]> gcc.gnu.org Git - gcc.git/blob - gcc/gimple-ssa-sprintf.c
git://gcc.gnu.org / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-optimization/93868 copy SLP tree before re-arranging stmts
[gcc.git] / gcc / gimple-ssa-sprintf.c
1 /* Copyright (C) 2016-2020 Free Software Foundation, Inc.
2 Contributed by Martin Sebor <msebor@redhat.com>.
3
4 This file is part of GCC.
5
6 GCC is free software; you can redistribute it and/or modify it under
7 the terms of the GNU General Public License as published by the Free
8 Software Foundation; either version 3, or (at your option) any later
9 version.
10
11 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
12 WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with GCC; see the file COPYING3. If not see
18 <http://www.gnu.org/licenses/>. */
19
20 /* This file implements the printf-return-value pass. The pass does
21 two things: 1) it analyzes calls to formatted output functions like
22 sprintf looking for possible buffer overflows and calls to bounded
23 functions like snprintf for early truncation (and under the control
24 of the -Wformat-length option issues warnings), and 2) under the
25 control of the -fprintf-return-value option it folds the return
26 value of safe calls into constants, making it possible to eliminate
27 code that depends on the value of those constants.
28
29 For all functions (bounded or not) the pass uses the size of the
30 destination object. That means that it will diagnose calls to
31 snprintf not on the basis of the size specified by the function's
32 second argument but rathger on the basis of the size the first
33 argument points to (if possible). For bound-checking built-ins
34 like __builtin___snprintf_chk the pass uses the size typically
35 determined by __builtin_object_size and passed to the built-in
36 by the Glibc inline wrapper.
37
38 The pass handles all forms standard sprintf format directives,
39 including character, integer, floating point, pointer, and strings,
40 with the standard C flags, widths, and precisions. For integers
41 and strings it computes the length of output itself. For floating
42 point it uses MPFR to fornmat known constants with up and down
43 rounding and uses the resulting range of output lengths. For
44 strings it uses the length of string literals and the sizes of
45 character arrays that a character pointer may point to as a bound
46 on the longest string. */
47
48 #include "config.h"
49 #include "system.h"
50 #include "coretypes.h"
51 #include "backend.h"
52 #include "tree.h"
53 #include "gimple.h"
54 #include "tree-pass.h"
55 #include "ssa.h"
56 #include "gimple-fold.h"
57 #include "gimple-pretty-print.h"
58 #include "diagnostic-core.h"
59 #include "fold-const.h"
60 #include "gimple-iterator.h"
61 #include "tree-ssa.h"
62 #include "tree-object-size.h"
63 #include "tree-cfg.h"
64 #include "tree-ssa-propagate.h"
65 #include "calls.h"
66 #include "cfgloop.h"
67 #include "tree-scalar-evolution.h"
68 #include "tree-ssa-loop.h"
69 #include "intl.h"
70 #include "langhooks.h"
71
72 #include "attribs.h"
73 #include "builtins.h"
74 #include "stor-layout.h"
75
76 #include "realmpfr.h"
77 #include "target.h"
78
79 #include "cpplib.h"
80 #include "input.h"
81 #include "toplev.h"
82 #include "substring-locations.h"
83 #include "diagnostic.h"
84 #include "domwalk.h"
85 #include "alloc-pool.h"
86 #include "vr-values.h"
87 #include "tree-ssa-strlen.h"
88 #include "tree-dfa.h"
89
90 /* The likely worst case value of MB_LEN_MAX for the target, large enough
91 for UTF-8. Ideally, this would be obtained by a target hook if it were
92 to be used for optimization but it's good enough as is for warnings. */
93 #define target_mb_len_max() 6
94
95 /* The maximum number of bytes a single non-string directive can result
96 in. This is the result of printf("%.*Lf", INT_MAX, -LDBL_MAX) for
97 LDBL_MAX_10_EXP of 4932. */
98 #define IEEE_MAX_10_EXP 4932
99 #define target_dir_max() (target_int_max () + IEEE_MAX_10_EXP + 2)
100
101 namespace {
102
103 /* Set to the warning level for the current function which is equal
104 either to warn_format_trunc for bounded functions or to
105 warn_format_overflow otherwise. */
106
107 static int warn_level;
108
109 /* The minimum, maximum, likely, and unlikely maximum number of bytes
110 of output either a formatting function or an individual directive
111 can result in. */
112
113 struct result_range
114 {
115 /* The absolute minimum number of bytes. The result of a successful
116 conversion is guaranteed to be no less than this. (An erroneous
117 conversion can be indicated by MIN > HOST_WIDE_INT_MAX.) */
118 unsigned HOST_WIDE_INT min;
119 /* The likely maximum result that is used in diagnostics. In most
120 cases MAX is the same as the worst case UNLIKELY result. */
121 unsigned HOST_WIDE_INT max;
122 /* The likely result used to trigger diagnostics. For conversions
123 that result in a range of bytes [MIN, MAX], LIKELY is somewhere
124 in that range. */
125 unsigned HOST_WIDE_INT likely;
126 /* In rare cases (e.g., for nultibyte characters) UNLIKELY gives
127 the worst cases maximum result of a directive. In most cases
128 UNLIKELY == MAX. UNLIKELY is used to control the return value
129 optimization but not in diagnostics. */
130 unsigned HOST_WIDE_INT unlikely;
131 };
132
133 /* Return the value of INT_MIN for the target. */
134
135 static inline HOST_WIDE_INT
136 target_int_min ()
137 {
138 return tree_to_shwi (TYPE_MIN_VALUE (integer_type_node));
139 }
140
141 /* Return the value of INT_MAX for the target. */
142
143 static inline unsigned HOST_WIDE_INT
144 target_int_max ()
145 {
146 return tree_to_uhwi (TYPE_MAX_VALUE (integer_type_node));
147 }
148
149 /* Return the value of SIZE_MAX for the target. */
150
151 static inline unsigned HOST_WIDE_INT
152 target_size_max ()
153 {
154 return tree_to_uhwi (TYPE_MAX_VALUE (size_type_node));
155 }
156
157 /* A straightforward mapping from the execution character set to the host
158 character set indexed by execution character. */
159
160 static char target_to_host_charmap[256];
161
162 /* Initialize a mapping from the execution character set to the host
163 character set. */
164
165 static bool
166 init_target_to_host_charmap ()
167 {
168 /* If the percent sign is non-zero the mapping has already been
169 initialized. */
170 if (target_to_host_charmap['%'])
171 return true;
172
173 /* Initialize the target_percent character (done elsewhere). */
174 if (!init_target_chars ())
175 return false;
176
177 /* The subset of the source character set used by printf conversion
178 specifications (strictly speaking, not all letters are used but
179 they are included here for the sake of simplicity). The dollar
180 sign must be included even though it's not in the basic source
181 character set. */
182 const char srcset[] = " 0123456789!\"#%&'()*+,-./:;<=>?[\\]^_{|}~$"
183 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
184
185 /* Set the mapping for all characters to some ordinary value (i,e.,
186 not none used in printf conversion specifications) and overwrite
187 those that are used by conversion specifications with their
188 corresponding values. */
189 memset (target_to_host_charmap + 1, '?', sizeof target_to_host_charmap - 1);
190
191 /* Are the two sets of characters the same? */
192 bool all_same_p = true;
193
194 for (const char *pc = srcset; *pc; ++pc)
195 {
196 /* Slice off the high end bits in case target characters are
197 signed. All values are expected to be non-nul, otherwise
198 there's a problem. */
199 if (unsigned char tc = lang_hooks.to_target_charset (*pc))
200 {
201 target_to_host_charmap[tc] = *pc;
202 if (tc != *pc)
203 all_same_p = false;
204 }
205 else
206 return false;
207
208 }
209
210 /* Set the first element to a non-zero value if the mapping
211 is 1-to-1, otherwise leave it clear (NUL is assumed to be
212 the same in both character sets). */
213 target_to_host_charmap[0] = all_same_p;
214
215 return true;
216 }
217
218 /* Return the host source character corresponding to the character
219 CH in the execution character set if one exists, or some innocuous
220 (non-special, non-nul) source character otherwise. */
221
222 static inline unsigned char
223 target_to_host (unsigned char ch)
224 {
225 return target_to_host_charmap[ch];
226 }
227
228 /* Convert an initial substring of the string TARGSTR consisting of
229 characters in the execution character set into a string in the
230 source character set on the host and store up to HOSTSZ characters
231 in the buffer pointed to by HOSTR. Return HOSTR. */
232
233 static const char*
234 target_to_host (char *hostr, size_t hostsz, const char *targstr)
235 {
236 /* Make sure the buffer is reasonably big. */
237 gcc_assert (hostsz > 4);
238
239 /* The interesting subset of source and execution characters are
240 the same so no conversion is necessary. However, truncate
241 overlong strings just like the translated strings are. */
242 if (target_to_host_charmap['\0'] == 1)
243 {
244 size_t len = strlen (targstr);
245 if (len >= hostsz)
246 {
247 memcpy (hostr, targstr, hostsz - 4);
248 strcpy (hostr + hostsz - 4, "...");
249 }
250 else
251 memcpy (hostr, targstr, len + 1);
252 return hostr;
253 }
254
255 /* Convert the initial substring of TARGSTR to the corresponding
256 characters in the host set, appending "..." if TARGSTR is too
257 long to fit. Using the static buffer assumes the function is
258 not called in between sequence points (which it isn't). */
259 for (char *ph = hostr; ; ++targstr)
260 {
261 *ph++ = target_to_host (*targstr);
262 if (!*targstr)
263 break;
264
265 if (size_t (ph - hostr) == hostsz)
266 {
267 strcpy (ph - 4, "...");
268 break;
269 }
270 }
271
272 return hostr;
273 }
274
275 /* Convert the sequence of decimal digits in the execution character
276 starting at *PS to a HOST_WIDE_INT, analogously to strtol. Return
277 the result and set *PS to one past the last converted character.
278 On range error set ERANGE to the digit that caused it. */
279
280 static inline HOST_WIDE_INT
281 target_strtowi (const char **ps, const char **erange)
282 {
283 unsigned HOST_WIDE_INT val = 0;
284 for ( ; ; ++*ps)
285 {
286 unsigned char c = target_to_host (**ps);
287 if (ISDIGIT (c))
288 {
289 c -= '0';
290
291 /* Check for overflow. */
292 if (val > ((unsigned HOST_WIDE_INT) HOST_WIDE_INT_MAX - c) / 10LU)
293 {
294 val = HOST_WIDE_INT_MAX;
295 *erange = *ps;
296
297 /* Skip the remaining digits. */
298 do
299 c = target_to_host (*++*ps);
300 while (ISDIGIT (c));
301 break;
302 }
303 else
304 val = val * 10 + c;
305 }
306 else
307 break;
308 }
309
310 return val;
311 }
312
313 /* Given FORMAT, set *PLOC to the source location of the format string
314 and return the format string if it is known or null otherwise. */
315
316 static const char*
317 get_format_string (tree format, location_t *ploc)
318 {
319 *ploc = EXPR_LOC_OR_LOC (format, input_location);
320
321 return c_getstr (format);
322 }
323
324 /* For convenience and brevity, shorter named entrypoints of
325 format_string_diagnostic_t::emit_warning_va and
326 format_string_diagnostic_t::emit_warning_n_va.
327 These have to be functions with the attribute so that exgettext
328 works properly. */
329
330 static bool
331 ATTRIBUTE_GCC_DIAG (5, 6)
332 fmtwarn (const substring_loc &fmt_loc, location_t param_loc,
333 const char *corrected_substring, int opt, const char *gmsgid, ...)
334 {
335 format_string_diagnostic_t diag (fmt_loc, NULL, param_loc, NULL,
336 corrected_substring);
337 va_list ap;
338 va_start (ap, gmsgid);
339 bool warned = diag.emit_warning_va (opt, gmsgid, &ap);
340 va_end (ap);
341
342 return warned;
343 }
344
345 static bool
346 ATTRIBUTE_GCC_DIAG (6, 8) ATTRIBUTE_GCC_DIAG (7, 8)
347 fmtwarn_n (const substring_loc &fmt_loc, location_t param_loc,
348 const char *corrected_substring, int opt, unsigned HOST_WIDE_INT n,
349 const char *singular_gmsgid, const char *plural_gmsgid, ...)
350 {
351 format_string_diagnostic_t diag (fmt_loc, NULL, param_loc, NULL,
352 corrected_substring);
353 va_list ap;
354 va_start (ap, plural_gmsgid);
355 bool warned = diag.emit_warning_n_va (opt, n, singular_gmsgid, plural_gmsgid,
356 &ap);
357 va_end (ap);
358
359 return warned;
360 }
361
362 /* Format length modifiers. */
363
364 enum format_lengths
365 {
366 FMT_LEN_none,
367 FMT_LEN_hh, // char argument
368 FMT_LEN_h, // short
369 FMT_LEN_l, // long
370 FMT_LEN_ll, // long long
371 FMT_LEN_L, // long double (and GNU long long)
372 FMT_LEN_z, // size_t
373 FMT_LEN_t, // ptrdiff_t
374 FMT_LEN_j // intmax_t
375 };
376
377
378 /* Description of the result of conversion either of a single directive
379 or the whole format string. */
380
381 class fmtresult
382 {
383 public:
384 /* Construct a FMTRESULT object with all counters initialized
385 to MIN. KNOWNRANGE is set when MIN is valid. */
386 fmtresult (unsigned HOST_WIDE_INT min = HOST_WIDE_INT_MAX)
387 : argmin (), argmax (), dst_offset (HOST_WIDE_INT_MIN), nonstr (),
388 knownrange (min < HOST_WIDE_INT_MAX),
389 mayfail (), nullp ()
390 {
391 range.min = min;
392 range.max = min;
393 range.likely = min;
394 range.unlikely = min;
395 }
396
397 /* Construct a FMTRESULT object with MIN, MAX, and LIKELY counters.
398 KNOWNRANGE is set when both MIN and MAX are valid. */
399 fmtresult (unsigned HOST_WIDE_INT min, unsigned HOST_WIDE_INT max,
400 unsigned HOST_WIDE_INT likely = HOST_WIDE_INT_MAX)
401 : argmin (), argmax (), dst_offset (HOST_WIDE_INT_MIN), nonstr (),
402 knownrange (min < HOST_WIDE_INT_MAX && max < HOST_WIDE_INT_MAX),
403 mayfail (), nullp ()
404 {
405 range.min = min;
406 range.max = max;
407 range.likely = max < likely ? min : likely;
408 range.unlikely = max;
409 }
410
411 /* Adjust result upward to reflect the RANGE of values the specified
412 width or precision is known to be in. */
413 fmtresult& adjust_for_width_or_precision (const HOST_WIDE_INT[2],
414 tree = NULL_TREE,
415 unsigned = 0, unsigned = 0);
416
417 /* Return the maximum number of decimal digits a value of TYPE
418 formats as on output. */
419 static unsigned type_max_digits (tree, int);
420
421 /* The range a directive's argument is in. */
422 tree argmin, argmax;
423
424 /* The starting offset into the destination of the formatted function
425 call of the %s argument that points into (aliases with) the same
426 destination array. */
427 HOST_WIDE_INT dst_offset;
428
429 /* The minimum and maximum number of bytes that a directive
430 results in on output for an argument in the range above. */
431 result_range range;
432
433 /* Non-nul when the argument of a string directive is not a nul
434 terminated string. */
435 tree nonstr;
436
437 /* True when the range above is obtained from a known value of
438 a directive's argument or its bounds and not the result of
439 heuristics that depend on warning levels. */
440 bool knownrange;
441
442 /* True for a directive that may fail (such as wide character
443 directives). */
444 bool mayfail;
445
446 /* True when the argument is a null pointer. */
447 bool nullp;
448 };
449
450 /* Adjust result upward to reflect the range ADJUST of values the
451 specified width or precision is known to be in. When non-null,
452 TYPE denotes the type of the directive whose result is being
453 adjusted, BASE gives the base of the directive (octal, decimal,
454 or hex), and ADJ denotes the additional adjustment to the LIKELY
455 counter that may need to be added when ADJUST is a range. */
456
457 fmtresult&
458 fmtresult::adjust_for_width_or_precision (const HOST_WIDE_INT adjust[2],
459 tree type /* = NULL_TREE */,
460 unsigned base /* = 0 */,
461 unsigned adj /* = 0 */)
462 {
463 bool minadjusted = false;
464
465 /* Adjust the minimum and likely counters. */
466 if (adjust[0] >= 0)
467 {
468 if (range.min < (unsigned HOST_WIDE_INT)adjust[0])
469 {
470 range.min = adjust[0];
471 minadjusted = true;
472 }
473
474 /* Adjust the likely counter. */
475 if (range.likely < range.min)
476 range.likely = range.min;
477 }
478 else if (adjust[0] == target_int_min ()
479 && (unsigned HOST_WIDE_INT)adjust[1] == target_int_max ())
480 knownrange = false;
481
482 /* Adjust the maximum counter. */
483 if (adjust[1] > 0)
484 {
485 if (range.max < (unsigned HOST_WIDE_INT)adjust[1])
486 {
487 range.max = adjust[1];
488
489 /* Set KNOWNRANGE if both the minimum and maximum have been
490 adjusted. Otherwise leave it at what it was before. */
491 knownrange = minadjusted;
492 }
493 }
494
495 if (warn_level > 1 && type)
496 {
497 /* For large non-constant width or precision whose range spans
498 the maximum number of digits produced by the directive for
499 any argument, set the likely number of bytes to be at most
500 the number digits plus other adjustment determined by the
501 caller (one for sign or two for the hexadecimal "0x"
502 prefix). */
503 unsigned dirdigs = type_max_digits (type, base);
504 if (adjust[0] < dirdigs && dirdigs < adjust[1]
505 && range.likely < dirdigs)
506 range.likely = dirdigs + adj;
507 }
508 else if (range.likely < (range.min ? range.min : 1))
509 {
510 /* Conservatively, set LIKELY to at least MIN but no less than
511 1 unless MAX is zero. */
512 range.likely = (range.min
513 ? range.min
514 : range.max && (range.max < HOST_WIDE_INT_MAX
515 || warn_level > 1) ? 1 : 0);
516 }
517
518 /* Finally adjust the unlikely counter to be at least as large as
519 the maximum. */
520 if (range.unlikely < range.max)
521 range.unlikely = range.max;
522
523 return *this;
524 }
525
526 /* Return the maximum number of digits a value of TYPE formats in
527 BASE on output, not counting base prefix . */
528
529 unsigned
530 fmtresult::type_max_digits (tree type, int base)
531 {
532 unsigned prec = TYPE_PRECISION (type);
533 switch (base)
534 {
535 case 8:
536 return (prec + 2) / 3;
537 case 10:
538 /* Decimal approximation: yields 3, 5, 10, and 20 for precision
539 of 8, 16, 32, and 64 bits. */
540 return prec * 301 / 1000 + 1;
541 case 16:
542 return prec / 4;
543 }
544
545 gcc_unreachable ();
546 }
547
548 static bool
549 get_int_range (tree, HOST_WIDE_INT *, HOST_WIDE_INT *, bool, HOST_WIDE_INT,
550 const vr_values *);
551
552 struct call_info;
553
554 /* Description of a format directive. A directive is either a plain
555 string or a conversion specification that starts with '%'. */
556
557 struct directive
558 {
559 directive (const call_info *inf, unsigned dno)
560 : info (inf), dirno (dno), argno (), beg (), len (), flags (),
561 width (), prec (), modifier (), specifier (), arg (), fmtfunc ()
562 { }
563
564 /* Reference to the info structure describing the call that this
565 directive is a part of. */
566 const call_info *info;
567
568 /* The 1-based directive number (for debugging). */
569 unsigned dirno;
570
571 /* The zero-based argument number of the directive's argument ARG in
572 the function's argument list. */
573 unsigned argno;
574
575 /* The first character of the directive and its length. */
576 const char *beg;
577 size_t len;
578
579 /* A bitmap of flags, one for each character. */
580 unsigned flags[256 / sizeof (int)];
581
582 /* The range of values of the specified width, or -1 if not specified. */
583 HOST_WIDE_INT width[2];
584 /* The range of values of the specified precision, or -1 if not
585 specified. */
586 HOST_WIDE_INT prec[2];
587
588 /* Length modifier. */
589 format_lengths modifier;
590
591 /* Format specifier character. */
592 char specifier;
593
594 /* The argument of the directive or null when the directive doesn't
595 take one or when none is available (such as for vararg functions). */
596 tree arg;
597
598 /* Format conversion function that given a directive and an argument
599 returns the formatting result. */
600 fmtresult (*fmtfunc) (const directive &, tree, const vr_values *);
601
602 /* Return True when a the format flag CHR has been used. */
603 bool get_flag (char chr) const
604 {
605 unsigned char c = chr & 0xff;
606 return (flags[c / (CHAR_BIT * sizeof *flags)]
607 & (1U << (c % (CHAR_BIT * sizeof *flags))));
608 }
609
610 /* Make a record of the format flag CHR having been used. */
611 void set_flag (char chr)
612 {
613 unsigned char c = chr & 0xff;
614 flags[c / (CHAR_BIT * sizeof *flags)]
615 |= (1U << (c % (CHAR_BIT * sizeof *flags)));
616 }
617
618 /* Reset the format flag CHR. */
619 void clear_flag (char chr)
620 {
621 unsigned char c = chr & 0xff;
622 flags[c / (CHAR_BIT * sizeof *flags)]
623 &= ~(1U << (c % (CHAR_BIT * sizeof *flags)));
624 }
625
626 /* Set both bounds of the width range to VAL. */
627 void set_width (HOST_WIDE_INT val)
628 {
629 width[0] = width[1] = val;
630 }
631
632 /* Set the width range according to ARG, with both bounds being
633 no less than 0. For a constant ARG set both bounds to its value
634 or 0, whichever is greater. For a non-constant ARG in some range
635 set width to its range adjusting each bound to -1 if it's less.
