generic_expr (fp, si->nonzero_chars);
988 0 : if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
989 : {
990 0 : int_range_max vr;
991 0 : if (rvals)
992 0 : rvals->range_of_expr (vr, si->nonzero_chars,
993 : si->stmt);
994 : else
995 0 : get_range_query (cfun)->range_of_expr (vr,
996 : si->nonzero_chars);
997 0 : vr.dump (fp);
998 0 : }
999 : }
1000 :
1001 0 : fprintf (fp, ", refcount = %i", si->refcount);
1002 0 : if (si->stmt)
1003 : {
1004 0 : fprintf (fp, ", stmt = ");
1005 0 : print_gimple_expr (fp, si->stmt, 0);
1006 : }
1007 0 : if (si->alloc)
1008 : {
1009 0 : fprintf (fp, ", alloc = ");
1010 0 : print_gimple_expr (fp, si->alloc, 0);
1011 : }
1012 0 : if (si->writable)
1013 0 : fprintf (fp, ", writable");
1014 0 : if (si->dont_invalidate)
1015 0 : fprintf (fp, ", dont_invalidate");
1016 0 : if (si->full_string_p)
1017 0 : fprintf (fp, ", full_string_p");
1018 0 : if (strinfo *next = get_next_strinfo (si))
1019 : {
1020 0 : fprintf (fp, ", {");
1021 0 : do
1022 0 : fprintf (fp, "%i%s", next->idx, next->first ? ", " : "");
1023 0 : while ((next = get_next_strinfo (next)));
1024 0 : fprintf (fp, "}");
1025 : }
1026 0 : fputs ("\n", fp);
1027 : }
1028 : }
1029 : }
1030 : else
1031 0 : fprintf (fp, " = null\n");
1032 :
1033 0 : fprintf (fp, "decl_to_stridxlist_htab");
1034 0 : if (decl_to_stridxlist_htab)
1035 : {
1036 0 : fputs ("\n", fp);
1037 0 : typedef decl_to_stridxlist_htab_t::iterator iter_t;
1038 0 : for (iter_t it = decl_to_stridxlist_htab->begin ();
1039 0 : it != decl_to_stridxlist_htab->end (); ++it)
1040 : {
1041 0 : tree decl = (*it).first;
1042 0 : stridxlist *list = &(*it).second;
1043 0 : fprintf (fp, " decl = ");
1044 0 : print_generic_expr (fp, decl);
1045 0 : if (list)
1046 : {
1047 0 : fprintf (fp, ", offsets = {");
1048 0 : for (; list; list = list->next)
1049 0 : fprintf (fp, "%lli%s", (long long) list->offset,
1050 0 : list->next ? ", " : "");
1051 0 : fputs ("}", fp);
1052 : }
1053 0 : fputs ("\n", fp);
1054 : }
1055 : }
1056 : else
1057 0 : fprintf (fp, " = null\n");
1058 :
1059 0 : if (laststmt.stmt)
1060 : {
1061 0 : fprintf (fp, "laststmt = ");
1062 0 : print_gimple_expr (fp, laststmt.stmt, 0);
1063 0 : fprintf (fp, ", len = ");
1064 0 : print_generic_expr (fp, laststmt.len);
1065 0 : fprintf (fp, ", stridx = %i\n", laststmt.stridx);
1066 : }
1067 0 : }
1068 :
1069 : /* Helper of get_range_strlen_dynamic(). See below. */
1070 :
1071 : static bool
1072 2994 : get_range_strlen_phi (tree src, gphi *phi,
1073 : c_strlen_data *pdata, bitmap visited,
1074 : pointer_query *ptr_qry, unsigned *pssa_def_max)
1075 : {
1076 2994 : if (!bitmap_set_bit (visited, SSA_NAME_VERSION (src)))
1077 : return true;
1078 :
1079 2879 : if (*pssa_def_max == 0)
1080 : return false;
1081 :
1082 2869 : --*pssa_def_max;
1083 :
1084 : /* Iterate over the PHI arguments and determine the minimum and maximum
1085 : length/size of each and incorporate them into the overall result. */
1086 12359 : for (unsigned i = 0; i != gimple_phi_num_args (phi); ++i)
1087 : {
1088 9490 : tree arg = gimple_phi_arg_def (phi, i);
1089 9490 : if (arg == gimple_phi_result (phi))
1090 3335 : continue;
1091 :
1092 9490 : c_strlen_data argdata = { };
1093 9490 : if (!get_range_strlen_dynamic (arg, phi, &argdata, visited, ptr_qry,
1094 : pssa_def_max))
1095 : {
1096 323 : pdata->maxlen = build_all_ones_cst (size_type_node);
1097 323 : continue;
1098 : }
1099 :
1100 : /* Set the DECL of an unterminated array this argument refers to
1101 : if one hasn't been found yet. */
1102 9167 : if (!pdata->decl && argdata.decl)
1103 9 : pdata->decl = argdata.decl;
1104 :
1105 12179 : if (!argdata.minlen
1106 9167 : || (integer_zerop (argdata.minlen)
1107 3377 : && (!argdata.maxbound
1108 867 : || integer_all_onesp (argdata.maxbound))
1109 2510 : && integer_all_onesp (argdata.maxlen)))
1110 : {
1111 : /* Set the upper bound of the length to unbounded. */
1112 3012 : pdata->maxlen = build_all_ones_cst (size_type_node);
1113 3012 : continue;
1114 : }
1115 :
1116 : /* Adjust the minimum and maximum length determined so far and
1117 : the upper bound on the array size. */
1118 6155 : if (TREE_CODE (argdata.minlen) == INTEGER_CST
1119 6155 : && (!pdata->minlen
1120 4665 : || tree_int_cst_lt (argdata.minlen, pdata->minlen)))
1121 2934 : pdata->minlen = argdata.minlen;
1122 :
1123 6155 : if (TREE_CODE (argdata.maxlen) == INTEGER_CST
1124 6155 : && (!pdata->maxlen
1125 : || (argdata.maxlen
1126 4801 : && tree_int_cst_lt (pdata->maxlen, argdata.maxlen))))
1127 2127 : pdata->maxlen = argdata.maxlen;
1128 :
1129 6155 : if (!pdata->maxbound
1130 6044 : || TREE_CODE (pdata->maxbound) != INTEGER_CST
1131 10806 : || (argdata.maxbound
1132 4649 : && tree_int_cst_lt (pdata->maxbound, argdata.maxbound)
1133 859 : && !integer_all_onesp (argdata.maxbound)))
1134 2363 : pdata->maxbound = argdata.maxbound;
1135 : }
1136 :
1137 : return true;
1138 : }
1139 :
1140 : /* Return the maximum possible length of the string PTR that's less
1141 : than MAXLEN given the size of the object of subobject it points
1142 : to at the given STMT. MAXLEN is the maximum length of the string
1143 : determined so far. Return null when no such maximum can be
1144 : determined. */
1145 :
1146 : static tree
1147 1834 : get_maxbound (tree ptr, gimple *stmt, offset_int maxlen,
1148 : pointer_query *ptr_qry)
1149 : {
1150 1834 : access_ref aref;
1151 1834 : if (!ptr_qry->get_ref (ptr, stmt, &aref))
1152 : return NULL_TREE;
1153 :
1154 1834 : offset_int sizrem = aref.size_remaining ();
1155 1834 : if (sizrem <= 0)
1156 : return NULL_TREE;
1157 :
1158 1834 : if (sizrem < maxlen)
1159 426 : maxlen = sizrem - 1;
1160 :
1161 : /* Try to determine the maximum from the subobject at the offset.
1162 : This handles MEM [&some-struct, member-offset] that's often
1163 : the result of folding COMPONENT_REF [some-struct, member]. */
1164 1834 : tree reftype = TREE_TYPE (aref.ref);
1165 1834 : if (!RECORD_OR_UNION_TYPE_P (reftype)
1166 9 : || aref.offrng[0] != aref.offrng[1]
1167 1843 : || !wi::fits_shwi_p (aref.offrng[0]))
1168 1825 : return wide_int_to_tree (size_type_node, maxlen);
1169 :
1170 9 : HOST_WIDE_INT off = aref.offrng[0].to_shwi ();
1171 9 : tree fld = field_at_offset (reftype, NULL_TREE, off);
1172 9 : if (!fld || !DECL_SIZE_UNIT (fld))
1173 1 : return wide_int_to_tree (size_type_node, maxlen);
1174 :
1175 8 : offset_int size = wi::to_offset (DECL_SIZE_UNIT (fld));
1176 8 : if (maxlen < size)
1177 0 : return wide_int_to_tree (size_type_node, maxlen);
1178 :
1179 8 : return wide_int_to_tree (size_type_node, size - 1);
1180 : }
1181 :
1182 : /* Attempt to determine the length of the string SRC. On success, store
1183 : the length in *PDATA and return true. Otherwise, return false.
1184 : VISITED is a bitmap of visited PHI nodes. RVALS points to the valuation
1185 : engine used to calculate ranges. PSSA_DEF_MAX to an SSA_NAME
1186 : assignment limit used to prevent runaway recursion. */
1187 :
1188 : static bool
1189 538000 : get_range_strlen_dynamic (tree src, gimple *stmt,
1190 : c_strlen_data *pdata, bitmap visited,
1191 : pointer_query *ptr_qry, unsigned *pssa_def_max)
1192 : {
1193 538000 : int idx = get_stridx (src, stmt);
1194 538000 : if (!idx)
1195 : {
1196 275351 : if (TREE_CODE (src) == SSA_NAME)
1197 : {
1198 269629 : gimple *def_stmt = SSA_NAME_DEF_STMT (src);
1199 269629 : if (gphi *phi = dyn_cast<gphi *>(def_stmt))
1200 2994 : return get_range_strlen_phi (src, phi, pdata, visited, ptr_qry,
1201 2994 : pssa_def_max);
1202 : }
1203 :
1204 : /* Return success regardless of the result and handle *PDATA
1205 : in the caller. */
1206 272357 : get_range_strlen (src, pdata, 1);
1207 272357 : return true;
1208 : }
1209 :
1210 262649 : if (idx < 0)
1211 : {
1212 : /* SRC is a string of constant length. */
1213 256771 : pdata->minlen = build_int_cst (size_type_node, ~idx);
1214 256771 : pdata->maxlen = pdata->minlen;
1215 256771 : pdata->maxbound = pdata->maxlen;
1216 256771 : return true;
1217 : }
1218 :
1219 5878 : if (strinfo *si = get_strinfo (idx))
1220 : {
1221 2064 : pdata->minlen = get_string_length (si);
1222 2064 : if (!pdata->minlen && si->nonzero_chars)
1223 : {
1224 39 : if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
1225 39 : pdata->minlen = si->nonzero_chars;
1226 0 : else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
1227 : {
1228 0 : int_range_max vr;
1229 0 : ptr_qry->rvals->range_of_expr (vr, si->nonzero_chars, si->stmt);
1230 0 : if (vr.undefined_p () || vr.varying_p ())
1231 0 : pdata->minlen = build_zero_cst (size_type_node);
1232 : else
1233 : {
1234 0 : tree type = vr.type ();
1235 0 : pdata->minlen = wide_int_to_tree (type, vr.lower_bound ());
1236 : }
1237 0 : }
1238 : else
1239 0 : pdata->minlen = build_zero_cst (size_type_node);
1240 :
1241 39 : tree base = si->ptr;
1242 39 : if (TREE_CODE (base) == ADDR_EXPR)
1243 39 : base = TREE_OPERAND (base, 0);
1244 :
1245 39 : HOST_WIDE_INT off;
1246 39 : poly_int64 poff;
1247 39 : base = get_addr_base_and_unit_offset (base, &poff);
1248 39 : if (base
1249 39 : && DECL_P (base)
1250 39 : && TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE
1251 37 : && TYPE_SIZE_UNIT (TREE_TYPE (base))
1252 39 : && poff.is_constant (&off))
1253 : {
1254 30 : tree basetype = TREE_TYPE (base);
1255 30 : tree size = TYPE_SIZE_UNIT (basetype);
1256 30 : if (TREE_CODE (size) == INTEGER_CST)
1257 : {
1258 30 : ++off; /* Increment for the terminating nul. */
1259 30 : tree toffset = build_int_cst (size_type_node, off);
1260 30 : pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node,
1261 : size, toffset);
1262 30 : if (tree_int_cst_lt (pdata->maxlen, pdata->minlen))
1263 : /* This can happen when triggering UB, when base is an
1264 : array which is known to be filled with at least size
1265 : non-zero bytes. E.g. for
1266 : char a[2]; memcpy (a, "12", sizeof a);
1267 : We don't want to create an invalid range [2, 1]
1268 : where 2 comes from the number of non-zero bytes and
1269 : 1 from longest valid zero-terminated string that can
1270 : be stored in such an array, so pick just one of
1271 : those, pdata->minlen. See PR110603. */
1272 3 : pdata->maxlen = build_all_ones_cst (size_type_node);
1273 : else
1274 27 : pdata->maxbound = pdata->maxlen;
1275 : }
1276 : else
1277 0 : pdata->maxlen = build_all_ones_cst (size_type_node);
1278 : }
1279 : else
1280 9 : pdata->maxlen = build_all_ones_cst (size_type_node);
1281 39 : }
1282 2025 : else if (pdata->minlen && TREE_CODE (pdata->minlen) == SSA_NAME)
1283 : {
1284 1834 : int_range_max vr;
1285 1834 : ptr_qry->rvals->range_of_expr (vr, si->nonzero_chars, stmt);
1286 1834 : if (vr.varying_p () || vr.undefined_p ())
1287 : {
1288 0 : pdata->minlen = build_zero_cst (size_type_node);
1289 0 : pdata->maxlen = build_all_ones_cst (size_type_node);
1290 : }
1291 : else
1292 : {
1293 1834 : tree type = vr.type ();
1294 1834 : pdata->minlen = wide_int_to_tree (type, vr.lower_bound ());
1295 1834 : pdata->maxlen = wide_int_to_tree (type, vr.upper_bound ());
1296 1834 : offset_int max = offset_int::from (vr.upper_bound (0), SIGNED);
1297 1834 : if (tree maxbound = get_maxbound (si->ptr, stmt, max, ptr_qry))
1298 1834 : pdata->maxbound = maxbound;
1299 : else
1300 0 : pdata->maxbound = pdata->maxlen;
1301 : }
1302 1834 : }
1303 191 : else if (pdata->minlen && TREE_CODE (pdata->minlen) == INTEGER_CST)
1304 : {
1305 184 : pdata->maxlen = pdata->minlen;
1306 184 : pdata->maxbound = pdata->minlen;
1307 : }
1308 : else
1309 : {
1310 : /* For PDATA->MINLEN that's a non-constant expression such
1311 : as PLUS_EXPR whose value range is unknown, set the bounds
1312 : to zero and SIZE_MAX. */
1313 7 : pdata->minlen = build_zero_cst (size_type_node);
1314 7 : pdata->maxlen = build_all_ones_cst (size_type_node);
1315 : }
1316 :
1317 2064 : return true;
1318 : }
1319 :
1320 : return false;
1321 : }
1322 :
1323 : /* Analogous to get_range_strlen but for dynamically created strings,
1324 : i.e., those created by calls to strcpy as opposed to just string
1325 : constants.
1326 : Try to obtain the range of the lengths of the string(s) referenced
1327 : by SRC, or the size of the largest array SRC refers to if the range
1328 : of lengths cannot be determined, and store all in *PDATA. RVALS
1329 : points to the valuation engine used to calculate ranges. */
1330 :
1331 : void
1332 528510 : get_range_strlen_dynamic (tree src, gimple *stmt, c_strlen_data *pdata,
1333 : pointer_query &ptr_qry)
1334 : {
1335 528510 : auto_bitmap visited;
1336 528510 : tree maxbound = pdata->maxbound;
1337 :
1338 528510 : unsigned limit = param_ssa_name_def_chain_limit;
1339 528510 : if (!get_range_strlen_dynamic (src, stmt, pdata, visited, &ptr_qry, &limit))
1340 : {
1341 : /* On failure extend the length range to an impossible maximum
1342 : (a valid MAXLEN must be less than PTRDIFF_MAX - 1). Other
1343 : members can stay unchanged regardless. */
1344 3501 : pdata->minlen = ssize_int (0);
1345 3501 : pdata->maxlen = build_all_ones_cst (size_type_node);
1346 : }
1347 525009 : else if (!pdata->minlen)
1348 988 : pdata->minlen = ssize_int (0);
1349 :
1350 : /* If it's unchanged from it initial non-null value, set the conservative
1351 : MAXBOUND to SIZE_MAX. Otherwise leave it null (if it is null). */
1352 528510 : if (maxbound && pdata->maxbound == maxbound)
1353 4505 : pdata->maxbound = build_all_ones_cst (size_type_node);
1354 528510 : }
1355 :
1356 : /* Invalidate string length information for strings whose length might
1357 : change due to stores in STMT, except those marked DONT_INVALIDATE.
1358 : For string-modifying statements, ZERO_WRITE is set when the statement
1359 : wrote only zeros.
1360 : Returns true if any STRIDX_TO_STRINFO entries were considered
1361 : for invalidation. */
1362 :
1363 : static bool
1364 11671300 : maybe_invalidate (gimple *stmt, bool zero_write = false)
1365 : {
1366 11671300 : if (dump_file && (dump_flags & TDF_DETAILS))
1367 : {
1368 0 : fprintf (dump_file, "%s called for ", __func__);
1369 0 : print_gimple_stmt (dump_file, stmt, TDF_LINENO);
1370 : }
1371 :
1372 : strinfo *si;
1373 : bool nonempty = false;
1374 :
1375 74249242 : for (unsigned i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
1376 : {
1377 62577942 : if (si == NULL || !POINTER_TYPE_P (TREE_TYPE (si->ptr)))
1378 59797674 : continue;
1379 :
1380 3529968 : nonempty = true;
1381 :
1382 : /* Unconditionally reset DONT_INVALIDATE. */
1383 3529968 : bool dont_invalidate = si->dont_invalidate;
1384 3529968 : si->dont_invalidate = false;
1385 :
1386 3529968 : if (dont_invalidate)
1387 362915 : continue;
1388 :
1389 3167053 : ao_ref r;
1390 3167053 : tree size = si->nonzero_chars;
1391 3167053 : ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
1392 : /* Include the terminating nul in the size of the string
1393 : to consider when determining possible clobber. But do not
1394 : add it to 'size' since we don't know whether it would
1395 : actually fit the allocated area. */
1396 3167053 : if (known_size_p (r.size))
1397 : {
1398 2739826 : if (known_le (r.size, HOST_WIDE_INT_MAX - BITS_PER_UNIT))
1399 2739826 : r.max_size += BITS_PER_UNIT;
1400 : else
1401 0 : r.max_size = -1;
1402 : }
1403 3167053 : if (stmt_may_clobber_ref_p_1 (stmt, &r))
1404 : {
1405 386785 : if (dump_file && (dump_flags & TDF_DETAILS))
1406 : {
1407 0 : fputs (" statement may clobber object ", dump_file);
1408 0 : print_generic_expr (dump_file, si->ptr);
1409 0 : if (size && tree_fits_uhwi_p (size))
1410 0 : fprintf (dump_file, " " HOST_WIDE_INT_PRINT_UNSIGNED
1411 : " bytes in size", tree_to_uhwi (size));
1412 0 : fputc ('\n', dump_file);
1413 : }
1414 :
1415 386785 : set_strinfo (i, NULL);
1416 386785 : free_strinfo (si);
1417 386785 : continue;
1418 : }
1419 :
1420 2780268 : if (size
1421 2780268 : && !zero_write
1422 2437420 : && si->stmt
1423 5372 : && is_gimple_call (si->stmt)
1424 2785640 : && (DECL_FUNCTION_CODE (gimple_call_fndecl (si->stmt))
1425 : == BUILT_IN_CALLOC))
1426 : {
1427 : /* If the clobber test above considered the length of
1428 : the string (including the nul), then for (potentially)
1429 : non-zero writes that might modify storage allocated by
1430 : calloc consider the whole object and if it might be
1431 : clobbered by the statement reset the statement. */
1432 5372 : ao_ref_init_from_ptr_and_size (&r, si->ptr, NULL_TREE);
1433 5372 : if (stmt_may_clobber_ref_p_1 (stmt, &r))
1434 61 : si->stmt = NULL;
1435 : }
1436 : }
1437 :
1438 11671300 : if (dump_file && (dump_flags & TDF_DETAILS))
1439 0 : fprintf (dump_file, "%s returns %i\n", __func__, nonempty);
1440 :
1441 11671300 : return nonempty;
1442 : }
1443 :
1444 : /* Unshare strinfo record SI, if it has refcount > 1 or
1445 : if stridx_to_strinfo vector is shared with some other
1446 : bbs. */
1447 :
1448 : static strinfo *
1449 43345 : unshare_strinfo (strinfo *si)
1450 : {
1451 43345 : strinfo *nsi;
1452 :
1453 43345 : if (si->refcount == 1 && !strinfo_shared ())
1454 : return si;
1455 :
1456 8903 : nsi = new_strinfo (si->ptr, si->idx, si->nonzero_chars, si->full_string_p);
1457 8903 : nsi->stmt = si->stmt;
1458 8903 : nsi->alloc = si->alloc;
1459 8903 : nsi->endptr = si->endptr;
1460 8903 : nsi->first = si->first;
1461 8903 : nsi->prev = si->prev;
1462 8903 : nsi->next = si->next;
1463 8903 : nsi->writable = si->writable;
1464 8903 : set_strinfo (si->idx, nsi);
1465 8903 : free_strinfo (si);
1466 8903 : return nsi;
1467 : }
1468 :
1469 : /* Attempt to create a new strinfo for BASESI + OFF, or find existing
1470 : strinfo if there is any. Return it's idx, or 0 if no strinfo has
1471 : been created. */
1472 :
1473 : static int
1474 3225 : get_stridx_plus_constant (strinfo *basesi, unsigned HOST_WIDE_INT off,
1475 : tree ptr)
1476 : {
1477 3225 : if (TREE_CODE (ptr) == SSA_NAME && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1478 : return 0;
1479 :
1480 3225 : if (compare_nonzero_chars (basesi, off) < 0
1481 3225 : || !tree_fits_uhwi_p (basesi->nonzero_chars))
1482 : return 0;
1483 :
1484 3225 : unsigned HOST_WIDE_INT nonzero_chars
1485 3225 : = tree_to_uhwi (basesi->nonzero_chars) - off;
1486 3225 : strinfo *si = basesi, *chainsi;
1487 3225 : if (si->first || si->prev || si->next)
1488 654 : si = verify_related_strinfos (basesi);
1489 654 : if (si == NULL
1490 3225 : || si->nonzero_chars == NULL_TREE
1491 3225 : || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1492 : return 0;
1493 :
1494 3225 : if (TREE_CODE (ptr) == SSA_NAME
1495 4956 : && ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1496 0 : ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1497 :
1498 3225 : gcc_checking_assert (compare_tree_int (si->nonzero_chars, off) != -1);
1499 5442 : for (chainsi = si; chainsi->next; chainsi = si)
1500 : {
1501 2217 : si = get_next_strinfo (chainsi);
1502 2217 : if (si == NULL
1503 2217 : || si->nonzero_chars == NULL_TREE
1504 2217 : || TREE_CODE (si->nonzero_chars) != INTEGER_CST)
1505 : break;
1506 2217 : int r = compare_tree_int (si->nonzero_chars, nonzero_chars);
1507 2217 : if (r != 1)
1508 : {
1509 0 : if (r == 0)
1510 : {
1511 0 : if (TREE_CODE (ptr) == SSA_NAME)
1512 0 : ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = si->idx;
1513 : else
1514 : {
1515 0 : int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1516 0 : if (pidx != NULL && *pidx == 0)
1517 0 : *pidx = si->idx;
1518 : }
1519 0 : return si->idx;
1520 : }
1521 : break;
1522 : }
1523 : }
1524 :
1525 3225 : int idx = new_stridx (ptr);
1526 3225 : if (idx == 0)
1527 : return 0;
1528 3225 : si = new_strinfo (ptr, idx, build_int_cst (size_type_node, nonzero_chars),
1529 3225 : basesi->full_string_p);
1530 3225 : set_strinfo (idx, si);
1531 3225 : if (strinfo *nextsi = get_strinfo (chainsi->next))
1532 : {
1533 0 : nextsi = unshare_strinfo (nextsi);
1534 0 : si->next = nextsi->idx;
1535 0 : nextsi->prev = idx;
1536 : }
1537 3225 : chainsi = unshare_strinfo (chainsi);
1538 3225 : if (chainsi->first == 0)
1539 2571 : chainsi->first = chainsi->idx;
1540 3225 : chainsi->next = idx;
1541 3225 : if (chainsi->endptr == NULL_TREE && zero_length_string_p (si))
1542 232 : chainsi->endptr = ptr;
1543 3225 : si->endptr = chainsi->endptr;
1544 3225 : si->prev = chainsi->idx;
1545 3225 : si->first = chainsi->first;
1546 3225 : si->writable = chainsi->writable;
1547 3225 : return si->idx;
1548 : }
1549 :
1550 : /* Note that PTR, a pointer SSA_NAME initialized in the current stmt, points
1551 : to a zero-length string and if possible chain it to a related strinfo
1552 : chain whose part is or might be CHAINSI. */
1553 :
1554 : static strinfo *
1555 2164 : zero_length_string (tree ptr, strinfo *chainsi)
1556 : {
1557 2164 : strinfo *si;
1558 2164 : int idx;
1559 4328 : if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1560 0 : ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1561 2164 : gcc_checking_assert (TREE_CODE (ptr) == SSA_NAME
1562 : && ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] == 0);
1563 :
1564 2164 : if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr))
1565 : return NULL;
1566 2164 : if (chainsi != NULL)
1567 : {
1568 2164 : si = verify_related_strinfos (chainsi);
1569 2164 : if (si)
1570 : {
1571 265 : do
1572 : {
1573 : /* We shouldn't mix delayed and non-delayed lengths. */
1574 265 : gcc_assert (si->full_string_p);
1575 265 : if (si->endptr == NULL_TREE)
1576 : {
1577 221 : si = unshare_strinfo (si);
1578 221 : si->endptr = ptr;
1579 : }
1580 265 : chainsi = si;
1581 265 : si = get_next_strinfo (si);
1582 : }
1583 265 : while (si != NULL);
1584 108 : if (zero_length_string_p (chainsi))
1585 : {
1586 16 : if (chainsi->next)
1587 : {
1588 0 : chainsi = unshare_strinfo (chainsi);
1589 0 : chainsi->next = 0;
1590 : }
1591 16 : ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = chainsi->idx;
1592 16 : return chainsi;
1593 : }
1594 : }
1595 : else
1596 : {
1597 : /* We shouldn't mix delayed and non-delayed lengths. */
1598 2056 : gcc_assert (chainsi->full_string_p);
1599 2056 : if (chainsi->first || chainsi->prev || chainsi->next)
1600 : {
1601 0 : chainsi = unshare_strinfo (chainsi);
1602 0 : chainsi->first = 0;
1603 0 : chainsi->prev = 0;
1604 0 : chainsi->next = 0;
1605 : }
1606 : }
1607 : }
1608 2148 : idx = new_stridx (ptr);
1609 2148 : if (idx == 0)
1610 : return NULL;
1611 2148 : si = new_strinfo (ptr, idx, build_int_cst (size_type_node, 0), true);
1612 2148 : set_strinfo (idx, si);
1613 2148 : si->endptr = ptr;
1614 2148 : if (chainsi != NULL)
1615 : {
1616 2148 : chainsi = unshare_strinfo (chainsi);
1617 2148 : if (chainsi->first == 0)
1618 2056 : chainsi->first = chainsi->idx;
1619 2148 : chainsi->next = idx;
1620 2148 : if (chainsi->endptr == NULL_TREE)
1621 1629 : chainsi->endptr = ptr;
1622 2148 : si->prev = chainsi->idx;
1623 2148 : si->first = chainsi->first;
1624 2148 : si->writable = chainsi->writable;
1625 : }
1626 : return si;
1627 : }
1628 :
1629 : /* For strinfo ORIGSI whose length has been just updated, adjust other
1630 : related strinfos so that they match the new ORIGSI. This involves:
1631 :
1632 : - adding ADJ to the nonzero_chars fields
1633 : - copying full_string_p from the new ORIGSI. */
1634 :
1635 : static void
1636 24970 : adjust_related_strinfos (location_t loc, strinfo *origsi, tree adj)
1637 : {
1638 24970 : strinfo *si = verify_related_strinfos (origsi);
1639 :
1640 24970 : if (si == NULL)
1641 : return;
1642 :
1643 5960 : while (1)
1644 : {
1645 5960 : strinfo *nsi;
1646 :
1647 5960 : if (si != origsi)
1648 : {
1649 4078 : tree tem;
1650 :
1651 4078 : si = unshare_strinfo (si);
1652 : /* We shouldn't see delayed lengths here; the caller must
1653 : have calculated the old length in order to calculate
1654 : the adjustment. */
1655 4078 : gcc_assert (si->nonzero_chars);
1656 4078 : tem = fold_convert_loc (loc, TREE_TYPE (si->nonzero_chars), adj);