636 For an indeterminate ARG set width to [0, INT_MAX]. */
637 void set_width (tree arg, const vr_values *vr)
638 {
639 get_int_range (arg, width, width + 1, true, 0, vr);
640 }
641
642 /* Set both bounds of the precision range to VAL. */
643 void set_precision (HOST_WIDE_INT val)
644 {
645 prec[0] = prec[1] = val;
646 }
647
648 /* Set the precision range according to ARG, with both bounds being
649 no less than -1. For a constant ARG set both bounds to its value
650 or -1 whichever is greater. For a non-constant ARG in some range
651 set precision to its range adjusting each bound to -1 if it's less.
652 For an indeterminate ARG set precision to [-1, INT_MAX]. */
653 void set_precision (tree arg, const vr_values *vr)
654 {
655 get_int_range (arg, prec, prec + 1, false, -1, vr);
656 }
657
658 /* Return true if both width and precision are known to be
659 either constant or in some range, false otherwise. */
660 bool known_width_and_precision () const
661 {
662 return ((width[1] < 0
663 || (unsigned HOST_WIDE_INT)width[1] <= target_int_max ())
664 && (prec[1] < 0
665 || (unsigned HOST_WIDE_INT)prec[1] < target_int_max ()));
666 }
667 };
668
669 /* The result of a call to a formatted function. */
670
671 struct format_result
672 {
673 format_result ()
674 : range (), aliases (), alias_count (), knownrange (), posunder4k (),
675 floating (), warned () { /* No-op. */ }
676
677 ~format_result ()
678 {
679 XDELETEVEC (aliases);
680 }
681
682 /* Range of characters written by the formatted function.
683 Setting the minimum to HOST_WIDE_INT_MAX disables all
684 length tracking for the remainder of the format string. */
685 result_range range;
686
687 struct alias_info
688 {
689 directive dir; /* The directive that aliases the destination. */
690 HOST_WIDE_INT offset; /* The offset at which it aliases it. */
691 result_range range; /* The raw result of the directive. */
692 };
693
694 /* An array of directives whose pointer argument aliases a part
695 of the destination object of the formatted function. */
696 alias_info *aliases;
697 unsigned alias_count;
698
699 /* True when the range above is obtained from known values of
700 directive arguments, or bounds on the amount of output such
701 as width and precision, and not the result of heuristics that
702 depend on warning levels. It's used to issue stricter diagnostics
703 in cases where strings of unknown lengths are bounded by the arrays
704 they are determined to refer to. KNOWNRANGE must not be used for
705 the return value optimization. */
706 bool knownrange;
707
708 /* True if no individual directive could fail or result in more than
709 4095 bytes of output (the total NUMBER_CHARS_{MIN,MAX} might be
710 greater). Implementations are not required to handle directives
711 that produce more than 4K bytes (leading to undefined behavior)
712 and so when one is found it disables the return value optimization.
713 Similarly, directives that can fail (such as wide character
714 directives) disable the optimization. */
715 bool posunder4k;
716
717 /* True when a floating point directive has been seen in the format
718 string. */
719 bool floating;
720
721 /* True when an intermediate result has caused a warning. Used to
722 avoid issuing duplicate warnings while finishing the processing
723 of a call. WARNED also disables the return value optimization. */
724 bool warned;
725
726 /* Preincrement the number of output characters by 1. */
727 format_result& operator++ ()
728 {
729 return *this += 1;
730 }
731
732 /* Postincrement the number of output characters by 1. */
733 format_result operator++ (int)
734 {
735 format_result prev (*this);
736 *this += 1;
737 return prev;
738 }
739
740 /* Increment the number of output characters by N. */
741 format_result& operator+= (unsigned HOST_WIDE_INT);
742
743 /* Add a directive to the sequence of those with potentially aliasing
744 arguments. */
745 void append_alias (const directive &, HOST_WIDE_INT, const result_range &);
746
747 private:
748 /* Not copyable or assignable. */
749 format_result (format_result&);
750 void operator= (format_result&);
751 };
752
753 format_result&
754 format_result::operator+= (unsigned HOST_WIDE_INT n)
755 {
756 gcc_assert (n < HOST_WIDE_INT_MAX);
757
758 if (range.min < HOST_WIDE_INT_MAX)
759 range.min += n;
760
761 if (range.max < HOST_WIDE_INT_MAX)
762 range.max += n;
763
764 if (range.likely < HOST_WIDE_INT_MAX)
765 range.likely += n;
766
767 if (range.unlikely < HOST_WIDE_INT_MAX)
768 range.unlikely += n;
769
770 return *this;
771 }
772
773 void
774 format_result::append_alias (const directive &d, HOST_WIDE_INT off,
775 const result_range &resrng)
776 {
777 unsigned cnt = alias_count + 1;
778 alias_info *ar = XNEWVEC (alias_info, cnt);
779
780 for (unsigned i = 0; i != alias_count; ++i)
781 ar[i] = aliases[i];
782
783 ar[alias_count].dir = d;
784 ar[alias_count].offset = off;
785 ar[alias_count].range = resrng;
786
787 XDELETEVEC (aliases);
788
789 alias_count = cnt;
790 aliases = ar;
791 }
792
793 /* Return the logarithm of X in BASE. */
794
795 static int
796 ilog (unsigned HOST_WIDE_INT x, int base)
797 {
798 int res = 0;
799 do
800 {
801 ++res;
802 x /= base;
803 } while (x);
804 return res;
805 }
806
807 /* Return the number of bytes resulting from converting into a string
808 the INTEGER_CST tree node X in BASE with a minimum of PREC digits.
809 PLUS indicates whether 1 for a plus sign should be added for positive
810 numbers, and PREFIX whether the length of an octal ('O') or hexadecimal
811 ('0x') prefix should be added for nonzero numbers. Return -1 if X cannot
812 be represented. */
813
814 static HOST_WIDE_INT
815 tree_digits (tree x, int base, HOST_WIDE_INT prec, bool plus, bool prefix)
816 {
817 unsigned HOST_WIDE_INT absval;
818
819 HOST_WIDE_INT res;
820
821 if (TYPE_UNSIGNED (TREE_TYPE (x)))
822 {
823 if (tree_fits_uhwi_p (x))
824 {
825 absval = tree_to_uhwi (x);
826 res = plus;
827 }
828 else
829 return -1;
830 }
831 else
832 {
833 if (tree_fits_shwi_p (x))
834 {
835 HOST_WIDE_INT i = tree_to_shwi (x);
836 if (HOST_WIDE_INT_MIN == i)
837 {
838 /* Avoid undefined behavior due to negating a minimum. */
839 absval = HOST_WIDE_INT_MAX;
840 res = 1;
841 }
842 else if (i < 0)
843 {
844 absval = -i;
845 res = 1;
846 }
847 else
848 {
849 absval = i;
850 res = plus;
851 }
852 }
853 else
854 return -1;
855 }
856
857 int ndigs = ilog (absval, base);
858
859 res += prec < ndigs ? ndigs : prec;
860
861 /* Adjust a non-zero value for the base prefix, either hexadecimal,
862 or, unless precision has resulted in a leading zero, also octal. */
863 if (prefix && absval && (base == 16 || prec <= ndigs))
864 {
865 if (base == 8)
866 res += 1;
867 else if (base == 16)
868 res += 2;
869 }
870
871 return res;
872 }
873
874 /* Description of a call to a formatted function. */
875
876 struct call_info
877 {
878 /* Function call statement. */
879 gimple *callstmt;
880
881 /* Function called. */
882 tree func;
883
884 /* Called built-in function code. */
885 built_in_function fncode;
886
887 /* The "origin" of the destination pointer argument, which is either
888 the DECL of the destination buffer being written into or a pointer
889 that points to it, plus some offset. */
890 tree dst_origin;
891
892 /* For a destination pointing to a struct array member, the offset of
893 the member. */
894 HOST_WIDE_INT dst_field;
895
896 /* The offset into the destination buffer. */
897 HOST_WIDE_INT dst_offset;
898
899 /* Format argument and format string extracted from it. */
900 tree format;
901 const char *fmtstr;
902
903 /* The location of the format argument. */
904 location_t fmtloc;
905
906 /* The destination object size for __builtin___xxx_chk functions
907 typically determined by __builtin_object_size, or -1 if unknown. */
908 unsigned HOST_WIDE_INT objsize;
909
910 /* Number of the first variable argument. */
911 unsigned HOST_WIDE_INT argidx;
912
913 /* True for functions like snprintf that specify the size of
914 the destination, false for others like sprintf that don't. */
915 bool bounded;
916
917 /* True for bounded functions like snprintf that specify a zero-size
918 buffer as a request to compute the size of output without actually
919 writing any. NOWRITE is cleared in response to the %n directive
920 which has side-effects similar to writing output. */
921 bool nowrite;
922
923 /* Return true if the called function's return value is used. */
924 bool retval_used () const
925 {
926 return gimple_get_lhs (callstmt);
927 }
928
929 /* Return the warning option corresponding to the called function. */
930 int warnopt () const
931 {
932 return bounded ? OPT_Wformat_truncation_ : OPT_Wformat_overflow_;
933 }
934
935 /* Return true for calls to file formatted functions. */
936 bool is_file_func () const
937 {
938 return (fncode == BUILT_IN_FPRINTF
939 || fncode == BUILT_IN_FPRINTF_CHK
940 || fncode == BUILT_IN_FPRINTF_UNLOCKED
941 || fncode == BUILT_IN_VFPRINTF
942 || fncode == BUILT_IN_VFPRINTF_CHK);
943 }
944
945 /* Return true for calls to string formatted functions. */
946 bool is_string_func () const
947 {
948 return (fncode == BUILT_IN_SPRINTF
949 || fncode == BUILT_IN_SPRINTF_CHK
950 || fncode == BUILT_IN_SNPRINTF
951 || fncode == BUILT_IN_SNPRINTF_CHK
952 || fncode == BUILT_IN_VSPRINTF
953 || fncode == BUILT_IN_VSPRINTF_CHK
954 || fncode == BUILT_IN_VSNPRINTF
955 || fncode == BUILT_IN_VSNPRINTF_CHK);
956 }
957 };
958
959 /* Return the result of formatting a no-op directive (such as '%n'). */
960
961 static fmtresult
962 format_none (const directive &, tree, const vr_values *)
963 {
964 fmtresult res (0);
965 return res;
966 }
967
968 /* Return the result of formatting the '%%' directive. */
969
970 static fmtresult
971 format_percent (const directive &, tree, const vr_values *)
972 {
973 fmtresult res (1);
974 return res;
975 }
976
977
978 /* Compute intmax_type_node and uintmax_type_node similarly to how
979 tree.c builds size_type_node. */
980
981 static void
982 build_intmax_type_nodes (tree *pintmax, tree *puintmax)
983 {
984 if (strcmp (UINTMAX_TYPE, "unsigned int") == 0)
985 {
986 *pintmax = integer_type_node;
987 *puintmax = unsigned_type_node;
988 }
989 else if (strcmp (UINTMAX_TYPE, "long unsigned int") == 0)
990 {
991 *pintmax = long_integer_type_node;
992 *puintmax = long_unsigned_type_node;
993 }
994 else if (strcmp (UINTMAX_TYPE, "long long unsigned int") == 0)
995 {
996 *pintmax = long_long_integer_type_node;
997 *puintmax = long_long_unsigned_type_node;
998 }
999 else
1000 {
1001 for (int i = 0; i < NUM_INT_N_ENTS; i++)
1002 if (int_n_enabled_p[i])
1003 {
1004 char name[50], altname[50];
1005 sprintf (name, "__int%d unsigned", int_n_data[i].bitsize);
1006 sprintf (altname, "__int%d__ unsigned", int_n_data[i].bitsize);
1007
1008 if (strcmp (name, UINTMAX_TYPE) == 0
1009 || strcmp (altname, UINTMAX_TYPE) == 0)
1010 {
1011 *pintmax = int_n_trees[i].signed_type;
1012 *puintmax = int_n_trees[i].unsigned_type;
1013 return;
1014 }
1015 }
1016 gcc_unreachable ();
1017 }
1018 }
1019
1020 /* Determine the range [*PMIN, *PMAX] that the expression ARG is
1021 in and that is representable in type int.
1022 Return true when the range is a subrange of that of int.
1023 When ARG is null it is as if it had the full range of int.
1024 When ABSOLUTE is true the range reflects the absolute value of
1025 the argument. When ABSOLUTE is false, negative bounds of
1026 the determined range are replaced with NEGBOUND. */
1027
1028 static bool
1029 get_int_range (tree arg, HOST_WIDE_INT *pmin, HOST_WIDE_INT *pmax,
1030 bool absolute, HOST_WIDE_INT negbound,
1031 const class vr_values *vr_values)
1032 {
1033 /* The type of the result. */
1034 const_tree type = integer_type_node;
1035
1036 bool knownrange = false;
1037
1038 if (!arg)
1039 {
1040 *pmin = tree_to_shwi (TYPE_MIN_VALUE (type));
1041 *pmax = tree_to_shwi (TYPE_MAX_VALUE (type));
1042 }
1043 else if (TREE_CODE (arg) == INTEGER_CST
1044 && TYPE_PRECISION (TREE_TYPE (arg)) <= TYPE_PRECISION (type))
1045 {
1046 /* For a constant argument return its value adjusted as specified
1047 by NEGATIVE and NEGBOUND and return true to indicate that the
1048 result is known. */
1049 *pmin = tree_fits_shwi_p (arg) ? tree_to_shwi (arg) : tree_to_uhwi (arg);
1050 *pmax = *pmin;
1051 knownrange = true;
1052 }
1053 else
1054 {
1055 /* True if the argument's range cannot be determined. */
1056 bool unknown = true;
1057
1058 tree argtype = TREE_TYPE (arg);
1059
1060 /* Ignore invalid arguments with greater precision that that
1061 of the expected type (e.g., in sprintf("%*i", 12LL, i)).
1062 They will have been detected and diagnosed by -Wformat and
1063 so it's not important to complicate this code to try to deal
1064 with them again. */
1065 if (TREE_CODE (arg) == SSA_NAME
1066 && INTEGRAL_TYPE_P (argtype)
1067 && TYPE_PRECISION (argtype) <= TYPE_PRECISION (type))
1068 {
1069 /* Try to determine the range of values of the integer argument. */
1070 const value_range_equiv *vr
1071 = CONST_CAST (class vr_values *, vr_values)->get_value_range (arg);
1072
1073 if (range_int_cst_p (vr))
1074 {
1075 HOST_WIDE_INT type_min
1076 = (TYPE_UNSIGNED (argtype)
1077 ? tree_to_uhwi (TYPE_MIN_VALUE (argtype))
1078 : tree_to_shwi (TYPE_MIN_VALUE (argtype)));
1079
1080 HOST_WIDE_INT type_max = tree_to_uhwi (TYPE_MAX_VALUE (argtype));
1081
1082 *pmin = TREE_INT_CST_LOW (vr->min ());
1083 *pmax = TREE_INT_CST_LOW (vr->max ());
1084
1085 if (*pmin < *pmax)
1086 {
1087 /* Return true if the adjusted range is a subrange of
1088 the full range of the argument's type. *PMAX may
1089 be less than *PMIN when the argument is unsigned
1090 and its upper bound is in excess of TYPE_MAX. In
1091 that (invalid) case disregard the range and use that
1092 of the expected type instead. */
1093 knownrange = type_min < *pmin || *pmax < type_max;
1094
1095 unknown = false;
1096 }
1097 }
1098 }
1099
1100 /* Handle an argument with an unknown range as if none had been
1101 provided. */
1102 if (unknown)
1103 return get_int_range (NULL_TREE, pmin, pmax, absolute,
1104 negbound, vr_values);
1105 }
1106
1107 /* Adjust each bound as specified by ABSOLUTE and NEGBOUND. */
1108 if (absolute)
1109 {
1110 if (*pmin < 0)
1111 {
1112 if (*pmin == *pmax)
1113 *pmin = *pmax = -*pmin;
1114 else
1115 {
1116 /* Make sure signed overlow is avoided. */
1117 gcc_assert (*pmin != HOST_WIDE_INT_MIN);
1118
1119 HOST_WIDE_INT tmp = -*pmin;
1120 *pmin = 0;
1121 if (*pmax < tmp)
1122 *pmax = tmp;
1123 }
1124 }
1125 }
1126 else if (*pmin < negbound)
1127 *pmin = negbound;
1128
1129 return knownrange;
1130 }
1131
1132 /* With the range [*ARGMIN, *ARGMAX] of an integer directive's actual
1133 argument, due to the conversion from either *ARGMIN or *ARGMAX to
1134 the type of the directive's formal argument it's possible for both
1135 to result in the same number of bytes or a range of bytes that's
1136 less than the number of bytes that would result from formatting
1137 some other value in the range [*ARGMIN, *ARGMAX]. This can be
1138 determined by checking for the actual argument being in the range
1139 of the type of the directive. If it isn't it must be assumed to
1140 take on the full range of the directive's type.
1141 Return true when the range has been adjusted to the full range
1142 of DIRTYPE, and false otherwise. */
1143
1144 static bool
1145 adjust_range_for_overflow (tree dirtype, tree *argmin, tree *argmax)
1146 {
1147 tree argtype = TREE_TYPE (*argmin);
1148 unsigned argprec = TYPE_PRECISION (argtype);
1149 unsigned dirprec = TYPE_PRECISION (dirtype);
1150
1151 /* If the actual argument and the directive's argument have the same
1152 precision and sign there can be no overflow and so there is nothing
1153 to adjust. */
1154 if (argprec == dirprec && TYPE_SIGN (argtype) == TYPE_SIGN (dirtype))
1155 return false;
1156
1157 /* The logic below was inspired/lifted from the CONVERT_EXPR_CODE_P
1158 branch in the extract_range_from_unary_expr function in tree-vrp.c. */
1159
1160 if (TREE_CODE (*argmin) == INTEGER_CST
1161 && TREE_CODE (*argmax) == INTEGER_CST
1162 && (dirprec >= argprec
1163 || integer_zerop (int_const_binop (RSHIFT_EXPR,
1164 int_const_binop (MINUS_EXPR,
1165 *argmax,
1166 *argmin),
1167 size_int (dirprec)))))
1168 {
1169 *argmin = force_fit_type (dirtype, wi::to_widest (*argmin), 0, false);
1170 *argmax = force_fit_type (dirtype, wi::to_widest (*argmax), 0, false);
1171
1172 /* If *ARGMIN is still less than *ARGMAX the conversion above
1173 is safe. Otherwise, it has overflowed and would be unsafe. */
1174 if (tree_int_cst_le (*argmin, *argmax))
1175 return false;
1176 }
1177
1178 *argmin = TYPE_MIN_VALUE (dirtype);
1179 *argmax = TYPE_MAX_VALUE (dirtype);
1180 return true;
1181 }
1182
1183 /* Return a range representing the minimum and maximum number of bytes
1184 that the format directive DIR will output for any argument given
1185 the WIDTH and PRECISION (extracted from DIR). This function is
1186 used when the directive argument or its value isn't known. */
1187
1188 static fmtresult
1189 format_integer (const directive &dir, tree arg, const vr_values *vr_values)
1190 {
1191 tree intmax_type_node;
1192 tree uintmax_type_node;
1193
1194 /* Base to format the number in. */
1195 int base;
1196
1197 /* True when a conversion is preceded by a prefix indicating the base
1198 of the argument (octal or hexadecimal). */
1199 bool maybebase = dir.get_flag ('#');
1200
1201 /* True when a signed conversion is preceded by a sign or space. */
1202 bool maybesign = false;
1203
1204 /* True for signed conversions (i.e., 'd' and 'i'). */
1205 bool sign = false;
1206
1207 switch (dir.specifier)
1208 {
1209 case 'd':
1210 case 'i':
1211 /* Space and '+' are only meaningful for signed conversions. */
1212 maybesign = dir.get_flag (' ') | dir.get_flag ('+');
1213 sign = true;
1214 base = 10;
1215 break;
1216 case 'u':
1217 base = 10;
1218 break;
1219 case 'o':
1220 base = 8;
1221 break;
1222 case 'X':
1223 case 'x':
1224 base = 16;
1225 break;
1226 default:
1227 gcc_unreachable ();
1228 }
1229
1230 /* The type of the "formal" argument expected by the directive. */
1231 tree dirtype = NULL_TREE;
1232
1233 /* Determine the expected type of the argument from the length
1234 modifier. */
1235 switch (dir.modifier)
1236 {
1237 case FMT_LEN_none:
1238 if (dir.specifier == 'p')
1239 dirtype = ptr_type_node;
1240 else
1241 dirtype = sign ? integer_type_node : unsigned_type_node;
1242 break;
1243
1244 case FMT_LEN_h:
1245 dirtype = sign ? short_integer_type_node : short_unsigned_type_node;
1246 break;
1247
1248 case FMT_LEN_hh:
1249 dirtype = sign ? signed_char_type_node : unsigned_char_type_node;
1250 break;
1251
1252 case FMT_LEN_l:
1253 dirtype = sign ? long_integer_type_node : long_unsigned_type_node;
1254 break;
1255
1256 case FMT_LEN_L:
1257 case FMT_LEN_ll:
1258 dirtype = (sign
1259 ? long_long_integer_type_node
1260 : long_long_unsigned_type_node);
1261 break;
1262
1263 case FMT_LEN_z:
1264 dirtype = signed_or_unsigned_type_for (!sign, size_type_node);
1265 break;
1266
1267 case FMT_LEN_t:
1268 dirtype = signed_or_unsigned_type_for (!sign, ptrdiff_type_node);
1269 break;
1270
1271 case FMT_LEN_j:
1272 build_intmax_type_nodes (&intmax_type_node, &uintmax_type_node);
1273 dirtype = sign ? intmax_type_node : uintmax_type_node;
1274 break;
1275
1276 default:
1277 return fmtresult ();
1278 }
1279
1280 /* The type of the argument to the directive, either deduced from
1281 the actual non-constant argument if one is known, or from
1282 the directive itself when none has been provided because it's
1283 a va_list. */
1284 tree argtype = NULL_TREE;
1285
1286 if (!arg)
1287 {
1288 /* When the argument has not been provided, use the type of
1289 the directive's argument as an approximation. This will
1290 result in false positives for directives like %i with
1291 arguments with smaller precision (such as short or char). */
1292 argtype = dirtype;
1293 }
1294 else if (TREE_CODE (arg) == INTEGER_CST)
1295 {
1296 /* When a constant argument has been provided use its value
1297 rather than type to determine the length of the output. */
1298 fmtresult res;
1299
1300 if ((dir.prec[0] <= 0 && dir.prec[1] >= 0) && integer_zerop (arg))
1301 {
1302 /* As a special case, a precision of zero with a zero argument
1303 results in zero bytes except in base 8 when the '#' flag is
1304 specified, and for signed conversions in base 8 and 10 when
1305 either the space or '+' flag has been specified and it results
1306 in just one byte (with width having the normal effect). This
1307 must extend to the case of a specified precision with
1308 an unknown value because it can be zero. */
1309 res.range.min = ((base == 8 && dir.get_flag ('#')) || maybesign);
1310 if (res.range.min == 0 && dir.prec[0] != dir.prec[1])
1311 {
1312 res.range.max = 1;
1313 res.range.likely = 1;
1314 }
1315 else
1316 {
1317 res.range.max = res.range.min;
1318 res.range.likely = res.range.min;
1319 }
1320 }
1321 else
1322 {
1323 /* Convert the argument to the type of the directive. */
1324 arg = fold_convert (dirtype, arg);
1325
1326 res.range.min = tree_digits (arg, base, dir.prec[0],
1327 maybesign, maybebase);
1328 if (dir.prec[0] == dir.prec[1])
1329 res.range.max = res.range.min;
1330 else
1331 res.range.max = tree_digits (arg, base, dir.prec[1],
1332 maybesign, maybebase);
1333 res.range.likely = res.range.min;
1334 res.knownrange = true;
1335 }
1336
1337 res.range.unlikely = res.range.max;
1338
1339 /* Bump up the counters if WIDTH is greater than LEN. */
1340 res.adjust_for_width_or_precision (dir.width, dirtype, base,
1341 (sign | maybebase) + (base == 16));
1342 /* Bump up the counters again if PRECision is greater still. */
1343 res.adjust_for_width_or_precision (dir.prec, dirtype, base,
1344 (sign | maybebase) + (base == 16));
1345
1346 return res;
1347 }
1348 else if (INTEGRAL_TYPE_P (TREE_TYPE (arg))
1349 || TREE_CODE (TREE_TYPE (arg)) == POINTER_TYPE)
1350 /* Determine the type of the provided non-constant argument. */
1351 argtype = TREE_TYPE (arg);
1352 else
1353 /* Don't bother with invalid arguments since they likely would
1354 have already been diagnosed, and disable any further checking
1355 of the format string by returning [-1, -1]. */
1356 return fmtresult ();
1357
1358 fmtresult res;
1359
1360 /* Using either the range the non-constant argument is in, or its
1361 type (either "formal" or actual), create a range of values that
1362 constrain the length of output given the warning level. */
1363 tree argmin = NULL_TREE;
1364 tree argmax = NULL_TREE;
1365
1366 if (arg
1367 && TREE_CODE (arg) == SSA_NAME
1368 && INTEGRAL_TYPE_P (argtype))
1369 {
1370 /* Try to determine the range of values of the integer argument
1371 (range information is not available for pointers). */
1372 const value_range_equiv *vr
1373 = CONST_CAST (class vr_values *, vr_values)->get_value_range (arg);
1374
1375 if (range_int_cst_p (vr))
1376 {
1377 argmin = vr->min ();
1378 argmax = vr->max ();
1379
1380 /* Set KNOWNRANGE if the argument is in a known subrange
1381 of the directive's type and neither width nor precision
1382 is unknown. (KNOWNRANGE may be reset below). */
1383 res.knownrange
1384 = ((!tree_int_cst_equal (TYPE_MIN_VALUE (dirtype), argmin)
1385 || !tree_int_cst_equal (TYPE_MAX_VALUE (dirtype), argmax))
1386 && dir.known_width_and_precision ());
1387
1388 res.argmin = argmin;
1389 res.argmax = argmax;
1390 }
1391 else if (vr->kind () == VR_ANTI_RANGE)
1392 {
1393 /* Handle anti-ranges if/when bug 71690 is resolved. */
1394 }
1395 else if (vr->varying_p () || vr->undefined_p ())
1396 {
1397 /* The argument here may be the result of promoting the actual
1398 argument to int. Try to determine the type of the actual
1399 argument before promotion and narrow down its range that
1400 way. */
1401 gimple *def = SSA_NAME_DEF_STMT (arg);
1402 if (is_gimple_assign (def))
1403 {
1404 tree_code code = gimple_assign_rhs_code (def);
1405 if (code == INTEGER_CST)
1406 {
1407 arg = gimple_assign_rhs1 (def);
1408 return format_integer (dir, arg, vr_values);
1409 }
1410
1411 if (code == NOP_EXPR)
1412 {
1413 tree type = TREE_TYPE (gimple_assign_rhs1 (def));
1414 if (INTEGRAL_TYPE_P (type)
1415 || TREE_CODE (type) == POINTER_TYPE)
1416 argtype = type;
1417 }
1418 }
1419 }
1420 }
1421
1422 if (!argmin)
1423 {
1424 if (TREE_CODE (argtype) == POINTER_TYPE)
1425 {
1426 argmin = build_int_cst (pointer_sized_int_node, 0);
1427 argmax = build_all_ones_cst (pointer_sized_int_node);
1428 }
1429 else
1430 {
1431 argmin = TYPE_MIN_VALUE (argtype);
1432 argmax = TYPE_MAX_VALUE (argtype);
1433 }
1434 }
1435
1436 /* Clear KNOWNRANGE if the range has been adjusted to the maximum
1437 of the directive. If it has been cleared then since ARGMIN and/or
1438 ARGMAX have been adjusted also adjust the corresponding ARGMIN and
1439 ARGMAX in the result to include in diagnostics. */
1440 if (adjust_range_for_overflow (dirtype, &argmin, &argmax))
1441 {
1442 res.knownrange = false;
1443 res.argmin = argmin;
1444 res.argmax = argmax;
1445 }
1446
1447 /* Recursively compute the minimum and maximum from the known range. */
1448 if (TYPE_UNSIGNED (dirtype) || tree_int_cst_sgn (argmin) >= 0)
1449 {
1450 /* For unsigned conversions/directives or signed when
1451 the minimum is positive, use the minimum and maximum to compute
1452 the shortest and longest output, respectively. */
1453 res.range.min = format_integer (dir, argmin, vr_values).range.min;
1454 res.range.max = format_integer (dir, argmax, vr_values).range.max;
1455 }
1456 else if (tree_int_cst_sgn (argmax) < 0)
1457 {
1458 /* For signed conversions/directives if maximum is negative,
1459 use the minimum as the longest output and maximum as the
1460 shortest output. */
1461 res.range.min = format_integer (dir, argmax, vr_values).range.min;
1462 res.range.max = format_integer (dir, argmin, vr_values).range.max;
1463 }
1464 else
1465 {
1466 /* Otherwise, 0 is inside of the range and minimum negative. Use 0
1467 as the shortest output and for the longest output compute the
1468 length of the output of both minimum and maximum and pick the
1469 longer. */
1470 unsigned HOST_WIDE_INT max1
1471 = format_integer (dir, argmin, vr_values).range.max;
1472 unsigned HOST_WIDE_INT max2
1473 = format_integer (dir, argmax, vr_values).range.max;
1474 res.range.min
1475 = format_integer (dir, integer_zero_node, vr_values).range.min;
1476 res.range.max = MAX (max1, max2);
1477 }
1478
1479 /* If the range is known, use the maximum as the likely length. */
1480 if (res.knownrange)
1481 res.range.likely = res.range.max;
1482 else
1483 {
1484 /* Otherwise, use the minimum. Except for the case where for %#x or
1485 %#o the minimum is just for a single value in the range (0) and
1486 for all other values it is something longer, like 0x1 or 01.
1487 Use the length for value 1 in that case instead as the likely
1488 length. */
1489 res.range.likely = res.range.min;
1490 if (maybebase
1491 && base != 10
1492 && (tree_int_cst_sgn (argmin) < 0 || tree_int_cst_sgn (argmax) > 0))
1493 {
1494 if (res.range.min == 1)
1495 res.range.likely += base == 8 ? 1 : 2;
1496 else if (res.range.min == 2
1497 && base == 16
1498 && (dir.width[0] == 2 || dir.prec[0] == 2))
1499 ++res.range.likely;
1500 }
1501 }
1502
1503 res.range.unlikely = res.range.max;
1504 res.adjust_for_width_or_precision (dir.width, dirtype, base,
1505 (sign | maybebase) + (base == 16));
1506 res.adjust_for_width_or_precision (dir.prec, dirtype, base,
1507 (sign | maybebase) + (base == 16));
1508
1509 return res;
1510 }
1511
1512 /* Return the number of bytes that a format directive consisting of FLAGS,
1513 PRECision, format SPECification, and MPFR rounding specifier RNDSPEC,
1514 would result for argument X under ideal conditions (i.e., if PREC
1515 weren't excessive). MPFR 3.1 allocates large amounts of memory for
1516 values of PREC with large magnitude and can fail (see MPFR bug #21056).
1517 This function works around those problems. */
1518
1519 static unsigned HOST_WIDE_INT
1520 get_mpfr_format_length (mpfr_ptr x, const char *flags, HOST_WIDE_INT prec,
1521 char spec, char rndspec)
1522 {
1523 char fmtstr[40];
1524
1525 HOST_WIDE_INT len = strlen (flags);
1526
1527 fmtstr[0] = '%';
1528 memcpy (fmtstr + 1, flags, len);
1529 memcpy (fmtstr + 1 + len, ".*R", 3);
1530 fmtstr[len + 4] = rndspec;
1531 fmtstr[len + 5] = spec;
1532 fmtstr[len + 6] = '\0';
1533
1534 spec = TOUPPER (spec);
1535 if (spec == 'E' || spec == 'F')
1536 {
1537 /* For %e, specify the precision explicitly since mpfr_sprintf
1538 does its own thing just to be different (see MPFR bug 21088). */
1539 if (prec < 0)
1540 prec = 6;
1541 }
1542 else
1543 {
1544 /* Avoid passing negative precisions with larger magnitude to MPFR
1545 to avoid exposing its bugs. (A negative precision is supposed
1546 to be ignored.) */
1547 if (prec < 0)
1548 prec = -1;
1549 }
1550
1551 HOST_WIDE_INT p = prec;
1552
1553 if (spec == 'G' && !strchr (flags, '#'))
1554 {
1555 /* For G/g without the pound flag, precision gives the maximum number
1556 of significant digits which is bounded by LDBL_MAX_10_EXP, or, for
1557 a 128 bit IEEE extended precision, 4932. Using twice as much here
1558 should be more than sufficient for any real format. */
1559 if ((IEEE_MAX_10_EXP * 2) < prec)
1560 prec = IEEE_MAX_10_EXP * 2;
1561 p = prec;
1562 }
1563 else
1564 {
1565 /* Cap precision arbitrarily at 1KB and add the difference
1566 (if any) to the MPFR result. */
1567 if (prec > 1024)
1568 p = 1024;
1569 }
1570
1571 len = mpfr_snprintf (NULL, 0, fmtstr, (int)p, x);
1572
1573 /* Handle the unlikely (impossible?) error by returning more than
1574 the maximum dictated by the function's return type. */
1575 if (len < 0)
1576 return target_dir_max () + 1;
1577
1578 /* Adjust the return value by the difference. */
1579 if (p < prec)
1580 len += prec - p;
1581
1582 return len;
1583 }
1584
1585 /* Return the number of bytes to format using the format specifier
1586 SPEC and the precision PREC the largest value in the real floating
1587 TYPE. */
1588
1589 static unsigned HOST_WIDE_INT
1590 format_floating_max (tree type, char spec, HOST_WIDE_INT prec)
1591 {
1592 machine_mode mode = TYPE_MODE (type);
1593
1594 /* IBM Extended mode. */
1595 if (MODE_COMPOSITE_P (mode))
1596 mode = DFmode;
1597
1598 /* Get the real type format desription for the target. */
1599 const real_format *rfmt = REAL_MODE_FORMAT (mode);
1600 REAL_VALUE_TYPE rv;
1601
1602 real_maxval (&rv, 0, mode);
1603
1604 /* Convert the GCC real value representation with the precision
1605 of the real type to the mpfr_t format with the GCC default
1606 round-to-nearest mode. */
1607 mpfr_t x;
1608 mpfr_init2 (x, rfmt->p);
1609 mpfr_from_real (x, &rv, MPFR_RNDN);
1610
1611 /* Return a value one greater to account for the leading minus sign. */
1612 unsigned HOST_WIDE_INT r
1613 = 1 + get_mpfr_format_length (x, "", prec, spec, 'D');
1614 mpfr_clear (x);
1615 return r;
1616 }
1617
1618 /* Return a range representing the minimum and maximum number of bytes
1619 that the directive DIR will output for any argument. PREC gives
1620 the adjusted precision range to account for negative precisions
1621 meaning the default 6. This function is used when the directive
1622 argument or its value isn't known. */
1623
1624 static fmtresult
1625 format_floating (const directive &dir, const HOST_WIDE_INT prec[2])
1626 {
1627 tree type;
1628
1629 switch (dir.modifier)
1630 {
1631 case FMT_LEN_l:
1632 case FMT_LEN_none:
1633 type = double_type_node;
1634 break;
1635
1636 case FMT_LEN_L:
1637 type = long_double_type_node;
1638 break;
1639
1640 case FMT_LEN_ll:
1641 type = long_double_type_node;
1642 break;
1643
1644 default:
1645 return fmtresult ();
1646 }
1647
1648 /* The minimum and maximum number of bytes produced by the directive. */
1649 fmtresult res;
1650
1651 /* The minimum output as determined by flags. It's always at least 1.