1657 4078 : si->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
1658 4078 : TREE_TYPE (si->nonzero_chars),
1659 : si->nonzero_chars, tem);
1660 4078 : si->full_string_p = origsi->full_string_p;
1661 :
1662 4078 : si->endptr = NULL_TREE;
1663 4078 : si->dont_invalidate = true;
1664 : }
1665 5960 : nsi = get_next_strinfo (si);
1666 5960 : if (nsi == NULL)
1667 : return;
1668 : si = nsi;
1669 : }
1670 : }
1671 :
1672 : /* Find if there are other SSA_NAME pointers equal to PTR
1673 : for which we don't track their string lengths yet. If so, use
1674 : IDX for them. */
1675 :
1676 : static void
1677 38158 : find_equal_ptrs (tree ptr, int idx)
1678 : {
1679 38158 : if (TREE_CODE (ptr) != SSA_NAME)
1680 : return;
1681 17754 : while (1)
1682 : {
1683 17754 : gimple *stmt = SSA_NAME_DEF_STMT (ptr);
1684 17754 : if (!is_gimple_assign (stmt))
1685 : return;
1686 10251 : ptr = gimple_assign_rhs1 (stmt);
1687 10251 : switch (gimple_assign_rhs_code (stmt))
1688 : {
1689 : case SSA_NAME:
1690 : break;
1691 691 : CASE_CONVERT:
1692 691 : if (!POINTER_TYPE_P (TREE_TYPE (ptr)))
1693 : return;
1694 0 : if (TREE_CODE (ptr) == SSA_NAME)
1695 : break;
1696 0 : if (TREE_CODE (ptr) != ADDR_EXPR)
1697 : return;
1698 : /* FALLTHRU */
1699 1070 : case ADDR_EXPR:
1700 1070 : {
1701 1070 : int *pidx = addr_stridxptr (TREE_OPERAND (ptr, 0));
1702 1070 : if (pidx != NULL && *pidx == 0)
1703 0 : *pidx = idx;
1704 : return;
1705 : }
1706 : default:
1707 : return;
1708 : }
1709 :
1710 : /* We might find an endptr created in this pass. Grow the
1711 : vector in that case. */
1712 0 : if (ssa_ver_to_stridx.length () <= SSA_NAME_VERSION (ptr))
1713 0 : ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
1714 :
1715 0 : if (ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] != 0)
1716 : return;
1717 0 : ssa_ver_to_stridx[SSA_NAME_VERSION (ptr)] = idx;
1718 0 : }
1719 : }
1720 :
1721 : /* Return true if STMT is a call to a builtin function with the right
1722 : arguments and attributes that should be considered for optimization
1723 : by this pass. */
1724 :
1725 : static bool
1726 4386514 : valid_builtin_call (gimple *stmt)
1727 : {
1728 4386514 : if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
1729 : return false;
1730 :
1731 965188 : tree callee = gimple_call_fndecl (stmt);
1732 965188 : switch (DECL_FUNCTION_CODE (callee))
1733 : {
1734 206088 : case BUILT_IN_MEMCMP:
1735 206088 : case BUILT_IN_MEMCMP_EQ:
1736 206088 : case BUILT_IN_STRCMP:
1737 206088 : case BUILT_IN_STRNCMP:
1738 206088 : case BUILT_IN_STRCHR:
1739 206088 : case BUILT_IN_STRLEN:
1740 206088 : case BUILT_IN_STRNLEN:
1741 : /* The above functions should be pure. Punt if they aren't. */
1742 4039597 : if (gimple_vdef (stmt) || gimple_vuse (stmt) == NULL_TREE)
1743 : return false;
1744 : break;
1745 :
1746 150061 : case BUILT_IN_ALLOCA:
1747 150061 : case BUILT_IN_ALLOCA_WITH_ALIGN:
1748 150061 : case BUILT_IN_CALLOC:
1749 150061 : case BUILT_IN_MALLOC:
1750 150061 : case BUILT_IN_MEMCPY:
1751 150061 : case BUILT_IN_MEMCPY_CHK:
1752 150061 : case BUILT_IN_MEMPCPY:
1753 150061 : case BUILT_IN_MEMPCPY_CHK:
1754 150061 : case BUILT_IN_MEMSET:
1755 150061 : case BUILT_IN_STPCPY:
1756 150061 : case BUILT_IN_STPCPY_CHK:
1757 150061 : case BUILT_IN_STPNCPY:
1758 150061 : case BUILT_IN_STPNCPY_CHK:
1759 150061 : case BUILT_IN_STRCAT:
1760 150061 : case BUILT_IN_STRCAT_CHK:
1761 150061 : case BUILT_IN_STRCPY:
1762 150061 : case BUILT_IN_STRCPY_CHK:
1763 150061 : case BUILT_IN_STRNCAT:
1764 150061 : case BUILT_IN_STRNCAT_CHK:
1765 150061 : case BUILT_IN_STRNCPY:
1766 150061 : case BUILT_IN_STRNCPY_CHK:
1767 : /* The above functions should be neither const nor pure. Punt if they
1768 : aren't. */
1769 3721448 : if (gimple_vdef (stmt) == NULL_TREE || gimple_vuse (stmt) == NULL_TREE)
1770 : return false;
1771 : break;
1772 :
1773 : default:
1774 : break;
1775 : }
1776 :
1777 : return true;
1778 : }
1779 :
1780 : /* If the last .MEM setter statement before STMT is
1781 : memcpy (x, y, strlen (y) + 1), the only .MEM use of it is STMT
1782 : and STMT is known to overwrite x[strlen (x)], adjust the last memcpy to
1783 : just memcpy (x, y, strlen (y)). SI must be the zero length
1784 : strinfo. */
1785 :
1786 : void
1787 9619 : strlen_pass::adjust_last_stmt (strinfo *si, gimple *stmt, bool is_strcat)
1788 : {
1789 9619 : tree vuse, callee, len;
1790 9619 : struct laststmt_struct last = laststmt;
1791 9619 : strinfo *lastsi, *firstsi;
1792 9619 : unsigned len_arg_no = 2;
1793 :
1794 9619 : laststmt.stmt = NULL;
1795 9619 : laststmt.len = NULL_TREE;
1796 9619 : laststmt.stridx = 0;
1797 :
1798 9619 : if (last.stmt == NULL)
1799 9414 : return;
1800 :
1801 12863 : vuse = gimple_vuse (stmt);
1802 3449 : if (vuse == NULL_TREE
1803 3449 : || SSA_NAME_DEF_STMT (vuse) != last.stmt
1804 4273 : || !has_single_use (vuse))
1805 : return;
1806 :
1807 422 : gcc_assert (last.stridx > 0);
1808 422 : lastsi = get_strinfo (last.stridx);
1809 422 : if (lastsi == NULL)
1810 : return;
1811 :
1812 422 : if (lastsi != si)
1813 : {
1814 328 : if (lastsi->first == 0 || lastsi->first != si->first)
1815 : return;
1816 :
1817 307 : firstsi = verify_related_strinfos (si);
1818 307 : if (firstsi == NULL)
1819 : return;
1820 483 : while (firstsi != lastsi)
1821 : {
1822 176 : firstsi = get_next_strinfo (firstsi);
1823 176 : if (firstsi == NULL)
1824 : return;
1825 : }
1826 : }
1827 :
1828 401 : if (!is_strcat && !zero_length_string_p (si))
1829 : return;
1830 :
1831 320 : if (is_gimple_assign (last.stmt))
1832 : {
1833 29 : gimple_stmt_iterator gsi;
1834 :
1835 29 : if (!integer_zerop (gimple_assign_rhs1 (last.stmt)))
1836 : return;
1837 16 : if (stmt_could_throw_p (cfun, last.stmt))
1838 : return;
1839 16 : gsi = gsi_for_stmt (last.stmt);
1840 16 : unlink_stmt_vdef (last.stmt);
1841 16 : release_defs (last.stmt);
1842 16 : gsi_remove (&gsi, true);
1843 16 : return;
1844 : }
1845 :
1846 291 : if (!valid_builtin_call (last.stmt))
1847 : return;
1848 :
1849 291 : callee = gimple_call_fndecl (last.stmt);
1850 291 : switch (DECL_FUNCTION_CODE (callee))
1851 : {
1852 291 : case BUILT_IN_MEMCPY:
1853 291 : case BUILT_IN_MEMCPY_CHK:
1854 291 : break;
1855 : default:
1856 : return;
1857 : }
1858 :
1859 291 : len = gimple_call_arg (last.stmt, len_arg_no);
1860 291 : if (tree_fits_uhwi_p (len))
1861 : {
1862 214 : if (!tree_fits_uhwi_p (last.len)
1863 214 : || integer_zerop (len)
1864 428 : || tree_to_uhwi (len) != tree_to_uhwi (last.len) + 1)
1865 86 : return;
1866 : /* Don't adjust the length if it is divisible by 4, it is more efficient
1867 : to store the extra '\0' in that case. */
1868 214 : if ((tree_to_uhwi (len) & 3) == 0)
1869 : return;
1870 :
1871 : /* Don't fold away an out of bounds access, as this defeats proper
1872 : warnings. */
1873 139 : tree dst = gimple_call_arg (last.stmt, 0);
1874 :
1875 139 : access_ref aref;
1876 139 : tree size = compute_objsize (dst, stmt, 1, &aref, &ptr_qry);
1877 139 : if (size && tree_int_cst_lt (size, len))
1878 : return;
1879 : }
1880 77 : else if (TREE_CODE (len) == SSA_NAME)
1881 : {
1882 77 : gimple *def_stmt = SSA_NAME_DEF_STMT (len);
1883 77 : if (!is_gimple_assign (def_stmt)
1884 77 : || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
1885 77 : || gimple_assign_rhs1 (def_stmt) != last.len
1886 154 : || !integer_onep (gimple_assign_rhs2 (def_stmt)))
1887 0 : return;
1888 : }
1889 : else
1890 : return;
1891 :
1892 205 : gimple_call_set_arg (last.stmt, len_arg_no, last.len);
1893 205 : update_stmt (last.stmt);
1894 : }
1895 :
1896 : /* For an LHS that is an SSA_NAME that is the result of a strlen()
1897 : call, or when BOUND is non-null, of a strnlen() call, set LHS
1898 : range info to [0, min (MAX, BOUND)] when the range includes more
1899 : than one value and return LHS. Otherwise, when the range
1900 : [MIN, MAX] is such that MIN == MAX, return the tree representation
1901 : of (MIN). The latter allows callers to fold suitable strnlen() calls
1902 : to constants. */
1903 :
1904 : tree
1905 150056 : set_strlen_range (tree lhs, wide_int min, wide_int max,
1906 : tree bound /* = NULL_TREE */)
1907 : {
1908 150056 : if (TREE_CODE (lhs) != SSA_NAME
1909 150056 : || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1910 : return NULL_TREE;
1911 :
1912 146208 : if (bound)
1913 : {
1914 : /* For strnlen, adjust MIN and MAX as necessary. If the bound
1915 : is less than the size of the array set MAX to it. It it's
1916 : greater than MAX and MAX is non-zero bump MAX down to account
1917 : for the necessary terminating nul. Otherwise leave it alone. */
1918 511 : if (TREE_CODE (bound) == INTEGER_CST)
1919 : {
1920 330 : wide_int wibnd = wi::to_wide (bound);
1921 330 : int cmp = wi::cmpu (wibnd, max);
1922 330 : if (cmp < 0)
1923 260 : max = wibnd;
1924 124 : else if (cmp && wi::ne_p (max, min))
1925 54 : --max;
1926 330 : }
1927 181 : else if (TREE_CODE (bound) == SSA_NAME)
1928 : {
1929 181 : int_range_max r;
1930 362 : get_range_query (cfun)->range_of_expr (r, bound);
1931 181 : if (!r.undefined_p ())
1932 : {
1933 : /* For a bound in a known range, adjust the range determined
1934 : above as necessary. For a bound in some anti-range or
1935 : in an unknown range, use the range determined by callers. */
1936 181 : if (wi::ltu_p (r.lower_bound (), min))
1937 0 : min = r.lower_bound ();
1938 181 : if (wi::ltu_p (r.upper_bound (), max))
1939 30 : max = r.upper_bound ();
1940 : }
1941 181 : }
1942 : }
1943 :
1944 146208 : if (min == max)
1945 14 : return wide_int_to_tree (size_type_node, min);
1946 :
1947 146194 : int_range_max vr (TREE_TYPE (lhs), min, max);
1948 146194 : set_range_info (lhs, vr);
1949 146194 : return lhs;
1950 146194 : }
1951 :
1952 : /* For an LHS that is an SSA_NAME and for strlen() or strnlen() argument
1953 : SRC, set LHS range info to [0, min (N, BOUND)] if SRC refers to
1954 : a character array A[N] with unknown length bounded by N, and for
1955 : strnlen(), by min (N, BOUND). */
1956 :
1957 : static tree
1958 11681 : maybe_set_strlen_range (tree lhs, tree src, tree bound)
1959 : {
1960 11681 : if (TREE_CODE (lhs) != SSA_NAME
1961 11681 : || !INTEGRAL_TYPE_P (TREE_TYPE (lhs)))
1962 : return NULL_TREE;
1963 :
1964 11681 : if (TREE_CODE (src) == SSA_NAME)
1965 : {
1966 8506 : gimple *def = SSA_NAME_DEF_STMT (src);
1967 8506 : if (is_gimple_assign (def)
1968 8506 : && gimple_assign_rhs_code (def) == ADDR_EXPR)
1969 130 : src = gimple_assign_rhs1 (def);
1970 : }
1971 :
1972 : /* The longest string is PTRDIFF_MAX - 1 bytes including the final
1973 : NUL so that the difference between a pointer to just past it and
1974 : one to its beginning is positive. */
1975 11681 : wide_int max = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
1976 :
1977 11681 : if (TREE_CODE (src) == ADDR_EXPR)
1978 : {
1979 : /* The last array member of a struct can be bigger than its size
1980 : suggests if it's treated as a poor-man's flexible array member. */
1981 3305 : src = TREE_OPERAND (src, 0);
1982 3305 : if (TREE_CODE (src) != MEM_REF
1983 3305 : && !array_ref_flexible_size_p (src))
1984 : {
1985 2270 : tree type = TREE_TYPE (src);
1986 2270 : tree size = TYPE_SIZE_UNIT (type);
1987 2270 : if (size
1988 2217 : && TREE_CODE (size) == INTEGER_CST
1989 4487 : && !integer_zerop (size))
1990 : {
1991 : /* Even though such uses of strlen would be undefined,
1992 : avoid relying on arrays of arrays in case some genius
1993 : decides to call strlen on an unterminated array element
1994 : that's followed by a terminated one. Likewise, avoid
1995 : assuming that a struct array member is necessarily
1996 : nul-terminated (the nul may be in the member that
1997 : follows). In those cases, assume that the length
1998 : of the string stored in such an array is bounded
1999 : by the size of the enclosing object if one can be
2000 : determined. */
2001 2211 : tree base = get_base_address (src);
2002 2211 : if (VAR_P (base))
2003 : {
2004 2148 : if (tree size = DECL_SIZE_UNIT (base))
2005 2148 : if (size
2006 2148 : && TREE_CODE (size) == INTEGER_CST
2007 2148 : && !POINTER_TYPE_P (TREE_TYPE (base)))
2008 2148 : max = wi::to_wide (size);
2009 : }
2010 : }
2011 :
2012 : /* For strlen() the upper bound above is equal to
2013 : the longest string that can be stored in the array
2014 : (i.e., it accounts for the terminating nul. For
2015 : strnlen() bump up the maximum by one since the array
2016 : need not be nul-terminated. */
2017 2270 : if (!bound && max != 0)
2018 2074 : --max;
2019 : }
2020 : }
2021 :
2022 11681 : wide_int min = wi::zero (max.get_precision ());
2023 11681 : return set_strlen_range (lhs, min, max, bound);
2024 11681 : }
2025 :
2026 : /* Diagnose buffer overflow by a STMT writing LEN + PLUS_ONE bytes,
2027 : either into a region allocated for the object SI when non-null,
2028 : or into an object designated by the LHS of STMT otherwise.
2029 : For a call STMT, when CALL_LHS is set use its left hand side
2030 : as the destination, otherwise use argument zero.
2031 : When nonnull uses RVALS to determine range information.
2032 : RAWMEM may be set by memcpy and other raw memory functions
2033 : to allow accesses across subobject boundaries. */
2034 :
2035 : void
2036 379047 : strlen_pass::maybe_warn_overflow (gimple *stmt, bool call_lhs, tree len,
2037 : strinfo *si, bool plus_one, bool rawmem)
2038 : {
2039 379047 : if (!len || warning_suppressed_p (stmt, OPT_Wstringop_overflow_))
2040 378197 : return;
2041 :
2042 : /* The DECL of the function performing the write if it is done
2043 : by one. */
2044 377743 : tree writefn = NULL_TREE;
2045 : /* The destination expression involved in the store or call STMT. */
2046 377743 : tree dest = NULL_TREE;
2047 :
2048 377743 : if (is_gimple_assign (stmt))
2049 325509 : dest = gimple_assign_lhs (stmt);
2050 52234 : else if (is_gimple_call (stmt))
2051 : {
2052 52234 : if (call_lhs)
2053 31129 : dest = gimple_call_lhs (stmt);
2054 : else
2055 : {
2056 21105 : gcc_assert (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL));
2057 21105 : dest = gimple_call_arg (stmt, 0);
2058 : }
2059 :
2060 52234 : if (!dest)
2061 : return;
2062 52234 : writefn = gimple_call_fndecl (stmt);
2063 : }
2064 : else
2065 : return;
2066 :
2067 377743 : if (warning_suppressed_p (dest, OPT_Wstringop_overflow_))
2068 : return;
2069 :
2070 377571 : const int ostype = rawmem ? 0 : 1;
2071 :
2072 : /* Use maximum precision to avoid overflow in the addition below.
2073 : Make sure all operands have the same precision to keep wide_int
2074 : from ICE'ing. */
2075 :
2076 377571 : access_ref aref;
2077 : /* The size of the destination region (which is smaller than
2078 : the destination object for stores at a non-zero offset). */
2079 377571 : tree destsize = compute_objsize (dest, stmt, ostype, &aref, &ptr_qry);
2080 :
2081 377571 : if (!destsize)
2082 : {
2083 3 : aref.sizrng[0] = 0;
2084 3 : aref.sizrng[1] = wi::to_offset (max_object_size ());
2085 : }
2086 :
2087 : /* Return early if the DESTSIZE size expression is the same as LEN
2088 : and the offset into the destination is zero. This might happen
2089 : in the case of a pair of malloc and memset calls to allocate
2090 : an object and clear it as if by calloc. */
2091 377571 : if (destsize == len && !plus_one
2092 377879 : && aref.offrng[0] == 0 && aref.offrng[0] == aref.offrng[1])
2093 308 : return;
2094 :
2095 1886315 : wide_int rng[2];
2096 377263 : if (!get_range (len, stmt, rng, ptr_qry.rvals))
2097 1129239 : return;
2098 :
2099 376257 : widest_int lenrng[2] =
2100 1128771 : { widest_int::from (rng[0], SIGNED), widest_int::from (rng[1], SIGNED) };
2101 :
2102 376257 : if (plus_one)
2103 : {
2104 1620 : lenrng[0] += 1;
2105 1620 : lenrng[1] += 1;
2106 : }
2107 :
2108 : /* The size of the remaining space in the destination computed
2109 : as the size of the latter minus the offset into it. */
2110 1881285 : widest_int spcrng[2];
2111 : {
2112 376257 : offset_int remrng[2];
2113 376257 : remrng[1] = aref.size_remaining (remrng);
2114 1123169 : spcrng[0] = remrng[0] == -1 ? 0 : widest_int::from (remrng[0], UNSIGNED);
2115 376257 : spcrng[1] = widest_int::from (remrng[1], UNSIGNED);
2116 : }
2117 :
2118 376257 : if (wi::leu_p (lenrng[0], spcrng[0])
2119 639427 : && wi::leu_p (lenrng[1], spcrng[1]))
2120 1126221 : return;
2121 :
2122 115315 : location_t loc = gimple_or_expr_nonartificial_location (stmt, dest);
2123 115315 : bool warned = false;
2124 115315 : if (wi::leu_p (lenrng[0], spcrng[1]))
2125 : {
2126 114144 : if (len != destsize
2127 114144 : && (!si || rawmem || !is_strlen_related_p (si->ptr, len)))
2128 114138 : return;
2129 :
2130 12 : warned = (writefn
2131 6 : ? warning_at (loc, OPT_Wstringop_overflow_,
2132 : "%qD writing one too many bytes into a region "
2133 : "of a size that depends on %<strlen%>",
2134 : writefn)
2135 6 : : warning_at (loc, OPT_Wstringop_overflow_,
2136 : "writing one too many bytes into a region "
2137 : "of a size that depends on %<strlen%>"));
2138 : }
2139 1171 : else if (lenrng[0] == lenrng[1])
2140 : {
2141 1169 : if (spcrng[0] == spcrng[1])
2142 1075 : warned = (writefn
2143 1307 : ? warning_n (loc, OPT_Wstringop_overflow_,
2144 : lenrng[0].to_uhwi (),
2145 : "%qD writing %wu byte into a region "
2146 : "of size %wu",
2147 : "%qD writing %wu bytes into a region "
2148 : "of size %wu",
2149 : writefn, lenrng[0].to_uhwi (),
2150 : spcrng[0].to_uhwi ())
2151 1075 : : warning_n (loc, OPT_Wstringop_overflow_,
2152 : lenrng[0].to_uhwi (),
2153 : "writing %wu byte into a region "
2154 : "of size %wu",
2155 : "writing %wu bytes into a region "
2156 : "of size %wu",
2157 : lenrng[0].to_uhwi (),
2158 : spcrng[0].to_uhwi ()));
2159 : else
2160 94 : warned = (writefn
2161 185 : ? warning_n (loc, OPT_Wstringop_overflow_,
2162 : lenrng[0].to_uhwi (),
2163 : "%qD writing %wu byte into a region "
2164 : "of size between %wu and %wu",
2165 : "%qD writing %wu bytes into a region "
2166 : "of size between %wu and %wu",
2167 : writefn, lenrng[0].to_uhwi (),
2168 : spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2169 94 : : warning_n (loc, OPT_Wstringop_overflow_,
2170 : lenrng[0].to_uhwi (),
2171 : "writing %wu byte into a region "
2172 : "of size between %wu and %wu",
2173 : "writing %wu bytes into a region "
2174 : "of size between %wu and %wu",
2175 : lenrng[0].to_uhwi (),
2176 : spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2177 : }
2178 2 : else if (spcrng[0] == spcrng[1])
2179 2 : warned = (writefn
2180 4 : ? warning_at (loc, OPT_Wstringop_overflow_,
2181 : "%qD writing between %wu and %wu bytes "
2182 : "into a region of size %wu",
2183 : writefn, lenrng[0].to_uhwi (),
2184 : lenrng[1].to_uhwi (),
2185 : spcrng[0].to_uhwi ())
2186 2 : : warning_at (loc, OPT_Wstringop_overflow_,
2187 : "writing between %wu and %wu bytes "
2188 : "into a region of size %wu",
2189 : lenrng[0].to_uhwi (),
2190 : lenrng[1].to_uhwi (),
2191 : spcrng[0].to_uhwi ()));
2192 : else
2193 0 : warned = (writefn
2194 0 : ? warning_at (loc, OPT_Wstringop_overflow_,
2195 : "%qD writing between %wu and %wu bytes "
2196 : "into a region of size between %wu and %wu",
2197 : writefn, lenrng[0].to_uhwi (),
2198 : lenrng[1].to_uhwi (),
2199 : spcrng[0].to_uhwi (), spcrng[1].to_uhwi ())
2200 0 : : warning_at (loc, OPT_Wstringop_overflow_,
2201 : "writing between %wu and %wu bytes "
2202 : "into a region of size between %wu and %wu",
2203 : lenrng[0].to_uhwi (),
2204 : lenrng[1].to_uhwi (),
2205 : spcrng[0].to_uhwi (), spcrng[1].to_uhwi ()));
2206 :
2207 1177 : if (!warned)
2208 : return;
2209 :
2210 850 : suppress_warning (stmt, OPT_Wstringop_overflow_);
2211 :
2212 850 : aref.inform_access (access_write_only);
2213 3389331 : }
2214 :
2215 : /* Convenience wrapper for the above. */
2216 :
2217 : void
2218 356763 : strlen_pass::maybe_warn_overflow (gimple *stmt, bool call_lhs,
2219 : unsigned HOST_WIDE_INT len,
2220 : strinfo *si, bool plus_one, bool rawmem)
2221 : {
2222 356763 : tree tlen = build_int_cst (size_type_node, len);
2223 356763 : maybe_warn_overflow (stmt, call_lhs, tlen, si, plus_one, rawmem);
2224 356763 : }
2225 :
2226 : /* Handle a strlen call. If strlen of the argument is known, replace
2227 : the strlen call with the known value, otherwise remember that strlen
2228 : of the argument is stored in the lhs SSA_NAME. */
2229 :
2230 : void
2231 13703 : strlen_pass::handle_builtin_strlen ()
2232 : {
2233 13703 : gimple *stmt = gsi_stmt (m_gsi);
2234 13703 : tree lhs = gimple_call_lhs (stmt);
2235 :
2236 13703 : if (lhs == NULL_TREE)
2237 1997 : return;
2238 :
2239 13703 : location_t loc = gimple_location (stmt);
2240 13703 : tree callee = gimple_call_fndecl (stmt);
2241 13703 : tree src = gimple_call_arg (stmt, 0);
2242 13703 : tree bound = (DECL_FUNCTION_CODE (callee) == BUILT_IN_STRNLEN
2243 13703 : ? gimple_call_arg (stmt, 1) : NULL_TREE);
2244 13703 : int idx = get_stridx (src, stmt);
2245 13703 : if (idx || (bound && integer_zerop (bound)))
2246 : {
2247 3823 : strinfo *si = NULL;
2248 3823 : tree rhs;
2249 :
2250 3823 : if (idx < 0)
2251 285 : rhs = build_int_cst (TREE_TYPE (lhs), ~idx);
2252 3538 : else if (idx == 0)
2253 : rhs = bound;
2254 : else
2255 : {
2256 3508 : rhs = NULL_TREE;
2257 3508 : si = get_strinfo (idx);
2258 3508 : if (si != NULL)
2259 : {
2260 1682 : rhs = get_string_length (si);
2261 : /* For strnlen, if bound is constant, even if si is not known
2262 : to be zero terminated, if we know at least bound bytes are
2263 : not zero, the return value will be bound. */
2264 1682 : if (rhs == NULL_TREE
2265 1682 : && bound != NULL_TREE
2266 18 : && TREE_CODE (bound) == INTEGER_CST
2267 16 : && si->nonzero_chars != NULL_TREE
2268 16 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST
2269 1698 : && tree_int_cst_le (bound, si->nonzero_chars))
2270 : rhs = bound;
2271 : }
2272 : }
2273 1997 : if (rhs != NULL_TREE)
2274 : {
2275 1834 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2276 : {
2277 0 : fprintf (dump_file, "Optimizing: ");
2278 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2279 : }
2280 1834 : rhs = unshare_expr (rhs);
2281 1834 : if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
2282 0 : rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2283 :
2284 1834 : if (bound)
2285 333 : rhs = fold_build2_loc (loc, MIN_EXPR, TREE_TYPE (rhs), rhs, bound);
2286 :
2287 1834 : gimplify_and_update_call_from_tree (&m_gsi, rhs);
2288 1834 : stmt = gsi_stmt (m_gsi);
2289 1834 : update_stmt (stmt);
2290 1834 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2291 : {
2292 0 : fprintf (dump_file, "into: ");
2293 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2294 : }
2295 :
2296 1834 : if (si != NULL
2297 : /* Don't update anything for strnlen. */
2298 1834 : && bound == NULL_TREE
2299 1489 : && TREE_CODE (si->nonzero_chars) != SSA_NAME
2300 888 : && TREE_CODE (si->nonzero_chars) != INTEGER_CST
2301 1900 : && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2302 : {
2303 66 : si = unshare_strinfo (si);
2304 66 : si->nonzero_chars = lhs;
2305 66 : gcc_assert (si->full_string_p);
2306 : }
2307 :
2308 1834 : if (strlen_to_stridx
2309 1834 : && (bound == NULL_TREE
2310 : /* For strnlen record this only if the call is proven
2311 : to return the same value as strlen would. */
2312 333 : || (TREE_CODE (bound) == INTEGER_CST
2313 237 : && TREE_CODE (rhs) == INTEGER_CST
2314 237 : && tree_int_cst_lt (rhs, bound))))
2315 1650 : strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2316 :
2317 1834 : return;
2318 : }
2319 : }
2320 11869 : if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2321 : return;
2322 :
2323 11869 : if (idx == 0)
2324 9880 : idx = new_stridx (src);
2325 : else
2326 : {
2327 1989 : strinfo *si = get_strinfo (idx);
2328 1989 : if (si != NULL)
2329 : {
2330 163 : if (!si->full_string_p && !si->stmt)
2331 : {
2332 : /* Until now we only had a lower bound on the string length.