1652 When plus or space are set the output is preceded by either a sign
1653 or a space. */
1654 unsigned flagmin = (1 /* for the first digit */
1655 + (dir.get_flag ('+') | dir.get_flag (' ')));
1656
1657 /* The minimum is 3 for "inf" and "nan" for all specifiers, plus 1
1658 for the plus sign/space with the '+' and ' ' flags, respectively,
1659 unless reduced below. */
1660 res.range.min = 2 + flagmin;
1661
1662 /* When the pound flag is set the decimal point is included in output
1663 regardless of precision. Whether or not a decimal point is included
1664 otherwise depends on the specification and precision. */
1665 bool radix = dir.get_flag ('#');
1666
1667 switch (dir.specifier)
1668 {
1669 case 'A':
1670 case 'a':
1671 {
1672 HOST_WIDE_INT minprec = 6 + !radix /* decimal point */;
1673 if (dir.prec[0] <= 0)
1674 minprec = 0;
1675 else if (dir.prec[0] > 0)
1676 minprec = dir.prec[0] + !radix /* decimal point */;
1677
1678 res.range.likely = (2 /* 0x */
1679 + flagmin
1680 + radix
1681 + minprec
1682 + 3 /* p+0 */);
1683
1684 res.range.max = format_floating_max (type, 'a', prec[1]);
1685
1686 /* The unlikely maximum accounts for the longest multibyte
1687 decimal point character. */
1688 res.range.unlikely = res.range.max;
1689 if (dir.prec[1] > 0)
1690 res.range.unlikely += target_mb_len_max () - 1;
1691
1692 break;
1693 }
1694
1695 case 'E':
1696 case 'e':
1697 {
1698 /* Minimum output attributable to precision and, when it's
1699 non-zero, decimal point. */
1700 HOST_WIDE_INT minprec = prec[0] ? prec[0] + !radix : 0;
1701
1702 /* The likely minimum output is "[-+]1.234567e+00" regardless
1703 of the value of the actual argument. */
1704 res.range.likely = (flagmin
1705 + radix
1706 + minprec
1707 + 2 /* e+ */ + 2);
1708
1709 res.range.max = format_floating_max (type, 'e', prec[1]);
1710
1711 /* The unlikely maximum accounts for the longest multibyte
1712 decimal point character. */
1713 if (dir.prec[0] != dir.prec[1]
1714 || dir.prec[0] == -1 || dir.prec[0] > 0)
1715 res.range.unlikely = res.range.max + target_mb_len_max () -1;
1716 else
1717 res.range.unlikely = res.range.max;
1718 break;
1719 }
1720
1721 case 'F':
1722 case 'f':
1723 {
1724 /* Minimum output attributable to precision and, when it's non-zero,
1725 decimal point. */
1726 HOST_WIDE_INT minprec = prec[0] ? prec[0] + !radix : 0;
1727
1728 /* For finite numbers (i.e., not infinity or NaN) the lower bound
1729 when precision isn't specified is 8 bytes ("1.23456" since
1730 precision is taken to be 6). When precision is zero, the lower
1731 bound is 1 byte (e.g., "1"). Otherwise, when precision is greater
1732 than zero, then the lower bound is 2 plus precision (plus flags).
1733 But in all cases, the lower bound is no greater than 3. */
1734 unsigned HOST_WIDE_INT min = flagmin + radix + minprec;
1735 if (min < res.range.min)
1736 res.range.min = min;
1737
1738 /* Compute the upper bound for -TYPE_MAX. */
1739 res.range.max = format_floating_max (type, 'f', prec[1]);
1740
1741 /* The minimum output with unknown precision is a single byte
1742 (e.g., "0") but the more likely output is 3 bytes ("0.0"). */
1743 if (dir.prec[0] < 0 && dir.prec[1] > 0)
1744 res.range.likely = 3;
1745 else
1746 res.range.likely = min;
1747
1748 /* The unlikely maximum accounts for the longest multibyte
1749 decimal point character. */
1750 if (dir.prec[0] != dir.prec[1]
1751 || dir.prec[0] == -1 || dir.prec[0] > 0)
1752 res.range.unlikely = res.range.max + target_mb_len_max () - 1;
1753 break;
1754 }
1755
1756 case 'G':
1757 case 'g':
1758 {
1759 /* The %g output depends on precision and the exponent of
1760 the argument. Since the value of the argument isn't known
1761 the lower bound on the range of bytes (not counting flags
1762 or width) is 1 plus radix (i.e., either "0" or "0." for
1763 "%g" and "%#g", respectively, with a zero argument). */
1764 unsigned HOST_WIDE_INT min = flagmin + radix;
1765 if (min < res.range.min)
1766 res.range.min = min;
1767
1768 char spec = 'g';
1769 HOST_WIDE_INT maxprec = dir.prec[1];
1770 if (radix && maxprec)
1771 {
1772 /* When the pound flag (radix) is set, trailing zeros aren't
1773 trimmed and so the longest output is the same as for %e,
1774 except with precision minus 1 (as specified in C11). */
1775 spec = 'e';
1776 if (maxprec > 0)
1777 --maxprec;
1778 else if (maxprec < 0)
1779 maxprec = 5;
1780 }
1781 else
1782 maxprec = prec[1];
1783
1784 res.range.max = format_floating_max (type, spec, maxprec);
1785
1786 /* The likely output is either the maximum computed above
1787 minus 1 (assuming the maximum is positive) when precision
1788 is known (or unspecified), or the same minimum as for %e
1789 (which is computed for a non-negative argument). Unlike
1790 for the other specifiers above the likely output isn't
1791 the minimum because for %g that's 1 which is unlikely. */
1792 if (dir.prec[1] < 0
1793 || (unsigned HOST_WIDE_INT)dir.prec[1] < target_int_max ())
1794 res.range.likely = res.range.max - 1;
1795 else
1796 {
1797 HOST_WIDE_INT minprec = 6 + !radix /* decimal point */;
1798 res.range.likely = (flagmin
1799 + radix
1800 + minprec
1801 + 2 /* e+ */ + 2);
1802 }
1803
1804 /* The unlikely maximum accounts for the longest multibyte
1805 decimal point character. */
1806 res.range.unlikely = res.range.max + target_mb_len_max () - 1;
1807 break;
1808 }
1809
1810 default:
1811 return fmtresult ();
1812 }
1813
1814 /* Bump up the byte counters if WIDTH is greater. */
1815 res.adjust_for_width_or_precision (dir.width);
1816 return res;
1817 }
1818
1819 /* Return a range representing the minimum and maximum number of bytes
1820 that the directive DIR will write on output for the floating argument
1821 ARG. */
1822
1823 static fmtresult
1824 format_floating (const directive &dir, tree arg, const vr_values *)
1825 {
1826 HOST_WIDE_INT prec[] = { dir.prec[0], dir.prec[1] };
1827 tree type = (dir.modifier == FMT_LEN_L || dir.modifier == FMT_LEN_ll
1828 ? long_double_type_node : double_type_node);
1829
1830 /* For an indeterminate precision the lower bound must be assumed
1831 to be zero. */
1832 if (TOUPPER (dir.specifier) == 'A')
1833 {
1834 /* Get the number of fractional decimal digits needed to represent
1835 the argument without a loss of accuracy. */
1836 unsigned fmtprec
1837 = REAL_MODE_FORMAT (TYPE_MODE (type))->p;
1838
1839 /* The precision of the IEEE 754 double format is 53.
1840 The precision of all other GCC binary double formats
1841 is 56 or less. */
1842 unsigned maxprec = fmtprec <= 56 ? 13 : 15;
1843
1844 /* For %a, leave the minimum precision unspecified to let
1845 MFPR trim trailing zeros (as it and many other systems
1846 including Glibc happen to do) and set the maximum
1847 precision to reflect what it would be with trailing zeros
1848 present (as Solaris and derived systems do). */
1849 if (dir.prec[1] < 0)
1850 {
1851 /* Both bounds are negative implies that precision has
1852 not been specified. */
1853 prec[0] = maxprec;
1854 prec[1] = -1;
1855 }
1856 else if (dir.prec[0] < 0)
1857 {
1858 /* With a negative lower bound and a non-negative upper
1859 bound set the minimum precision to zero and the maximum
1860 to the greater of the maximum precision (i.e., with
1861 trailing zeros present) and the specified upper bound. */
1862 prec[0] = 0;
1863 prec[1] = dir.prec[1] < maxprec ? maxprec : dir.prec[1];
1864 }
1865 }
1866 else if (dir.prec[0] < 0)
1867 {
1868 if (dir.prec[1] < 0)
1869 {
1870 /* A precision in a strictly negative range is ignored and
1871 the default of 6 is used instead. */
1872 prec[0] = prec[1] = 6;
1873 }
1874 else
1875 {
1876 /* For a precision in a partly negative range, the lower bound
1877 must be assumed to be zero and the new upper bound is the
1878 greater of 6 (the default precision used when the specified
1879 precision is negative) and the upper bound of the specified
1880 range. */
1881 prec[0] = 0;
1882 prec[1] = dir.prec[1] < 6 ? 6 : dir.prec[1];
1883 }
1884 }
1885
1886 if (!arg
1887 || TREE_CODE (arg) != REAL_CST
1888 || !useless_type_conversion_p (type, TREE_TYPE (arg)))
1889 return format_floating (dir, prec);
1890
1891 /* The minimum and maximum number of bytes produced by the directive. */
1892 fmtresult res;
1893
1894 /* Get the real type format desription for the target. */
1895 const REAL_VALUE_TYPE *rvp = TREE_REAL_CST_PTR (arg);
1896 const real_format *rfmt = REAL_MODE_FORMAT (TYPE_MODE (TREE_TYPE (arg)));
1897
1898 if (!real_isfinite (rvp))
1899 {
1900 /* The format for Infinity and NaN is "[-]inf"/"[-]infinity"
1901 and "[-]nan" with the choice being implementation-defined
1902 but not locale dependent. */
1903 bool sign = dir.get_flag ('+') || real_isneg (rvp);
1904 res.range.min = 3 + sign;
1905
1906 res.range.likely = res.range.min;
1907 res.range.max = res.range.min;
1908 /* The unlikely maximum is "[-/+]infinity" or "[-/+][qs]nan".
1909 For NaN, the C/POSIX standards specify two formats:
1910 "[-/+]nan"
1911 and
1912 "[-/+]nan(n-char-sequence)"
1913 No known printf implementation outputs the latter format but AIX
1914 outputs QNaN and SNaN for quiet and signalling NaN, respectively,
1915 so the unlikely maximum reflects that. */
1916 res.range.unlikely = sign + (real_isinf (rvp) ? 8 : 4);
1917
1918 /* The range for infinity and NaN is known unless either width
1919 or precision is unknown. Width has the same effect regardless
1920 of whether the argument is finite. Precision is either ignored
1921 (e.g., Glibc) or can have an effect on the short vs long format
1922 such as inf/infinity (e.g., Solaris). */
1923 res.knownrange = dir.known_width_and_precision ();
1924
1925 /* Adjust the range for width but ignore precision. */
1926 res.adjust_for_width_or_precision (dir.width);
1927
1928 return res;
1929 }
1930
1931 char fmtstr [40];
1932 char *pfmt = fmtstr;
1933
1934 /* Append flags. */
1935 for (const char *pf = "-+ #0"; *pf; ++pf)
1936 if (dir.get_flag (*pf))
1937 *pfmt++ = *pf;
1938
1939 *pfmt = '\0';
1940
1941 {
1942 /* Set up an array to easily iterate over. */
1943 unsigned HOST_WIDE_INT* const minmax[] = {
1944 &res.range.min, &res.range.max
1945 };
1946
1947 for (int i = 0; i != sizeof minmax / sizeof *minmax; ++i)
1948 {
1949 /* Convert the GCC real value representation with the precision
1950 of the real type to the mpfr_t format rounding down in the
1951 first iteration that computes the minimm and up in the second
1952 that computes the maximum. This order is arbibtrary because
1953 rounding in either direction can result in longer output. */
1954 mpfr_t mpfrval;
1955 mpfr_init2 (mpfrval, rfmt->p);
1956 mpfr_from_real (mpfrval, rvp, i ? MPFR_RNDU : MPFR_RNDD);
1957
1958 /* Use the MPFR rounding specifier to round down in the first
1959 iteration and then up. In most but not all cases this will
1960 result in the same number of bytes. */
1961 char rndspec = "DU"[i];
1962
1963 /* Format it and store the result in the corresponding member
1964 of the result struct. */
1965 *minmax[i] = get_mpfr_format_length (mpfrval, fmtstr, prec[i],
1966 dir.specifier, rndspec);
1967 mpfr_clear (mpfrval);
1968 }
1969 }
1970
1971 /* Make sure the minimum is less than the maximum (MPFR rounding
1972 in the call to mpfr_snprintf can result in the reverse. */
1973 if (res.range.max < res.range.min)
1974 {
1975 unsigned HOST_WIDE_INT tmp = res.range.min;
1976 res.range.min = res.range.max;
1977 res.range.max = tmp;
1978 }
1979
1980 /* The range is known unless either width or precision is unknown. */
1981 res.knownrange = dir.known_width_and_precision ();
1982
1983 /* For the same floating point constant, unless width or precision
1984 is unknown, use the longer output as the likely maximum since
1985 with round to nearest either is equally likely. Otheriwse, when
1986 precision is unknown, use the greater of the minimum and 3 as
1987 the likely output (for "0.0" since zero precision is unlikely). */
1988 if (res.knownrange)
1989 res.range.likely = res.range.max;
1990 else if (res.range.min < 3
1991 && dir.prec[0] < 0
1992 && (unsigned HOST_WIDE_INT)dir.prec[1] == target_int_max ())
1993 res.range.likely = 3;
1994 else
1995 res.range.likely = res.range.min;
1996
1997 res.range.unlikely = res.range.max;
1998
1999 if (res.range.max > 2 && (prec[0] != 0 || prec[1] != 0))
2000 {
2001 /* Unless the precision is zero output longer than 2 bytes may
2002 include the decimal point which must be a single character
2003 up to MB_LEN_MAX in length. This is overly conservative
2004 since in some conversions some constants result in no decimal
2005 point (e.g., in %g). */
2006 res.range.unlikely += target_mb_len_max () - 1;
2007 }
2008
2009 res.adjust_for_width_or_precision (dir.width);
2010 return res;
2011 }
2012
2013 /* Return a FMTRESULT struct set to the lengths of the shortest and longest
2014 strings referenced by the expression STR, or (-1, -1) when not known.
2015 Used by the format_string function below. */
2016
2017 static fmtresult
2018 get_string_length (tree str, unsigned eltsize, const vr_values *vr)
2019 {
2020 if (!str)
2021 return fmtresult ();
2022
2023 /* Try to determine the dynamic string length first.
2024 Set MAXBOUND to an arbitrary non-null non-integer node as a request
2025 to have it set to the length of the longest string in a PHI. */
2026 c_strlen_data lendata = { };
2027 lendata.maxbound = str;
2028 if (eltsize == 1)
2029 get_range_strlen_dynamic (str, &lendata, vr);
2030 else
2031 {
2032 /* Determine the length of the shortest and longest string referenced
2033 by STR. Strings of unknown lengths are bounded by the sizes of
2034 arrays that subexpressions of STR may refer to. Pointers that
2035 aren't known to point any such arrays result in LENDATA.MAXLEN
2036 set to SIZE_MAX. */
2037 get_range_strlen (str, &lendata, eltsize);
2038 }
2039
2040 /* If LENDATA.MAXBOUND is not equal to .MINLEN it corresponds to the bound
2041 of the largest array STR refers to, if known, or it's set to SIZE_MAX
2042 otherwise. */
2043
2044 /* Return the default result when nothing is known about the string. */
2045 if ((lendata.maxbound && !tree_fits_uhwi_p (lendata.maxbound))
2046 || !tree_fits_uhwi_p (lendata.maxlen))
2047 {
2048 fmtresult res;
2049 res.nonstr = lendata.decl;
2050 return res;
2051 }
2052
2053 unsigned HOST_WIDE_INT lenmax = tree_to_uhwi (max_object_size ()) - 2;
2054 if (integer_zerop (lendata.minlen)
2055 && (!lendata.maxbound || lenmax <= tree_to_uhwi (lendata.maxbound))
2056 && lenmax <= tree_to_uhwi (lendata.maxlen))
2057 {
2058 fmtresult res;
2059 res.nonstr = lendata.decl;
2060 return res;
2061 }
2062
2063 HOST_WIDE_INT min
2064 = (tree_fits_uhwi_p (lendata.minlen)
2065 ? tree_to_uhwi (lendata.minlen)
2066 : 0);
2067
2068 HOST_WIDE_INT max
2069 = (lendata.maxbound && tree_fits_uhwi_p (lendata.maxbound)
2070 ? tree_to_uhwi (lendata.maxbound)
2071 : HOST_WIDE_INT_M1U);
2072
2073 const bool unbounded = integer_all_onesp (lendata.maxlen);
2074
2075 /* Set the max/likely counters to unbounded when a minimum is known
2076 but the maximum length isn't bounded. This implies that STR is
2077 a conditional expression involving a string of known length and
2078 and an expression of unknown/unbounded length. */
2079 if (min
2080 && (unsigned HOST_WIDE_INT)min < HOST_WIDE_INT_M1U
2081 && unbounded)
2082 max = HOST_WIDE_INT_M1U;
2083
2084 /* get_range_strlen() returns the target value of SIZE_MAX for
2085 strings of unknown length. Bump it up to HOST_WIDE_INT_M1U
2086 which may be bigger. */
2087 if ((unsigned HOST_WIDE_INT)min == target_size_max ())
2088 min = HOST_WIDE_INT_M1U;
2089 if ((unsigned HOST_WIDE_INT)max == target_size_max ())
2090 max = HOST_WIDE_INT_M1U;
2091
2092 fmtresult res (min, max);
2093 res.nonstr = lendata.decl;
2094
2095 /* Set RES.KNOWNRANGE to true if and only if all strings referenced
2096 by STR are known to be bounded (though not necessarily by their
2097 actual length but perhaps by their maximum possible length). */
2098 if (res.range.max < target_int_max ())
2099 {
2100 res.knownrange = true;
2101 /* When the the length of the longest string is known and not
2102 excessive use it as the likely length of the string(s). */
2103 res.range.likely = res.range.max;
2104 }
2105 else
2106 {
2107 /* When the upper bound is unknown (it can be zero or excessive)
2108 set the likely length to the greater of 1. If MAXBOUND is
2109 known, also reset the length of the lower bound to zero. */
2110 res.range.likely = res.range.min ? res.range.min : warn_level > 1;
2111 if (lendata.maxbound && !integer_all_onesp (lendata.maxbound))
2112 res.range.min = 0;
2113 }
2114
2115 res.range.unlikely = unbounded ? HOST_WIDE_INT_MAX : res.range.max;
2116
2117 return res;
2118 }
2119
2120 /* Return the minimum and maximum number of characters formatted
2121 by the '%c' format directives and its wide character form for
2122 the argument ARG. ARG can be null (for functions such as
2123 vsprinf). */
2124
2125 static fmtresult
2126 format_character (const directive &dir, tree arg, const vr_values *vr_values)
2127 {
2128 fmtresult res;
2129
2130 res.knownrange = true;
2131
2132 if (dir.specifier == 'C'
2133 || dir.modifier == FMT_LEN_l)
2134 {
2135 /* A wide character can result in as few as zero bytes. */
2136 res.range.min = 0;
2137
2138 HOST_WIDE_INT min, max;
2139 if (get_int_range (arg, &min, &max, false, 0, vr_values))
2140 {
2141 if (min == 0 && max == 0)
2142 {
2143 /* The NUL wide character results in no bytes. */
2144 res.range.max = 0;
2145 res.range.likely = 0;
2146 res.range.unlikely = 0;
2147 }
2148 else if (min >= 0 && min < 128)
2149 {
2150 /* Be conservative if the target execution character set
2151 is not a 1-to-1 mapping to the source character set or
2152 if the source set is not ASCII. */
2153 bool one_2_one_ascii
2154 = (target_to_host_charmap[0] == 1 && target_to_host ('a') == 97);
2155
2156 /* A wide character in the ASCII range most likely results
2157 in a single byte, and only unlikely in up to MB_LEN_MAX. */
2158 res.range.max = one_2_one_ascii ? 1 : target_mb_len_max ();;
2159 res.range.likely = 1;
2160 res.range.unlikely = target_mb_len_max ();
2161 res.mayfail = !one_2_one_ascii;
2162 }
2163 else
2164 {
2165 /* A wide character outside the ASCII range likely results
2166 in up to two bytes, and only unlikely in up to MB_LEN_MAX. */
2167 res.range.max = target_mb_len_max ();
2168 res.range.likely = 2;
2169 res.range.unlikely = res.range.max;
2170 /* Converting such a character may fail. */
2171 res.mayfail = true;
2172 }
2173 }
2174 else
2175 {
2176 /* An unknown wide character is treated the same as a wide
2177 character outside the ASCII range. */
2178 res.range.max = target_mb_len_max ();
2179 res.range.likely = 2;
2180 res.range.unlikely = res.range.max;
2181 res.mayfail = true;
2182 }
2183 }
2184 else
2185 {
2186 /* A plain '%c' directive. Its ouput is exactly 1. */
2187 res.range.min = res.range.max = 1;
2188 res.range.likely = res.range.unlikely = 1;
2189 res.knownrange = true;
2190 }
2191
2192 /* Bump up the byte counters if WIDTH is greater. */
2193 return res.adjust_for_width_or_precision (dir.width);
2194 }
2195
2196 /* Determine the offset *INDEX of the first byte of an array element of
2197 TYPE (possibly recursively) into which the byte offset OFF points.
2198 On success set *INDEX to the offset of the first byte and return type.
2199 Otherwise, if no such element can be found, return null. */
2200
2201 static tree
2202 array_elt_at_offset (tree type, HOST_WIDE_INT off, HOST_WIDE_INT *index)
2203 {
2204 gcc_assert (TREE_CODE (type) == ARRAY_TYPE);
2205
2206 tree eltype = type;
2207 while (TREE_CODE (TREE_TYPE (eltype)) == ARRAY_TYPE)
2208 eltype = TREE_TYPE (eltype);
2209
2210 if (TYPE_MODE (TREE_TYPE (eltype)) != TYPE_MODE (char_type_node))
2211 eltype = TREE_TYPE (eltype);
2212
2213 if (eltype == type)
2214 {
2215 *index = 0;
2216 return type;
2217 }
2218
2219 HOST_WIDE_INT typsz = int_size_in_bytes (type);
2220 HOST_WIDE_INT eltsz = int_size_in_bytes (eltype);
2221 if (off < typsz * eltsz)
2222 {
2223 *index = (off / eltsz) * eltsz;
2224 return TREE_CODE (eltype) == ARRAY_TYPE ? TREE_TYPE (eltype) : eltype;
2225 }
2226
2227 return NULL_TREE;
2228 }
2229
2230 /* Determine the offset *INDEX of the first byte of a struct member of TYPE
2231 (possibly recursively) into which the byte offset OFF points. On success
2232 set *INDEX to the offset of the first byte and return true. Otherwise,
2233 if no such member can be found, return false. */
2234
2235 static bool
2236 field_at_offset (tree type, HOST_WIDE_INT off, HOST_WIDE_INT *index)
2237 {
2238 gcc_assert (RECORD_OR_UNION_TYPE_P (type));
2239
2240 for (tree fld = TYPE_FIELDS (type); fld; fld = TREE_CHAIN (fld))
2241 {
2242 if (TREE_CODE (fld) != FIELD_DECL || DECL_ARTIFICIAL (fld))
2243 continue;
2244
2245 tree fldtype = TREE_TYPE (fld);
2246 HOST_WIDE_INT fldoff = int_byte_position (fld);
2247
2248 /* If the size is not available the field is a flexible array
2249 member. Treat this case as success. */
2250 tree typesize = TYPE_SIZE_UNIT (fldtype);
2251 HOST_WIDE_INT fldsize = (tree_fits_uhwi_p (typesize)
2252 ? tree_to_uhwi (typesize)
2253 : off);
2254
2255 if (fldoff + fldsize < off)
2256 continue;
2257
2258 if (TREE_CODE (fldtype) == ARRAY_TYPE)
2259 {
2260 HOST_WIDE_INT idx = 0;
2261 if (tree ft = array_elt_at_offset (fldtype, off, &idx))
2262 fldtype = ft;
2263 else
2264 break;
2265
2266 *index += idx;
2267 fldoff -= idx;
2268 off -= idx;
2269 }
2270
2271 if (RECORD_OR_UNION_TYPE_P (fldtype))
2272 {
2273 *index += fldoff;
2274 return field_at_offset (fldtype, off - fldoff, index);
2275 }
2276
2277 *index += fldoff;
2278 return true;
2279 }
2280
2281 return false;
2282 }
2283
2284 /* For an expression X of pointer type, recursively try to find the same
2285 origin (object or pointer) as Y it references and return such an X.
2286 When X refers to a struct member, set *FLDOFF to the offset of the
2287 member from the beginning of the "most derived" object. */
2288
2289 static tree
2290 get_origin_and_offset (tree x, HOST_WIDE_INT *fldoff, HOST_WIDE_INT *off)
2291 {
2292 if (!x)
2293 return NULL_TREE;
2294
2295 switch (TREE_CODE (x))
2296 {
2297 case ADDR_EXPR:
2298 x = TREE_OPERAND (x, 0);
2299 return get_origin_and_offset (x, fldoff, off);
2300
2301 case ARRAY_REF:
2302 {
2303 tree offset = TREE_OPERAND (x, 1);
2304 HOST_WIDE_INT idx = (tree_fits_uhwi_p (offset)
2305 ? tree_to_uhwi (offset) : HOST_WIDE_INT_MAX);
2306
2307 tree eltype = TREE_TYPE (x);
2308 if (TREE_CODE (eltype) == INTEGER_TYPE)
2309 {
2310 if (off)
2311 *off = idx;
2312 }
2313 else if (idx < HOST_WIDE_INT_MAX)
2314 *fldoff += idx * int_size_in_bytes (eltype);
2315 else
2316 *fldoff = idx;
2317
2318 x = TREE_OPERAND (x, 0);
2319 return get_origin_and_offset (x, fldoff, NULL);
2320 }
2321
2322 case MEM_REF:
2323 if (off)
2324 {
2325 tree offset = TREE_OPERAND (x, 1);
2326 *off = (tree_fits_uhwi_p (offset)
2327 ? tree_to_uhwi (offset) : HOST_WIDE_INT_MAX);
2328 }
2329
2330 x = TREE_OPERAND (x, 0);
2331
2332 if (off)
2333 {
2334 tree xtype = TREE_TYPE (TREE_TYPE (x));
2335
2336 /* The byte offset of the most basic struct member the byte
2337 offset *OFF corresponds to, or for a (multidimensional)
2338 array member, the byte offset of the array element. */
2339 HOST_WIDE_INT index = 0;
2340
2341 if ((RECORD_OR_UNION_TYPE_P (xtype)
2342 && field_at_offset (xtype, *off, &index))
2343 || (TREE_CODE (xtype) == ARRAY_TYPE
2344 && TREE_CODE (TREE_TYPE (xtype)) == ARRAY_TYPE
2345 && array_elt_at_offset (xtype, *off, &index)))
2346 {
2347 *fldoff += index;
2348 *off -= index;
2349 }
2350 }
2351
2352 return get_origin_and_offset (x, fldoff, NULL);
2353
2354 case COMPONENT_REF:
2355 {
2356 tree fld = TREE_OPERAND (x, 1);
2357 *fldoff += int_byte_position (fld);
2358
2359 get_origin_and_offset (fld, fldoff, off);
2360 x = TREE_OPERAND (x, 0);
2361 return get_origin_and_offset (x, fldoff, off);
2362 }
2363
2364 case SSA_NAME:
2365 {
2366 gimple *def = SSA_NAME_DEF_STMT (x);
2367 if (is_gimple_assign (def))
2368 {
2369 tree_code code = gimple_assign_rhs_code (def);
2370 if (code == ADDR_EXPR)
2371 {
2372 x = gimple_assign_rhs1 (def);
2373 return get_origin_and_offset (x, fldoff, off);
2374 }
2375
2376 if (code == POINTER_PLUS_EXPR)
2377 {
2378 tree offset = gimple_assign_rhs2 (def);
2379 if (off)
2380 *off = (tree_fits_uhwi_p (offset)
2381 ? tree_to_uhwi (offset) : HOST_WIDE_INT_MAX);
2382
2383 x = gimple_assign_rhs1 (def);
2384 return get_origin_and_offset (x, fldoff, NULL);
2385 }
2386 else if (code == VAR_DECL)
2387 {
2388 x = gimple_assign_rhs1 (def);
2389 return get_origin_and_offset (x, fldoff, off);
2390 }
2391 }
2392 else if (gimple_nop_p (def) && SSA_NAME_VAR (x))
2393 x = SSA_NAME_VAR (x);
2394 }
2395
2396 default:
2397 break;
2398 }
2399
2400 return x;
2401 }
2402
2403 /* If ARG refers to the same (sub)object or array element as described
2404 by DST and DST_FLD, return the byte offset into the struct member or
2405 array element referenced by ARG. Otherwise return HOST_WIDE_INT_MIN
2406 to indicate that ARG and DST do not refer to the same object. */
2407
2408 static HOST_WIDE_INT
2409 alias_offset (tree arg, tree dst, HOST_WIDE_INT dst_fld)
2410 {
2411 /* See if the argument refers to the same base object as the destination
2412 of the formatted function call, and if so, try to determine if they
2413 can alias. */
2414 if (!arg || !dst || !ptr_derefs_may_alias_p (arg, dst))
2415 return HOST_WIDE_INT_MIN;
2416
2417 /* The two arguments may refer to the same object. If they both refer
2418 to a struct member, see if the members are one and the same. */
2419 HOST_WIDE_INT arg_off = 0, arg_fld = 0;
2420
2421 tree arg_orig = get_origin_and_offset (arg, &arg_fld, &arg_off);
2422
2423 if (arg_orig == dst && arg_fld == dst_fld)
2424 return arg_off;
2425
2426 return HOST_WIDE_INT_MIN;
2427 }
2428
2429 /* Return the minimum and maximum number of characters formatted
2430 by the '%s' format directive and its wide character form for
2431 the argument ARG. ARG can be null (for functions such as
2432 vsprinf). */
2433
2434 static fmtresult
2435 format_string (const directive &dir, tree arg, const vr_values *vr_values)
2436 {
2437 fmtresult res;
2438
2439 if (warn_restrict)
2440 {
2441 /* See if ARG might alias the destination of the call with
2442 DST_ORIGIN and DST_FIELD. If so, store the starting offset
2443 so that the overlap can be determined for certain later,
2444 when the amount of output of the call (including subsequent
2445 directives) has been computed. Otherwise, store HWI_MIN. */
2446 res.dst_offset = alias_offset (arg, dir.info->dst_origin,
2447 dir.info->dst_field);
2448 }
2449
2450 /* Compute the range the argument's length can be in. */
2451 int count_by = 1;
2452 if (dir.specifier == 'S' || dir.modifier == FMT_LEN_l)
2453 {
2454 /* Get a node for a C type that will be the same size
2455 as a wchar_t on the target. */
2456 tree node = get_typenode_from_name (MODIFIED_WCHAR_TYPE);
2457
2458 /* Now that we have a suitable node, get the number of
2459 bytes it occupies. */
2460 count_by = int_size_in_bytes (node);
2461 gcc_checking_assert (count_by == 2 || count_by == 4);
2462 }
2463
2464 fmtresult slen = get_string_length (arg, count_by, vr_values);
2465 if (slen.range.min == slen.range.max
2466 && slen.range.min < HOST_WIDE_INT_MAX)
2467 {
2468 /* The argument is either a string constant or it refers
2469 to one of a number of strings of the same length. */
2470
2471 /* A '%s' directive with a string argument with constant length. */
2472 res.range = slen.range;
2473
2474 if (dir.specifier == 'S'
2475 || dir.modifier == FMT_LEN_l)
2476 {
2477 /* In the worst case the length of output of a wide string S
2478 is bounded by MB_LEN_MAX * wcslen (S). */
2479 res.range.max *= target_mb_len_max ();
2480 res.range.unlikely = res.range.max;
2481 /* It's likely that the the total length is not more that
2482 2 * wcslen (S).*/
2483 res.range.likely = res.range.min * 2;
2484
2485 if (dir.prec[1] >= 0
2486 && (unsigned HOST_WIDE_INT)dir.prec[1] < res.range.max)
2487 {
2488 res.range.max = dir.prec[1];
2489 res.range.likely = dir.prec[1];
2490 res.range.unlikely = dir.prec[1];
2491 }
2492
2493 if (dir.prec[0] < 0 && dir.prec[1] > -1)
2494 res.range.min = 0;
2495 else if (dir.prec[0] >= 0)
2496 res.range.likely = dir.prec[0];
2497
2498 /* Even a non-empty wide character string need not convert into
2499 any bytes. */
2500 res.range.min = 0;
2501
2502 /* A non-empty wide character conversion may fail. */
2503 if (slen.range.max > 0)
2504 res.mayfail = true;
2505 }
2506 else
2507 {
2508 res.knownrange = true;
2509
2510 if (dir.prec[0] < 0 && dir.prec[1] > -1)
2511 res.range.min = 0;
2512 else if ((unsigned HOST_WIDE_INT)dir.prec[0] < res.range.min)
2513 res.range.min = dir.prec[0];
2514
2515 if ((unsigned HOST_WIDE_INT)dir.prec[1] < res.range.max)
2516 {
2517 res.range.max = dir.prec[1];
2518 res.range.likely = dir.prec[1];
2519 res.range.unlikely = dir.prec[1];
2520 }
2521 }
2522 }
2523 else if (arg && integer_zerop (arg))
2524 {
2525 /* Handle null pointer argument. */
2526
2527 fmtresult res (0);
2528 res.nullp = true;
2529 return res;
2530 }
2531 else
2532 {
2533 /* For a '%s' and '%ls' directive with a non-constant string (either
2534 one of a number of strings of known length or an unknown string)
2535 the minimum number of characters is lesser of PRECISION[0] and
2536 the length of the shortest known string or zero, and the maximum
2537 is the lessser of the length of the longest known string or
2538 PTRDIFF_MAX and PRECISION[1]. The likely length is either
2539 the minimum at level 1 and the greater of the minimum and 1
2540 at level 2. This result is adjust upward for width (if it's
2541 specified). */
2542
2543 if (dir.specifier == 'S'
2544 || dir.modifier == FMT_LEN_l)
2545 {
2546 /* A wide character converts to as few as zero bytes. */
2547 slen.range.min = 0;
2548 if (slen.range.max < target_int_max ())
2549 slen.range.max *= target_mb_len_max ();
2550
2551 if (slen.range.likely < target_int_max ())
2552 slen.range.likely *= 2;
2553
2554 if (slen.range.likely < target_int_max ())
2555 slen.range.unlikely *= target_mb_len_max ();
2556
2557 /* A non-empty wide character conversion may fail. */
2558 if (slen.range.max > 0)
2559 res.mayfail = true;
2560 }
2561
2562 res.range = slen.range;
2563
2564 if (dir.prec[0] >= 0)
2565 {
2566 /* Adjust the minimum to zero if the string length is unknown,
2567 or at most the lower bound of the precision otherwise. */
2568 if (slen.range.min >= target_int_max ())
2569 res.range.min = 0;
2570 else if ((unsigned HOST_WIDE_INT)dir.prec[0] < slen.range.min)
2571 res.range.min = dir.prec[0];
2572
2573 /* Make both maxima no greater than the upper bound of precision. */
2574 if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.max
2575 || slen.range.max >= target_int_max ())
2576 {
2577 res.range.max = dir.prec[1];
2578 res.range.unlikely = dir.prec[1];
2579 }
2580
2581 /* If precision is constant, set the likely counter to the lesser
2582 of it and the maximum string length. Otherwise, if the lower
2583 bound of precision is greater than zero, set the likely counter
2584 to the minimum. Otherwise set it to zero or one based on
2585 the warning level. */
2586 if (dir.prec[0] == dir.prec[1])
2587 res.range.likely
2588 = ((unsigned HOST_WIDE_INT)dir.prec[0] < slen.range.max
2589 ? dir.prec[0] : slen.range.max);
2590 else if (dir.prec[0] > 0)
2591 res.range.likely = res.range.min;
2592 else
2593 res.range.likely = warn_level > 1;
2594 }
2595 else if (dir.prec[1] >= 0)
2596 {
2597 res.range.min = 0;
2598 if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.max)
2599 res.range.max = dir.prec[1];
2600 res.range.likely = dir.prec[1] ? warn_level > 1 : 0;
2601 if ((unsigned HOST_WIDE_INT)dir.prec[1] < slen.range.unlikely)
2602 res.range.unlikely = dir.prec[1];
2603 }
2604 else if (slen.range.min >= target_int_max ())
2605 {
2606 res.range.min = 0;
2607 res.range.max = HOST_WIDE_INT_MAX;
2608 /* At level 1 strings of unknown length are assumed to be
2609 empty, while at level 1 they are assumed to be one byte
2610 long. */
2611 res.range.likely = warn_level > 1;
2612 res.range.unlikely = HOST_WIDE_INT_MAX;
2613 }
2614 else
2615 {
2616 /* A string of unknown length unconstrained by precision is
2617 assumed to be empty at level 1 and just one character long
2618 at higher levels. */
2619 if (res.range.likely >= target_int_max ())
2620 res.range.likely = warn_level > 1;
2621 }
2622 }
2623
2624 /* If the argument isn't a nul-terminated string and the number
2625 of bytes on output isn't bounded by precision, set NONSTR. */
2626 if (slen.nonstr && slen.range.min < (unsigned HOST_WIDE_INT)dir.prec[0])
2627 res.nonstr = slen.nonstr;
2628
2629 /* Bump up the byte counters if WIDTH is greater. */
2630 return res.adjust_for_width_or_precision (dir.width);
2631 }
2632
2633 /* Format plain string (part of the format string itself). */
2634
2635 static fmtresult
2636 format_plain (const directive &dir, tree, const vr_values *)
2637 {
2638 fmtresult res (dir.len);
2639 return res;
2640 }
2641
2642 /* Return true if the RESULT of a directive in a call describe by INFO
2643 should be diagnosed given the AVAILable space in the destination. */
2644
2645 static bool
2646 should_warn_p (const call_info &info,
2647 const result_range &avail, const result_range &result)
2648 {
2649 if (result.max <= avail.min)
2650 {
2651 /* The least amount of space remaining in the destination is big
2652 enough for the longest output. */
2653 return false;
2654 }
2655
2656 if (info.bounded)
2657 {
2658 if (warn_format_trunc == 1 && result.min <= avail.max
2659 && info.retval_used ())
2660 {
2661 /* The likely amount of space remaining in the destination is big
2662 enough for the least output and the return value is used. */
2663 return false;
2664 }
2665
2666 if (warn_format_trunc == 1 && result.likely <= avail.likely
2667 && !info.retval_used ())
2668 {
2669 /* The likely amount of space remaining in the destination is big
2670 enough for the likely output and the return value is unused. */
2671 return false;
2672 }
2673
2674 if (warn_format_trunc == 2
2675 && result.likely <= avail.min
2676 && (result.max <= avail.min
2677 || result.max > HOST_WIDE_INT_MAX))
2678 {
2679 /* The minimum amount of space remaining in the destination is big
2680 enough for the longest output. */
2681 return false;
2682 }
2683 }
2684 else
2685 {
2686 if (warn_level == 1 && result.likely <= avail.likely)
2687 {
2688 /* The likely amount of space remaining in the destination is big
2689 enough for the likely output. */
2690 return false;
2691 }
2692
2693 if (warn_level == 2
2694 && result.likely <= avail.min
2695 && (result.max <= avail.min
2696 || result.max > HOST_WIDE_INT_MAX))
2697 {
2698 /* The minimum amount of space remaining in the destination is big
2699 enough for the longest output. */
2700 return false;
2701 }
2702 }
2703
2704 return true;
2705 }
2706
2707 /* At format string location describe by DIRLOC in a call described
2708 by INFO, issue a warning for a directive DIR whose output may be
2709 in excess of the available space AVAIL_RANGE in the destination
2710 given the formatting result FMTRES. This function does nothing
2711 except decide whether to issue a warning for a possible write
2712 past the end or truncation and, if so, format the warning.