2333 : Install LHS as the actual length. */
2334 161 : si = unshare_strinfo (si);
2335 161 : tree old = si->nonzero_chars;
2336 161 : si->nonzero_chars = lhs;
2337 161 : si->full_string_p = true;
2338 161 : if (old && TREE_CODE (old) == INTEGER_CST)
2339 : {
2340 158 : old = fold_convert_loc (loc, TREE_TYPE (lhs), old);
2341 158 : tree adj = fold_build2_loc (loc, MINUS_EXPR,
2342 158 : TREE_TYPE (lhs), lhs, old);
2343 158 : adjust_related_strinfos (loc, si, adj);
2344 : /* Use the constant minimum length as the lower bound
2345 : of the non-constant length. */
2346 158 : wide_int min = wi::to_wide (old);
2347 158 : wide_int max
2348 158 : = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node)) - 2;
2349 158 : if (wi::gtu_p (min, max))
2350 1 : max = wi::to_wide (TYPE_MAX_VALUE (TREE_TYPE (lhs)));
2351 158 : set_strlen_range (lhs, min, max);
2352 158 : }
2353 : else
2354 : {
2355 3 : si->first = 0;
2356 3 : si->prev = 0;
2357 3 : si->next = 0;
2358 : }
2359 : }
2360 163 : return;
2361 : }
2362 : }
2363 11706 : if (idx)
2364 : {
2365 11681 : if (!bound)
2366 : {
2367 : /* Only store the new length information for calls to strlen(),
2368 : not for those to strnlen(). */
2369 11170 : strinfo *si = new_strinfo (src, idx, lhs, true);
2370 11170 : set_strinfo (idx, si);
2371 11170 : find_equal_ptrs (src, idx);
2372 : }
2373 :
2374 : /* For SRC that is an array of N elements, set LHS's range
2375 : to [0, min (N, BOUND)]. A constant return value means
2376 : the range would have consisted of a single value. In
2377 : that case, fold the result into the returned constant. */
2378 11681 : if (tree ret = maybe_set_strlen_range (lhs, src, bound))
2379 11681 : if (TREE_CODE (ret) == INTEGER_CST)
2380 : {
2381 13 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2382 : {
2383 0 : fprintf (dump_file, "Optimizing: ");
2384 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2385 : }
2386 13 : if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (ret)))
2387 0 : ret = fold_convert_loc (loc, TREE_TYPE (lhs), ret);
2388 13 : gimplify_and_update_call_from_tree (&m_gsi, ret);
2389 13 : stmt = gsi_stmt (m_gsi);
2390 13 : update_stmt (stmt);
2391 13 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2392 : {
2393 0 : fprintf (dump_file, "into: ");
2394 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2395 : }
2396 : }
2397 :
2398 11681 : if (strlen_to_stridx && !bound)
2399 11168 : strlen_to_stridx->put (lhs, stridx_strlenloc (idx, loc));
2400 : }
2401 : }
2402 :
2403 : /* Handle a strchr call. If strlen of the first argument is known, replace
2404 : the strchr (x, 0) call with the endptr or x + strlen, otherwise remember
2405 : that lhs of the call is endptr and strlen of the argument is endptr - x. */
2406 :
2407 : void
2408 487 : strlen_pass::handle_builtin_strchr ()
2409 : {
2410 487 : gimple *stmt = gsi_stmt (m_gsi);
2411 487 : tree lhs = gimple_call_lhs (stmt);
2412 :
2413 487 : if (lhs == NULL_TREE)
2414 : return;
2415 :
2416 487 : if (!integer_zerop (gimple_call_arg (stmt, 1)))
2417 : return;
2418 :
2419 0 : tree src = gimple_call_arg (stmt, 0);
2420 :
2421 : /* Avoid folding if the first argument is not a nul-terminated array.
2422 : Defer warning until later. */
2423 0 : if (!check_nul_terminated_array (NULL_TREE, src))
2424 : return;
2425 :
2426 0 : int idx = get_stridx (src, stmt);
2427 0 : if (idx)
2428 : {
2429 0 : strinfo *si = NULL;
2430 0 : tree rhs;
2431 :
2432 0 : if (idx < 0)
2433 0 : rhs = build_int_cst (size_type_node, ~idx);
2434 : else
2435 : {
2436 0 : rhs = NULL_TREE;
2437 0 : si = get_strinfo (idx);
2438 0 : if (si != NULL)
2439 0 : rhs = get_string_length (si);
2440 : }
2441 0 : if (rhs != NULL_TREE)
2442 : {
2443 0 : location_t loc = gimple_location (stmt);
2444 :
2445 0 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2446 : {
2447 0 : fprintf (dump_file, "Optimizing: ");
2448 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2449 : }
2450 0 : if (si != NULL && si->endptr != NULL_TREE)
2451 : {
2452 0 : rhs = unshare_expr (si->endptr);
2453 0 : if (!useless_type_conversion_p (TREE_TYPE (lhs),
2454 0 : TREE_TYPE (rhs)))
2455 0 : rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2456 : }
2457 : else
2458 : {
2459 0 : rhs = fold_convert_loc (loc, sizetype, unshare_expr (rhs));
2460 0 : rhs = fold_build2_loc (loc, POINTER_PLUS_EXPR,
2461 0 : TREE_TYPE (src), src, rhs);
2462 0 : if (!useless_type_conversion_p (TREE_TYPE (lhs),
2463 0 : TREE_TYPE (rhs)))
2464 0 : rhs = fold_convert_loc (loc, TREE_TYPE (lhs), rhs);
2465 : }
2466 0 : gimplify_and_update_call_from_tree (&m_gsi, rhs);
2467 0 : stmt = gsi_stmt (m_gsi);
2468 0 : update_stmt (stmt);
2469 0 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2470 : {
2471 0 : fprintf (dump_file, "into: ");
2472 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2473 : }
2474 0 : if (si != NULL
2475 0 : && si->endptr == NULL_TREE
2476 0 : && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2477 : {
2478 0 : si = unshare_strinfo (si);
2479 0 : si->endptr = lhs;
2480 : }
2481 0 : zero_length_string (lhs, si);
2482 0 : return;
2483 : }
2484 : }
2485 0 : if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (lhs))
2486 : return;
2487 0 : if (TREE_CODE (src) != SSA_NAME || !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (src))
2488 : {
2489 0 : if (idx == 0)
2490 0 : idx = new_stridx (src);
2491 0 : else if (get_strinfo (idx) != NULL)
2492 : {
2493 0 : zero_length_string (lhs, NULL);
2494 0 : return;
2495 : }
2496 0 : if (idx)
2497 : {
2498 0 : location_t loc = gimple_location (stmt);
2499 0 : tree lhsu = fold_convert_loc (loc, size_type_node, lhs);
2500 0 : tree srcu = fold_convert_loc (loc, size_type_node, src);
2501 0 : tree length = fold_build2_loc (loc, MINUS_EXPR,
2502 : size_type_node, lhsu, srcu);
2503 0 : strinfo *si = new_strinfo (src, idx, length, true);
2504 0 : si->endptr = lhs;
2505 0 : set_strinfo (idx, si);
2506 0 : find_equal_ptrs (src, idx);
2507 0 : zero_length_string (lhs, si);
2508 : }
2509 : }
2510 : else
2511 0 : zero_length_string (lhs, NULL);
2512 : }
2513 :
2514 : /* Handle a strcpy-like ({st{r,p}cpy,__st{r,p}cpy_chk}) call.
2515 : If strlen of the second argument is known, strlen of the first argument
2516 : is the same after this call. Furthermore, attempt to convert it to
2517 : memcpy. Uses RVALS to determine range information. */
2518 :
2519 : void
2520 2799 : strlen_pass::handle_builtin_strcpy (built_in_function bcode)
2521 : {
2522 2799 : int idx, didx;
2523 2799 : tree src, dst, srclen, len, lhs, type, fn, oldlen;
2524 2799 : bool success;
2525 2799 : gimple *stmt = gsi_stmt (m_gsi);
2526 2799 : strinfo *si, *dsi, *olddsi, *zsi;
2527 2799 : location_t loc;
2528 :
2529 2799 : src = gimple_call_arg (stmt, 1);
2530 2799 : dst = gimple_call_arg (stmt, 0);
2531 2799 : lhs = gimple_call_lhs (stmt);
2532 2799 : idx = get_stridx (src, stmt);
2533 2799 : didx = get_stridx (dst, stmt);
2534 2799 : si = NULL;
2535 2799 : if (idx > 0)
2536 1697 : si = get_strinfo (idx);
2537 :
2538 2799 : olddsi = NULL;
2539 2799 : oldlen = NULL_TREE;
2540 2799 : if (didx > 0)
2541 1290 : olddsi = get_strinfo (didx);
2542 1509 : else if (didx < 0)
2543 : return;
2544 :
2545 1290 : if (olddsi != NULL)
2546 470 : adjust_last_stmt (olddsi, stmt, false);
2547 :
2548 2799 : srclen = NULL_TREE;
2549 2799 : if (si != NULL)
2550 1611 : srclen = get_string_length (si);
2551 1188 : else if (idx < 0)
2552 9 : srclen = build_int_cst (size_type_node, ~idx);
2553 :
2554 2799 : maybe_warn_overflow (stmt, false, srclen, olddsi, true);
2555 :
2556 2799 : if (olddsi != NULL)
2557 470 : adjust_last_stmt (olddsi, stmt, false);
2558 :
2559 2799 : loc = gimple_location (stmt);
2560 2799 : if (srclen == NULL_TREE)
2561 1179 : switch (bcode)
2562 : {
2563 866 : case BUILT_IN_STRCPY:
2564 866 : case BUILT_IN_STRCPY_CHK:
2565 866 : if (lhs != NULL_TREE || !builtin_decl_implicit_p (BUILT_IN_STPCPY))
2566 : return;
2567 : break;
2568 313 : case BUILT_IN_STPCPY:
2569 313 : case BUILT_IN_STPCPY_CHK:
2570 313 : if (lhs == NULL_TREE)
2571 : return;
2572 : else
2573 : {
2574 313 : tree lhsuint = fold_convert_loc (loc, size_type_node, lhs);
2575 313 : srclen = fold_convert_loc (loc, size_type_node, dst);
2576 313 : srclen = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
2577 : lhsuint, srclen);
2578 : }
2579 313 : break;
2580 0 : default:
2581 0 : gcc_unreachable ();
2582 : }
2583 :
2584 2213 : if (didx == 0)
2585 : {
2586 1109 : didx = new_stridx (dst);
2587 1109 : if (didx == 0)
2588 : return;
2589 : }
2590 2211 : if (olddsi != NULL)
2591 : {
2592 454 : oldlen = olddsi->nonzero_chars;
2593 454 : dsi = unshare_strinfo (olddsi);
2594 454 : dsi->nonzero_chars = srclen;
2595 454 : dsi->full_string_p = (srclen != NULL_TREE);
2596 : /* Break the chain, so adjust_related_strinfo on later pointers in
2597 : the chain won't adjust this one anymore. */
2598 454 : dsi->next = 0;
2599 454 : dsi->stmt = NULL;
2600 454 : dsi->endptr = NULL_TREE;
2601 : }
2602 : else
2603 : {
2604 1757 : dsi = new_strinfo (dst, didx, srclen, srclen != NULL_TREE);
2605 1757 : set_strinfo (didx, dsi);
2606 1757 : find_equal_ptrs (dst, didx);
2607 : }
2608 2211 : dsi->writable = true;
2609 2211 : dsi->dont_invalidate = true;
2610 :
2611 2211 : if (dsi->nonzero_chars == NULL_TREE)
2612 : {
2613 280 : strinfo *chainsi;
2614 :
2615 : /* If string length of src is unknown, use delayed length
2616 : computation. If string length of dst will be needed, it
2617 : can be computed by transforming this strcpy call into
2618 : stpcpy and subtracting dst from the return value. */
2619 :
2620 : /* Look for earlier strings whose length could be determined if
2621 : this strcpy is turned into an stpcpy. */
2622 :
2623 280 : if (dsi->prev != 0 && (chainsi = verify_related_strinfos (dsi)) != NULL)
2624 : {
2625 5 : for (; chainsi && chainsi != dsi; chainsi = get_strinfo (chainsi->next))
2626 : {
2627 : /* When setting a stmt for delayed length computation
2628 : prevent all strinfos through dsi from being
2629 : invalidated. */
2630 3 : chainsi = unshare_strinfo (chainsi);
2631 3 : chainsi->stmt = stmt;
2632 3 : chainsi->nonzero_chars = NULL_TREE;
2633 3 : chainsi->full_string_p = false;
2634 3 : chainsi->endptr = NULL_TREE;
2635 3 : chainsi->dont_invalidate = true;
2636 : }
2637 : }
2638 280 : dsi->stmt = stmt;
2639 :
2640 : /* Try to detect overlap before returning. This catches cases
2641 : like strcpy (d, d + n) where n is non-constant whose range
2642 : is such that (n <= strlen (d) holds).
2643 :
2644 : OLDDSI->NONZERO_chars may have been reset by this point with
2645 : oldlen holding it original value. */
2646 280 : if (olddsi && oldlen)
2647 : {
2648 : /* Add 1 for the terminating NUL. */
2649 111 : tree type = TREE_TYPE (oldlen);
2650 111 : oldlen = fold_build2 (PLUS_EXPR, type, oldlen,
2651 : build_int_cst (type, 1));
2652 111 : check_bounds_or_overlap (stmt, olddsi->ptr, src, oldlen, NULL_TREE);
2653 : }
2654 :
2655 280 : return;
2656 : }
2657 :
2658 1931 : if (olddsi != NULL)
2659 : {
2660 343 : tree adj = NULL_TREE;
2661 343 : if (oldlen == NULL_TREE)
2662 : ;
2663 74 : else if (integer_zerop (oldlen))
2664 : adj = srclen;
2665 61 : else if (TREE_CODE (oldlen) == INTEGER_CST
2666 3 : || TREE_CODE (srclen) == INTEGER_CST)
2667 116 : adj = fold_build2_loc (loc, MINUS_EXPR,
2668 58 : TREE_TYPE (srclen), srclen,
2669 58 : fold_convert_loc (loc, TREE_TYPE (srclen),
2670 : oldlen));
2671 71 : if (adj != NULL_TREE)
2672 71 : adjust_related_strinfos (loc, dsi, adj);
2673 : else
2674 272 : dsi->prev = 0;
2675 : }
2676 : /* strcpy src may not overlap dst, so src doesn't need to be
2677 : invalidated either. */
2678 1931 : if (si != NULL)
2679 1611 : si->dont_invalidate = true;
2680 :
2681 1931 : fn = NULL_TREE;
2682 1931 : zsi = NULL;
2683 1931 : switch (bcode)
2684 : {
2685 1515 : case BUILT_IN_STRCPY:
2686 1515 : fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
2687 1515 : if (lhs)
2688 95 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2689 : break;
2690 1 : case BUILT_IN_STRCPY_CHK:
2691 1 : fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
2692 1 : if (lhs)
2693 0 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
2694 : break;
2695 343 : case BUILT_IN_STPCPY:
2696 : /* This would need adjustment of the lhs (subtract one),
2697 : or detection that the trailing '\0' doesn't need to be
2698 : written, if it will be immediately overwritten.
2699 : fn = builtin_decl_explicit (BUILT_IN_MEMPCPY); */
2700 343 : if (lhs)
2701 : {
2702 343 : dsi->endptr = lhs;
2703 343 : zsi = zero_length_string (lhs, dsi);
2704 : }
2705 : break;
2706 72 : case BUILT_IN_STPCPY_CHK:
2707 : /* This would need adjustment of the lhs (subtract one),
2708 : or detection that the trailing '\0' doesn't need to be
2709 : written, if it will be immediately overwritten.
2710 : fn = builtin_decl_explicit (BUILT_IN_MEMPCPY_CHK); */
2711 72 : if (lhs)
2712 : {
2713 72 : dsi->endptr = lhs;
2714 72 : zsi = zero_length_string (lhs, dsi);
2715 : }
2716 : break;
2717 0 : default:
2718 0 : gcc_unreachable ();
2719 : }
2720 510 : if (zsi != NULL)
2721 415 : zsi->dont_invalidate = true;
2722 :
2723 1931 : if (fn)
2724 : {
2725 1516 : tree args = TYPE_ARG_TYPES (TREE_TYPE (fn));
2726 1516 : type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
2727 : }
2728 : else
2729 415 : type = size_type_node;
2730 :
2731 1931 : len = fold_convert_loc (loc, type, unshare_expr (srclen));
2732 1931 : len = fold_build2_loc (loc, PLUS_EXPR, type, len, build_int_cst (type, 1));
2733 :
2734 : /* Disable warning for the transformed statement? */
2735 1931 : opt_code no_warning_opt = no_warning;
2736 :
2737 1931 : if (const strinfo *chksi = si ? olddsi ? olddsi : dsi : NULL)
2738 : {
2739 1611 : no_warning_opt = check_bounds_or_overlap (stmt, chksi->ptr, si->ptr,
2740 : NULL_TREE, len);
2741 1611 : if (no_warning_opt)
2742 247 : suppress_warning (stmt, no_warning_opt);
2743 : }
2744 :
2745 1931 : if (fn == NULL_TREE)
2746 : return;
2747 :
2748 1516 : len = force_gimple_operand_gsi (&m_gsi, len, true, NULL_TREE, true,
2749 : GSI_SAME_STMT);
2750 1516 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2751 : {
2752 0 : fprintf (dump_file, "Optimizing: ");
2753 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2754 : }
2755 1516 : if (gimple_call_num_args (stmt) == 2)
2756 1515 : success = update_gimple_call (&m_gsi, fn, 3, dst, src, len);
2757 : else
2758 1 : success = update_gimple_call (&m_gsi, fn, 4, dst, src, len,
2759 : gimple_call_arg (stmt, 2));
2760 1516 : if (success)
2761 : {
2762 1516 : stmt = gsi_stmt (m_gsi);
2763 1516 : update_stmt (stmt);
2764 1516 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2765 : {
2766 0 : fprintf (dump_file, "into: ");
2767 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
2768 : }
2769 : /* Allow adjust_last_stmt to decrease this memcpy's size. */
2770 1516 : laststmt.stmt = stmt;
2771 1516 : laststmt.len = srclen;
2772 1516 : laststmt.stridx = dsi->idx;
2773 : }
2774 0 : else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
2775 0 : fprintf (dump_file, "not possible.\n");
2776 :
2777 1516 : if (no_warning_opt)
2778 247 : suppress_warning (stmt, no_warning_opt);
2779 : }
2780 :
2781 : /* Check the size argument to the built-in forms of stpncpy and strncpy
2782 : for out-of-bounds offsets or overlapping access, and to see if the
2783 : size argument is derived from a call to strlen() on the source argument,
2784 : and if so, issue an appropriate warning. */
2785 :
2786 : void
2787 805 : strlen_pass::handle_builtin_strncat (built_in_function)
2788 : {
2789 : /* Same as stxncpy(). */
2790 805 : handle_builtin_stxncpy_strncat (true);
2791 805 : }
2792 :
2793 : /* Return true if LEN depends on a call to strlen(SRC) in an interesting
2794 : way. LEN can either be an integer expression, or a pointer (to char).
2795 : When it is the latter (such as in recursive calls to self) it is
2796 : assumed to be the argument in some call to strlen() whose relationship
2797 : to SRC is being ascertained. */
2798 :
2799 : bool
2800 875 : is_strlen_related_p (tree src, tree len)
2801 : {
2802 2523 : if (POINTER_TYPE_P (TREE_TYPE (len))
2803 1333 : && operand_equal_p (src, len, 0))
2804 : return true;
2805 :
2806 1196 : if (TREE_CODE (len) != SSA_NAME)
2807 : return false;
2808 :
2809 826 : if (TREE_CODE (src) == SSA_NAME)
2810 : {
2811 578 : gimple *srcdef = SSA_NAME_DEF_STMT (src);
2812 578 : if (is_gimple_assign (srcdef))
2813 : {
2814 : /* Handle bitwise AND used in conversions from wider size_t
2815 : to narrower unsigned types. */
2816 244 : tree_code code = gimple_assign_rhs_code (srcdef);
2817 244 : if (code == BIT_AND_EXPR
2818 244 : || code == NOP_EXPR)
2819 151 : return is_strlen_related_p (gimple_assign_rhs1 (srcdef), len);
2820 :
2821 : return false;
2822 : }
2823 :
2824 334 : if (gimple_call_builtin_p (srcdef, BUILT_IN_NORMAL))
2825 : {
2826 : /* If SRC is the result of a call to an allocation function
2827 : or strlen, use the function's argument instead. */
2828 97 : tree func = gimple_call_fndecl (srcdef);
2829 97 : built_in_function code = DECL_FUNCTION_CODE (func);
2830 97 : if (code == BUILT_IN_ALLOCA
2831 97 : || code == BUILT_IN_ALLOCA_WITH_ALIGN
2832 16 : || code == BUILT_IN_MALLOC
2833 16 : || code == BUILT_IN_STRLEN)
2834 95 : return is_strlen_related_p (gimple_call_arg (srcdef, 0), len);
2835 :
2836 : /* FIXME: Handle other functions with attribute alloc_size. */
2837 : return false;
2838 : }
2839 : }
2840 :
2841 485 : gimple *lendef = SSA_NAME_DEF_STMT (len);
2842 485 : if (!lendef)
2843 : return false;
2844 :
2845 485 : if (is_gimple_call (lendef))
2846 : {
2847 68 : tree func = gimple_call_fndecl (lendef);
2848 68 : if (!valid_builtin_call (lendef)
2849 68 : || DECL_FUNCTION_CODE (func) != BUILT_IN_STRLEN)
2850 : return false;
2851 :
2852 68 : tree arg = gimple_call_arg (lendef, 0);
2853 68 : return is_strlen_related_p (src, arg);
2854 : }
2855 :
2856 417 : if (!is_gimple_assign (lendef))
2857 : return false;
2858 :
2859 213 : tree_code code = gimple_assign_rhs_code (lendef);
2860 213 : tree rhs1 = gimple_assign_rhs1 (lendef);
2861 213 : tree rhstype = TREE_TYPE (rhs1);
2862 :
2863 213 : if ((POINTER_TYPE_P (rhstype) && code == POINTER_PLUS_EXPR)
2864 213 : || (INTEGRAL_TYPE_P (rhstype)
2865 213 : && (code == BIT_AND_EXPR
2866 213 : || code == NOP_EXPR)))
2867 : {
2868 : /* Pointer plus (an integer), and truncation are considered among
2869 : the (potentially) related expressions to strlen. */
2870 : return is_strlen_related_p (src, rhs1);
2871 : }
2872 :
2873 81 : if (tree rhs2 = gimple_assign_rhs2 (lendef))
2874 : {
2875 : /* Integer subtraction is considered strlen-related when both
2876 : arguments are integers and second one is strlen-related. */
2877 78 : rhstype = TREE_TYPE (rhs2);
2878 78 : if (INTEGRAL_TYPE_P (rhstype) && code == MINUS_EXPR)
2879 : return is_strlen_related_p (src, rhs2);
2880 : }
2881 :
2882 : return false;
2883 : }
2884 :
2885 : /* Called by handle_builtin_stxncpy_strncat and by
2886 : gimple_fold_builtin_strncpy in gimple-fold.cc.
2887 : Check to see if the specified bound is a) equal to the size of
2888 : the destination DST and if so, b) if it's immediately followed by
2889 : DST[CNT - 1] = '\0'. If a) holds and b) does not, warn. Otherwise,
2890 : do nothing. Return true if diagnostic has been issued.