2713 Return true if a warning has been issued. */
2714
2715 static bool
2716 maybe_warn (substring_loc &dirloc, location_t argloc,
2717 const call_info &info,
2718 const result_range &avail_range, const result_range &res,
2719 const directive &dir)
2720 {
2721 if (!should_warn_p (info, avail_range, res))
2722 return false;
2723
2724 /* A warning will definitely be issued below. */
2725
2726 /* The maximum byte count to reference in the warning. Larger counts
2727 imply that the upper bound is unknown (and could be anywhere between
2728 RES.MIN + 1 and SIZE_MAX / 2) are printed as "N or more bytes" rather
2729 than "between N and X" where X is some huge number. */
2730 unsigned HOST_WIDE_INT maxbytes = target_dir_max ();
2731
2732 /* True when there is enough room in the destination for the least
2733 amount of a directive's output but not enough for its likely or
2734 maximum output. */
2735 bool maybe = (res.min <= avail_range.max
2736 && (avail_range.min < res.likely
2737 || (res.max < HOST_WIDE_INT_MAX
2738 && avail_range.min < res.max)));
2739
2740 /* Buffer for the directive in the host character set (used when
2741 the source character set is different). */
2742 char hostdir[32];
2743
2744 if (avail_range.min == avail_range.max)
2745 {
2746 /* The size of the destination region is exact. */
2747 unsigned HOST_WIDE_INT navail = avail_range.max;
2748
2749 if (target_to_host (*dir.beg) != '%')
2750 {
2751 /* For plain character directives (i.e., the format string itself)
2752 but not others, point the caret at the first character that's
2753 past the end of the destination. */
2754 if (navail < dir.len)
2755 dirloc.set_caret_index (dirloc.get_caret_idx () + navail);
2756 }
2757
2758 if (*dir.beg == '\0')
2759 {
2760 /* This is the terminating nul. */
2761 gcc_assert (res.min == 1 && res.min == res.max);
2762
2763 return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
2764 info.bounded
2765 ? (maybe
2766 ? G_("%qE output may be truncated before the "
2767 "last format character")
2768 : G_("%qE output truncated before the last "
2769 "format character"))
2770 : (maybe
2771 ? G_("%qE may write a terminating nul past the "
2772 "end of the destination")
2773 : G_("%qE writing a terminating nul past the "
2774 "end of the destination")),
2775 info.func);
2776 }
2777
2778 if (res.min == res.max)
2779 {
2780 const char *d = target_to_host (hostdir, sizeof hostdir, dir.beg);
2781 if (!info.bounded)
2782 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2783 "%<%.*s%> directive writing %wu byte into a "
2784 "region of size %wu",
2785 "%<%.*s%> directive writing %wu bytes into a "
2786 "region of size %wu",
2787 (int) dir.len, d, res.min, navail);
2788 else if (maybe)
2789 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2790 "%<%.*s%> directive output may be truncated "
2791 "writing %wu byte into a region of size %wu",
2792 "%<%.*s%> directive output may be truncated "
2793 "writing %wu bytes into a region of size %wu",
2794 (int) dir.len, d, res.min, navail);
2795 else
2796 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2797 "%<%.*s%> directive output truncated writing "
2798 "%wu byte into a region of size %wu",
2799 "%<%.*s%> directive output truncated writing "
2800 "%wu bytes into a region of size %wu",
2801 (int) dir.len, d, res.min, navail);
2802 }
2803 if (res.min == 0 && res.max < maxbytes)
2804 return fmtwarn (dirloc, argloc, NULL,
2805 info.warnopt (),
2806 info.bounded
2807 ? (maybe
2808 ? G_("%<%.*s%> directive output may be truncated "
2809 "writing up to %wu bytes into a region of "
2810 "size %wu")
2811 : G_("%<%.*s%> directive output truncated writing "
2812 "up to %wu bytes into a region of size %wu"))
2813 : G_("%<%.*s%> directive writing up to %wu bytes "
2814 "into a region of size %wu"), (int) dir.len,
2815 target_to_host (hostdir, sizeof hostdir, dir.beg),
2816 res.max, navail);
2817
2818 if (res.min == 0 && maxbytes <= res.max)
2819 /* This is a special case to avoid issuing the potentially
2820 confusing warning:
2821 writing 0 or more bytes into a region of size 0. */
2822 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2823 info.bounded
2824 ? (maybe
2825 ? G_("%<%.*s%> directive output may be truncated "
2826 "writing likely %wu or more bytes into a "
2827 "region of size %wu")
2828 : G_("%<%.*s%> directive output truncated writing "
2829 "likely %wu or more bytes into a region of "
2830 "size %wu"))
2831 : G_("%<%.*s%> directive writing likely %wu or more "
2832 "bytes into a region of size %wu"), (int) dir.len,
2833 target_to_host (hostdir, sizeof hostdir, dir.beg),
2834 res.likely, navail);
2835
2836 if (res.max < maxbytes)
2837 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2838 info.bounded
2839 ? (maybe
2840 ? G_("%<%.*s%> directive output may be truncated "
2841 "writing between %wu and %wu bytes into a "
2842 "region of size %wu")
2843 : G_("%<%.*s%> directive output truncated "
2844 "writing between %wu and %wu bytes into a "
2845 "region of size %wu"))
2846 : G_("%<%.*s%> directive writing between %wu and "
2847 "%wu bytes into a region of size %wu"),
2848 (int) dir.len,
2849 target_to_host (hostdir, sizeof hostdir, dir.beg),
2850 res.min, res.max, navail);
2851
2852 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2853 info.bounded
2854 ? (maybe
2855 ? G_("%<%.*s%> directive output may be truncated "
2856 "writing %wu or more bytes into a region of "
2857 "size %wu")
2858 : G_("%<%.*s%> directive output truncated writing "
2859 "%wu or more bytes into a region of size %wu"))
2860 : G_("%<%.*s%> directive writing %wu or more bytes "
2861 "into a region of size %wu"), (int) dir.len,
2862 target_to_host (hostdir, sizeof hostdir, dir.beg),
2863 res.min, navail);
2864 }
2865
2866 /* The size of the destination region is a range. */
2867
2868 if (target_to_host (*dir.beg) != '%')
2869 {
2870 unsigned HOST_WIDE_INT navail = avail_range.max;
2871
2872 /* For plain character directives (i.e., the format string itself)
2873 but not others, point the caret at the first character that's
2874 past the end of the destination. */
2875 if (navail < dir.len)
2876 dirloc.set_caret_index (dirloc.get_caret_idx () + navail);
2877 }
2878
2879 if (*dir.beg == '\0')
2880 {
2881 gcc_assert (res.min == 1 && res.min == res.max);
2882
2883 return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
2884 info.bounded
2885 ? (maybe
2886 ? G_("%qE output may be truncated before the last "
2887 "format character")
2888 : G_("%qE output truncated before the last format "
2889 "character"))
2890 : (maybe
2891 ? G_("%qE may write a terminating nul past the end "
2892 "of the destination")
2893 : G_("%qE writing a terminating nul past the end "
2894 "of the destination")), info.func);
2895 }
2896
2897 if (res.min == res.max)
2898 {
2899 const char *d = target_to_host (hostdir, sizeof hostdir, dir.beg);
2900 if (!info.bounded)
2901 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2902 "%<%.*s%> directive writing %wu byte into a region "
2903 "of size between %wu and %wu",
2904 "%<%.*s%> directive writing %wu bytes into a region "
2905 "of size between %wu and %wu", (int) dir.len, d,
2906 res.min, avail_range.min, avail_range.max);
2907 else if (maybe)
2908 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2909 "%<%.*s%> directive output may be truncated writing "
2910 "%wu byte into a region of size between %wu and %wu",
2911 "%<%.*s%> directive output may be truncated writing "
2912 "%wu bytes into a region of size between %wu and "
2913 "%wu", (int) dir.len, d, res.min, avail_range.min,
2914 avail_range.max);
2915 else
2916 return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
2917 "%<%.*s%> directive output truncated writing %wu "
2918 "byte into a region of size between %wu and %wu",
2919 "%<%.*s%> directive output truncated writing %wu "
2920 "bytes into a region of size between %wu and %wu",
2921 (int) dir.len, d, res.min, avail_range.min,
2922 avail_range.max);
2923 }
2924
2925 if (res.min == 0 && res.max < maxbytes)
2926 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2927 info.bounded
2928 ? (maybe
2929 ? G_("%<%.*s%> directive output may be truncated "
2930 "writing up to %wu bytes into a region of size "
2931 "between %wu and %wu")
2932 : G_("%<%.*s%> directive output truncated writing "
2933 "up to %wu bytes into a region of size between "
2934 "%wu and %wu"))
2935 : G_("%<%.*s%> directive writing up to %wu bytes "
2936 "into a region of size between %wu and %wu"),
2937 (int) dir.len,
2938 target_to_host (hostdir, sizeof hostdir, dir.beg),
2939 res.max, avail_range.min, avail_range.max);
2940
2941 if (res.min == 0 && maxbytes <= res.max)
2942 /* This is a special case to avoid issuing the potentially confusing
2943 warning:
2944 writing 0 or more bytes into a region of size between 0 and N. */
2945 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2946 info.bounded
2947 ? (maybe
2948 ? G_("%<%.*s%> directive output may be truncated "
2949 "writing likely %wu or more bytes into a region "
2950 "of size between %wu and %wu")
2951 : G_("%<%.*s%> directive output truncated writing "
2952 "likely %wu or more bytes into a region of size "
2953 "between %wu and %wu"))
2954 : G_("%<%.*s%> directive writing likely %wu or more bytes "
2955 "into a region of size between %wu and %wu"),
2956 (int) dir.len,
2957 target_to_host (hostdir, sizeof hostdir, dir.beg),
2958 res.likely, avail_range.min, avail_range.max);
2959
2960 if (res.max < maxbytes)
2961 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2962 info.bounded
2963 ? (maybe
2964 ? G_("%<%.*s%> directive output may be truncated "
2965 "writing between %wu and %wu bytes into a region "
2966 "of size between %wu and %wu")
2967 : G_("%<%.*s%> directive output truncated writing "
2968 "between %wu and %wu bytes into a region of size "
2969 "between %wu and %wu"))
2970 : G_("%<%.*s%> directive writing between %wu and "
2971 "%wu bytes into a region of size between %wu and "
2972 "%wu"), (int) dir.len,
2973 target_to_host (hostdir, sizeof hostdir, dir.beg),
2974 res.min, res.max, avail_range.min, avail_range.max);
2975
2976 return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
2977 info.bounded
2978 ? (maybe
2979 ? G_("%<%.*s%> directive output may be truncated writing "
2980 "%wu or more bytes into a region of size between "
2981 "%wu and %wu")
2982 : G_("%<%.*s%> directive output truncated writing "
2983 "%wu or more bytes into a region of size between "
2984 "%wu and %wu"))
2985 : G_("%<%.*s%> directive writing %wu or more bytes "
2986 "into a region of size between %wu and %wu"),
2987 (int) dir.len,
2988 target_to_host (hostdir, sizeof hostdir, dir.beg),
2989 res.min, avail_range.min, avail_range.max);
2990 }
2991
2992 /* Given the formatting result described by RES and NAVAIL, the number
2993 of available in the destination, return the range of bytes remaining
2994 in the destination. */
2995
2996 static inline result_range
2997 bytes_remaining (unsigned HOST_WIDE_INT navail, const format_result &res)
2998 {
2999 result_range range;
3000
3001 if (HOST_WIDE_INT_MAX <= navail)
3002 {
3003 range.min = range.max = range.likely = range.unlikely = navail;
3004 return range;
3005 }
3006
3007 /* The lower bound of the available range is the available size
3008 minus the maximum output size, and the upper bound is the size
3009 minus the minimum. */
3010 range.max = res.range.min < navail ? navail - res.range.min : 0;
3011
3012 range.likely = res.range.likely < navail ? navail - res.range.likely : 0;
3013
3014 if (res.range.max < HOST_WIDE_INT_MAX)
3015 range.min = res.range.max < navail ? navail - res.range.max : 0;
3016 else
3017 range.min = range.likely;
3018
3019 range.unlikely = (res.range.unlikely < navail
3020 ? navail - res.range.unlikely : 0);
3021
3022 return range;
3023 }
3024
3025 /* Compute the length of the output resulting from the directive DIR
3026 in a call described by INFO and update the overall result of the call
3027 in *RES. Return true if the directive has been handled. */
3028
3029 static bool
3030 format_directive (const call_info &info,
3031 format_result *res, const directive &dir,
3032 const class vr_values *vr_values)
3033 {
3034 /* Offset of the beginning of the directive from the beginning
3035 of the format string. */
3036 size_t offset = dir.beg - info.fmtstr;
3037 size_t start = offset;
3038 size_t length = offset + dir.len - !!dir.len;
3039
3040 /* Create a location for the whole directive from the % to the format
3041 specifier. */
3042 substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format),
3043 offset, start, length);
3044
3045 /* Also get the location of the argument if possible.
3046 This doesn't work for integer literals or function calls. */
3047 location_t argloc = UNKNOWN_LOCATION;
3048 if (dir.arg)
3049 argloc = EXPR_LOCATION (dir.arg);
3050
3051 /* Bail when there is no function to compute the output length,
3052 or when minimum length checking has been disabled. */
3053 if (!dir.fmtfunc || res->range.min >= HOST_WIDE_INT_MAX)
3054 return false;
3055
3056 /* Compute the range of lengths of the formatted output. */
3057 fmtresult fmtres = dir.fmtfunc (dir, dir.arg, vr_values);
3058
3059 /* Record whether the output of all directives is known to be
3060 bounded by some maximum, implying that their arguments are
3061 either known exactly or determined to be in a known range
3062 or, for strings, limited by the upper bounds of the arrays
3063 they refer to. */
3064 res->knownrange &= fmtres.knownrange;
3065
3066 if (!fmtres.knownrange)
3067 {
3068 /* Only when the range is known, check it against the host value
3069 of INT_MAX + (the number of bytes of the "%.*Lf" directive with
3070 INT_MAX precision, which is the longest possible output of any
3071 single directive). That's the largest valid byte count (though
3072 not valid call to a printf-like function because it can never
3073 return such a count). Otherwise, the range doesn't correspond
3074 to known values of the argument. */
3075 if (fmtres.range.max > target_dir_max ())
3076 {
3077 /* Normalize the MAX counter to avoid having to deal with it
3078 later. The counter can be less than HOST_WIDE_INT_M1U
3079 when compiling for an ILP32 target on an LP64 host. */
3080 fmtres.range.max = HOST_WIDE_INT_M1U;
3081 /* Disable exact and maximum length checking after a failure
3082 to determine the maximum number of characters (for example
3083 for wide characters or wide character strings) but continue
3084 tracking the minimum number of characters. */
3085 res->range.max = HOST_WIDE_INT_M1U;
3086 }
3087
3088 if (fmtres.range.min > target_dir_max ())
3089 {
3090 /* Disable exact length checking after a failure to determine
3091 even the minimum number of characters (it shouldn't happen
3092 except in an error) but keep tracking the minimum and maximum
3093 number of characters. */
3094 return true;
3095 }
3096 }
3097
3098 /* Buffer for the directive in the host character set (used when
3099 the source character set is different). */
3100 char hostdir[32];
3101
3102 int dirlen = dir.len;
3103
3104 if (fmtres.nullp)
3105 {
3106 fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3107 "%G%<%.*s%> directive argument is null",
3108 info.callstmt, dirlen,
3109 target_to_host (hostdir, sizeof hostdir, dir.beg));
3110
3111 /* Don't bother processing the rest of the format string. */
3112 res->warned = true;
3113 res->range.min = HOST_WIDE_INT_M1U;
3114 res->range.max = HOST_WIDE_INT_M1U;
3115 return false;
3116 }
3117
3118 /* Compute the number of available bytes in the destination. There
3119 must always be at least one byte of space for the terminating
3120 NUL that's appended after the format string has been processed. */
3121 result_range avail_range = bytes_remaining (info.objsize, *res);
3122
3123 /* If the argument aliases a part of the destination of the formatted
3124 call at offset FMTRES.DST_OFFSET append the directive and its result
3125 to the set of aliases for later processing. */
3126 if (fmtres.dst_offset != HOST_WIDE_INT_MIN)
3127 res->append_alias (dir, fmtres.dst_offset, fmtres.range);
3128
3129 bool warned = res->warned;
3130
3131 if (!warned)
3132 warned = maybe_warn (dirloc, argloc, info, avail_range,
3133 fmtres.range, dir);
3134
3135 /* Bump up the total maximum if it isn't too big. */
3136 if (res->range.max < HOST_WIDE_INT_MAX
3137 && fmtres.range.max < HOST_WIDE_INT_MAX)
3138 res->range.max += fmtres.range.max;
3139
3140 /* Raise the total unlikely maximum by the larger of the maximum
3141 and the unlikely maximum. */
3142 unsigned HOST_WIDE_INT save = res->range.unlikely;
3143 if (fmtres.range.max < fmtres.range.unlikely)
3144 res->range.unlikely += fmtres.range.unlikely;
3145 else
3146 res->range.unlikely += fmtres.range.max;
3147
3148 if (res->range.unlikely < save)
3149 res->range.unlikely = HOST_WIDE_INT_M1U;
3150
3151 res->range.min += fmtres.range.min;
3152 res->range.likely += fmtres.range.likely;
3153
3154 /* Has the minimum directive output length exceeded the maximum
3155 of 4095 bytes required to be supported? */
3156 bool minunder4k = fmtres.range.min < 4096;
3157 bool maxunder4k = fmtres.range.max < 4096;
3158 /* Clear POSUNDER4K in the overall result if the maximum has exceeded
3159 the 4k (this is necessary to avoid the return value optimization
3160 that may not be safe in the maximum case). */
3161 if (!maxunder4k)
3162 res->posunder4k = false;
3163 /* Also clear POSUNDER4K if the directive may fail. */
3164 if (fmtres.mayfail)
3165 res->posunder4k = false;
3166
3167 if (!warned
3168 /* Only warn at level 2. */
3169 && warn_level > 1
3170 /* Only warn for string functions. */
3171 && info.is_string_func ()
3172 && (!minunder4k
3173 || (!maxunder4k && fmtres.range.max < HOST_WIDE_INT_MAX)))
3174 {
3175 /* The directive output may be longer than the maximum required
3176 to be handled by an implementation according to 7.21.6.1, p15
3177 of C11. Warn on this only at level 2 but remember this and
3178 prevent folding the return value when done. This allows for
3179 the possibility of the actual libc call failing due to ENOMEM
3180 (like Glibc does with very large precision or width).
3181 Issue the "may exceed" warning only for string functions and
3182 not for fprintf or printf. */
3183
3184 if (fmtres.range.min == fmtres.range.max)
3185 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3186 "%<%.*s%> directive output of %wu bytes exceeds "
3187 "minimum required size of 4095", dirlen,
3188 target_to_host (hostdir, sizeof hostdir, dir.beg),
3189 fmtres.range.min);
3190 else if (!minunder4k)
3191 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3192 "%<%.*s%> directive output between %wu and %wu "
3193 "bytes exceeds minimum required size of 4095",
3194 dirlen,
3195 target_to_host (hostdir, sizeof hostdir, dir.beg),
3196 fmtres.range.min, fmtres.range.max);
3197 else if (!info.retval_used () && info.is_string_func ())
3198 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3199 "%<%.*s%> directive output between %wu and %wu "
3200 "bytes may exceed minimum required size of "
3201 "4095",
3202 dirlen,
3203 target_to_host (hostdir, sizeof hostdir, dir.beg),
3204 fmtres.range.min, fmtres.range.max);
3205 }
3206
3207 /* Has the likely and maximum directive output exceeded INT_MAX? */
3208 bool likelyximax = *dir.beg && res->range.likely > target_int_max ();
3209 /* Don't consider the maximum to be in excess when it's the result
3210 of a string of unknown length (i.e., whose maximum has been set
3211 to be greater than or equal to HOST_WIDE_INT_MAX. */
3212 bool maxximax = (*dir.beg
3213 && res->range.max > target_int_max ()
3214 && res->range.max < HOST_WIDE_INT_MAX);
3215
3216 if (!warned
3217 /* Warn for the likely output size at level 1. */
3218 && (likelyximax
3219 /* But only warn for the maximum at level 2. */
3220 || (warn_level > 1
3221 && maxximax
3222 && fmtres.range.max < HOST_WIDE_INT_MAX)))
3223 {
3224 if (fmtres.range.min > target_int_max ())
3225 {
3226 /* The directive output exceeds INT_MAX bytes. */
3227 if (fmtres.range.min == fmtres.range.max)
3228 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3229 "%<%.*s%> directive output of %wu bytes exceeds "
3230 "%<INT_MAX%>", dirlen,
3231 target_to_host (hostdir, sizeof hostdir, dir.beg),
3232 fmtres.range.min);
3233 else
3234 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3235 "%<%.*s%> directive output between %wu and "
3236 "%wu bytes exceeds %<INT_MAX%>", dirlen,
3237 target_to_host (hostdir, sizeof hostdir, dir.beg),
3238 fmtres.range.min, fmtres.range.max);
3239 }
3240 else if (res->range.min > target_int_max ())
3241 {
3242 /* The directive output is under INT_MAX but causes the result
3243 to exceed INT_MAX bytes. */
3244 if (fmtres.range.min == fmtres.range.max)
3245 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3246 "%<%.*s%> directive output of %wu bytes causes "
3247 "result to exceed %<INT_MAX%>", dirlen,
3248 target_to_host (hostdir, sizeof hostdir, dir.beg),
3249 fmtres.range.min);
3250 else
3251 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3252 "%<%.*s%> directive output between %wu and "
3253 "%wu bytes causes result to exceed %<INT_MAX%>",
3254 dirlen,
3255 target_to_host (hostdir, sizeof hostdir, dir.beg),
3256 fmtres.range.min, fmtres.range.max);
3257 }
3258 else if ((!info.retval_used () || !info.bounded)
3259 && (info.is_string_func ()))
3260 /* Warn for calls to string functions that either aren't bounded
3261 (sprintf) or whose return value isn't used. */
3262 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3263 "%<%.*s%> directive output between %wu and "
3264 "%wu bytes may cause result to exceed "
3265 "%<INT_MAX%>", dirlen,
3266 target_to_host (hostdir, sizeof hostdir, dir.beg),
3267 fmtres.range.min, fmtres.range.max);
3268 }
3269
3270 if (!warned && fmtres.nonstr)
3271 {
3272 warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
3273 "%<%.*s%> directive argument is not a nul-terminated "
3274 "string",
3275 dirlen,
3276 target_to_host (hostdir, sizeof hostdir, dir.beg));
3277 if (warned && DECL_P (fmtres.nonstr))
3278 inform (DECL_SOURCE_LOCATION (fmtres.nonstr),
3279 "referenced argument declared here");
3280 return false;
3281 }
3282
3283 if (warned && fmtres.range.min < fmtres.range.likely
3284 && fmtres.range.likely < fmtres.range.max)
3285 inform_n (info.fmtloc, fmtres.range.likely,
3286 "assuming directive output of %wu byte",
3287 "assuming directive output of %wu bytes",
3288 fmtres.range.likely);
3289
3290 if (warned && fmtres.argmin)
3291 {
3292 if (fmtres.argmin == fmtres.argmax)
3293 inform (info.fmtloc, "directive argument %qE", fmtres.argmin);
3294 else if (fmtres.knownrange)
3295 inform (info.fmtloc, "directive argument in the range [%E, %E]",
3296 fmtres.argmin, fmtres.argmax);
3297 else
3298 inform (info.fmtloc,
3299 "using the range [%E, %E] for directive argument",
3300 fmtres.argmin, fmtres.argmax);
3301 }
3302
3303 res->warned |= warned;
3304
3305 if (!dir.beg[0] && res->warned)
3306 {
3307 location_t callloc = gimple_location (info.callstmt);
3308
3309 unsigned HOST_WIDE_INT min = res->range.min;
3310 unsigned HOST_WIDE_INT max = res->range.max;
3311
3312 if (info.objsize < HOST_WIDE_INT_MAX)
3313 {
3314 /* If a warning has been issued for buffer overflow or truncation
3315 help the user figure out how big a buffer they need. */
3316
3317 if (min == max)
3318 inform_n (callloc, min,
3319 "%qE output %wu byte into a destination of size %wu",
3320 "%qE output %wu bytes into a destination of size %wu",
3321 info.func, min, info.objsize);
3322 else if (max < HOST_WIDE_INT_MAX)
3323 inform (callloc,
3324 "%qE output between %wu and %wu bytes into "
3325 "a destination of size %wu",
3326 info.func, min, max, info.objsize);
3327 else if (min < res->range.likely && res->range.likely < max)
3328 inform (callloc,
3329 "%qE output %wu or more bytes (assuming %wu) into "
3330 "a destination of size %wu",
3331 info.func, min, res->range.likely, info.objsize);
3332 else
3333 inform (callloc,
3334 "%qE output %wu or more bytes into a destination of size "
3335 "%wu",
3336 info.func, min, info.objsize);
3337 }
3338 else if (!info.is_string_func ())
3339 {
3340 /* If the warning is for a file function function like fprintf
3341 of printf with no destination size just print the computed
3342 result. */
3343 if (min == max)
3344 inform_n (callloc, min,
3345 "%qE output %wu byte", "%qE output %wu bytes",
3346 info.func, min);
3347 else if (max < HOST_WIDE_INT_MAX)
3348 inform (callloc,
3349 "%qE output between %wu and %wu bytes",
3350 info.func, min, max);
3351 else if (min < res->range.likely && res->range.likely < max)
3352 inform (callloc,
3353 "%qE output %wu or more bytes (assuming %wu)",
3354 info.func, min, res->range.likely);
3355 else
3356 inform (callloc,
3357 "%qE output %wu or more bytes",
3358 info.func, min);
3359 }
3360 }
3361
3362 if (dump_file && *dir.beg)
3363 {
3364 fprintf (dump_file,
3365 " Result: "
3366 HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ", "
3367 HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC " ("
3368 HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ", "
3369 HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ")\n",
3370 fmtres.range.min, fmtres.range.likely,
3371 fmtres.range.max, fmtres.range.unlikely,
3372 res->range.min, res->range.likely,
3373 res->range.max, res->range.unlikely);
3374 }
3375
3376 return true;
3377 }
3378
3379 /* Parse a format directive in function call described by INFO starting
3380 at STR and populate DIR structure. Bump up *ARGNO by the number of
3381 arguments extracted for the directive. Return the length of
3382 the directive. */
3383
3384 static size_t
3385 parse_directive (call_info &info,
3386 directive &dir, format_result *res,
3387 const char *str, unsigned *argno,
3388 const vr_values *vr_values)
3389 {
3390 const char *pcnt = strchr (str, target_percent);
3391 dir.beg = str;
3392
3393 if (size_t len = pcnt ? pcnt - str : *str ? strlen (str) : 1)
3394 {
3395 /* This directive is either a plain string or the terminating nul
3396 (which isn't really a directive but it simplifies things to
3397 handle it as if it were). */
3398 dir.len = len;
3399 dir.fmtfunc = format_plain;
3400
3401 if (dump_file)
3402 {
3403 fprintf (dump_file, " Directive %u at offset "
3404 HOST_WIDE_INT_PRINT_UNSIGNED ": \"%.*s\", "
3405 "length = " HOST_WIDE_INT_PRINT_UNSIGNED "\n",
3406 dir.dirno,
3407 (unsigned HOST_WIDE_INT)(size_t)(dir.beg - info.fmtstr),
3408 (int)dir.len, dir.beg, (unsigned HOST_WIDE_INT) dir.len);
3409 }
3410
3411 return len - !*str;
3412 }
3413
3414 /* Set the directive argument's number to correspond to its position
3415 in the formatted function call's argument list. */
3416 dir.argno = *argno;
3417
3418 const char *pf = pcnt + 1;
3419
3420 /* POSIX numbered argument index or zero when none. */
3421 HOST_WIDE_INT dollar = 0;
3422
3423 /* With and precision. -1 when not specified, HOST_WIDE_INT_MIN
3424 when given by a va_list argument, and a non-negative value
3425 when specified in the format string itself. */
3426 HOST_WIDE_INT width = -1;
3427 HOST_WIDE_INT precision = -1;
3428
3429 /* Pointers to the beginning of the width and precision decimal
3430 string (if any) within the directive. */
3431 const char *pwidth = 0;
3432 const char *pprec = 0;
3433
3434 /* When the value of the decimal string that specifies width or
3435 precision is out of range, points to the digit that causes
3436 the value to exceed the limit. */
3437 const char *werange = NULL;
3438 const char *perange = NULL;
3439
3440 /* Width specified via the asterisk. Need not be INTEGER_CST.
3441 For vararg functions set to void_node. */
3442 tree star_width = NULL_TREE;
3443
3444 /* Width specified via the asterisk. Need not be INTEGER_CST.
3445 For vararg functions set to void_node. */
3446 tree star_precision = NULL_TREE;
3447
3448 if (ISDIGIT (target_to_host (*pf)))
3449 {
3450 /* This could be either a POSIX positional argument, the '0'
3451 flag, or a width, depending on what follows. Store it as
3452 width and sort it out later after the next character has
3453 been seen. */
3454 pwidth = pf;
3455 width = target_strtowi (&pf, &werange);
3456 }
3457 else if (target_to_host (*pf) == '*')
3458 {
3459 /* Similarly to the block above, this could be either a POSIX
3460 positional argument or a width, depending on what follows. */
3461 if (*argno < gimple_call_num_args (info.callstmt))
3462 star_width = gimple_call_arg (info.callstmt, (*argno)++);
3463 else
3464 star_width = void_node;
3465 ++pf;
3466 }
3467
3468 if (target_to_host (*pf) == '$')
3469 {
3470 /* Handle the POSIX dollar sign which references the 1-based
3471 positional argument number. */
3472 if (width != -1)
3473 dollar = width + info.argidx;
3474 else if (star_width
3475 && TREE_CODE (star_width) == INTEGER_CST
3476 && (TYPE_PRECISION (TREE_TYPE (star_width))
3477 <= TYPE_PRECISION (integer_type_node)))
3478 dollar = width + tree_to_shwi (star_width);
3479
3480 /* Bail when the numbered argument is out of range (it will
3481 have already been diagnosed by -Wformat). */
3482 if (dollar == 0
3483 || dollar == (int)info.argidx
3484 || dollar > gimple_call_num_args (info.callstmt))
3485 return false;
3486
3487 --dollar;
3488
3489 star_width = NULL_TREE;
3490 width = -1;
3491 ++pf;
3492 }
3493
3494 if (dollar || !star_width)
3495 {
3496 if (width != -1)
3497 {
3498 if (width == 0)
3499 {
3500 /* The '0' that has been interpreted as a width above is
3501 actually a flag. Reset HAVE_WIDTH, set the '0' flag,
3502 and continue processing other flags. */
3503 width = -1;
3504 dir.set_flag ('0');
3505 }
3506 else if (!dollar)
3507 {
3508 /* (Non-zero) width has been seen. The next character
3509 is either a period or a digit. */
3510 goto start_precision;
3511 }
3512 }
3513 /* When either '$' has been seen, or width has not been seen,
3514 the next field is the optional flags followed by an optional
3515 width. */
3516 for ( ; ; ) {
3517 switch (target_to_host (*pf))
3518 {
3519 case ' ':
3520 case '0':
3521 case '+':
3522 case '-':
3523 case '#':
3524 dir.set_flag (target_to_host (*pf++));
3525 break;
3526
3527 default:
3528 goto start_width;
3529 }
3530 }
3531
3532 start_width:
3533 if (ISDIGIT (target_to_host (*pf)))
3534 {
3535 werange = 0;
3536 pwidth = pf;
3537 width = target_strtowi (&pf, &werange);
3538 }
3539 else if (target_to_host (*pf) == '*')
3540 {
3541 if (*argno < gimple_call_num_args (info.callstmt))
3542 star_width = gimple_call_arg (info.callstmt, (*argno)++);
3543 else
3544 {
3545 /* This is (likely) a va_list. It could also be an invalid
3546 call with insufficient arguments. */
3547 star_width = void_node;
3548 }
3549 ++pf;
3550 }
3551 else if (target_to_host (*pf) == '\'')
3552 {
3553 /* The POSIX apostrophe indicating a numeric grouping
3554 in the current locale. Even though it's possible to
3555 estimate the upper bound on the size of the output
3556 based on the number of digits it probably isn't worth
3557 continuing. */
3558 return 0;
3559 }
3560 }
3561
3562 start_precision:
3563 if (target_to_host (*pf) == '.')
3564 {
3565 ++pf;
3566
3567 if (ISDIGIT (target_to_host (*pf)))
3568 {
3569 pprec = pf;
3570 precision = target_strtowi (&pf, &perange);
3571 }
3572 else if (target_to_host (*pf) == '*')
3573 {
3574 if (*argno < gimple_call_num_args (info.callstmt))
3575 star_precision = gimple_call_arg (info.callstmt, (*argno)++);
3576 else
3577 {
3578 /* This is (likely) a va_list. It could also be an invalid
3579 call with insufficient arguments. */
3580 star_precision = void_node;
3581 }
3582 ++pf;
3583 }
3584 else
3585 {
3586 /* The decimal precision or the asterisk are optional.