2891 :
2892 : The purpose is to diagnose calls to strncpy and stpncpy that do
2893 : not nul-terminate the copy while allowing for the idiom where
2894 : such a call is immediately followed by setting the last element
2895 : to nul, as in:
2896 : char a[32];
2897 : strncpy (a, s, sizeof a);
2898 : a[sizeof a - 1] = '\0';
2899 : */
2900 :
2901 : bool
2902 3629 : maybe_diag_stxncpy_trunc (gimple_stmt_iterator gsi, tree src, tree cnt,
2903 : pointer_query *ptr_qry /* = NULL */)
2904 : {
2905 3629 : gimple *stmt = gsi_stmt (gsi);
2906 3629 : if (warning_suppressed_p (stmt, OPT_Wstringop_truncation))
2907 : return false;
2908 :
2909 18055 : wide_int cntrange[2];
2910 3611 : int_range_max r;
2911 7222 : if (!get_range_query (cfun)->range_of_expr (r, cnt)
2912 3611 : || r.varying_p ()
2913 6778 : || r.undefined_p ())
2914 : return false;
2915 :
2916 3167 : tree min, max;
2917 3167 : value_range_kind kind = get_legacy_range (r, min, max);
2918 3167 : cntrange[0] = wi::to_wide (min);
2919 3167 : cntrange[1] = wi::to_wide (max);
2920 3167 : if (kind == VR_ANTI_RANGE)
2921 : {
2922 178 : wide_int maxobjsize = wi::to_wide (TYPE_MAX_VALUE (ptrdiff_type_node));
2923 :
2924 178 : if (wi::ltu_p (cntrange[1], maxobjsize))
2925 : {
2926 0 : cntrange[0] = cntrange[1] + 1;
2927 0 : cntrange[1] = maxobjsize;
2928 : }
2929 : else
2930 : {
2931 178 : cntrange[1] = cntrange[0] - 1;
2932 178 : cntrange[0] = wi::zero (TYPE_PRECISION (TREE_TYPE (cnt)));
2933 : }
2934 178 : }
2935 :
2936 : /* Negative value is the constant string length. If it's less than
2937 : the lower bound there is no truncation. Avoid calling get_stridx()
2938 : when ssa_ver_to_stridx is empty. That implies the caller isn't
2939 : running under the control of this pass and ssa_ver_to_stridx hasn't
2940 : been created yet. */
2941 3167 : int sidx = ssa_ver_to_stridx.length () ? get_stridx (src, stmt) : 0;
2942 2472 : if (sidx < 0 && wi::gtu_p (cntrange[0], ~sidx))
2943 199 : return false;
2944 :
2945 2968 : tree dst = gimple_call_arg (stmt, 0);
2946 2968 : tree dstdecl = dst;
2947 2968 : if (TREE_CODE (dstdecl) == ADDR_EXPR)
2948 1107 : dstdecl = TREE_OPERAND (dstdecl, 0);
2949 :
2950 2968 : tree ref = NULL_TREE;
2951 :
2952 2968 : if (!sidx)
2953 : {
2954 : /* If the source is a non-string return early to avoid warning
2955 : for possible truncation (if the truncation is certain SIDX
2956 : is non-zero). */
2957 2401 : tree srcdecl = gimple_call_arg (stmt, 1);
2958 2401 : if (TREE_CODE (srcdecl) == ADDR_EXPR)
2959 1231 : srcdecl = TREE_OPERAND (srcdecl, 0);
2960 2401 : if (get_attr_nonstring_decl (srcdecl, &ref))
2961 : return false;
2962 : }
2963 :
2964 : /* Likewise, if the destination refers to an array/pointer declared
2965 : nonstring return early. */
2966 2558 : if (get_attr_nonstring_decl (dstdecl, &ref))
2967 : return false;
2968 :
2969 : /* Look for dst[i] = '\0'; after the stxncpy() call and if found
2970 : avoid the truncation warning. */
2971 1948 : gsi_next_nondebug (&gsi);
2972 1948 : gimple *next_stmt = gsi_stmt (gsi);
2973 1948 : if (!next_stmt)
2974 : {
2975 : /* When there is no statement in the same basic block check
2976 : the immediate successor block. */
2977 56 : if (basic_block bb = gimple_bb (stmt))
2978 : {
2979 31 : if (single_succ_p (bb))
2980 : {
2981 : /* For simplicity, ignore blocks with multiple outgoing
2982 : edges for now and only consider successor blocks along
2983 : normal edges. */
2984 31 : edge e = EDGE_SUCC (bb, 0);
2985 31 : if (!(e->flags & EDGE_ABNORMAL))
2986 : {
2987 31 : gsi = gsi_start_bb (e->dest);
2988 31 : next_stmt = gsi_stmt (gsi);
2989 31 : if (next_stmt && is_gimple_debug (next_stmt))
2990 : {
2991 22 : gsi_next_nondebug (&gsi);
2992 22 : next_stmt = gsi_stmt (gsi);
2993 : }
2994 : }
2995 : }
2996 : }
2997 : }
2998 :
2999 1948 : if (next_stmt && is_gimple_assign (next_stmt))
3000 : {
3001 465 : tree lhs = gimple_assign_lhs (next_stmt);
3002 465 : tree_code code = TREE_CODE (lhs);
3003 465 : if (code == ARRAY_REF || code == MEM_REF)
3004 117 : lhs = TREE_OPERAND (lhs, 0);
3005 :
3006 465 : tree func = gimple_call_fndecl (stmt);
3007 465 : if (DECL_FUNCTION_CODE (func) == BUILT_IN_STPNCPY)
3008 : {
3009 65 : tree ret = gimple_call_lhs (stmt);
3010 65 : if (ret && operand_equal_p (ret, lhs, 0))
3011 105 : return false;
3012 : }
3013 :
3014 : /* Determine the base address and offset of the reference,
3015 : ignoring the innermost array index. */
3016 449 : if (TREE_CODE (ref) == ARRAY_REF)
3017 61 : ref = TREE_OPERAND (ref, 0);
3018 :
3019 449 : poly_int64 dstoff;
3020 449 : tree dstbase = get_addr_base_and_unit_offset (ref, &dstoff);
3021 :
3022 449 : poly_int64 lhsoff;
3023 449 : tree lhsbase = get_addr_base_and_unit_offset (lhs, &lhsoff);
3024 449 : if (lhsbase
3025 449 : && dstbase
3026 446 : && known_eq (dstoff, lhsoff)
3027 815 : && operand_equal_p (dstbase, lhsbase, 0))
3028 : return false;
3029 : }
3030 :
3031 1843 : int prec = TYPE_PRECISION (TREE_TYPE (cnt));
3032 11058 : wide_int lenrange[2];
3033 1843 : if (strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL)
3034 : {
3035 109 : lenrange[0] = (sisrc->nonzero_chars
3036 109 : && TREE_CODE (sisrc->nonzero_chars) == INTEGER_CST
3037 218 : ? wi::to_wide (sisrc->nonzero_chars)
3038 9 : : wi::zero (prec));
3039 109 : lenrange[1] = lenrange[0];
3040 : }
3041 1734 : else if (sidx < 0)
3042 375 : lenrange[0] = lenrange[1] = wi::shwi (~sidx, prec);
3043 : else
3044 : {
3045 1359 : c_strlen_data lendata = { };
3046 : /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
3047 : to have it set to the length of the longest string in a PHI. */
3048 1359 : lendata.maxbound = src;
3049 1359 : get_range_strlen (src, &lendata, /* eltsize = */1);
3050 1359 : if (TREE_CODE (lendata.minlen) == INTEGER_CST
3051 1359 : && TREE_CODE (lendata.maxbound) == INTEGER_CST)
3052 : {
3053 : /* When LENDATA.MAXLEN is unknown, reset LENDATA.MINLEN
3054 : which stores the length of the shortest known string. */
3055 1359 : if (integer_all_onesp (lendata.maxlen))
3056 613 : lenrange[0] = wi::shwi (0, prec);
3057 : else
3058 746 : lenrange[0] = wi::to_wide (lendata.minlen, prec);
3059 1359 : lenrange[1] = wi::to_wide (lendata.maxbound, prec);
3060 : }
3061 : else
3062 : {
3063 0 : lenrange[0] = wi::shwi (0, prec);
3064 0 : lenrange[1] = wi::shwi (-1, prec);
3065 : }
3066 : }
3067 :
3068 1843 : location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
3069 1843 : tree func = gimple_call_fndecl (stmt);
3070 :
3071 1843 : if (lenrange[0] != 0 || !wi::neg_p (lenrange[1]))
3072 : {
3073 : /* If the longest source string is shorter than the lower bound
3074 : of the specified count the copy is definitely nul-terminated. */
3075 1261 : if (wi::ltu_p (lenrange[1], cntrange[0]))
3076 : return false;
3077 :
3078 916 : if (wi::neg_p (lenrange[1]))
3079 : {
3080 : /* The length of one of the strings is unknown but at least
3081 : one has non-zero length and that length is stored in
3082 : LENRANGE[1]. Swap the bounds to force a "may be truncated"
3083 : warning below. */
3084 0 : lenrange[1] = lenrange[0];
3085 0 : lenrange[0] = wi::shwi (0, prec);
3086 : }
3087 :
3088 : /* Set to true for strncat whose bound is derived from the length
3089 : of the destination (the expected usage pattern). */
3090 916 : bool cat_dstlen_bounded = false;
3091 916 : if (DECL_FUNCTION_CODE (func) == BUILT_IN_STRNCAT)
3092 160 : cat_dstlen_bounded = is_strlen_related_p (dst, cnt);
3093 :
3094 1128 : if (lenrange[0] == cntrange[1] && cntrange[0] == cntrange[1])
3095 203 : return warning_n (callloc, OPT_Wstringop_truncation,
3096 : cntrange[0].to_uhwi (),
3097 : "%qD output truncated before terminating "
3098 : "nul copying %E byte from a string of the "
3099 : "same length",
3100 : "%qD output truncated before terminating nul "
3101 : "copying %E bytes from a string of the same "
3102 : "length",
3103 : func, cnt);
3104 713 : else if (!cat_dstlen_bounded)
3105 : {
3106 709 : if (wi::geu_p (lenrange[0], cntrange[1]))
3107 : {
3108 : /* The shortest string is longer than the upper bound of
3109 : the count so the truncation is certain. */
3110 345 : if (cntrange[0] == cntrange[1])
3111 304 : return warning_n (callloc, OPT_Wstringop_truncation,
3112 : cntrange[0].to_uhwi (),
3113 : "%qD output truncated copying %E byte "
3114 : "from a string of length %wu",
3115 : "%qD output truncated copying %E bytes "
3116 : "from a string of length %wu",
3117 : func, cnt, lenrange[0].to_uhwi ());
3118 :
3119 41 : return warning_at (callloc, OPT_Wstringop_truncation,
3120 : "%qD output truncated copying between %wu "
3121 : "and %wu bytes from a string of length %wu",
3122 : func, cntrange[0].to_uhwi (),
3123 : cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3124 : }
3125 364 : else if (wi::geu_p (lenrange[1], cntrange[1]))
3126 : {
3127 : /* The longest string is longer than the upper bound of
3128 : the count so the truncation is possible. */
3129 80 : if (cntrange[0] == cntrange[1])
3130 60 : return warning_n (callloc, OPT_Wstringop_truncation,
3131 : cntrange[0].to_uhwi (),
3132 : "%qD output may be truncated copying %E "
3133 : "byte from a string of length %wu",
3134 : "%qD output may be truncated copying %E "
3135 : "bytes from a string of length %wu",
3136 : func, cnt, lenrange[1].to_uhwi ());
3137 :
3138 20 : return warning_at (callloc, OPT_Wstringop_truncation,
3139 : "%qD output may be truncated copying between "
3140 : "%wu and %wu bytes from a string of length %wu",
3141 : func, cntrange[0].to_uhwi (),
3142 : cntrange[1].to_uhwi (), lenrange[1].to_uhwi ());
3143 : }
3144 : }
3145 :
3146 284 : if (!cat_dstlen_bounded
3147 284 : && cntrange[0] != cntrange[1]
3148 284 : && wi::leu_p (cntrange[0], lenrange[0])
3149 555 : && wi::leu_p (cntrange[1], lenrange[0] + 1))
3150 : {
3151 : /* If the source (including the terminating nul) is longer than
3152 : the lower bound of the specified count but shorter than the
3153 : upper bound the copy may (but need not) be truncated. */
3154 20 : return warning_at (callloc, OPT_Wstringop_truncation,
3155 : "%qD output may be truncated copying between "
3156 : "%wu and %wu bytes from a string of length %wu",
3157 : func, cntrange[0].to_uhwi (),
3158 : cntrange[1].to_uhwi (), lenrange[0].to_uhwi ());
3159 : }
3160 : }
3161 :
3162 850 : access_ref aref;
3163 850 : if (tree dstsize = compute_objsize (dst, stmt, 1, &aref, ptr_qry))
3164 : {
3165 : /* The source length is unknown. Try to determine the destination
3166 : size and see if it matches the specified bound. If not, bail.
3167 : Otherwise go on to see if it should be diagnosed for possible
3168 : truncation. */
3169 850 : if (!dstsize)
3170 : return false;
3171 :
3172 850 : if (wi::to_wide (dstsize) != cntrange[1])
3173 : return false;
3174 :
3175 : /* Avoid warning for strncpy(a, b, N) calls where the following
3176 : equalities hold:
3177 : N == sizeof a && N == sizeof b */
3178 264 : if (tree srcsize = compute_objsize (src, stmt, 1, &aref, ptr_qry))
3179 264 : if (wi::to_wide (srcsize) == cntrange[1])
3180 : return false;
3181 :
3182 250 : if (cntrange[0] == cntrange[1])
3183 193 : return warning_at (callloc, OPT_Wstringop_truncation,
3184 : "%qD specified bound %E equals destination size",
3185 : func, cnt);
3186 : }
3187 :
3188 : return false;
3189 16362 : }
3190 :
3191 : /* Check the arguments to the built-in forms of stpncpy, strncpy, and
3192 : strncat, for out-of-bounds offsets or overlapping access, and to see
3193 : if the size is derived from calling strlen() on the source argument,
3194 : and if so, issue the appropriate warning.
3195 : APPEND_P is true for strncat. */
3196 :
3197 : void
3198 3292 : strlen_pass::handle_builtin_stxncpy_strncat (bool append_p)
3199 : {
3200 3292 : if (!strlen_to_stridx)
3201 3188 : return;
3202 :
3203 3249 : gimple *stmt = gsi_stmt (m_gsi);
3204 :
3205 3249 : tree dst = gimple_call_arg (stmt, 0);
3206 3249 : tree src = gimple_call_arg (stmt, 1);
3207 3249 : tree len = gimple_call_arg (stmt, 2);
3208 : /* An upper bound of the size of the destination. */
3209 3249 : tree dstsize = NULL_TREE;
3210 : /* The length of the destination and source strings (plus 1 for those
3211 : whose FULL_STRING_P is set, i.e., whose length is exact rather than
3212 : a lower bound). */
3213 3249 : tree dstlenp1 = NULL_TREE, srclenp1 = NULL_TREE;;
3214 :
3215 3249 : int didx = get_stridx (dst, stmt);
3216 3249 : if (strinfo *sidst = didx > 0 ? get_strinfo (didx) : NULL)
3217 : {
3218 : /* Compute the size of the destination string including the nul
3219 : if it is known to be nul-terminated. */
3220 310 : if (sidst->nonzero_chars)
3221 : {
3222 268 : if (sidst->full_string_p)
3223 : {
3224 : /* String is known to be nul-terminated. */
3225 250 : tree type = TREE_TYPE (sidst->nonzero_chars);
3226 250 : dstlenp1 = fold_build2 (PLUS_EXPR, type, sidst->nonzero_chars,
3227 : build_int_cst (type, 1));
3228 : }
3229 : else
3230 : dstlenp1 = sidst->nonzero_chars;
3231 : }
3232 42 : else if (TREE_CODE (sidst->ptr) == SSA_NAME)
3233 : {
3234 42 : gimple *def_stmt = SSA_NAME_DEF_STMT (sidst->ptr);
3235 42 : dstsize = gimple_call_alloc_size (def_stmt);
3236 : }
3237 :
3238 310 : dst = sidst->ptr;
3239 : }
3240 :
3241 3249 : int sidx = get_stridx (src, stmt);
3242 3249 : strinfo *sisrc = sidx > 0 ? get_strinfo (sidx) : NULL;
3243 365 : if (sisrc)
3244 : {
3245 : /* strncat() and strncpy() can modify the source string by writing
3246 : over the terminating nul so SISRC->DONT_INVALIDATE must be left
3247 : clear. */
3248 :
3249 : /* Compute the size of the source string including the terminating
3250 : nul if its known to be nul-terminated. */
3251 342 : if (sisrc->nonzero_chars)
3252 : {
3253 342 : if (sisrc->full_string_p)
3254 : {
3255 334 : tree type = TREE_TYPE (sisrc->nonzero_chars);
3256 334 : srclenp1 = fold_build2 (PLUS_EXPR, type, sisrc->nonzero_chars,
3257 : build_int_cst (type, 1));
3258 : }
3259 : else
3260 : srclenp1 = sisrc->nonzero_chars;
3261 : }
3262 :
3263 342 : src = sisrc->ptr;
3264 : }
3265 : else
3266 : srclenp1 = NULL_TREE;
3267 :
3268 3249 : opt_code opt = check_bounds_or_overlap (stmt, dst, src, dstlenp1, srclenp1);
3269 3249 : if (opt != no_warning)
3270 : {
3271 211 : suppress_warning (stmt, opt);
3272 211 : return;
3273 : }
3274 :
3275 : /* If the length argument was computed from strlen(S) for some string
3276 : S retrieve the strinfo index for the string (PSS->FIRST) along with
3277 : the location of the strlen() call (PSS->SECOND). */
3278 3038 : stridx_strlenloc *pss = strlen_to_stridx->get (len);
3279 3038 : if (!pss || pss->first <= 0)
3280 : {
3281 2934 : if (maybe_diag_stxncpy_trunc (m_gsi, src, len))
3282 241 : suppress_warning (stmt, OPT_Wstringop_truncation);
3283 :
3284 2934 : return;
3285 : }
3286 :
3287 : /* Retrieve the strinfo data for the string S that LEN was computed
3288 : from as some function F of strlen (S) (i.e., LEN need not be equal
3289 : to strlen(S)). */
3290 104 : strinfo *silen = get_strinfo (pss->first);
3291 :
3292 104 : location_t callloc = gimple_or_expr_nonartificial_location (stmt, dst);
3293 :
3294 104 : tree func = gimple_call_fndecl (stmt);
3295 :
3296 104 : bool warned = false;
3297 :
3298 : /* When -Wstringop-truncation is set, try to determine truncation
3299 : before diagnosing possible overflow. Truncation is implied by
3300 : the LEN argument being equal to strlen(SRC), regardless of
3301 : whether its value is known. Otherwise, when appending, or
3302 : when copying into a destination of known size, issue the more
3303 : generic -Wstringop-overflow which triggers for LEN arguments
3304 : that in any meaningful way depend on strlen(SRC). */
3305 104 : if (!append_p
3306 104 : && sisrc == silen
3307 60 : && is_strlen_related_p (src, len)
3308 148 : && warning_at (callloc, OPT_Wstringop_truncation,
3309 : "%qD output truncated before terminating nul "
3310 : "copying as many bytes from a string as its length",
3311 : func))
3312 : warned = true;
3313 1 : else if ((append_p || !dstsize || len == dstlenp1)
3314 76 : && silen && is_strlen_related_p (src, silen->ptr))
3315 : {
3316 : /* Issue -Wstringop-overflow when appending or when writing into
3317 : a destination of a known size. Otherwise, when copying into
3318 : a destination of an unknown size, it's truncation. */
3319 31 : opt_code opt = (append_p || dstsize
3320 75 : ? OPT_Wstringop_overflow_ : OPT_Wstringop_truncation);
3321 75 : warned = warning_at (callloc, opt,
3322 : "%qD specified bound depends on the length "
3323 : "of the source argument",
3324 : func);
3325 : }
3326 103 : if (warned)
3327 : {
3328 83 : location_t strlenloc = pss->second;
3329 83 : if (strlenloc != UNKNOWN_LOCATION && strlenloc != callloc)
3330 83 : inform (strlenloc, "length computed here");
3331 : }
3332 : }
3333 :
3334 : /* Handle a memcpy-like ({mem{,p}cpy,__mem{,p}cpy_chk}) call.
3335 : If strlen of the second argument is known and length of the third argument
3336 : is that plus one, strlen of the first argument is the same after this
3337 : call. Uses RVALS to determine range information. */
3338 :
3339 : void
3340 79877 : strlen_pass::handle_builtin_memcpy (built_in_function bcode)
3341 : {
3342 79877 : tree lhs, oldlen, newlen;
3343 79877 : gimple *stmt = gsi_stmt (m_gsi);
3344 79877 : strinfo *si, *dsi;
3345 :
3346 79877 : tree len = gimple_call_arg (stmt, 2);
3347 79877 : tree src = gimple_call_arg (stmt, 1);
3348 79877 : tree dst = gimple_call_arg (stmt, 0);
3349 :
3350 79877 : int didx = get_stridx (dst, stmt);
3351 79877 : if (didx < 0)
3352 : return;
3353 79877 : int idx = get_stridx (src, stmt);
3354 79877 : strinfo *olddsi = NULL;
3355 79877 : if (didx > 0)
3356 25472 : olddsi = get_strinfo (didx);
3357 :
3358 25472 : if (olddsi != NULL
3359 25472 : && !integer_zerop (len))
3360 : {
3361 18743 : maybe_warn_overflow (stmt, false, len, olddsi, false, true);
3362 18743 : if (tree_fits_uhwi_p (len))
3363 6786 : adjust_last_stmt (olddsi, stmt, false);
3364 : }
3365 :
3366 79877 : if (idx == 0)
3367 : return;
3368 :
3369 26172 : bool full_string_p;
3370 26172 : if (idx > 0)
3371 : {
3372 8679 : gimple *def_stmt;
3373 :
3374 : /* Handle memcpy (x, y, l) where l's relationship with strlen (y)
3375 : is known. */
3376 8679 : si = get_strinfo (idx);
3377 8679 : if (si == NULL || si->nonzero_chars == NULL_TREE)
3378 : return;
3379 4058 : if (TREE_CODE (len) == INTEGER_CST
3380 1497 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
3381 : {
3382 1486 : if (tree_int_cst_le (len, si->nonzero_chars))
3383 : {
3384 : /* Copying LEN nonzero characters, where LEN is constant. */
3385 : newlen = len;
3386 : full_string_p = false;
3387 : }
3388 : else
3389 : {
3390 : /* Copying the whole of the analyzed part of SI. */
3391 212 : newlen = si->nonzero_chars;
3392 212 : full_string_p = si->full_string_p;
3393 : }
3394 : }
3395 : else
3396 : {
3397 2572 : if (!si->full_string_p)
3398 : return;
3399 2541 : if (TREE_CODE (len) != SSA_NAME)
3400 : return;
3401 2530 : def_stmt = SSA_NAME_DEF_STMT (len);
3402 2530 : if (!is_gimple_assign (def_stmt)
3403 217 : || gimple_assign_rhs_code (def_stmt) != PLUS_EXPR
3404 113 : || gimple_assign_rhs1 (def_stmt) != si->nonzero_chars
3405 2633 : || !integer_onep (gimple_assign_rhs2 (def_stmt)))
3406 2427 : return;
3407 : /* Copying variable-length string SI (and no more). */
3408 103 : newlen = si->nonzero_chars;
3409 103 : full_string_p = true;
3410 : }
3411 : }
3412 : else
3413 : {
3414 17493 : si = NULL;
3415 : /* Handle memcpy (x, "abcd", 5) or
3416 : memcpy (x, "abc\0uvw", 7). */
3417 17493 : if (!tree_fits_uhwi_p (len))
3418 82 : return;
3419 :
3420 17411 : unsigned HOST_WIDE_INT clen = tree_to_uhwi (len);
3421 17411 : unsigned HOST_WIDE_INT nonzero_chars = ~idx;
3422 31730 : newlen = build_int_cst (size_type_node, MIN (nonzero_chars, clen));
3423 17411 : full_string_p = clen > nonzero_chars;
3424 : }
3425 :
3426 19000 : if (!full_string_p
3427 19000 : && olddsi
3428 3503 : && olddsi->nonzero_chars
3429 422 : && TREE_CODE (olddsi->nonzero_chars) == INTEGER_CST
3430 19422 : && tree_int_cst_le (newlen, olddsi->nonzero_chars))
3431 : {
3432 : /* The SRC substring being written strictly overlaps
3433 : a subsequence of the existing string OLDDSI. */
3434 169 : newlen = olddsi->nonzero_chars;
3435 169 : full_string_p = olddsi->full_string_p;
3436 : }
3437 :
3438 19000 : if (olddsi != NULL && TREE_CODE (len) == SSA_NAME)
3439 74 : adjust_last_stmt (olddsi, stmt, false);
3440 :
3441 19000 : if (didx == 0)
3442 : {
3443 12349 : didx = new_stridx (dst);
3444 12349 : if (didx == 0)
3445 : return;
3446 : }
3447 18997 : oldlen = NULL_TREE;
3448 18997 : if (olddsi != NULL)
3449 : {
3450 4989 : dsi = unshare_strinfo (olddsi);
3451 4989 : oldlen = olddsi->nonzero_chars;
3452 4989 : dsi->nonzero_chars = newlen;
3453 4989 : dsi->full_string_p = full_string_p;
3454 : /* Break the chain, so adjust_related_strinfo on later pointers in
3455 : the chain won't adjust this one anymore. */
3456 4989 : dsi->next = 0;
3457 4989 : dsi->stmt = NULL;
3458 4989 : dsi->endptr = NULL_TREE;
3459 : }
3460 : else
3461 : {
3462 14008 : dsi = new_strinfo (dst, didx, newlen, full_string_p);
3463 14008 : set_strinfo (didx, dsi);
3464 14008 : find_equal_ptrs (dst, didx);
3465 : }
3466 18997 : dsi->writable = true;
3467 18997 : dsi->dont_invalidate = true;
3468 18997 : if (olddsi != NULL)
3469 : {
3470 4989 : tree adj = NULL_TREE;
3471 4989 : location_t loc = gimple_location (stmt);
3472 4989 : if (oldlen == NULL_TREE)
3473 : ;
3474 1300 : else if (integer_zerop (oldlen))
3475 : adj = newlen;
3476 607 : else if (TREE_CODE (oldlen) == INTEGER_CST
3477 6 : || TREE_CODE (newlen) == INTEGER_CST)
3478 607 : adj = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (newlen), newlen,
3479 607 : fold_convert_loc (loc, TREE_TYPE (newlen),
3480 : oldlen));
3481 1300 : if (adj != NULL_TREE)
3482 1300 : adjust_related_strinfos (loc, dsi, adj);
3483 : else
3484 3689 : dsi->prev = 0;
3485 : }
3486 : /* memcpy src may not overlap dst, so src doesn't need to be
3487 : invalidated either. */
3488 18997 : if (si != NULL)
3489 1589 : si->dont_invalidate = true;
3490 :
3491 18997 : if (full_string_p)
3492 : {
3493 3384 : lhs = gimple_call_lhs (stmt);
3494 3384 : switch (bcode)
3495 : {
3496 3328 : case BUILT_IN_MEMCPY:
3497 3328 : case BUILT_IN_MEMCPY_CHK:
3498 : /* Allow adjust_last_stmt to decrease this memcpy's size. */
3499 3328 : laststmt.stmt = stmt;
3500 3328 : laststmt.len = dsi->nonzero_chars;
3501 3328 : laststmt.stridx = dsi->idx;
3502 3328 : if (lhs)
3503 323 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = didx;
3504 : break;
3505 : case BUILT_IN_MEMPCPY:
3506 : case BUILT_IN_MEMPCPY_CHK:
3507 : break;
3508 0 : default:
3509 0 : gcc_unreachable ();
3510 : }
3511 : }
3512 : }
3513 :
3514 : /* Handle a strcat-like ({strcat,__strcat_chk}) call.
3515 : If strlen of the second argument is known, strlen of the first argument
3516 : is increased by the length of the second argument. Furthermore, attempt
3517 : to convert it to memcpy/strcpy if the length of the first argument
3518 : is known. */
3519 :
3520 : void
3521 827 : strlen_pass::handle_builtin_strcat (built_in_function bcode)
3522 : {
3523 827 : int idx, didx;
3524 827 : tree srclen, args, type, fn, objsz, endptr;
3525 827 : bool success;
3526 827 : gimple *stmt = gsi_stmt (m_gsi);
3527 827 : strinfo *si, *dsi;
3528 827 : location_t loc = gimple_location (stmt);
3529 :
3530 827 : tree src = gimple_call_arg (stmt, 1);
3531 827 : tree dst = gimple_call_arg (stmt, 0);
3532 :
3533 : /* Bail if the source is the same as destination. It will be diagnosed
3534 : elsewhere. */
3535 827 : if (operand_equal_p (src, dst, 0))
3536 : return;
3537 :
3538 788 : tree lhs = gimple_call_lhs (stmt);
3539 :
3540 788 : didx = get_stridx (dst, stmt);
3541 788 : if (didx < 0)
3542 : return;
3543 788 : idx = get_stridx (src, stmt);
3544 :
3545 788 : dsi = NULL;
3546 788 : if (didx > 0)
3547 469 : dsi = get_strinfo (didx);
3548 :
3549 788 : srclen = NULL_TREE;
3550 788 : si = NULL;
3551 788 : if (idx < 0)
3552 84 : srclen = build_int_cst (size_type_node, ~idx);
3553 704 : else if (idx > 0)
3554 : {
3555 394 : si = get_strinfo (idx);
3556 394 : if (si != NULL)
3557 353 : srclen = get_string_length (si);
3558 : }
3559 :
3560 : /* Disable warning for the transformed statement? */
3561 788 : opt_code no_warning_opt = no_warning;
3562 :
3563 788 : if (dsi == NULL || get_string_length (dsi) == NULL_TREE)
3564 : {
3565 464 : {
3566 : /* The concatenation always involves copying at least one byte
3567 : (the terminating nul), even if the source string is empty.
3568 : If the source is unknown assume it's one character long and
3569 : used that as both sizes. */
3570 464 : tree slen = srclen;
3571 464 : if (slen)
3572 : {
3573 197 : tree type = TREE_TYPE (slen);
3574 197 : slen = fold_build2 (PLUS_EXPR, type, slen, build_int_cst (type, 1));
3575 : }
3576 :
3577 464 : tree sptr = si && si->ptr ? si->ptr : src;
3578 464 : no_warning_opt = check_bounds_or_overlap (stmt, dst, sptr, NULL_TREE,
3579 : slen);
3580 464 : if (no_warning_opt)
3581 49 : suppress_warning (stmt, no_warning_opt);
3582 : }
3583 :
3584 : /* strcat (p, q) can be transformed into
3585 : tmp = p + strlen (p); endptr = stpcpy (tmp, q);
3586 : with length endptr - p if we need to compute the length
3587 : later on. Don't do this transformation if we don't need
3588 : it. */
3589 602 : if (builtin_decl_implicit_p (BUILT_IN_STPCPY) && lhs == NULL_TREE)
3590 : {
3591 70 : if (didx == 0)
3592 : {
3593 42 : didx = new_stridx (dst);
3594 42 : if (didx == 0)
3595 : return;
3596 : }
3597 70 : if (dsi == NULL)
3598 : {
3599 70 : dsi = new_strinfo (dst, didx, NULL_TREE, false);
3600 70 : set_strinfo (didx, dsi);
3601 70 : find_equal_ptrs (dst, didx);
3602 : }
3603 : else
3604 : {
3605 0 : dsi = unshare_strinfo (dsi);
3606 0 : dsi->nonzero_chars = NULL_TREE;
3607 0 : dsi->full_string_p = false;
3608 0 : dsi->next = 0;
3609 0 : dsi->endptr = NULL_TREE;
3610 : }
3611 70 : dsi->writable = true;
3612 70 : dsi->stmt = stmt;
3613 70 : dsi->dont_invalidate = true;
3614 : }
3615 464 : return;
3616 : }
3617 :
3618 324 : tree dstlen = dsi->nonzero_chars;
3619 324 : endptr = dsi->endptr;
3620 :
3621 324 : dsi = unshare_strinfo (dsi);
3622 324 : dsi->endptr = NULL_TREE;
3623 324 : dsi->stmt = NULL;
3624 324 : dsi->writable = true;
3625 :
3626 324 : if (srclen != NULL_TREE)
3627 : {
3628 240 : dsi->nonzero_chars = fold_build2_loc (loc, PLUS_EXPR,
3629 240 : TREE_TYPE (dsi->nonzero_chars),
3630 : dsi->nonzero_chars, srclen);
3631 240 : gcc_assert (dsi->full_string_p);
3632 240 : adjust_related_strinfos (loc, dsi, srclen);
3633 240 : dsi->dont_invalidate = true;
3634 : }
3635 : else
3636 : {
3637 84 : dsi->nonzero_chars = NULL;
3638 84 : dsi->full_string_p = false;
3639 84 : if (lhs == NULL_TREE && builtin_decl_implicit_p (BUILT_IN_STPCPY))
3640 64 : dsi->dont_invalidate = true;
3641 : }
3642 :
3643 324 : if (si != NULL)
3644 : /* strcat src may not overlap dst, so src doesn't need to be
3645 : invalidated either. */
3646 191 : si->dont_invalidate = true;
3647 :
3648 : /* For now. Could remove the lhs from the call and add
3649 : lhs = dst; afterwards. */
3650 324 : if (lhs)
3651 : return;
3652 :
3653 190 : fn = NULL_TREE;
3654 190 : objsz = NULL_TREE;
3655 190 : switch (bcode)
3656 : {
3657 174 : case BUILT_IN_STRCAT:
3658 174 : if (srclen != NULL_TREE)
3659 94 : fn = builtin_decl_implicit (BUILT_IN_MEMCPY);
3660 : else
3661 80 : fn = builtin_decl_implicit (BUILT_IN_STRCPY);
3662 : break;
3663 16 : case BUILT_IN_STRCAT_CHK:
3664 16 : if (srclen != NULL_TREE)
3665 14 : fn = builtin_decl_explicit (BUILT_IN_MEMCPY_CHK);
3666 : else
3667 2 : fn = builtin_decl_explicit (BUILT_IN_STRCPY_CHK);
3668 16 : objsz = gimple_call_arg (stmt, 2);
3669 16 : break;
3670 0 : default:
3671 0 : gcc_unreachable ();
3672 : }
3673 :
3674 190 : if (fn == NULL_TREE)
3675 : return;
3676 :
3677 190 : if (dsi && dstlen)
3678 : {
3679 190 : tree type = TREE_TYPE (dstlen);
3680 :
3681 : /* Compute the size of the source sequence, including the nul. */
3682 190 : tree srcsize = srclen ? srclen : size_zero_node;
3683 190 : tree one = build_int_cst (type, 1);
3684 190 : srcsize = fold_build2 (PLUS_EXPR, type, srcsize, one);
3685 190 : tree dstsize = fold_build2 (PLUS_EXPR, type, dstlen, one);
3686 190 : tree sptr = si && si->ptr ? si->ptr : src;
3687 :
3688 190 : no_warning_opt = check_bounds_or_overlap (stmt, dst, sptr, dstsize,
3689 : srcsize);
3690 190 : if (no_warning_opt)
3691 71 : suppress_warning (stmt, no_warning_opt);
3692 : }
3693 :
3694 190 : tree len = NULL_TREE;
3695 190 : if (srclen != NULL_TREE)
3696 : {
3697 108 : args = TYPE_ARG_TYPES (TREE_TYPE (fn));
3698 108 : type = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (args)));
3699 :
3700 108 : len = fold_convert_loc (loc, type, unshare_expr (srclen));
3701 108 : len = fold_build2_loc (loc, PLUS_EXPR, type, len,
3702 : build_int_cst (type, 1));
3703 108 : len = force_gimple_operand_gsi (&m_gsi, len, true, NULL_TREE, true,
3704 : GSI_SAME_STMT);
3705 : }
3706 190 : if (endptr)
3707 24 : dst = fold_convert_loc (loc, TREE_TYPE (dst), unshare_expr (endptr));
3708 : else
3709 166 : dst = fold_build2_loc (loc, POINTER_PLUS_EXPR, TREE_TYPE (dst), dst,
3710 : fold_convert_loc (loc, sizetype,
3711 : unshare_expr (dstlen)));
3712 190 : dst = force_gimple_operand_gsi (&m_gsi, dst, true, NULL_TREE, true,
3713 : GSI_SAME_STMT);
3714 190 : if (objsz)
3715 : {
3716 32 : objsz = fold_build2_loc (loc, MINUS_EXPR, TREE_TYPE (objsz), objsz,
3717 16 : fold_convert_loc (loc, TREE_TYPE (objsz),
3718 : unshare_expr (dstlen)));
3719 16 : objsz = force_gimple_operand_gsi (&m_gsi, objsz, true, NULL_TREE, true,
3720 : GSI_SAME_STMT);
3721 : }
3722 190 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3723 : {
3724 0 : fprintf (dump_file, "Optimizing: ");
3725 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3726 : }
3727 190 : if (srclen != NULL_TREE)
3728 202 : success = update_gimple_call (&m_gsi, fn, 3 + (objsz != NULL_TREE),
3729 : dst, src, len, objsz);
3730 : else
3731 162 : success = update_gimple_call (&m_gsi, fn, 2 + (objsz != NULL_TREE),
3732 : dst, src, objsz);
3733 190 : if (success)
3734 : {
3735 190 : stmt = gsi_stmt (m_gsi);
3736 190 : update_stmt (stmt);
3737 190 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3738 : {
3739 0 : fprintf (dump_file, "into: ");
3740 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
3741 : }
3742 : /* If srclen == NULL, note that current string length can be
3743 : computed by transforming this strcpy into stpcpy. */
3744 190 : if (srclen == NULL_TREE && dsi->dont_invalidate)
3745 64 : dsi->stmt = stmt;
3746 190 : adjust_last_stmt (dsi, stmt, true);
3747 190 : if (srclen != NULL_TREE)
3748 : {
3749 108 : laststmt.stmt = stmt;
3750 108 : laststmt.len = srclen;
3751 108 : laststmt.stridx = dsi->idx;
3752 : }
3753 : }
3754 0 : else if (dump_file && (dump_flags & TDF_DETAILS) != 0)
3755 0 : fprintf (dump_file, "not possible.\n");
3756 :
3757 190 : if (no_warning_opt)
3758 71 : suppress_warning (stmt, no_warning_opt);
3759 : }
3760 :
3761 : /* Handle a call to an allocation function like alloca, malloc or calloc,
3762 : or an ordinary allocation function declared with attribute alloc_size. */
3763 :
3764 : void
3765 96664 : strlen_pass::handle_alloc_call (built_in_function bcode)
3766 : {
3767 96664 : gimple *stmt = gsi_stmt (m_gsi);
3768 96664 : tree lhs = gimple_call_lhs (stmt);
3769 96664 : if (lhs == NULL_TREE)
3770 : return;
3771 :
3772 96572 : gcc_assert (get_stridx (lhs, stmt) == 0);
3773 96572 : int idx = new_stridx (lhs);
3774 96572 : tree length = NULL_TREE;
3775 96572 : if (bcode == BUILT_IN_CALLOC)
3776 483 : length = build_int_cst (size_type_node, 0);
3777 96572 : strinfo *si = new_strinfo (lhs, idx, length, length != NULL_TREE);
3778 96572 : if (bcode == BUILT_IN_CALLOC)
3779 : {
3780 : /* Only set STMT for calloc and malloc. */
3781 483 : si->stmt = stmt;
3782 : /* Only set ENDPTR for calloc. */
3783 483 : si->endptr = lhs;
3784 : }
3785 96089 : else if (bcode == BUILT_IN_MALLOC)
3786 27370 : si->stmt = stmt;
3787 :
3788 : /* Set ALLOC is set for all allocation functions. */
3789 96572 : si->alloc = stmt;
3790 96572 : set_strinfo (idx, si);
3791 96572 : si->writable = true;
3792 96572 : si->dont_invalidate = true;
3793 : }
3794 :
3795 : /* Returns true of the last statement of the bb is a conditional
3796 : that checks ptr for null-ness. */
3797 : static bool
3798 235 : last_stmt_ptr_check (tree ptr, basic_block bb)
3799 : {
3800 235 : gimple_stmt_iterator gsi = gsi_last_nondebug_bb (bb);
3801 270 : gcond *cstmt = dyn_cast <gcond *>(gsi_stmt (gsi));
3802 234 : if (!cstmt)
3803 : return false;
3804 234 : if (gimple_cond_code (cstmt) != EQ_EXPR && gimple_cond_code (cstmt) != NE_EXPR)
3805 : return false;
3806 204 : if (!integer_zerop (gimple_cond_rhs (cstmt)))
3807 : return false;
3808 204 : if (!operand_equal_p (gimple_cond_lhs (cstmt), ptr))
3809 : return false;
3810 : return true;
3811 : }
3812 :
3813 : /* Check if doing a malloc+memset to calloc is a good idea. PTR is the
3814 : return value of the malloc/where the memset happens. MALLOC_BB is
3815 : the basic block of the malloc. MEMSET_BB is basic block of the memset. */
3816 :
3817 : static bool
3818 390 : allow_memset_malloc_to_calloc (tree ptr, basic_block malloc_bb,
3819 : basic_block memset_bb)
3820 : {
3821 : /* If the malloc and memset are in the same block, then always
3822 : allow the transformation. Don't need post dominator calculation. */
3823 390 : if (malloc_bb == memset_bb)
3824 : return true;
3825 :
3826 234 : if (!dom_info_available_p (cfun, CDI_POST_DOMINATORS))
3827 185 : calculate_dominance_info (CDI_POST_DOMINATORS);
3828 :
3829 : /* If the memset is always executed after the malloc, then allow
3830 : to optimize to calloc. */
3831 234 : if (dominated_by_p (CDI_POST_DOMINATORS, malloc_bb, memset_bb))
3832 : return true;
3833 :
3834 : /* If the malloc bb ends in a ptr check, then we need to check if
3835 : either successor is post dominated by the memset bb. */
3836 221 : if (last_stmt_ptr_check (ptr, malloc_bb))
3837 : {
3838 198 : if (dominated_by_p (CDI_POST_DOMINATORS, EDGE_SUCC (malloc_bb, 0)->dest, memset_bb))
3839 : return true;
3840 188 : if (dominated_by_p (CDI_POST_DOMINATORS, EDGE_SUCC (malloc_bb, 1)->dest, memset_bb))
3841 : return true;
3842 : }
3843 :
3844 : /* At this point we want to only handle:
3845 : malloc();
3846 : ...
3847 : if (ptr) goto memset_bb; */
3848 108 : if (!single_pred_p (memset_bb))
3849 : return false;
3850 :
3851 : /* If the predecessor of the memset bb is not post dominated by malloc, then the memset is
3852 : conditionalized by something more than just the checking if ptr is non-null. */
3853 57 : if (!dominated_by_p (CDI_POST_DOMINATORS, malloc_bb, single_pred_edge (memset_bb)->src))
3854 : return false;
3855 :
3856 14 : return last_stmt_ptr_check (ptr, single_pred_edge (memset_bb)->src);
3857 : }
3858 :
3859 : /* Handle a call to memset.
3860 : After a call to calloc, memset(,0,) is unnecessary.
3861 : memset(malloc(n),0,n) is calloc(n,1).
3862 : return true when the call is transformed, false otherwise.
3863 : When nonnull uses RVALS to determine range information. */
3864 :
3865 : bool
3866 25579 : strlen_pass::handle_builtin_memset (bool *zero_write)
3867 : {
3868 25579 : gimple *memset_stmt = gsi_stmt (m_gsi);
3869 25579 : tree ptr = gimple_call_arg (memset_stmt, 0);
3870 25579 : tree memset_val = gimple_call_arg (memset_stmt, 1);
3871 25579 : tree memset_size = gimple_call_arg (memset_stmt, 2);
3872 :
3873 : /* Set to the non-constant offset added to PTR. */
3874 127895 : wide_int offrng[2];
3875 25579 : int idx1 = get_stridx (ptr, memset_stmt, offrng, ptr_qry.rvals);
3876 25579 : if (idx1 == 0
3877 16687 : && TREE_CODE (memset_val) == INTEGER_CST
3878 41334 : && ((TREE_CODE (memset_size) == INTEGER_CST
3879 8296 : && !integer_zerop (memset_size))
3880 7459 : || TREE_CODE (memset_size) == SSA_NAME))
3881 : {
3882 15755 : unsigned HOST_WIDE_INT mask = (HOST_WIDE_INT_1U << CHAR_TYPE_SIZE) - 1;
3883 15755 : bool full_string_p = (wi::to_wide (memset_val) & mask) == 0;
3884 :
3885 : /* We only handle symbolic lengths when writing non-zero values. */
3886 15755 : if (full_string_p && TREE_CODE (memset_size) != INTEGER_CST)
3887 : return false;
3888 :
3889 11166 : idx1 = new_stridx (ptr);
3890 11166 : if (idx1 == 0)
3891 : return false;
3892 11153 : tree newlen;
3893 11153 : if (full_string_p)
3894 6183 : newlen = build_int_cst (size_type_node, 0);
3895 4970 : else if (TREE_CODE (memset_size) == INTEGER_CST)
3896 2100 : newlen = fold_convert (size_type_node, memset_size);
3897 : else
3898 : newlen = memset_size;
3899 :
3900 11153 : strinfo *dsi = new_strinfo (ptr, idx1, newlen, full_string_p);
3901 11153 : set_strinfo (idx1, dsi);
3902 11153 : find_equal_ptrs (ptr, idx1);
3903 11153 : dsi->dont_invalidate = true;
3904 11153 : dsi->writable = true;
3905 11153 : return false;
3906 : }
3907 :
3908 9824 : if (idx1 <= 0)
3909 : return false;
3910 8892 : strinfo *si1 = get_strinfo (idx1);
3911 8892 : if (!si1)
3912 : return false;
3913 3889 : gimple *alloc_stmt = si1->alloc;
3914 3889 : if (!alloc_stmt || !is_gimple_call (alloc_stmt))
3915 : return false;
3916 2415 : tree callee1 = gimple_call_fndecl (alloc_stmt);
3917 2415 : if (!valid_builtin_call (alloc_stmt))
3918 : return false;
3919 742 : tree alloc_size = gimple_call_arg (alloc_stmt, 0);
3920 :
3921 : /* Check for overflow. */
3922 742 : maybe_warn_overflow (memset_stmt, false, memset_size, NULL, false, true);
3923 :
3924 : /* Bail when there is no statement associated with the destination
3925 : (the statement may be null even when SI1->ALLOC is not). */
3926 742 : if (!si1->stmt)
3927 : return false;
3928 :
3929 : /* Avoid optimizing if store is at a variable offset from the beginning
3930 : of the allocated object. */
3931 1025 : if (offrng[0] != 0 || offrng[0] != offrng[1])
3932 57 : return false;
3933 :
3934 : /* Bail when the call writes a non-zero value. */
3935 475 : if (!integer_zerop (memset_val))
3936 : return false;
3937 :
3938 : /* Let the caller know the memset call cleared the destination. */
3939 393 : *zero_write = true;
3940 :
3941 393 : enum built_in_function code1 = DECL_FUNCTION_CODE (callee1);
3942 393 : if (code1 == BUILT_IN_CALLOC)
3943 : /* Not touching alloc_stmt */ ;
3944 385 : else if (!allow_memset_malloc_to_calloc (ptr, gimple_bb (si1->stmt), gimple_bb (memset_stmt)))
3945 : return false;
3946 321 : else if (code1 == BUILT_IN_MALLOC
3947 321 : && operand_equal_p (memset_size, alloc_size, 0))
3948 : {
3949 : /* Replace the malloc + memset calls with calloc. */
3950 281 : gimple_stmt_iterator gsi1 = gsi_for_stmt (si1->stmt);
3951 562 : update_gimple_call (&gsi1, builtin_decl_implicit (BUILT_IN_CALLOC), 2,
3952 : alloc_size, build_one_cst (size_type_node));
3953 281 : si1->nonzero_chars = build_int_cst (size_type_node, 0);
3954 281 : si1->full_string_p = true;
3955 281 : si1->stmt = gsi_stmt (gsi1);
3956 : }
3957 : else
3958 40 : return false;
3959 289 : tree lhs = gimple_call_lhs (memset_stmt);
3960 289 : unlink_stmt_vdef (memset_stmt);
3961 289 : if (lhs)
3962 : {
3963 1 : gimple *assign = gimple_build_assign (lhs, ptr);
3964 1 : gsi_replace (&m_gsi, assign, false);
3965 : }
3966 : else
3967 : {
3968 288 : gsi_remove (&m_gsi, true);
3969 288 : release_defs (memset_stmt);
3970 : }
3971 :
3972 : return true;
3973 76737 : }
3974 :
3975 : /* Return first such statement if RES is used in statements testing its
3976 : equality to zero, and null otherwise. If EXCLUSIVE is true, return
3977 : nonnull if and only RES is used in such expressions exclusively and
3978 : in none other. */
3979 :
3980 : gimple *
3981 476632 : use_in_zero_equality (tree res, bool exclusive)
3982 : {
3983 476632 : gimple *first_use = NULL;
3984 :
3985 476632 : use_operand_p use_p;
3986 476632 : imm_use_iterator iter;
3987 :
3988 1419138 : FOR_EACH_IMM_USE_FAST (use_p, iter, res)
3989 : {
3990 491634 : gimple *use_stmt = USE_STMT (use_p);
3991 :
3992 491634 : if (is_gimple_debug (use_stmt))
3993 13858 : continue;
3994 :
3995 477776 : if (gimple_code (use_stmt) == GIMPLE_ASSIGN)
3996 : {
3997 64386 : tree_code code = gimple_assign_rhs_code (use_stmt);
3998 64386 : if (code == COND_EXPR)
3999 : {
4000 0 : tree cond_expr = gimple_assign_rhs1 (use_stmt);
4001 0 : if ((TREE_CODE (cond_expr) != EQ_EXPR
4002 0 : && (TREE_CODE (cond_expr) != NE_EXPR))
4003 0 : || !integer_zerop (TREE_OPERAND (cond_expr, 1)))
4004 : {
4005 0 : if (exclusive)
4006 : return NULL;
4007 0 : continue;
4008 : }
4009 : }
4010 64386 : else if (code == EQ_EXPR || code == NE_EXPR)
4011 : {
4012 52443 : if (!integer_zerop (gimple_assign_rhs2 (use_stmt)))
4013 : {
4014 11 : if (exclusive)
4015 : return NULL;
4016 1 : continue;
4017 : }
4018 : }
4019 11943 : else if (exclusive)
4020 : return NULL;
4021 : else
4022 18 : continue;
4023 : }
4024 413390 : else if (gimple_code (use_stmt) == GIMPLE_COND)
4025 : {
4026 400891 : tree_code code = gimple_cond_code (use_stmt);
4027 400893 : if ((code != EQ_EXPR && code != NE_EXPR)
4028 400891 : || !integer_zerop (gimple_cond_rhs (use_stmt)))
4029 : {
4030 1429 : if (exclusive)
4031 : return NULL;
4032 2 : continue;
4033 : }
4034 : }
4035 12499 : else if (exclusive)
4036 : return NULL;
4037 : else
4038 101 : continue;
4039 :
4040 451894 : if (!first_use)
4041 465874 : first_use = use_stmt;
4042 25760 : }
4043 :
4044 450872 : return first_use;
4045 : }
4046 :
4047 : /* Given strinfo IDX for ARG, sets LENRNG[] to the range of lengths
4048 : of the string(s) referenced by ARG if it can be determined.
4049 : If the length cannot be determined, sets *SIZE to the size of
4050 : the array the string is stored in, if any. If no such array is
4051 : known, sets *SIZE to -1. When the strings are nul-terminated sets
4052 : *NULTERM to true, otherwise to false. When nonnull uses RVALS to
4053 : determine range information. Returns true on success. */
4054 :
4055 : bool
4056 513195 : strlen_pass::get_len_or_size (gimple *stmt, tree arg, int idx,
4057 : unsigned HOST_WIDE_INT lenrng[2],
4058 : unsigned HOST_WIDE_INT *size, bool *nulterm)
4059 : {
4060 : /* Invalidate. */
4061 513195 : *size = HOST_WIDE_INT_M1U;
4062 :
4063 513195 : if (idx < 0)
4064 : {
4065 : /* IDX is the inverted constant string length. */
4066 253695 : lenrng[0] = ~idx;
4067 253695 : lenrng[1] = lenrng[0];
4068 253695 : *nulterm = true;
4069 253695 : return true;
4070 : }
4071 :
4072 : /* Set so that both LEN and ~LEN are invalid lengths, i.e., maximum
4073 : possible length + 1. */
4074 259500 : lenrng[0] = lenrng[1] = HOST_WIDE_INT_MAX;
4075 :
4076 259500 : if (strinfo *si = idx ? get_strinfo (idx) : NULL)
4077 : {
4078 : /* FIXME: Handle all this in_range_strlen_dynamic. */
4079 1080 : if (!si->nonzero_chars)
4080 : ;
4081 1077 : else if (tree_fits_uhwi_p (si->nonzero_chars))
4082 : {
4083 964 : lenrng[0] = tree_to_uhwi (si->nonzero_chars);
4084 964 : *nulterm = si->full_string_p;
4085 : /* Set the upper bound only if the string is known to be
4086 : nul-terminated, otherwise leave it at maximum + 1. */
4087 964 : if (*nulterm)
4088 608 : lenrng[1] = lenrng[0];
4089 : }
4090 113 : else if (TREE_CODE (si->nonzero_chars) == SSA_NAME)
4091 : {
4092 110 : int_range_max r;
4093 220 : if (get_range_query (cfun)->range_of_expr (r, si->nonzero_chars)
4094 110 : && !r.undefined_p ()
4095 220 : && !r.varying_p ())
4096 : {
4097 110 : lenrng[0] = r.lower_bound ().to_uhwi ();
4098 110 : lenrng[1] = r.upper_bound ().to_uhwi ();
4099 110 : *nulterm = si->full_string_p;
4100 : }
4101 110 : }
4102 : }
4103 :
4104 259500 : if (lenrng[0] != HOST_WIDE_INT_MAX)
4105 : return true;
4106 :
4107 : /* Compute the minimum and maximum real or possible lengths. */
4108 258426 : c_strlen_data lendata = { };
4109 : /* Set MAXBOUND to an arbitrary non-null non-integer node as a request
4110 : to have it set to the length of the longest string in a PHI. */
4111 258426 : lendata.maxbound = arg;
4112 258426 : get_range_strlen_dynamic (arg, stmt, &lendata, ptr_qry);
4113 :
4114 258426 : unsigned HOST_WIDE_INT maxbound = HOST_WIDE_INT_M1U;
4115 258426 : if (tree_fits_uhwi_p (lendata.maxbound)
4116 258426 : && !integer_all_onesp (lendata.maxbound))
4117 2112 : maxbound = tree_to_uhwi (lendata.maxbound);
4118 :
4119 258426 : if (tree_fits_uhwi_p (lendata.minlen) && tree_fits_uhwi_p (lendata.maxlen))
4120 : {
4121 258426 : unsigned HOST_WIDE_INT minlen = tree_to_uhwi (lendata.minlen);
4122 258426 : unsigned HOST_WIDE_INT maxlen = tree_to_uhwi (lendata.maxlen);
4123 :
4124 : /* The longest string in this data model. */
4125 258426 : const unsigned HOST_WIDE_INT lenmax
4126 258426 : = tree_to_uhwi (max_object_size ()) - 2;
4127 :
4128 258426 : if (maxbound == HOST_WIDE_INT_M1U)
4129 : {
4130 256314 : lenrng[0] = minlen;
4131 256314 : lenrng[1] = maxlen;
4132 256314 : *nulterm = minlen == maxlen;
4133 : }
4134 2112 : else if (maxlen < lenmax)
4135 : {
4136 1835 : *size = maxbound + 1;
4137 1835 : *nulterm = false;
4138 : }
4139 : else
4140 : return false;
4141 :
4142 258149 : return true;
4143 : }
4144 :
4145 0 : if (maxbound != HOST_WIDE_INT_M1U
4146 0 : && lendata.maxlen
4147 0 : && !integer_all_onesp (lendata.maxlen))
4148 : {
4149 : /* Set *SIZE to LENDATA.MAXBOUND which is a conservative estimate
4150 : of the longest string based on the sizes of the arrays referenced
4151 : by ARG. */
4152 0 : *size = maxbound + 1;
4153 0 : *nulterm = false;
4154 0 : return true;
4155 : }
4156 :
4157 : return false;
4158 : }
4159 :
4160 : /* If IDX1 and IDX2 refer to strings A and B of unequal lengths, return
4161 : the result of 0 == strncmp (A, B, BOUND) (which is the same as strcmp
4162 : for a sufficiently large BOUND). If the result is based on the length
4163 : of one string being greater than the longest string that would fit in
4164 : the array pointer to by the argument, set *PLEN and *PSIZE to
4165 : the corresponding length (or its complement when the string is known
4166 : to be at least as long and need not be nul-terminated) and size.
4167 : Otherwise return null. */
4168 :
4169 : tree
4170 129029 : strlen_pass::strxcmp_eqz_result (gimple *stmt, tree arg1, int idx1,
4171 : tree arg2, int idx2,
4172 : unsigned HOST_WIDE_INT bound,
4173 : unsigned HOST_WIDE_INT len[2],
4174 : unsigned HOST_WIDE_INT *psize)
4175 : {
4176 : /* Determine the range the length of each string is in and whether it's
4177 : known to be nul-terminated, or the size of the array it's stored in. */
4178 129029 : bool nul1, nul2;
4179 129029 : unsigned HOST_WIDE_INT siz1, siz2;
4180 129029 : unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4181 129029 : if (!get_len_or_size (stmt, arg1, idx1, len1rng, &siz1, &nul1)
4182 129029 : || !get_len_or_size (stmt, arg2, idx2, len2rng, &siz2, &nul2))
4183 196 : return NULL_TREE;
4184 :
4185 : /* BOUND is set to HWI_M1U for strcmp and less to strncmp, and LENiRNG
4186 : to HWI_MAX when invalid. Adjust the length of each string to consider
4187 : to be no more than BOUND. */
4188 128833 : if (len1rng[0] < HOST_WIDE_INT_MAX && len1rng[0] > bound)
4189 33 : len1rng[0] = bound;
4190 128833 : if (len1rng[1] < HOST_WIDE_INT_MAX && len1rng[1] > bound)
4191 70 : len1rng[1] = bound;
4192 128833 : if (len2rng[0] < HOST_WIDE_INT_MAX && len2rng[0] > bound)
4193 109 : len2rng[0] = bound;
4194 128833 : if (len2rng[1] < HOST_WIDE_INT_MAX && len2rng[1] > bound)
4195 109 : len2rng[1] = bound;
4196 :
4197 : /* Two empty strings are equal. */
4198 128833 : if (len1rng[1] == 0 && len2rng[1] == 0)
4199 3 : return integer_one_node;
4200 :
4201 : /* The strings are definitely unequal when the lower bound of the length
4202 : of one of them is greater than the length of the longest string that
4203 : would fit into the other array. */
4204 128830 : if (len1rng[0] == HOST_WIDE_INT_MAX
4205 800 : && len2rng[0] != HOST_WIDE_INT_MAX
4206 693 : && ((len2rng[0] < bound && len2rng[0] >= siz1)
4207 620 : || len2rng[0] > siz1))
4208 : {
4209 99 : *psize = siz1;
4210 99 : len[0] = len1rng[0];
4211 : /* Set LEN[0] to the lower bound of ARG1's length when it's
4212 : nul-terminated or to the complement of its minimum length
4213 : otherwise, */
4214 99 : len[1] = nul2 ? len2rng[0] : ~len2rng[0];
4215 99 : return integer_zero_node;
4216 : }
4217 :
4218 128731 : if (len2rng[0] == HOST_WIDE_INT_MAX
4219 353 : && len1rng[0] != HOST_WIDE_INT_MAX
4220 246 : && ((len1rng[0] < bound && len1rng[0] >= siz2)
4221 186 : || len1rng[0] > siz2))
4222 : {
4223 82 : *psize = siz2;
4224 82 : len[0] = nul1 ? len1rng[0] : ~len1rng[0];
4225 82 : len[1] = len2rng[0];
4226 82 : return integer_zero_node;
4227 : }
4228 :
4229 : /* The strings are also definitely unequal when their lengths are unequal
4230 : and at least one is nul-terminated. */
4231 128649 : if (len1rng[0] != HOST_WIDE_INT_MAX
4232 127948 : && len2rng[0] != HOST_WIDE_INT_MAX
4233 127784 : && ((len1rng[1] < len2rng[0] && nul1)
4234 127765 : || (len2rng[1] < len1rng[0] && nul2)))
4235 : {
4236 28 : if (bound <= len1rng[0] || bound <= len2rng[0])
4237 6 : *psize = bound;
4238 : else
4239 22 : *psize = HOST_WIDE_INT_M1U;
4240 :
4241 28 : len[0] = len1rng[0];
4242 28 : len[1] = len2rng[0];
4243 28 : return integer_zero_node;
4244 : }
4245 :
4246 : /* The string lengths may be equal or unequal. Even when equal and
4247 : both strings nul-terminated, without the string contents there's
4248 : no way to determine whether they are equal. */
4249 : return NULL_TREE;
4250 : }
4251 :
4252 : /* Diagnose pointless calls to strcmp or strncmp STMT with string
4253 : arguments of lengths LEN or size SIZ and (for strncmp) BOUND,
4254 : whose result is used in equality expressions that evaluate to
4255 : a constant due to one argument being longer than the size of
4256 : the other. */
4257 :
4258 : static void
4259 209 : maybe_warn_pointless_strcmp (gimple *stmt, HOST_WIDE_INT bound,
4260 : unsigned HOST_WIDE_INT len[2],
4261 : unsigned HOST_WIDE_INT siz)
4262 : {
4263 209 : tree lhs = gimple_call_lhs (stmt);
4264 209 : gimple *use = use_in_zero_equality (lhs, /* exclusive = */ false);
4265 209 : if (!use)
4266 : return;
4267 :
4268 102 : bool at_least = false;
4269 :
4270 : /* Excessive LEN[i] indicates a lower bound. */
4271 102 : if (len[0] > HOST_WIDE_INT_MAX)
4272 : {
4273 3 : at_least = true;
4274 3 : len[0] = ~len[0];
4275 : }
4276 :
4277 102 : if (len[1] > HOST_WIDE_INT_MAX)
4278 : {
4279 0 : at_least = true;
4280 0 : len[1] = ~len[1];
4281 : }
4282 :
4283 102 : unsigned HOST_WIDE_INT minlen = MIN (len[0], len[1]);
4284 :
4285 : /* FIXME: Include a note pointing to the declaration of the smaller
4286 : array. */
4287 102 : location_t stmt_loc = gimple_or_expr_nonartificial_location (stmt, lhs);
4288 :
4289 102 : tree callee = gimple_call_fndecl (stmt);
4290 102 : bool warned = false;
4291 102 : if (siz <= minlen && bound == -1)
4292 119 : warned = warning_at (stmt_loc, OPT_Wstring_compare,
4293 : (at_least
4294 : ? G_("%qD of a string of length %wu or more and "
4295 : "an array of size %wu evaluates to nonzero")
4296 : : G_("%qD of a string of length %wu and an array "
4297 : "of size %wu evaluates to nonzero")),
4298 : callee, minlen, siz);
4299 41 : else if (!at_least && siz <= HOST_WIDE_INT_MAX)
4300 : {
4301 21 : if (len[0] != HOST_WIDE_INT_MAX && len[1] != HOST_WIDE_INT_MAX)
4302 6 : warned = warning_at (stmt_loc, OPT_Wstring_compare,
4303 : "%qD of strings of length %wu and %wu "
4304 : "and bound of %wu evaluates to nonzero",
4305 : callee, len[0], len[1], bound);
4306 : else
4307 15 : warned = warning_at (stmt_loc, OPT_Wstring_compare,
4308 : "%qD of a string of length %wu, an array "
4309 : "of size %wu and bound of %wu evaluates to "
4310 : "nonzero",
4311 : callee, minlen, siz, bound);
4312 : }
4313 :
4314 82 : if (!warned)
4315 44 : return;
4316 :
4317 58 : location_t use_loc = gimple_location (use);
4318 58 : if (LOCATION_LINE (stmt_loc) != LOCATION_LINE (use_loc))
4319 12 : inform (use_loc, "in this expression");
4320 : }
4321 :
4322 :
4323 : /* Optimize a call to strcmp or strncmp either by folding it to a constant
4324 : when possible or by transforming the latter to the former. Warn about
4325 : calls where the length of one argument is greater than the size of
4326 : the array to which the other argument points if the latter's length
4327 : is not known. Return true when the call has been transformed into
4328 : another and false otherwise. */
4329 :
4330 : bool
4331 129543 : strlen_pass::handle_builtin_string_cmp ()
4332 : {
4333 129543 : gcall *stmt = as_a <gcall *> (gsi_stmt (m_gsi));
4334 129543 : tree lhs = gimple_call_lhs (stmt);
4335 :
4336 129543 : if (!lhs)
4337 : return false;
4338 :
4339 129543 : tree arg1 = gimple_call_arg (stmt, 0);
4340 129543 : tree arg2 = gimple_call_arg (stmt, 1);
4341 129543 : int idx1 = get_stridx (arg1, stmt);
4342 129543 : int idx2 = get_stridx (arg2, stmt);
4343 :
4344 : /* For strncmp set to the value of the third argument if known. */
4345 129543 : HOST_WIDE_INT bound = -1;
4346 129543 : tree len = NULL_TREE;
4347 : /* Extract the strncmp bound. */
4348 129543 : if (gimple_call_num_args (stmt) == 3)
4349 : {
4350 1780 : len = gimple_call_arg (stmt, 2);
4351 1780 : if (tree_fits_shwi_p (len))
4352 1273 : bound = tree_to_shwi (len);
4353 :
4354 : /* If the bound argument is NOT known, do nothing. */
4355 1273 : if (bound < 0)
4356 : return false;
4357 : }
4358 :
4359 : /* Avoid folding if either argument is not a nul-terminated array.
4360 : Defer warning until later. */
4361 129036 : if (!check_nul_terminated_array (NULL_TREE, arg1, len)
4362 129036 : || !check_nul_terminated_array (NULL_TREE, arg2, len))
4363 7 : return false;
4364 :
4365 129029 : {
4366 : /* Set to the length of one argument (or its complement if it's
4367 : the lower bound of a range) and the size of the array storing
4368 : the other if the result is based on the former being equal to
4369 : or greater than the latter. */
4370 129029 : unsigned HOST_WIDE_INT len[2] = { HOST_WIDE_INT_MAX, HOST_WIDE_INT_MAX };
4371 129029 : unsigned HOST_WIDE_INT siz = HOST_WIDE_INT_M1U;
4372 :
4373 : /* Try to determine if the two strings are either definitely equal
4374 : or definitely unequal and if so, either fold the result to zero
4375 : (when equal) or set the range of the result to ~[0, 0] otherwise. */
4376 129029 : if (tree eqz = strxcmp_eqz_result (stmt, arg1, idx1, arg2, idx2, bound,
4377 : len, &siz))
4378 : {
4379 212 : if (integer_zerop (eqz))
4380 : {
4381 209 : maybe_warn_pointless_strcmp (stmt, bound, len, siz);
4382 :
4383 : /* When the lengths of the first two string arguments are
4384 : known to be unequal set the range of the result to non-zero.
4385 : This allows the call to be eliminated if its result is only
4386 : used in tests for equality to zero. */
4387 209 : int_range_max nz;
4388 209 : nz.set_nonzero (TREE_TYPE (lhs));
4389 209 : set_range_info (lhs, nz);
4390 209 : return false;
4391 209 : }
4392 : /* When the two strings are definitely equal (such as when they
4393 : are both empty) fold the call to the constant result. */
4394 3 : replace_call_with_value (&m_gsi, integer_zero_node);
4395 3 : return true;
4396 : }
4397 : }
4398 :
4399 : /* Return if nothing is known about the strings pointed to by ARG1
4400 : and ARG2. */
4401 128817 : if (idx1 == 0 && idx2 == 0)
4402 : return false;
4403 :
4404 : /* Determine either the length or the size of each of the strings,
4405 : whichever is available. */
4406 127683 : HOST_WIDE_INT cstlen1 = -1, cstlen2 = -1;
4407 127683 : HOST_WIDE_INT arysiz1 = -1, arysiz2 = -1;
4408 :
4409 127683 : {
4410 127683 : unsigned HOST_WIDE_INT len1rng[2], len2rng[2];
4411 127683 : unsigned HOST_WIDE_INT arsz1, arsz2;
4412 127683 : bool nulterm[2];
4413 :
4414 127683 : if (!get_len_or_size (stmt, arg1, idx1, len1rng, &arsz1, nulterm)
4415 127683 : || !get_len_or_size (stmt, arg2, idx2, len2rng, &arsz2, nulterm + 1))
4416 81 : return false;
4417 :
4418 127602 : if (len1rng[0] == len1rng[1] && len1rng[0] < HOST_WIDE_INT_MAX)
4419 508 : cstlen1 = len1rng[0];
4420 127094 : else if (arsz1 < HOST_WIDE_INT_M1U)
4421 544 : arysiz1 = arsz1;
4422 :
4423 127602 : if (len2rng[0] == len2rng[1] && len2rng[0] < HOST_WIDE_INT_MAX)
4424 126521 : cstlen2 = len2rng[0];
4425 1081 : else if (arsz2 < HOST_WIDE_INT_M1U)
4426 130 : arysiz2 = arsz2;
4427 : }
4428 :
4429 : /* Bail if neither the string length nor the size of the array
4430 : it is stored in can be determined. */
4431 127602 : if ((cstlen1 < 0 && arysiz1 < 0)
4432 1052 : || (cstlen2 < 0 && arysiz2 < 0)
4433 586 : || (cstlen1 < 0 && cstlen2 < 0))
4434 : return false;
4435 :
4436 586 : if (cstlen1 >= 0)
4437 367 : ++cstlen1;
4438 586 : if (cstlen2 >= 0)
4439 468 : ++cstlen2;
4440 :
4441 : /* The exact number of characters to compare. */
4442 586 : HOST_WIDE_INT cmpsiz;
4443 586 : if (cstlen1 >= 0 && cstlen2 >= 0)
4444 249 : cmpsiz = MIN (cstlen1, cstlen2);
4445 337 : else if (cstlen1 >= 0)
4446 : cmpsiz = cstlen1;
4447 : else
4448 219 : cmpsiz = cstlen2;
4449 586 : if (bound >= 0)
4450 107 : cmpsiz = MIN (cmpsiz, bound);
4451 : /* The size of the array in which the unknown string is stored. */
4452 586 : HOST_WIDE_INT varsiz = arysiz1 < 0 ? arysiz2 : arysiz1;
4453 :
4454 586 : if ((varsiz < 0 || cmpsiz < varsiz) && use_in_zero_equality (lhs))
4455 : {
4456 : /* If the known length is less than the size of the other array
4457 : and the strcmp result is only used to test equality to zero,
4458 : transform the call to the equivalent _eq call. */
4459 455 : if (tree fn = builtin_decl_implicit (bound < 0 ? BUILT_IN_STRCMP_EQ
4460 : : BUILT_IN_STRNCMP_EQ))
4461 : {
4462 418 : tree n = build_int_cst (size_type_node, cmpsiz);
4463 418 : update_gimple_call (&m_gsi, fn, 3, arg1, arg2, n);
4464 418 : return true;
4465 : }
4466 : }
4467 :
4468 : return false;
4469 : }
4470 :
4471 : /* Handle a POINTER_PLUS_EXPR statement.
4472 : For p = "abcd" + 2; compute associated length, or if
4473 : p = q + off is pointing to a '\0' character of a string, call
4474 : zero_length_string on it. */
4475 :
4476 : void
4477 731832 : strlen_pass::handle_pointer_plus ()
4478 : {
4479 731832 : gimple *stmt = gsi_stmt (m_gsi);
4480 731832 : tree lhs = gimple_assign_lhs (stmt), off;
4481 731832 : int idx = get_stridx (gimple_assign_rhs1 (stmt), stmt);
4482 731832 : strinfo *si, *zsi;
4483 :
4484 731832 : if (idx == 0)
4485 : return;
4486 :
4487 78294 : if (idx < 0)
4488 : {
4489 2951 : tree off = gimple_assign_rhs2 (stmt);
4490 2951 : if (tree_fits_uhwi_p (off)
4491 64 : && tree_to_uhwi (off) <= (unsigned HOST_WIDE_INT) ~idx)
4492 59 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)]
4493 118 : = ~(~idx - (int) tree_to_uhwi (off));
4494 2951 : return;
4495 : }
4496 :
4497 75343 : si = get_strinfo (idx);
4498 75343 : if (si == NULL || si->nonzero_chars == NULL_TREE)
4499 : return;
4500 :
4501 7467 : off = gimple_assign_rhs2 (stmt);
4502 7467 : zsi = NULL;
4503 7467 : if (si->full_string_p && operand_equal_p (si->nonzero_chars, off, 0))
4504 1354 : zsi = zero_length_string (lhs, si);
4505 6113 : else if (TREE_CODE (off) == SSA_NAME)
4506 : {
4507 2406 : gimple *def_stmt = SSA_NAME_DEF_STMT (off);
4508 2406 : if (gimple_assign_single_p (def_stmt)
4509 434 : && si->full_string_p
4510 2837 : && operand_equal_p (si->nonzero_chars,
4511 431 : gimple_assign_rhs1 (def_stmt), 0))
4512 395 : zsi = zero_length_string (lhs, si);
4513 : }
4514 1749 : if (zsi != NULL
4515 1749 : && si->endptr != NULL_TREE
4516 1524 : && si->endptr != lhs
4517 37 : && TREE_CODE (si->endptr) == SSA_NAME)
4518 : {
4519 37 : enum tree_code rhs_code
4520 37 : = useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (si->endptr))
4521 37 : ? SSA_NAME : NOP_EXPR;
4522 37 : gimple_assign_set_rhs_with_ops (&m_gsi, rhs_code, si->endptr);
4523 37 : gcc_assert (gsi_stmt (m_gsi) == stmt);
4524 37 : update_stmt (stmt);
4525 : }
4526 : }
4527 :
4528 : /* Set LENRANGE to the number of nonzero bytes for a store of TYPE and
4529 : clear all flags. Return true on success and false on failure. */
4530 :
4531 : static bool
4532 81503 : nonzero_bytes_for_type (tree type, unsigned lenrange[3],
4533 : bool *nulterm, bool *allnul, bool *allnonnul)
4534 : {
4535 : /* Use the size of the type of the expression as the size of the store,
4536 : and set the upper bound of the length range to that of the size.
4537 : Nothing is known about the contents so clear all flags. */
4538 81503 : tree typesize = TYPE_SIZE_UNIT (type);
4539 81503 : if (!type)
4540 : return false;
4541 :
4542 81503 : if (!tree_fits_uhwi_p (typesize))
4543 : return false;
4544 :
4545 81489 : unsigned HOST_WIDE_INT sz = tree_to_uhwi (typesize);
4546 81489 : if (sz > UINT_MAX)
4547 : return false;
4548 :
4549 81489 : lenrange[2] = sz;
4550 81489 : lenrange[1] = lenrange[2] ? lenrange[2] - 1 : 0;
4551 81489 : lenrange[0] = 0;
4552 81489 : *nulterm = false;
4553 81489 : *allnul = false;
4554 81489 : *allnonnul = false;
4555 81489 : return true;
4556 : }
4557 :
4558 : /* Recursively determine the minimum and maximum number of leading nonzero
4559 : bytes in the representation of EXP at memory state VUSE and set
4560 : LENRANGE[0] and LENRANGE[1] to each.
4561 : Sets LENRANGE[2] to the total size of the access (which may be less
4562 : than LENRANGE[1] when what's being referenced by EXP is a pointer
4563 : rather than an array).
4564 : Sets *NULTERM if the representation contains a zero byte, sets *ALLNUL
4565 : if all the bytes are zero, and *ALLNONNUL is all are nonzero.
4566 : OFFSET and NBYTES are the offset into the representation and
4567 : the size of the access to it determined from an ADDR_EXPR (i.e.,
4568 : a pointer) or MEM_REF or zero for other expressions.
4569 : Uses RVALS to determine range information.
4570 : Avoids recursing deeper than the limits in SNLIM allow.
4571 : Returns true on success and false otherwise. */
4572 :
4573 : bool
4574 1430731 : strlen_pass::count_nonzero_bytes (tree exp, tree vuse, gimple *stmt,
4575 : unsigned HOST_WIDE_INT offset,
4576 : unsigned HOST_WIDE_INT nbytes,
4577 : unsigned lenrange[3], bool *nulterm,
4578 : bool *allnul, bool *allnonnul,
4579 : ssa_name_limit_t &snlim)
4580 : {
4581 1441536 : if (TREE_CODE (exp) == SSA_NAME)
4582 : {
4583 : /* Handle non-zero single-character stores specially. */
4584 164146 : tree type = TREE_TYPE (exp);
4585 164146 : if (TREE_CODE (type) == INTEGER_TYPE
4586 157114 : && TYPE_MODE (type) == TYPE_MODE (char_type_node)
4587 150966 : && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node)
4588 315112 : && tree_expr_nonzero_p (exp))
4589 : {
4590 : /* If the character EXP is known to be non-zero (even if its
4591 : exact value is not known) recurse once to set the range
4592 : for an arbitrary constant. */
4593 10805 : exp = build_int_cst (type, 1);
4594 10805 : return count_nonzero_bytes (exp, vuse, stmt,
4595 : offset, 1, lenrange,
4596 10805 : nulterm, allnul, allnonnul, snlim);
4597 : }
4598 :
4599 153341 : gimple *g = SSA_NAME_DEF_STMT (exp);
4600 153341 : if (gimple_assign_single_p (g))
4601 : {
4602 73351 : exp = gimple_assign_rhs1 (g);
4603 73351 : if (!DECL_P (exp)
4604 73074 : && TREE_CODE (exp) != CONSTRUCTOR
4605 72390 : && TREE_CODE (exp) != MEM_REF)
4606 : return false;
4607 : /* Handle DECLs, CONSTRUCTOR and MEM_REF below. */
4608 : stmt = g;
4609 : }
4610 79990 : else if (gimple_code (g) == GIMPLE_PHI)
4611 : {
4612 : /* Avoid processing an SSA_NAME that has already been visited
4613 : or if an SSA_NAME limit has been reached. Indicate success
4614 : if the former and failure if the latter. */
4615 31635 : if (int res = snlim.next_phi (exp))
4616 12732 : return res > 0;
4617 :
4618 : /* Determine the minimum and maximum from the PHI arguments. */
4619 18903 : unsigned int n = gimple_phi_num_args (g);
4620 69135 : for (unsigned i = 0; i != n; i++)
4621 : {
4622 56356 : tree def = gimple_phi_arg_def (g, i);
4623 56356 : if (!count_nonzero_bytes (def, vuse, g,
4624 : offset, nbytes, lenrange, nulterm,
4625 : allnul, allnonnul, snlim))
4626 : return false;
4627 : }
4628 :
4629 : return true;
4630 : }
4631 : }
4632 :
4633 1372263 : if (TREE_CODE (exp) == CONSTRUCTOR)
4634 : {
4635 43260 : if (nbytes)
4636 : /* If NBYTES has already been determined by an outer MEM_REF
4637 : fail rather than overwriting it (this shouldn't happen). */
4638 : return false;
4639 :
4640 43260 : tree type = TREE_TYPE (exp);
4641 43260 : tree size = TYPE_SIZE_UNIT (type);
4642 43260 : if (!size || !tree_fits_uhwi_p (size))
4643 : return false;
4644 :
4645 43260 : unsigned HOST_WIDE_INT byte_size = tree_to_uhwi (size);
4646 43260 : if (byte_size <= offset)
4647 : return false;
4648 :
4649 43260 : nbytes = byte_size - offset;
4650 : }
4651 :
4652 1372263 : if (TREE_CODE (exp) == MEM_REF)
4653 : {
4654 720292 : if (nbytes)
4655 : return false;
4656 :
4657 719978 : tree arg = TREE_OPERAND (exp, 0);
4658 719978 : tree off = TREE_OPERAND (exp, 1);
4659 :
4660 719978 : if (TREE_CODE (off) != INTEGER_CST || !tree_fits_uhwi_p (off))
4661 : return false;
4662 :
4663 719978 : unsigned HOST_WIDE_INT wioff = tree_to_uhwi (off);
4664 719978 : if (INT_MAX < wioff)
4665 : return false;
4666 :
4667 679348 : offset += wioff;
4668 679348 : if (INT_MAX < offset)
4669 : return false;
4670 :
4671 : /* The size of the MEM_REF access determines the number of bytes. */
4672 679348 : tree type = TREE_TYPE (exp);
4673 679348 : tree typesize = TYPE_SIZE_UNIT (type);
4674 679348 : if (!typesize || !tree_fits_uhwi_p (typesize))
4675 : return false;
4676 679348 : nbytes = tree_to_uhwi (typesize);
4677 679348 : if (!nbytes)
4678 : return false;
4679 :
4680 : /* Handle MEM_REF = SSA_NAME types of assignments. */
4681 679348 : return count_nonzero_bytes_addr (arg, vuse, stmt,
4682 : offset, nbytes, lenrange, nulterm,
4683 679348 : allnul, allnonnul, snlim);
4684 : }
4685 :
4686 651971 : if (VAR_P (exp) || TREE_CODE (exp) == CONST_DECL)
4687 : {
4688 : /* If EXP can be folded into a constant use the result. Otherwise
4689 : proceed to use EXP to determine a range of the result. */
4690 340227 : if (tree fold_exp = ctor_for_folding (exp))
4691 340225 : if (fold_exp != error_mark_node)
4692 651971 : exp = fold_exp;
4693 : }
4694 :
4695 651971 : const char *prep = NULL;
4696 651971 : if (TREE_CODE (exp) == STRING_CST)
4697 : {
4698 11297 : unsigned nchars = TREE_STRING_LENGTH (exp);
4699 11297 : if (nchars <= offset)
4700 : return false;
4701 :
4702 11291 : if (!nbytes)
4703 : /* If NBYTES hasn't been determined earlier, either from ADDR_EXPR
4704 : (i.e., it's the size of a pointer), or from MEM_REF (as the size
4705 : of the access), set it here to the size of the string, including
4706 : all internal and trailing nuls if the string has any. */
4707 7760 : nbytes = nchars - offset;
4708 3531 : else if (nchars - offset < nbytes)
4709 : return false;
4710 :
4711 11286 : prep = TREE_STRING_POINTER (exp) + offset;
4712 : }
4713 :
4714 651960 : unsigned char buf[256];
4715 11286 : if (!prep)
4716 : {
4717 640674 : if (CHAR_BIT != 8 || BITS_PER_UNIT != 8 || offset > INT_MAX)
4718 : return false;
4719 : /* If the pointer to representation hasn't been set above
4720 : for STRING_CST point it at the buffer. */
4721 640674 : prep = reinterpret_cast <char *>(buf);
4722 : /* Try to extract the representation of the constant object
4723 : or expression starting from the offset. */
4724 640674 : unsigned repsize = native_encode_expr (exp, buf, sizeof buf, offset);
4725 640674 : if (repsize < nbytes)
4726 : {
4727 : /* Handle vector { 0x12345678, 0x23003412, x_1(D), y_2(D) }
4728 : and similar cases. Even when not all the elements are constant,
4729 : we can perhaps figure out something from the constant ones
4730 : and assume the others can be anything. */
4731 352392 : if (TREE_CODE (exp) == CONSTRUCTOR
4732 4341 : && CONSTRUCTOR_NELTS (exp)
4733 2952 : && VECTOR_TYPE_P (TREE_TYPE (exp))
4734 353076 : && nbytes <= sizeof buf)
4735 : {
4736 684 : tree v0 = CONSTRUCTOR_ELT (exp, 0)->value;
4737 684 : unsigned HOST_WIDE_INT elt_sz
4738 684 : = int_size_in_bytes (TREE_TYPE (v0));
4739 684 : unsigned int i, s = 0;
4740 684 : tree v, idx;
4741 718 : FOR_EACH_CONSTRUCTOR_ELT (CONSTRUCTOR_ELTS (exp), i, idx, v)
4742 : {
4743 718 : if (idx
4744 718 : && (VECTOR_TYPE_P (TREE_TYPE (v0))
4745 15 : || !tree_fits_uhwi_p (idx)
4746 15 : || tree_to_uhwi (idx) != i))
4747 : {
4748 : s = 0;
4749 : break;
4750 : }
4751 718 : if ((i + 1) * elt_sz <= offset)
4752 0 : continue;
4753 718 : unsigned int o = 0;
4754 718 : if (i * elt_sz < offset)
4755 0 : o = offset % elt_sz;
4756 1436 : repsize = native_encode_expr (v, buf + s,
4757 718 : sizeof (buf) - s, o);
4758 718 : if (repsize != elt_sz - o)
4759 : break;
4760 34 : s += repsize;
4761 : }
4762 684 : if (s != 0 && s < nbytes)
4763 : {
4764 20 : unsigned HOST_WIDE_INT n = strnlen (prep, s);
4765 20 : if (n < lenrange[0])
4766 20 : lenrange[0] = n;
4767 20 : if (lenrange[1] < n && n != s)
4768 2 : lenrange[1] = n;
4769 20 : if (lenrange[2] < nbytes)
4770 20 : lenrange[2] = nbytes;
4771 : /* We haven't processed all bytes, the rest are unknown.
4772 : So, clear NULTERM if none of the initial bytes are
4773 : zero, and clear ALLNUL and ALLNONNULL because we don't
4774 : know about the remaining bytes. */
4775 20 : if (n == s)
4776 6 : *nulterm = false;
4777 20 : *allnul = false;
4778 20 : *allnonnul = false;
4779 20 : return true;
4780 : }
4781 664 : else if (s != nbytes)
4782 : {
4783 : /* See below. */
4784 664 : lenrange[0] = 0;
4785 664 : prep = NULL;
4786 : }
4787 : }
4788 : else
4789 : {
4790 : /* This should only happen when REPSIZE is zero because EXP
4791 : doesn't denote an object with a known initializer, except
4792 : perhaps when the reference reads past its end. */
4793 351708 : lenrange[0] = 0;
4794 351708 : prep = NULL;
4795 : }
4796 : }
4797 288282 : else if (!nbytes)
4798 : nbytes = repsize;
4799 51999 : else if (nbytes < repsize)
4800 : return false;
4801 : }
4802 :
4803 651940 : if (!nbytes)
4804 50345 : return nonzero_bytes_for_type (TREE_TYPE (exp), lenrange,
4805 50345 : nulterm, allnul, allnonnul);
4806 :
4807 : /* Compute the number of leading nonzero bytes in the representation
4808 : and update the minimum and maximum. */
4809 601595 : unsigned HOST_WIDE_INT n = prep ? strnlen (prep, nbytes) : nbytes;
4810 :
4811 601595 : if (n < lenrange[0])
4812 236127 : lenrange[0] = n;
4813 601595 : if (lenrange[1] < n)
4814 462547 : lenrange[1] = n;
4815 :
4816 : /* Set the size of the representation. */
4817 601595 : if (lenrange[2] < nbytes)
4818 584670 : lenrange[2] = nbytes;
4819 :
4820 : /* Clear NULTERM if none of the bytes is zero. */
4821 601595 : if (n == nbytes)
4822 458358 : *nulterm = false;
4823 :
4824 601595 : if (n)
4825 : {
4826 : /* When the initial number of non-zero bytes N is non-zero, reset
4827 : *ALLNUL; if N is less than that the size of the representation
4828 : also clear *ALLNONNUL. */
4829 469089 : *allnul = false;
4830 469089 : if (n < nbytes)
4831 10731 : *allnonnul = false;
4832 : }
4833 132506 : else if (*allnul || *allnonnul)
4834 : {
4835 126707 : *allnonnul = false;
4836 :
4837 126707 : if (*allnul)
4838 : {
4839 : /* When either ALLNUL is set and N is zero, also determine
4840 : whether all subsequent bytes after the first one (which
4841 : is nul) are zero or nonzero and clear ALLNUL if not. */
4842 985629 : for (const char *p = prep; p != prep + nbytes; ++p)
4843 866714 : if (*p)
4844 : {
4845 2556 : *allnul = false;
4846 2556 : break;
4847 : }
4848 : }
4849 : }
4850 :
4851 : return true;
4852 : }
4853 :
4854 : /* Like count_nonzero_bytes, but instead of counting bytes in EXP, count
4855 : bytes that are pointed to by EXP, which should be a pointer. */
4856 :
4857 : bool
4858 850272 : strlen_pass::count_nonzero_bytes_addr (tree exp, tree vuse, gimple *stmt,
4859 : unsigned HOST_WIDE_INT offset,
4860 : unsigned HOST_WIDE_INT nbytes,
4861 : unsigned lenrange[3], bool *nulterm,
4862 : bool *allnul, bool *allnonnul,
4863 : ssa_name_limit_t &snlim)
4864 : {
4865 850272 : int idx = get_stridx (exp, stmt);
4866 850272 : if (idx > 0)
4867 : {
4868 : /* get_strinfo reflects string lengths before the current statement,
4869 : where the current statement is the outermost count_nonzero_bytes
4870 : stmt. If there are any stores in between stmt and that
4871 : current statement, the string length information might describe
4872 : something significantly different. */
4873 25060 : if (gimple_vuse (stmt) != vuse)
4874 : return false;
4875 :
4876 10254 : strinfo *si = get_strinfo (idx);
4877 10254 : if (!si)
4878 : return false;
4879 :
4880 : /* Handle both constant lengths as well non-constant lengths
4881 : in some range. */
4882 3709 : unsigned HOST_WIDE_INT minlen, maxlen;
4883 3709 : if (tree_fits_shwi_p (si->nonzero_chars))
4884 1045 : minlen = maxlen = tree_to_shwi (si->nonzero_chars);
4885 2664 : else if (si->nonzero_chars
4886 2601 : && TREE_CODE (si->nonzero_chars) == SSA_NAME)
4887 : {
4888 2601 : int_range_max vr;
4889 2601 : if (!ptr_qry.rvals->range_of_expr (vr, si->nonzero_chars, stmt)
4890 2601 : || vr.undefined_p ()
4891 5193 : || vr.varying_p ())
4892 9 : return false;
4893 :
4894 2592 : minlen = vr.lower_bound ().to_uhwi ();
4895 2592 : maxlen = vr.upper_bound ().to_uhwi ();
4896 2601 : }
4897 : else
4898 : return false;
4899 :
4900 3637 : if (maxlen < offset)
4901 : return false;
4902 :
4903 3412 : minlen = minlen < offset ? 0 : minlen - offset;
4904 3412 : maxlen -= offset;
4905 3412 : if (maxlen + 1 < nbytes)
4906 : return false;
4907 :
4908 2968 : if (nbytes <= minlen || !si->full_string_p)
4909 2882 : *nulterm = false;
4910 :
4911 2968 : if (nbytes < minlen)
4912 : {
4913 159 : minlen = nbytes;
4914 159 : if (nbytes < maxlen)
4915 : maxlen = nbytes;
4916 : }
4917 :
4918 2968 : if (!si->full_string_p)
4919 313 : maxlen = nbytes;
4920 :
4921 2968 : if (minlen < lenrange[0])
4922 2968 : lenrange[0] = minlen;
4923 2968 : if (lenrange[1] < maxlen)
4924 2968 : lenrange[1] = maxlen;
4925 :
4926 2968 : if (lenrange[2] < nbytes)
4927 2968 : lenrange[2] = nbytes;
4928 :
4929 : /* Since only the length of the string are known and not its contents,
4930 : clear ALLNUL and ALLNONNUL purely on the basis of the length. */
4931 2968 : *allnul = false;
4932 2968 : if (minlen < nbytes)
4933 105 : *allnonnul = false;
4934 :
4935 2968 : return true;
4936 : }
4937 :
4938 837742 : if (TREE_CODE (exp) == ADDR_EXPR)
4939 354177 : return count_nonzero_bytes (TREE_OPERAND (exp, 0), vuse, stmt,
4940 : offset, nbytes,
4941 354177 : lenrange, nulterm, allnul, allnonnul, snlim);
4942 :
4943 483565 : if (TREE_CODE (exp) == SSA_NAME)
4944 : {
4945 481308 : gimple *g = SSA_NAME_DEF_STMT (exp);
4946 481308 : if (gimple_code (g) == GIMPLE_PHI)
4947 : {
4948 : /* Avoid processing an SSA_NAME that has already been visited
4949 : or if an SSA_NAME limit has been reached. Indicate success
4950 : if the former and failure if the latter. */
4951 100144 : if (int res = snlim.next_phi (exp))
4952 24638 : return res > 0;
4953 :
4954 : /* Determine the minimum and maximum from the PHI arguments. */
4955 75506 : unsigned int n = gimple_phi_num_args (g);
4956 242355 : for (unsigned i = 0; i != n; i++)
4957 : {
4958 170924 : tree def = gimple_phi_arg_def (g, i);
4959 170924 : if (!count_nonzero_bytes_addr (def, vuse, g,
4960 : offset, nbytes, lenrange,
4961 : nulterm, allnul, allnonnul,
4962 : snlim))
4963 : return false;
4964 : }
4965 :
4966 : return true;
4967 : }
4968 : }
4969 :
4970 : /* Otherwise we don't know anything. */
4971 383421 : lenrange[0] = 0;
4972 383421 : if (lenrange[1] < nbytes)
4973 313817 : lenrange[1] = nbytes;
4974 383421 : if (lenrange[2] < nbytes)
4975 312342 : lenrange[2] = nbytes;
4976 383421 : *nulterm = false;
4977 383421 : *allnul = false;
4978 383421 : *allnonnul = false;
4979 383421 : return true;
4980 : }
4981 :
4982 : /* Same as above except with an implicit SSA_NAME limit. When EXPR_OR_TYPE
4983 : is a type rather than an expression use its size to compute the range.
4984 : RVALS is used to determine ranges of dynamically computed string lengths
4985 : (the results of strlen). */
4986 :
4987 : bool
4988 1051356 : strlen_pass::count_nonzero_bytes (tree expr_or_type, gimple *stmt,
4989 : unsigned lenrange[3], bool *nulterm,
4990 : bool *allnul, bool *allnonnul)
4991 : {
4992 1051356 : if (TYPE_P (expr_or_type))
4993 31158 : return nonzero_bytes_for_type (expr_or_type, lenrange,
4994 31158 : nulterm, allnul, allnonnul);
4995 :
4996 : /* Set to optimistic values so the caller doesn't have to worry about
4997 : initializing these and to what. On success, the function will clear
4998 : these if it determines their values are different but being recursive
4999 : it never sets either to true. On failure, their values are
5000 : unspecified. */
5001 1020198 : *nulterm = true;
5002 1020198 : *allnul = true;
5003 1020198 : *allnonnul = true;
5004 :
5005 1020198 : ssa_name_limit_t snlim;
5006 1020198 : tree expr = expr_or_type;
5007 2040396 : return count_nonzero_bytes (expr, gimple_vuse (stmt), stmt,
5008 : 0, 0, lenrange, nulterm, allnul, allnonnul,
5009 : snlim);
5010 1020198 : }
5011 :
5012 : /* Handle a single or multibyte store other than by a built-in function,
5013 : either via a single character assignment or by multi-byte assignment
5014 : either via MEM_REF or via a type other than char (such as in
5015 : '*(int*)a = 12345'). Return true to let the caller advance *GSI to
5016 : the next statement in the basic block and false otherwise. */
5017 :
5018 : bool
5019 386989 : strlen_pass::handle_store (bool *zero_write)
5020 : {
5021 386989 : gimple *stmt = gsi_stmt (m_gsi);
5022 : /* The LHS and RHS of the store. The RHS is null if STMT is a function
5023 : call. STORETYPE is the type of the store (determined from either
5024 : the RHS of the assignment statement or the LHS of a function call. */
5025 386989 : tree lhs, rhs, storetype;
5026 386989 : if (is_gimple_assign (stmt))
5027 : {
5028 355831 : lhs = gimple_assign_lhs (stmt);
5029 355831 : rhs = gimple_assign_rhs1 (stmt);
5030 355831 : storetype = TREE_TYPE (rhs);
5031 : }
5032 31158 : else if (is_gimple_call (stmt))
5033 : {
5034 31158 : lhs = gimple_call_lhs (stmt);
5035 31158 : rhs = NULL_TREE;
5036 31158 : storetype = TREE_TYPE (lhs);
5037 : }
5038 : else
5039 : return true;
5040 :
5041 386989 : tree ssaname = NULL_TREE;
5042 386989 : strinfo *si = NULL;
5043 386989 : int idx = -1;
5044 :
5045 386989 : range_query *const rvals = ptr_qry.rvals;
5046 :
5047 : /* The offset of the first byte in LHS modified by the store. */
5048 386989 : unsigned HOST_WIDE_INT offset = 0;
5049 :
5050 386989 : if (TREE_CODE (lhs) == MEM_REF
5051 386989 : && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME)
5052 : {
5053 115158 : tree mem_offset = TREE_OPERAND (lhs, 1);
5054 115158 : if (tree_fits_uhwi_p (mem_offset))
5055 : {
5056 : /* Get the strinfo for the base, and use it if it starts with at
5057 : least OFFSET nonzero characters. This is trivially true if
5058 : OFFSET is zero. */
5059 115158 : offset = tree_to_uhwi (mem_offset);
5060 115158 : idx = get_stridx (TREE_OPERAND (lhs, 0), stmt);
5061 115158 : if (idx > 0)
5062 13624 : si = get_strinfo (idx);
5063 115158 : if (offset == 0)
5064 94953 : ssaname = TREE_OPERAND (lhs, 0);
5065 20205 : else if (si == NULL
5066 20205 : || compare_nonzero_chars (si, stmt, offset, rvals) < 0)
5067 : {
5068 17681 : *zero_write = rhs ? initializer_zerop (rhs) : false;
5069 :
5070 17681 : bool dummy;
5071 17681 : unsigned lenrange[] = { UINT_MAX, 0, 0 };
5072 17681 : if (count_nonzero_bytes (rhs ? rhs : storetype, stmt, lenrange,
5073 : &dummy, &dummy, &dummy))
5074 15632 : maybe_warn_overflow (stmt, true, lenrange[2]);
5075 :
5076 17681 : return true;
5077 : }
5078 : }
5079 : }
5080 : else
5081 : {
5082 271831 : idx = get_addr_stridx (lhs, stmt, NULL_TREE, &offset, rvals);
5083 271831 : if (idx > 0)
5084 42909 : si = get_strinfo (idx);
5085 : }
5086 :
5087 : /* Minimum and maximum leading non-zero bytes and the size of the store. */
5088 369308 : unsigned lenrange[] = { UINT_MAX, 0, 0 };
5089 :
5090 : /* Set to the minimum length of the string being assigned if known. */
5091 369308 : unsigned HOST_WIDE_INT rhs_minlen;
5092 :
5093 : /* STORING_NONZERO_P is true iff not all stored characters are zero.
5094 : STORING_ALL_NONZERO_P is true if all stored characters are zero.
5095 : STORING_ALL_ZEROS_P is true iff all stored characters are zero.
5096 : Both are false when it's impossible to determine which is true. */
5097 369308 : bool storing_nonzero_p;
5098 369308 : bool storing_all_nonzero_p;
5099 369308 : bool storing_all_zeros_p;
5100 : /* FULL_STRING_P is set when the stored sequence of characters form
5101 : a nul-terminated string. */
5102 369308 : bool full_string_p;
5103 :
5104 369308 : const bool ranges_valid
5105 400466 : = count_nonzero_bytes (rhs ? rhs : storetype, stmt,
5106 : lenrange, &full_string_p,
5107 : &storing_all_zeros_p, &storing_all_nonzero_p);
5108 :
5109 369308 : if (ranges_valid)
5110 : {
5111 341131 : rhs_minlen = lenrange[0];
5112 341131 : storing_nonzero_p = lenrange[1] > 0;
5113 341131 : *zero_write = storing_all_zeros_p;
5114 :
5115 341131 : maybe_warn_overflow (stmt, true, lenrange[2]);
5116 : }
5117 : else
5118 : {
5119 28177 : rhs_minlen = HOST_WIDE_INT_M1U;
5120 28177 : full_string_p = false;
5121 28177 : storing_nonzero_p = false;
5122 28177 : storing_all_zeros_p = false;
5123 28177 : storing_all_nonzero_p = false;
5124 : }
5125 :
5126 369308 : if (si != NULL)
5127 : {
5128 : /* The count_nonzero_bytes call above might have unshared si.
5129 : Fetch it again from the vector. */
5130 29311 : si = get_strinfo (idx);
5131 : /* The corresponding element is set to 1 if the first and last
5132 : element, respectively, of the sequence of characters being
5133 : written over the string described by SI ends before
5134 : the terminating nul (if it has one), to zero if the nul is
5135 : being overwritten but not beyond, or negative otherwise. */
5136 29311 : int store_before_nul[2];
5137 29311 : if (ranges_valid)
5138 : {
5139 : /* The offset of the last stored byte. */
5140 28504 : unsigned HOST_WIDE_INT endoff = offset + lenrange[2] - 1;
5141 28504 : store_before_nul[0]
5142 28504 : = compare_nonzero_chars (si, stmt, offset, rvals);
5143 28504 : if (endoff == offset)
5144 : store_before_nul[1] = store_before_nul[0];
5145 : else
5146 9335 : store_before_nul[1]
5147 9335 : = compare_nonzero_chars (si, stmt, endoff, rvals);
5148 : }
5149 : else
5150 : {
5151 807 : store_before_nul[0]
5152 807 : = compare_nonzero_chars (si, stmt, offset, rvals);
5153 807 : store_before_nul[1] = store_before_nul[0];
5154 807 : gcc_assert (offset == 0 || store_before_nul[0] >= 0);
5155 : }
5156 :
5157 29311 : if (storing_all_zeros_p
5158 14821 : && store_before_nul[0] == 0
5159 13879 : && store_before_nul[1] == 0
5160 11444 : && si->full_string_p)
5161 : {
5162 : /* When overwriting a '\0' with a '\0', the store can be removed
5163 : if we know it has been stored in the current function. */
5164 433 : if (!stmt_could_throw_p (cfun, stmt) && si->writable)
5165 : {
5166 431 : unlink_stmt_vdef (stmt);
5167 431 : release_defs (stmt);
5168 431 : gsi_remove (&m_gsi, true);
5169 431 : return false;
5170 : }
5171 : else
5172 : {
5173 2 : si->writable = true;
5174 2 : gsi_next (&m_gsi);
5175 2 : return false;
5176 : }
5177 : }
5178 :
5179 28878 : if (store_before_nul[1] > 0
5180 964 : && storing_nonzero_p
5181 560 : && lenrange[0] == lenrange[1]
5182 553 : && lenrange[0] == lenrange[2]
5183 549 : && TREE_CODE (storetype) == INTEGER_TYPE)
5184 : {
5185 : /* Handle a store of one or more non-nul characters that ends
5186 : before the terminating nul of the destination and so does
5187 : not affect its length
5188 : If si->nonzero_chars > OFFSET, we aren't overwriting '\0',
5189 : and if we aren't storing '\0', we know that the length of
5190 : the string and any other zero terminated string in memory
5191 : remains the same. In that case we move to the next gimple
5192 : statement and return to signal the caller that it shouldn't
5193 : invalidate anything.
5194 :
5195 : This is beneficial for cases like:
5196 :
5197 : char p[20];
5198 : void foo (char *q)
5199 : {
5200 : strcpy (p, "foobar");
5201 : size_t len = strlen (p); // can be folded to 6
5202 : size_t len2 = strlen (q); // has to be computed
5203 : p[0] = 'X';
5204 : size_t len3 = strlen (p); // can be folded to 6
5205 : size_t len4 = strlen (q); // can be folded to len2
5206 : bar (len, len2, len3, len4);
5207 : } */
5208 276 : gsi_next (&m_gsi);
5209 276 : return false;
5210 : }
5211 :
5212 28198 : if (storing_nonzero_p
5213 15614 : || storing_all_zeros_p
5214 1226 : || (full_string_p && lenrange[1] == 0)
5215 931 : || (offset != 0 && store_before_nul[1] > 0))
5216 : {
5217 : /* When STORING_NONZERO_P, we know that the string will start
5218 : with at least OFFSET + 1 nonzero characters. If storing
5219 : a single character, set si->NONZERO_CHARS to the result.
5220 : If storing multiple characters, try to determine the number
5221 : of leading non-zero characters and set si->NONZERO_CHARS to
5222 : the result instead.
5223 :
5224 : When STORING_ALL_ZEROS_P, or the first byte written is zero,
5225 : i.e. FULL_STRING_P && LENRANGE[1] == 0, we know that the
5226 : string is now OFFSET characters long.
5227 :
5228 : Otherwise, we're storing an unknown value at offset OFFSET,
5229 : so need to clip the nonzero_chars to OFFSET.
5230 : Use the minimum length of the string (or individual character)
5231 : being stored if it's known. Otherwise, STORING_NONZERO_P
5232 : guarantees it's at least 1. */
5233 40664 : HOST_WIDE_INT len
5234 27676 : = storing_nonzero_p && ranges_valid ? lenrange[0] : 1;
5235 27676 : location_t loc = gimple_location (stmt);
5236 27676 : tree oldlen = si->nonzero_chars;
5237 27676 : if (store_before_nul[1] == 0 && si->full_string_p)
5238 : /* We're overwriting the nul terminator with a nonzero or
5239 : unknown character. If the previous stmt was a memcpy,
5240 : its length may be decreased. */
5241 1629 : adjust_last_stmt (si, stmt, false);
5242 27676 : si = unshare_strinfo (si);
5243 27676 : if (storing_nonzero_p)
5244 : {
5245 12988 : gcc_assert (len >= 0);
5246 12988 : si->nonzero_chars = build_int_cst (size_type_node, offset + len);
5247 : }
5248 : else
5249 14688 : si->nonzero_chars = build_int_cst (size_type_node, offset);
5250 :
5251 : /* Set FULL_STRING_P only if the length of the strings being
5252 : written is the same, and clear it if the strings have
5253 : different lengths. In the latter case the length stored
5254 : in si->NONZERO_CHARS becomes the lower bound.
5255 : FIXME: Handle the upper bound of the length if possible. */
5256 27676 : si->full_string_p = full_string_p && lenrange[0] == lenrange[1];
5257 :
5258 27676 : if (storing_all_zeros_p
5259 14388 : && ssaname
5260 28262 : && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
5261 586 : si->endptr = ssaname;
5262 : else
5263 27090 : si->endptr = NULL;
5264 27676 : si->next = 0;
5265 27676 : si->stmt = NULL;
5266 27676 : si->writable = true;
5267 27676 : si->dont_invalidate = true;
5268 27676 : if (oldlen)
5269 : {
5270 23201 : tree adj = fold_build2_loc (loc, MINUS_EXPR, size_type_node,
5271 : si->nonzero_chars, oldlen);
5272 23201 : adjust_related_strinfos (loc, si, adj);
5273 : }
5274 : else
5275 4475 : si->prev = 0;
5276 : }
5277 : }
5278 339997 : else if (idx == 0 && (storing_all_zeros_p || storing_nonzero_p))
5279 : {
5280 222166 : if (ssaname)
5281 68407 : idx = new_stridx (ssaname);
5282 : else
5283 153759 : idx = new_addr_stridx (lhs);
5284 222166 : if (idx != 0)
5285 : {
5286 197602 : tree ptr = (ssaname ? ssaname : build_fold_addr_expr (lhs));
5287 :
5288 197602 : HOST_WIDE_INT slen;
5289 197602 : if (storing_all_zeros_p)
5290 : slen = 0;
5291 109159 : else if (storing_nonzero_p && ranges_valid)
5292 : {
5293 : /* FIXME: Handle the upper bound of the length when
5294 : LENRANGE[0] != LENRANGE[1]. */
5295 109159 : slen = lenrange[0];
5296 109159 : if (lenrange[0] != lenrange[1])
5297 : /* Set the minimum length but ignore the maximum
5298 : for now. */
5299 37603 : full_string_p = false;
5300 : }
5301 : else
5302 : slen = -1;
5303 :
5304 109159 : tree len = (slen <= 0
5305 109159 : ? size_zero_node
5306 197602 : : build_int_cst (size_type_node, slen));
5307 197602 : si = new_strinfo (ptr, idx, len, slen >= 0 && full_string_p);
5308 197602 : set_strinfo (idx, si);
5309 197602 : if (storing_all_zeros_p
5310 88443 : && ssaname
5311 227139 : && !SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ssaname))
5312 29537 : si->endptr = ssaname;
5313 197602 : si->dont_invalidate = true;
5314 197602 : si->writable = true;
5315 : }
5316 : }
5317 92411 : else if (idx == 0
5318 92411 : && rhs_minlen < HOST_WIDE_INT_M1U
5319 66967 : && ssaname == NULL_TREE
5320 58122 : && TREE_CODE (TREE_TYPE (lhs)) == ARRAY_TYPE)
5321 : {
5322 495 : HOST_WIDE_INT a = int_size_in_bytes (TREE_TYPE (lhs));
5323 495 : if (a > 0 && (unsigned HOST_WIDE_INT) a > rhs_minlen)
5324 : {
5325 495 : int idx = new_addr_stridx (lhs);
5326 495 : if (idx != 0)
5327 : {
5328 495 : si = new_strinfo (build_fold_addr_expr (lhs), idx,
5329 495 : build_int_cst (size_type_node, rhs_minlen),
5330 : full_string_p);
5331 495 : set_strinfo (idx, si);
5332 495 : si->dont_invalidate = true;
5333 : }
5334 : }
5335 : }
5336 :
5337 396275 : if (si != NULL && offset == 0 && storing_all_zeros_p && lenrange[2] == 1)
5338 : {
5339 : /* For single-byte stores only, allow adjust_last_stmt to remove
5340 : the statement if the stored '\0' is immediately overwritten. */
5341 50935 : laststmt.stmt = stmt;
5342 50935 : laststmt.len = build_int_cst (size_type_node, 1);
5343 50935 : laststmt.stridx = si->idx;
5344 : }
5345 : return true;
5346 : }
5347 :
5348 : /* Try to fold strstr (s, t) eq/ne s to strncmp (s, t, strlen (t)) eq/ne 0. */
5349 :
5350 : static void
5351 3371397 : fold_strstr_to_strncmp (tree rhs1, tree rhs2, gimple *stmt)
5352 : {
5353 3371397 : if (TREE_CODE (rhs1) != SSA_NAME
5354 3370871 : || TREE_CODE (rhs2) != SSA_NAME)
5355 : return;
5356 :
5357 2030156 : gimple *call_stmt = NULL;
5358 2030156 : for (int pass = 0; pass < 2; pass++)
5359 : {
5360 1353442 : gimple *g = SSA_NAME_DEF_STMT (rhs1);
5361 1353442 : if (gimple_call_builtin_p (g, BUILT_IN_STRSTR)
5362 28 : && has_single_use (rhs1)
5363 1353453 : && gimple_call_arg (g, 0) == rhs2)
5364 : {
5365 : call_stmt = g;
5366 : break;
5367 : }
5368 1353431 : std::swap (rhs1, rhs2);
5369 : }
5370 :
5371 676725 : if (call_stmt)
5372 : {
5373 11 : tree arg0 = gimple_call_arg (call_stmt, 0);
5374 :
5375 11 : if (arg0 == rhs2)
5376 : {
5377 11 : tree arg1 = gimple_call_arg (call_stmt, 1);
5378 11 : tree arg1_len = NULL_TREE;
5379 11 : int idx = get_stridx (arg1, call_stmt);
5380 :
5381 11 : if (idx)
5382 : {
5383 10 : if (idx < 0)
5384 9 : arg1_len = build_int_cst (size_type_node, ~idx);
5385 : else
5386 : {
5387 1 : strinfo *si = get_strinfo (idx);
5388 1 : if (si)
5389 1 : arg1_len = get_string_length (si);
5390 : }
5391 : }
5392 :
5393 10 : if (arg1_len != NULL_TREE)
5394 : {
5395 10 : gimple_stmt_iterator gsi = gsi_for_stmt (call_stmt);
5396 10 : tree strncmp_decl = builtin_decl_explicit (BUILT_IN_STRNCMP);
5397 :
5398 10 : if (!is_gimple_val (arg1_len))
5399 : {
5400 1 : tree arg1_len_tmp = make_ssa_name (TREE_TYPE (arg1_len));
5401 1 : gassign *arg1_stmt = gimple_build_assign (arg1_len_tmp,
5402 : arg1_len);
5403 1 : gsi_insert_before (&gsi, arg1_stmt, GSI_SAME_STMT);
5404 1 : arg1_len = arg1_len_tmp;
5405 : }
5406 :
5407 10 : gcall *strncmp_call = gimple_build_call (strncmp_decl, 3,
5408 : arg0, arg1, arg1_len);
5409 10 : tree strncmp_lhs = make_ssa_name (integer_type_node);
5410 20 : gimple_set_vuse (strncmp_call, gimple_vuse (call_stmt));
5411 10 : gimple_call_set_lhs (strncmp_call, strncmp_lhs);
5412 10 : gsi_remove (&gsi, true);
5413 10 : gsi_insert_before (&gsi, strncmp_call, GSI_SAME_STMT);
5414 10 : tree zero = build_zero_cst (TREE_TYPE (strncmp_lhs));
5415 :
5416 10 : if (is_gimple_assign (stmt))
5417 : {
5418 8 : if (gimple_assign_rhs_code (stmt) == COND_EXPR)
5419 : {
5420 0 : tree cond = gimple_assign_rhs1 (stmt);
5421 0 : TREE_OPERAND (cond, 0) = strncmp_lhs;
5422 0 : TREE_OPERAND (cond, 1) = zero;
5423 : }
5424 : else
5425 : {
5426 8 : gimple_assign_set_rhs1 (stmt, strncmp_lhs);
5427 8 : gimple_assign_set_rhs2 (stmt, zero);
5428 : }
5429 : }
5430 : else
5431 : {
5432 2 : gcond *cond = as_a<gcond *> (stmt);
5433 2 : gimple_cond_set_lhs (cond, strncmp_lhs);
5434 2 : gimple_cond_set_rhs (cond, zero);
5435 : }
5436 10 : update_stmt (stmt);
5437 : }
5438 : }
5439 : }
5440 : }
5441 :
5442 : /* Return true if TYPE corresponds to a narrow character type. */
5443 :
5444 : static bool
5445 9200893 : is_char_type (tree type)
5446 : {
5447 9200893 : return (TREE_CODE (type) == INTEGER_TYPE
5448 3075248 : && TYPE_MODE (type) == TYPE_MODE (char_type_node)
5449 9618173 : && TYPE_PRECISION (type) == TYPE_PRECISION (char_type_node));
5450 : }
5451 :
5452 : /* Check the built-in call at GSI for validity and optimize it.
5453 : Uses RVALS to determine range information.
5454 : Return true to let the caller advance *GSI to the next statement
5455 : in the basic block and false otherwise. */
5456 :
5457 : bool
5458 5375949 : strlen_pass::check_and_optimize_call (bool *zero_write)
5459 : {
5460 5375949 : gimple *stmt = gsi_stmt (m_gsi);
5461 :
5462 5375949 : if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
5463 : {
5464 4140781 : tree fntype = gimple_call_fntype (stmt);
5465 4140781 : if (!fntype)
5466 : return true;
5467 :
5468 3995753 : if (lookup_attribute ("alloc_size", TYPE_ATTRIBUTES (fntype)))
5469 : {
5470 60022 : handle_alloc_call (BUILT_IN_NONE);
5471 60022 : return true;
5472 : }
5473 :
5474 3935731 : if (tree lhs = gimple_call_lhs (stmt))
5475 1364205 : handle_assign (lhs, NULL_TREE, zero_write);
5476 :
5477 : /* Proceed to handle user-defined formatting functions. */
5478 : }
5479 :
5480 : /* When not optimizing we must be checking printf calls which
5481 : we do even for user-defined functions when they are declared
5482 : with attribute format. */
5483 5170899 : if (!flag_optimize_strlen
5484 4383735 : || !strlen_optimize
5485 9554634 : || !valid_builtin_call (stmt))
5486 4206824 : return !handle_printf_call (&m_gsi, ptr_qry);
5487 :
5488 964075 : tree callee = gimple_call_fndecl (stmt);
5489 964075 : switch (DECL_FUNCTION_CODE (callee))
5490 : {
5491 13703 : case BUILT_IN_STRLEN:
5492 13703 : case BUILT_IN_STRNLEN:
5493 13703 : handle_builtin_strlen ();
5494 13703 : break;
5495 487 : case BUILT_IN_STRCHR:
5496 487 : handle_builtin_strchr ();
5497 487 : break;
5498 2799 : case BUILT_IN_STRCPY:
5499 2799 : case BUILT_IN_STRCPY_CHK:
5500 2799 : case BUILT_IN_STPCPY:
5501 2799 : case BUILT_IN_STPCPY_CHK:
5502 2799 : handle_builtin_strcpy (DECL_FUNCTION_CODE (callee));
5503 2799 : break;
5504 :
5505 805 : case BUILT_IN_STRNCAT:
5506 805 : case BUILT_IN_STRNCAT_CHK:
5507 805 : handle_builtin_strncat (DECL_FUNCTION_CODE (callee));
5508 805 : break;
5509 :
5510 2487 : case BUILT_IN_STPNCPY:
5511 2487 : case BUILT_IN_STPNCPY_CHK:
5512 2487 : case BUILT_IN_STRNCPY:
5513 2487 : case BUILT_IN_STRNCPY_CHK:
5514 2487 : handle_builtin_stxncpy_strncat (false);
5515 2487 : break;
5516 :
5517 79877 : case BUILT_IN_MEMCPY:
5518 79877 : case BUILT_IN_MEMCPY_CHK:
5519 79877 : case BUILT_IN_MEMPCPY:
5520 79877 : case BUILT_IN_MEMPCPY_CHK:
5521 79877 : handle_builtin_memcpy (DECL_FUNCTION_CODE (callee));
5522 79877 : break;
5523 827 : case BUILT_IN_STRCAT:
5524 827 : case BUILT_IN_STRCAT_CHK:
5525 827 : handle_builtin_strcat (DECL_FUNCTION_CODE (callee));
5526 827 : break;
5527 36642 : case BUILT_IN_ALLOCA:
5528 36642 : case BUILT_IN_ALLOCA_WITH_ALIGN:
5529 36642 : case BUILT_IN_MALLOC:
5530 36642 : case BUILT_IN_CALLOC:
5531 36642 : handle_alloc_call (DECL_FUNCTION_CODE (callee));
5532 36642 : break;
5533 25579 : case BUILT_IN_MEMSET:
5534 25579 : if (handle_builtin_memset (zero_write))
5535 : return false;
5536 : break;
5537 129543 : case BUILT_IN_STRCMP:
5538 129543 : case BUILT_IN_STRNCMP:
5539 129543 : if (handle_builtin_string_cmp ())
5540 : return false;
5541 : break;
5542 671326 : default:
5543 671326 : if (handle_printf_call (&m_gsi, ptr_qry))
5544 : return false;
5545 : break;
5546 : }
5547 :
5548 : return true;
5549 : }
5550 :
5551 : /* Handle an assignment statement at *GSI to a LHS of integral type.
5552 : If GSI's basic block needs clean-up of EH, set *CLEANUP_EH to true. */
5553 :
5554 : void
5555 9041049 : strlen_pass::handle_integral_assign (bool *cleanup_eh)
5556 : {
5557 9041049 : gimple *stmt = gsi_stmt (m_gsi);
5558 9041049 : tree lhs = gimple_assign_lhs (stmt);
5559 9041049 : tree lhs_type = TREE_TYPE (lhs);
5560 :
5561 9041049 : enum tree_code code = gimple_assign_rhs_code (stmt);
5562 9041049 : if (code == COND_EXPR)
5563 : {
5564 10061 : tree cond = gimple_assign_rhs1 (stmt);
5565 10061 : enum tree_code cond_code = TREE_CODE (cond);
5566 :
5567 10061 : if (cond_code == EQ_EXPR || cond_code == NE_EXPR)
5568 0 : fold_strstr_to_strncmp (TREE_OPERAND (cond, 0),
5569 0 : TREE_OPERAND (cond, 1), stmt);
5570 : }
5571 9030988 : else if (code == EQ_EXPR || code == NE_EXPR)
5572 201316 : fold_strstr_to_strncmp (gimple_assign_rhs1 (stmt),
5573 : gimple_assign_rhs2 (stmt), stmt);
5574 8829672 : else if (gimple_assign_load_p (stmt)
5575 2524948 : && TREE_CODE (lhs_type) == INTEGER_TYPE
5576 2371130 : && TYPE_MODE (lhs_type) == TYPE_MODE (char_type_node)
5577 344007 : && (TYPE_PRECISION (lhs_type)
5578 344007 : == TYPE_PRECISION (char_type_node))
5579 9167339 : && !gimple_has_volatile_ops (stmt))
5580 : {
5581 326239 : tree off = integer_zero_node;
5582 326239 : unsigned HOST_WIDE_INT coff = 0;
5583 326239 : int idx = 0;
5584 326239 : tree rhs1 = gimple_assign_rhs1 (stmt);
5585 326239 : if (code == MEM_REF)
5586 : {
5587 160701 : idx = get_stridx (TREE_OPERAND (rhs1, 0), stmt);
5588 160701 : if (idx > 0)
5589 : {
5590 6084 : strinfo *si = get_strinfo (idx);
5591 6084 : if (si
5592 2772 : && si->nonzero_chars
5593 2762 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST
5594 6208 : && (wi::to_widest (si->nonzero_chars)
5595 248 : >= wi::to_widest (off)))
5596 124 : off = TREE_OPERAND (rhs1, 1);
5597 : else
5598 : /* This case is not useful. See if get_addr_stridx
5599 : returns something usable. */
5600 : idx = 0;
5601 : }
5602 : }
5603 5960 : if (idx <= 0)
5604 326115 : idx = get_addr_stridx (rhs1, stmt, NULL_TREE, &coff);
5605 326239 : if (idx > 0)
5606 : {
5607 5723 : strinfo *si = get_strinfo (idx);
5608 5723 : if (si
5609 875 : && si->nonzero_chars
5610 875 : && TREE_CODE (si->nonzero_chars) == INTEGER_CST)
5611 : {
5612 162 : widest_int w1 = wi::to_widest (si->nonzero_chars);
5613 162 : widest_int w2 = wi::to_widest (off) + coff;
5614 162 : if (w1 == w2
5615 162 : && si->full_string_p)
5616 : {
5617 31 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5618 : {
5619 0 : fprintf (dump_file, "Optimizing: ");
5620 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5621 : }
5622 :
5623 : /* Reading the final '\0' character. */
5624 31 : tree zero = build_int_cst (lhs_type, 0);
5625 31 : gimple_set_vuse (stmt, NULL_TREE);
5626 31 : gimple_assign_set_rhs_from_tree (&m_gsi, zero);
5627 31 : *cleanup_eh
5628 31 : |= maybe_clean_or_replace_eh_stmt (stmt,
5629 : gsi_stmt (m_gsi));
5630 31 : stmt = gsi_stmt (m_gsi);
5631 31 : update_stmt (stmt);
5632 :
5633 31 : if (dump_file && (dump_flags & TDF_DETAILS) != 0)
5634 : {
5635 0 : fprintf (dump_file, "into: ");
5636 0 : print_gimple_stmt (dump_file, stmt, 0, TDF_SLIM);
5637 : }
5638 : }
5639 131 : else if (w1 > w2)
5640 : {
5641 : /* Reading a character before the final '\0'
5642 : character. Just set the value range to ~[0, 0]
5643 : if we don't have anything better. */
5644 7 : int_range_max r;
5645 14 : if (!get_range_query (cfun)->range_of_expr (r, lhs)
5646 7 : || r.varying_p ())
5647 : {
5648 7 : r.set_nonzero (lhs_type);
5649 7 : set_range_info (lhs, r);
5650 : }
5651 7 : }
5652 162 : }
5653 : }
5654 : }
5655 8503433 : else if (code == MEM_REF && TREE_CODE (lhs) == SSA_NAME)
5656 : {
5657 664367 : if (int idx = new_stridx (lhs))
5658 : {
5659 : /* Record multi-byte assignments from MEM_REFs. */
5660 664367 : bool storing_all_nonzero_p;
5661 664367 : bool storing_all_zeros_p;
5662 664367 : bool full_string_p;
5663 664367 : unsigned lenrange[] = { UINT_MAX, 0, 0 };
5664 664367 : tree rhs = gimple_assign_rhs1 (stmt);
5665 664367 : const bool ranges_valid
5666 664367 : = count_nonzero_bytes (rhs, stmt,
5667 : lenrange, &full_string_p,
5668 : &storing_all_zeros_p,
5669 : &storing_all_nonzero_p);
5670 664367 : if (ranges_valid)
5671 : {
5672 617229 : tree length = build_int_cst (sizetype, lenrange[0]);
5673 617229 : strinfo *si = new_strinfo (lhs, idx, length, full_string_p);
5674 617229 : set_strinfo (idx, si);
5675 617229 : si->writable = true;
5676 617229 : si->dont_invalidate = true;
5677 : }
5678 : }
5679 : }
5680 :
5681 9041049 : if (strlen_to_stridx)
5682 : {
5683 9038498 : tree rhs1 = gimple_assign_rhs1 (stmt);
5684 9038498 : if (stridx_strlenloc *ps = strlen_to_stridx->get (rhs1))
5685 10239 : strlen_to_stridx->put (lhs, stridx_strlenloc (*ps));
5686 : }
5687 9041049 : }
5688 :
5689 : /* Handle assignment statement at *GSI to LHS. Set *ZERO_WRITE if
5690 : the assignment stores all zero bytes. RHS is the rhs of the
5691 : statement if not a call. */
5692 :
5693 : bool
5694 6311597 : strlen_pass::handle_assign (tree lhs, tree rhs, bool *zero_write)
5695 : {
5696 6311597 : tree type = TREE_TYPE (lhs);
5697 6311597 : if (TREE_CODE (type) == ARRAY_TYPE)
5698 114250 : type = TREE_TYPE (type);
5699 :
5700 4947392 : if (rhs && TREE_CODE (rhs) == CONSTRUCTOR
5701 85245 : && TREE_CODE (lhs) == MEM_REF
5702 43642 : && TREE_CODE (TREE_OPERAND (lhs, 0)) == SSA_NAME
5703 6315393 : && integer_zerop (TREE_OPERAND (lhs, 1)))
5704 : {
5705 : /* Set to the non-constant offset added to PTR. */
5706 17685 : wide_int offrng[2];
5707 3537 : gcc_assert (CONSTRUCTOR_NELTS (rhs) == 0);
5708 3537 : tree ptr = TREE_OPERAND (lhs, 0);
5709 3537 : tree len = TYPE_SIZE_UNIT (TREE_TYPE (lhs));
5710 3537 : int idx1 = get_stridx (ptr, gsi_stmt (m_gsi), offrng, ptr_qry.rvals);
5711 3537 : if (idx1 > 0)
5712 : {
5713 118 : strinfo *si1 = get_strinfo (idx1);
5714 10 : if (si1 && si1->stmt
5715 5 : && si1->alloc && is_gimple_call (si1->alloc)
5716 5 : && valid_builtin_call (si1->stmt)
5717 128 : && offrng[0] == 0 && offrng[1] == 0)
5718 : {
5719 5 : gimple *malloc_stmt = si1->stmt;
5720 5 : basic_block malloc_bb = gimple_bb (malloc_stmt);
5721 5 : if ((DECL_FUNCTION_CODE (gimple_call_fndecl (malloc_stmt))
5722 : == BUILT_IN_MALLOC)
5723 5 : && operand_equal_p (len, gimple_call_arg (malloc_stmt, 0), 0)
5724 10 : && allow_memset_malloc_to_calloc (ptr, malloc_bb,
5725 : gsi_bb (m_gsi)))
5726 : {
5727 5 : tree alloc_size = gimple_call_arg (malloc_stmt, 0);
5728 5 : gimple_stmt_iterator gsi1 = gsi_for_stmt (malloc_stmt);
5729 5 : tree calloc_decl = builtin_decl_implicit (BUILT_IN_CALLOC);
5730 5 : update_gimple_call (&gsi1, calloc_decl, 2, alloc_size,
5731 : build_one_cst (size_type_node));
5732 5 : si1->nonzero_chars = build_int_cst (size_type_node, 0);
5733 5 : si1->full_string_p = true;
5734 5 : si1->stmt = gsi_stmt (gsi1);
5735 5 : gimple *stmt = gsi_stmt (m_gsi);
5736 5 : unlink_stmt_vdef (stmt);
5737 5 : gsi_remove (&m_gsi, true);
5738 5 : release_defs (stmt);
5739 5 : return false;
5740 : }
5741 : }
5742 : }
5743 10611 : }
5744 :
5745 6311592 : bool is_char_store = is_char_type (type);
5746 6311592 : if (!is_char_store && TREE_CODE (lhs) == MEM_REF)
5747 : {
5748 : /* To consider stores into char objects via integer types other
5749 : than char but not those to non-character objects, determine
5750 : the type of the destination rather than just the type of
5751 : the access. */
5752 4298534 : for (int i = 0; i != 2; ++i)
5753 : {
5754 2889301 : tree ref = TREE_OPERAND (lhs, i);
5755 2889301 : type = TREE_TYPE (ref);
5756 2889301 : if (POINTER_TYPE_P (type))
5757 2889301 : type = TREE_TYPE (type);
5758 2889301 : if (TREE_CODE (type) == ARRAY_TYPE)
5759 163308 : type = TREE_TYPE (type);
5760 2889301 : if (is_char_type (type))
5761 : {
5762 : is_char_store = true;
5763 : break;
5764 : }
5765 : }
5766 : }
5767 :
5768 : /* Handle a single or multibyte assignment. */
5769 6311592 : if (is_char_store && !handle_store (zero_write))
5770 : return false;
5771 :
5772 : return true;
5773 : }
5774 :
5775 :
5776 : /* Attempt to check for validity of the performed access a single statement
5777 : at *GSI using string length knowledge, and to optimize it.
5778 : If the given basic block needs clean-up of EH, CLEANUP_EH is set to
5779 : true. Return true to let the caller advance *GSI to the next statement
5780 : in the basic block and false otherwise. */
5781 :
5782 : bool
5783 87526352 : strlen_pass::check_and_optimize_stmt (bool *cleanup_eh)
5784 : {
5785 87526352 : gimple *stmt = gsi_stmt (m_gsi);
5786 :
5787 : /* For statements that modify a string, set to true if the write
5788 : is only zeros. */
5789 87526352 : bool zero_write = false;
5790 :
5791 87526352 : if (is_gimple_call (stmt))
5792 : {
5793 5375949 : if (!check_and_optimize_call (&zero_write))
5794 : return false;
5795 : }
5796 82150403 : else if (!flag_optimize_strlen || !strlen_optimize)
5797 : return true;
5798 77439653 : else if (is_gimple_assign (stmt) && !gimple_clobber_p (stmt))
5799 : {
5800 : /* Handle non-clobbering assignment. */
5801 19673600 : tree lhs = gimple_assign_lhs (stmt);
5802 19673600 : tree lhs_type = TREE_TYPE (lhs);
5803 :
5804 19673600 : if (TREE_CODE (lhs) == SSA_NAME && POINTER_TYPE_P (lhs_type))
5805 : {
5806 3670564 : if (gimple_assign_single_p (stmt)
5807 3670564 : || (gimple_assign_cast_p (stmt)
5808 306505 : && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (stmt)))))
5809 : {
5810 2654895 : int idx = get_stridx (gimple_assign_rhs1 (stmt), stmt);
5811 2654895 : ssa_ver_to_stridx[SSA_NAME_VERSION (lhs)] = idx;
5812 : }
5813 1015669 : else if (gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
5814 731832 : handle_pointer_plus ();
5815 : }
5816 16003036 : else if (TREE_CODE (lhs) == SSA_NAME && INTEGRAL_TYPE_P (lhs_type))
5817 : /* Handle assignment to a character. */
5818 9041049 : handle_integral_assign (cleanup_eh);
5819 6961987 : else if (TREE_CODE (lhs) != SSA_NAME && !TREE_SIDE_EFFECTS (lhs))
5820 4947392 : if (!handle_assign (lhs, gimple_assign_rhs1 (stmt), &zero_write))
5821 : return false;
5822 : }
5823 57766053 : else if (gcond *cond = dyn_cast<gcond *> (stmt))
5824 : {
5825 4051178 : enum tree_code code = gimple_cond_code (cond);
5826 4051178 : if (code == EQ_EXPR || code == NE_EXPR)
5827 3170081 : fold_strstr_to_strncmp (gimple_cond_lhs (stmt),
5828 : gimple_cond_rhs (stmt), stmt);
5829 : }
5830 :
5831 109908400 : if (gimple_vdef (stmt))
5832 10839600 : maybe_invalidate (stmt, zero_write);
5833 : return true;
5834 : }
5835 :
5836 : /* Recursively call maybe_invalidate on stmts that might be executed
5837 : in between dombb and current bb and that contain a vdef. Stop when
5838 : *count stmts are inspected, or if the whole strinfo vector has
5839 : been invalidated. */
5840 :
5841 : static void
5842 679405 : do_invalidate (basic_block dombb, gimple *phi, bitmap visited, int *count)
5843 : {
5844 679405 : unsigned int i, n = gimple_phi_num_args (phi);
5845 :
5846 1163528 : for (i = 0; i < n; i++)
5847 : {
5848 1008011 : tree vuse = gimple_phi_arg_def (phi, i);
5849 1008011 : gimple *stmt = SSA_NAME_DEF_STMT (vuse);
5850 1008011 : basic_block bb = gimple_bb (stmt);
5851 1306591 : if (bb == NULL
5852 1008011 : || bb == dombb
5853 878456 : || !bitmap_set_bit (visited, bb->index)
5854 1769619 : || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5855 298580 : continue;
5856 1012226 : while (1)
5857 : {
5858 1012226 : if (gimple_code (stmt) == GIMPLE_PHI)
5859 : {
5860 179977 : do_invalidate (dombb, stmt, visited, count);
5861 179977 : if (*count == 0)
5862 : return;
5863 : break;
5864 : }
5865 832249 : if (--*count == 0)
5866 : return;
5867 831700 : if (!maybe_invalidate (stmt))
5868 : {
5869 435478 : *count = 0;
5870 435478 : return;
5871 : }
5872 396222 : vuse = gimple_vuse (stmt);
5873 396222 : stmt = SSA_NAME_DEF_STMT (vuse);
5874 396222 : if (gimple_bb (stmt) != bb)
5875 : {
5876 141277 : bb = gimple_bb (stmt);
5877 141277 : if (bb == NULL
5878 141277 : || bb == dombb
5879 91327 : || !bitmap_set_bit (visited, bb->index)
5880 199746 : || !dominated_by_p (CDI_DOMINATORS, bb, dombb))
5881 : break;
5882 : }
5883 : }
5884 : }
5885 : }
5886 :
5887 : /* Release pointer_query cache. */
5888 :
5889 1103062 : strlen_pass::~strlen_pass ()
5890 : {
5891 1103062 : ptr_qry.flush_cache ();
5892 2206124 : }
5893 :
5894 : /* Callback for walk_dominator_tree. Attempt to optimize various
5895 : string ops by remembering string lengths pointed by pointer SSA_NAMEs. */
5896 :
5897 : edge
5898 11787885 : strlen_pass::before_dom_children (basic_block bb)
5899 : {
5900 11787885 : basic_block dombb = get_immediate_dominator (CDI_DOMINATORS, bb);
5901 :
5902 11787885 : if (dombb == NULL)
5903 1103062 : stridx_to_strinfo = NULL;
5904 : else
5905 : {
5906 10684823 : stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) dombb->aux);
5907 10684823 : if (stridx_to_strinfo)
5908 : {
5909 2952915 : for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5910 465058 : gsi_next (&gsi))
5911 : {
5912 964486 : gphi *phi = gsi.phi ();
5913 1928972 : if (virtual_operand_p (gimple_phi_result (phi)))
5914 : {
5915 499428 : bitmap visited = BITMAP_ALLOC (NULL);
5916 499428 : int count_vdef = 100;
5917 499428 : do_invalidate (dombb, phi, visited, &count_vdef);
5918 499428 : BITMAP_FREE (visited);
5919 499428 : if (count_vdef == 0)
5920 : {
5921 : /* If there were too many vdefs in between immediate
5922 : dominator and current bb, invalidate everything.
5923 : If stridx_to_strinfo has been unshared, we need
5924 : to free it, otherwise just set it to NULL. */
5925 436027 : if (!strinfo_shared ())
5926 : {
5927 : unsigned int i;
5928 : strinfo *si;
5929 :
5930 674061 : for (i = 1;
5931 724876 : vec_safe_iterate (stridx_to_strinfo, i, &si);
5932 : ++i)
5933 : {
5934 674061 : free_strinfo (si);
5935 674061 : (*stridx_to_strinfo)[i] = NULL;
5936 : }
5937 : }
5938 : else
5939 385212 : stridx_to_strinfo = NULL;
5940 : }
5941 499428 : break;
5942 : }
5943 : }
5944 : }
5945 : }
5946 :
5947 : /* If all PHI arguments have the same string index, the PHI result
5948 : has it as well. */
5949 16529128 : for (gphi_iterator gsi = gsi_start_phis (bb); !gsi_end_p (gsi);
5950 4741243 : gsi_next (&gsi))
5951 : {
5952 4741243 : gphi *phi = gsi.phi ();
5953 4741243 : tree result = gimple_phi_result (phi);
5954 9482486 : if (!virtual_operand_p (result) && POINTER_TYPE_P (TREE_TYPE (result)))
5955 : {
5956 799823 : int idx = get_stridx (gimple_phi_arg_def (phi, 0), phi);
5957 799823 : if (idx != 0)
5958 : {
5959 38330 : unsigned int i, n = gimple_phi_num_args (phi);
5960 45782 : for (i = 1; i < n; i++)
5961 36344 : if (idx != get_stridx (gimple_phi_arg_def (phi, i), phi))
5962 : break;
5963 38330 : if (i == n)
5964 9438 : ssa_ver_to_stridx[SSA_NAME_VERSION (result)] = idx;
5965 : }
5966 : }
5967 : }
5968 :
5969 11787885 : bool cleanup_eh = false;
5970 :
5971 : /* Attempt to optimize individual statements. */
5972 122890007 : for (m_gsi = gsi_start_bb (bb); !gsi_end_p (m_gsi); )
5973 : {
5974 : /* Reset search depth performance counter. */
5975 87526352 : ptr_qry.depth = 0;
5976 :
5977 87526352 : if (check_and_optimize_stmt (&cleanup_eh))
5978 87524915 : gsi_next (&m_gsi);
5979 : }
5980 :
5981 11787885 : if (cleanup_eh && gimple_purge_dead_eh_edges (bb))
5982 0 : m_cleanup_cfg = true;
5983 :
5984 11787885 : bb->aux = stridx_to_strinfo;
5985 11787885 : if (vec_safe_length (stridx_to_strinfo) && !strinfo_shared ())
5986 862159 : (*stridx_to_strinfo)[0] = (strinfo *) bb;
5987 11787885 : return NULL;
5988 : }
5989 :
5990 : /* Callback for walk_dominator_tree. Free strinfo vector if it is
5991 : owned by the current bb, clear bb->aux. */
5992 :
5993 : void
5994 11787885 : strlen_pass::after_dom_children (basic_block bb)
5995 : {
5996 11787885 : if (bb->aux)
5997 : {
5998 2622771 : stridx_to_strinfo = ((vec<strinfo *, va_heap, vl_embed> *) bb->aux);
5999 2622771 : if (vec_safe_length (stridx_to_strinfo)
6000 2622771 : && (*stridx_to_strinfo)[0] == (strinfo *) bb)
6001 : {
6002 : unsigned int i;
6003 : strinfo *si;
6004 :
6005 14141538 : for (i = 1; vec_safe_iterate (stridx_to_strinfo, i, &si); ++i)
6006 13279379 : free_strinfo (si);
6007 862159 : vec_free (stridx_to_strinfo);
6008 : }
6009 2622771 : bb->aux = NULL;
6010 : }
6011 11787885 : }
6012 :
6013 : namespace {
6014 :
6015 : static unsigned int
6016 1103062 : printf_strlen_execute (function *fun, bool warn_only)
6017 : {
6018 1103062 : strlen_optimize = !warn_only;
6019 :
6020 1103062 : calculate_dominance_info (CDI_DOMINATORS);
6021 1103062 : loop_optimizer_init (LOOPS_NORMAL);
6022 1103062 : scev_initialize ();
6023 :
6024 1103062 : gcc_assert (!strlen_to_stridx);
6025 1103062 : if (warn_stringop_overflow || warn_stringop_truncation)
6026 1102822 : strlen_to_stridx = new hash_map<tree, stridx_strlenloc> ();
6027 :
6028 : /* This has to happen after initializing the loop optimizer
6029 : and initializing SCEV as they create new SSA_NAMEs. */
6030 2206124 : ssa_ver_to_stridx.safe_grow_cleared (num_ssa_names, true);
6031 1103062 : max_stridx = 1;
6032 :
6033 1103062 : enable_ranger (fun);
6034 : /* String length optimization is implemented as a walk of the dominator
6035 : tree and a forward walk of statements within each block. */
6036 1103062 : strlen_pass walker (fun, CDI_DOMINATORS);
6037 1103062 : walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun));
6038 :
6039 1103062 : if (dump_file && (dump_flags & TDF_DETAILS))
6040 0 : walker.ptr_qry.dump (dump_file, true);
6041 :
6042 1103062 : ssa_ver_to_stridx.release ();
6043 1103062 : strinfo_pool.release ();
6044 1103062 : if (decl_to_stridxlist_htab)
6045 : {
6046 44743 : obstack_free (&stridx_obstack, NULL);
6047 89486 : delete decl_to_stridxlist_htab;
6048 44743 : decl_to_stridxlist_htab = NULL;
6049 : }
6050 1103062 : laststmt.stmt = NULL;
6051 1103062 : laststmt.len = NULL_TREE;
6052 1103062 : laststmt.stridx = 0;
6053 :
6054 1103062 : if (strlen_to_stridx)
6055 : {
6056 1102822 : strlen_to_stridx->empty ();
6057 2205644 : delete strlen_to_stridx;
6058 1102822 : strlen_to_stridx = NULL;
6059 : }
6060 :
6061 1103062 : disable_ranger (fun);
6062 1103062 : scev_finalize ();
6063 1103062 : loop_optimizer_finalize ();
6064 1103062 : free_dominance_info (CDI_POST_DOMINATORS);
6065 :
6066 1103062 : return walker.m_cleanup_cfg ? TODO_cleanup_cfg : 0;
6067 1103062 : }
6068 :
6069 : /* This file defines two passes: one for warnings that runs only when
6070 : optimization is disabled, and another that implements optimizations
6071 : and also issues warnings. */
6072 :
6073 : const pass_data pass_data_warn_printf =
6074 : {
6075 : GIMPLE_PASS, /* type */
6076 : "warn-printf", /* name */
6077 : OPTGROUP_NONE, /* optinfo_flags */
6078 : TV_NONE, /* tv_id */
6079 : /* Normally an optimization pass would require PROP_ssa but because
6080 : this pass runs early, with no optimization, to do sprintf format
6081 : checking, it only requires PROP_cfg. */
6082 : PROP_cfg, /* properties_required */
6083 : 0, /* properties_provided */
6084 : 0, /* properties_destroyed */
6085 : 0, /* todo_flags_start */
6086 : 0, /* todo_flags_finish */
6087 : };
6088 :
6089 : class pass_warn_printf : public gimple_opt_pass
6090 : {
6091 : public:
6092 288047 : pass_warn_printf (gcc::context *ctxt)
6093 576094 : : gimple_opt_pass (pass_data_warn_printf, ctxt)
6094 : {}
6095 :
6096 : bool gate (function *) final override;
6097 61150 : unsigned int execute (function *fun) final override
6098 : {
6099 61150 : return printf_strlen_execute (fun, true);
6100 : }
6101 : };
6102 :
6103 :
6104 : /* Return true to run the warning pass only when not optimizing and
6105 : iff either -Wformat-overflow or -Wformat-truncation is specified. */
6106 :
6107 : bool
6108 2853338 : pass_warn_printf::gate (function *)
6109 : {
6110 2853338 : return !optimize && (warn_format_overflow > 0 || warn_format_trunc > 0);
6111 : }
6112 :
6113 : const pass_data pass_data_strlen =
6114 : {
6115 : GIMPLE_PASS, /* type */
6116 : "strlen", /* name */
6117 : OPTGROUP_NONE, /* optinfo_flags */
6118 : TV_TREE_STRLEN, /* tv_id */
6119 : PROP_cfg | PROP_ssa, /* properties_required */
6120 : 0, /* properties_provided */
6121 : 0, /* properties_destroyed */
6122 : 0, /* todo_flags_start */
6123 : 0, /* todo_flags_finish */
6124 : };
6125 :
6126 : class pass_strlen : public gimple_opt_pass
6127 : {
6128 : public:
6129 576094 : pass_strlen (gcc::context *ctxt)
6130 1152188 : : gimple_opt_pass (pass_data_strlen, ctxt)
6131 : {}
6132 :
6133 288047 : opt_pass * clone () final override { return new pass_strlen (m_ctxt); }
6134 :
6135 : bool gate (function *) final override;
6136 1041912 : unsigned int execute (function *fun) final override
6137 : {
6138 1041912 : return printf_strlen_execute (fun, false);
6139 : }
6140 : };
6141 :
6142 : /* Return true to run the pass only when the sprintf and/or strlen
6143 : optimizations are enabled and -Wformat-overflow or -Wformat-truncation
6144 : are specified. */
6145 :
6146 : bool
6147 1041946 : pass_strlen::gate (function *)
6148 : {
6149 1041946 : return ((warn_format_overflow > 0
6150 929228 : || warn_format_trunc > 0
6151 929223 : || warn_restrict > 0
6152 929036 : || flag_optimize_strlen > 0
6153 122813 : || flag_printf_return_value)
6154 1971162 : && optimize > 0);
6155 : }
6156 :
6157 : } // anon namespace
6158 :
6159 : gimple_opt_pass *
6160 288047 : make_pass_warn_printf (gcc::context *ctxt)
6161 : {
6162 288047 : return new pass_warn_printf (ctxt);
6163 : }
6164 :
6165 : gimple_opt_pass *
6166 288047 : make_pass_strlen (gcc::context *ctxt)
6167 : {
6168 288047 : return new pass_strlen (ctxt);
6169 : }
|