3587 When neither is dirified it's taken to be zero. */
3588 precision = 0;
3589 }
3590 }
3591
3592 switch (target_to_host (*pf))
3593 {
3594 case 'h':
3595 if (target_to_host (pf[1]) == 'h')
3596 {
3597 ++pf;
3598 dir.modifier = FMT_LEN_hh;
3599 }
3600 else
3601 dir.modifier = FMT_LEN_h;
3602 ++pf;
3603 break;
3604
3605 case 'j':
3606 dir.modifier = FMT_LEN_j;
3607 ++pf;
3608 break;
3609
3610 case 'L':
3611 dir.modifier = FMT_LEN_L;
3612 ++pf;
3613 break;
3614
3615 case 'l':
3616 if (target_to_host (pf[1]) == 'l')
3617 {
3618 ++pf;
3619 dir.modifier = FMT_LEN_ll;
3620 }
3621 else
3622 dir.modifier = FMT_LEN_l;
3623 ++pf;
3624 break;
3625
3626 case 't':
3627 dir.modifier = FMT_LEN_t;
3628 ++pf;
3629 break;
3630
3631 case 'z':
3632 dir.modifier = FMT_LEN_z;
3633 ++pf;
3634 break;
3635 }
3636
3637 switch (target_to_host (*pf))
3638 {
3639 /* Handle a sole '%' character the same as "%%" but since it's
3640 undefined prevent the result from being folded. */
3641 case '\0':
3642 --pf;
3643 res->range.min = res->range.max = HOST_WIDE_INT_M1U;
3644 /* FALLTHRU */
3645 case '%':
3646 dir.fmtfunc = format_percent;
3647 break;
3648
3649 case 'a':
3650 case 'A':
3651 case 'e':
3652 case 'E':
3653 case 'f':
3654 case 'F':
3655 case 'g':
3656 case 'G':
3657 res->floating = true;
3658 dir.fmtfunc = format_floating;
3659 break;
3660
3661 case 'd':
3662 case 'i':
3663 case 'o':
3664 case 'u':
3665 case 'x':
3666 case 'X':
3667 dir.fmtfunc = format_integer;
3668 break;
3669
3670 case 'p':
3671 /* The %p output is implementation-defined. It's possible
3672 to determine this format but due to extensions (edirially
3673 those of the Linux kernel -- see bug 78512) the first %p
3674 in the format string disables any further processing. */
3675 return false;
3676
3677 case 'n':
3678 /* %n has side-effects even when nothing is actually printed to
3679 any buffer. */
3680 info.nowrite = false;
3681 dir.fmtfunc = format_none;
3682 break;
3683
3684 case 'C':
3685 case 'c':
3686 /* POSIX wide character and C/POSIX narrow character. */
3687 dir.fmtfunc = format_character;
3688 break;
3689
3690 case 'S':
3691 case 's':
3692 /* POSIX wide string and C/POSIX narrow character string. */
3693 dir.fmtfunc = format_string;
3694 break;
3695
3696 default:
3697 /* Unknown conversion specification. */
3698 return 0;
3699 }
3700
3701 dir.specifier = target_to_host (*pf++);
3702
3703 /* Store the length of the format directive. */
3704 dir.len = pf - pcnt;
3705
3706 /* Buffer for the directive in the host character set (used when
3707 the source character set is different). */
3708 char hostdir[32];
3709
3710 if (star_width)
3711 {
3712 if (INTEGRAL_TYPE_P (TREE_TYPE (star_width)))
3713 dir.set_width (star_width, vr_values);
3714 else
3715 {
3716 /* Width specified by a va_list takes on the range [0, -INT_MIN]
3717 (width is the absolute value of that specified). */
3718 dir.width[0] = 0;
3719 dir.width[1] = target_int_max () + 1;
3720 }
3721 }
3722 else
3723 {
3724 if (width == HOST_WIDE_INT_MAX && werange)
3725 {
3726 size_t begin = dir.beg - info.fmtstr + (pwidth - pcnt);
3727 size_t caret = begin + (werange - pcnt);
3728 size_t end = pf - info.fmtstr - 1;
3729
3730 /* Create a location for the width part of the directive,
3731 pointing the caret at the first out-of-range digit. */
3732 substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format),
3733 caret, begin, end);
3734
3735 fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
3736 "%<%.*s%> directive width out of range", (int) dir.len,
3737 target_to_host (hostdir, sizeof hostdir, dir.beg));
3738 }
3739
3740 dir.set_width (width);
3741 }
3742
3743 if (star_precision)
3744 {
3745 if (INTEGRAL_TYPE_P (TREE_TYPE (star_precision)))
3746 dir.set_precision (star_precision, vr_values);
3747 else
3748 {
3749 /* Precision specified by a va_list takes on the range [-1, INT_MAX]
3750 (unlike width, negative precision is ignored). */
3751 dir.prec[0] = -1;
3752 dir.prec[1] = target_int_max ();
3753 }
3754 }
3755 else
3756 {
3757 if (precision == HOST_WIDE_INT_MAX && perange)
3758 {
3759 size_t begin = dir.beg - info.fmtstr + (pprec - pcnt) - 1;
3760 size_t caret = dir.beg - info.fmtstr + (perange - pcnt) - 1;
3761 size_t end = pf - info.fmtstr - 2;
3762
3763 /* Create a location for the precision part of the directive,
3764 including the leading period, pointing the caret at the first
3765 out-of-range digit . */
3766 substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format),
3767 caret, begin, end);
3768
3769 fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
3770 "%<%.*s%> directive precision out of range", (int) dir.len,
3771 target_to_host (hostdir, sizeof hostdir, dir.beg));
3772 }
3773
3774 dir.set_precision (precision);
3775 }
3776
3777 /* Extract the argument if the directive takes one and if it's
3778 available (e.g., the function doesn't take a va_list). Treat
3779 missing arguments the same as va_list, even though they will
3780 have likely already been diagnosed by -Wformat. */
3781 if (dir.specifier != '%'
3782 && *argno < gimple_call_num_args (info.callstmt))
3783 dir.arg = gimple_call_arg (info.callstmt, dollar ? dollar : (*argno)++);
3784
3785 if (dump_file)
3786 {
3787 fprintf (dump_file,
3788 " Directive %u at offset " HOST_WIDE_INT_PRINT_UNSIGNED
3789 ": \"%.*s\"",
3790 dir.dirno,
3791 (unsigned HOST_WIDE_INT)(size_t)(dir.beg - info.fmtstr),
3792 (int)dir.len, dir.beg);
3793 if (star_width)
3794 {
3795 if (dir.width[0] == dir.width[1])
3796 fprintf (dump_file, ", width = " HOST_WIDE_INT_PRINT_DEC,
3797 dir.width[0]);
3798 else
3799 fprintf (dump_file,
3800 ", width in range [" HOST_WIDE_INT_PRINT_DEC
3801 ", " HOST_WIDE_INT_PRINT_DEC "]",
3802 dir.width[0], dir.width[1]);
3803 }
3804
3805 if (star_precision)
3806 {
3807 if (dir.prec[0] == dir.prec[1])
3808 fprintf (dump_file, ", precision = " HOST_WIDE_INT_PRINT_DEC,
3809 dir.prec[0]);
3810 else
3811 fprintf (dump_file,
3812 ", precision in range [" HOST_WIDE_INT_PRINT_DEC
3813 HOST_WIDE_INT_PRINT_DEC "]",
3814 dir.prec[0], dir.prec[1]);
3815 }
3816 fputc ('\n', dump_file);
3817 }
3818
3819 return dir.len;
3820 }
3821
3822 /* Diagnose overlap between destination and %s directive arguments. */
3823
3824 static void
3825 maybe_warn_overlap (call_info &info, format_result *res)
3826 {
3827 /* Two vectors of 1-based indices corresponding to either certainly
3828 or possibly aliasing arguments. */
3829 auto_vec<int, 16> aliasarg[2];
3830
3831 /* Go through the array of potentially aliasing directives and collect
3832 argument numbers of those that do or may overlap the destination
3833 object given the full result. */
3834 for (unsigned i = 0; i != res->alias_count; ++i)
3835 {
3836 const format_result::alias_info &alias = res->aliases[i];
3837
3838 enum { possible = -1, none = 0, certain = 1 } overlap = none;
3839
3840 /* If the precision is zero there is no overlap. (This only
3841 considers %s directives and ignores %n.) */
3842 if (alias.dir.prec[0] == 0 && alias.dir.prec[1] == 0)
3843 continue;
3844
3845 if (alias.offset == HOST_WIDE_INT_MAX
3846 || info.dst_offset == HOST_WIDE_INT_MAX)
3847 overlap = possible;
3848 else if (alias.offset == info.dst_offset)
3849 overlap = alias.dir.prec[0] == 0 ? possible : certain;
3850 else
3851 {
3852 /* Determine overlap from the range of output and offsets
3853 into the same destination as the source, and rule out
3854 impossible overlap. */
3855 unsigned HOST_WIDE_INT albeg = alias.offset;
3856 unsigned HOST_WIDE_INT dstbeg = info.dst_offset;
3857
3858 unsigned HOST_WIDE_INT alend = albeg + alias.range.min;
3859 unsigned HOST_WIDE_INT dstend = dstbeg + res->range.min - 1;
3860
3861 if ((albeg <= dstbeg && alend > dstbeg)
3862 || (albeg >= dstbeg && albeg < dstend))
3863 overlap = certain;
3864 else
3865 {
3866 alend = albeg + alias.range.max;
3867 if (alend < albeg)
3868 alend = HOST_WIDE_INT_M1U;
3869
3870 dstend = dstbeg + res->range.max - 1;
3871 if (dstend < dstbeg)
3872 dstend = HOST_WIDE_INT_M1U;
3873
3874 if ((albeg >= dstbeg && albeg <= dstend)
3875 || (alend >= dstbeg && alend <= dstend))
3876 overlap = possible;
3877 }
3878 }
3879
3880 if (overlap == none)
3881 continue;
3882
3883 /* Append the 1-based argument number. */
3884 aliasarg[overlap != certain].safe_push (alias.dir.argno + 1);
3885
3886 /* Disable any kind of optimization. */
3887 res->range.unlikely = HOST_WIDE_INT_M1U;
3888 }
3889
3890 tree arg0 = gimple_call_arg (info.callstmt, 0);
3891 location_t loc = gimple_location (info.callstmt);
3892
3893 bool aliaswarn = false;
3894
3895 unsigned ncertain = aliasarg[0].length ();
3896 unsigned npossible = aliasarg[1].length ();
3897 if (ncertain && npossible)
3898 {
3899 /* If there are multiple arguments that overlap, some certainly
3900 and some possibly, handle both sets in a single diagnostic. */
3901 aliaswarn
3902 = warning_at (loc, OPT_Wrestrict,
3903 "%qE arguments %Z and maybe %Z overlap destination "
3904 "object %qE",
3905 info.func, aliasarg[0].address (), ncertain,
3906 aliasarg[1].address (), npossible,
3907 info.dst_origin);
3908 }
3909 else if (ncertain)
3910 {
3911 /* There is only one set of two or more arguments and they all
3912 certainly overlap the destination. */
3913 aliaswarn
3914 = warning_n (loc, OPT_Wrestrict, ncertain,
3915 "%qE argument %Z overlaps destination object %qE",
3916 "%qE arguments %Z overlap destination object %qE",
3917 info.func, aliasarg[0].address (), ncertain,
3918 info.dst_origin);
3919 }
3920 else if (npossible)
3921 {
3922 /* There is only one set of two or more arguments and they all
3923 may overlap (but need not). */
3924 aliaswarn
3925 = warning_n (loc, OPT_Wrestrict, npossible,
3926 "%qE argument %Z may overlap destination object %qE",
3927 "%qE arguments %Z may overlap destination object %qE",
3928 info.func, aliasarg[1].address (), npossible,
3929 info.dst_origin);
3930 }
3931
3932 if (aliaswarn)
3933 {
3934 res->warned = true;
3935
3936 if (info.dst_origin != arg0)
3937 {
3938 /* If its location is different from the first argument of the call
3939 point either at the destination object itself or at the expression
3940 that was used to determine the overlap. */
3941 loc = (DECL_P (info.dst_origin)
3942 ? DECL_SOURCE_LOCATION (info.dst_origin)
3943 : EXPR_LOCATION (info.dst_origin));
3944 if (loc != UNKNOWN_LOCATION)
3945 inform (loc,
3946 "destination object referenced by %<restrict%>-qualified "
3947 "argument 1 was declared here");
3948 }
3949 }
3950 }
3951
3952 /* Compute the length of the output resulting from the call to a formatted
3953 output function described by INFO and store the result of the call in
3954 *RES. Issue warnings for detected past the end writes. Return true
3955 if the complete format string has been processed and *RES can be relied
3956 on, false otherwise (e.g., when a unknown or unhandled directive was seen
3957 that caused the processing to be terminated early). */
3958
3959 static bool
3960 compute_format_length (call_info &info, format_result *res, const vr_values *vr)
3961 {
3962 if (dump_file)
3963 {
3964 location_t callloc = gimple_location (info.callstmt);
3965 fprintf (dump_file, "%s:%i: ",
3966 LOCATION_FILE (callloc), LOCATION_LINE (callloc));
3967 print_generic_expr (dump_file, info.func, dump_flags);
3968
3969 fprintf (dump_file,
3970 ": objsize = " HOST_WIDE_INT_PRINT_UNSIGNED
3971 ", fmtstr = \"%s\"\n",
3972 info.objsize, info.fmtstr);
3973 }
3974
3975 /* Reset the minimum and maximum byte counters. */
3976 res->range.min = res->range.max = 0;
3977
3978 /* No directive has been seen yet so the length of output is bounded
3979 by the known range [0, 0] (with no conversion resulting in a failure
3980 or producing more than 4K bytes) until determined otherwise. */
3981 res->knownrange = true;
3982 res->floating = false;
3983 res->warned = false;
3984
3985 /* 1-based directive counter. */
3986 unsigned dirno = 1;
3987
3988 /* The variadic argument counter. */
3989 unsigned argno = info.argidx;
3990
3991 bool success = true;
3992
3993 for (const char *pf = info.fmtstr; ; ++dirno)
3994 {
3995 directive dir (&info, dirno);
3996
3997 size_t n = parse_directive (info, dir, res, pf, &argno, vr);
3998
3999 /* Return failure if the format function fails. */
4000 if (!format_directive (info, res, dir, vr))
4001 return false;
4002
4003 /* Return success when the directive is zero bytes long and it's
4004 the last thing in the format string (i.e., it's the terminating
4005 nul, which isn't really a directive but handling it as one makes
4006 things simpler). */
4007 if (!n)
4008 {
4009 success = *pf == '\0';
4010 break;
4011 }
4012
4013 pf += n;
4014 }
4015
4016 maybe_warn_overlap (info, res);
4017
4018 /* The complete format string was processed (with or without warnings). */
4019 return success;
4020 }
4021
4022 /* Return the size of the object referenced by the expression DEST if
4023 available, or the maximum possible size otherwise. */
4024
4025 static unsigned HOST_WIDE_INT
4026 get_destination_size (tree dest)
4027 {
4028 /* When there is no destination return the maximum. */
4029 if (!dest)
4030 return HOST_WIDE_INT_MAX;
4031
4032 /* Initialize object size info before trying to compute it. */
4033 init_object_sizes ();
4034
4035 /* Use __builtin_object_size to determine the size of the destination
4036 object. When optimizing, determine the smallest object (such as
4037 a member array as opposed to the whole enclosing object), otherwise
4038 use type-zero object size to determine the size of the enclosing
4039 object (the function fails without optimization in this type). */
4040 int ost = optimize > 0;
4041 unsigned HOST_WIDE_INT size;
4042 if (compute_builtin_object_size (dest, ost, &size))
4043 return size;
4044
4045 return HOST_WIDE_INT_MAX;
4046 }
4047
4048 /* Return true if the call described by INFO with result RES safe to
4049 optimize (i.e., no undefined behavior), and set RETVAL to the range
4050 of its return values. */
4051
4052 static bool
4053 is_call_safe (const call_info &info,
4054 const format_result &res, bool under4k,
4055 unsigned HOST_WIDE_INT retval[2])
4056 {
4057 if (under4k && !res.posunder4k)
4058 return false;
4059
4060 /* The minimum return value. */
4061 retval[0] = res.range.min;
4062
4063 /* The maximum return value is in most cases bounded by RES.RANGE.MAX
4064 but in cases involving multibyte characters could be as large as
4065 RES.RANGE.UNLIKELY. */
4066 retval[1]
4067 = res.range.unlikely < res.range.max ? res.range.max : res.range.unlikely;
4068
4069 /* Adjust the number of bytes which includes the terminating nul
4070 to reflect the return value of the function which does not.
4071 Because the valid range of the function is [INT_MIN, INT_MAX],
4072 a valid range before the adjustment below is [0, INT_MAX + 1]
4073 (the functions only return negative values on error or undefined
4074 behavior). */
4075 if (retval[0] <= target_int_max () + 1)
4076 --retval[0];
4077 if (retval[1] <= target_int_max () + 1)
4078 --retval[1];
4079
4080 /* Avoid the return value optimization when the behavior of the call
4081 is undefined either because any directive may have produced 4K or
4082 more of output, or the return value exceeds INT_MAX, or because
4083 the output overflows the destination object (but leave it enabled
4084 when the function is bounded because then the behavior is well-
4085 defined). */
4086 if (retval[0] == retval[1]
4087 && (info.bounded || retval[0] < info.objsize)
4088 && retval[0] <= target_int_max ())
4089 return true;
4090
4091 if ((info.bounded || retval[1] < info.objsize)
4092 && (retval[0] < target_int_max ()
4093 && retval[1] < target_int_max ()))
4094 return true;
4095
4096 if (!under4k && (info.bounded || retval[0] < info.objsize))
4097 return true;
4098
4099 return false;
4100 }
4101
4102 /* Given a suitable result RES of a call to a formatted output function
4103 described by INFO, substitute the result for the return value of
4104 the call. The result is suitable if the number of bytes it represents
4105 is known and exact. A result that isn't suitable for substitution may
4106 have its range set to the range of return values, if that is known.
4107 Return true if the call is removed and gsi_next should not be performed
4108 in the caller. */
4109
4110 static bool
4111 try_substitute_return_value (gimple_stmt_iterator *gsi,
4112 const call_info &info,
4113 const format_result &res)
4114 {
4115 tree lhs = gimple_get_lhs (info.callstmt);
4116
4117 /* Set to true when the entire call has been removed. */
4118 bool removed = false;
4119
4120 /* The minimum and maximum return value. */
4121 unsigned HOST_WIDE_INT retval[2];
4122 bool safe = is_call_safe (info, res, true, retval);
4123
4124 if (safe
4125 && retval[0] == retval[1]
4126 /* Not prepared to handle possibly throwing calls here; they shouldn't
4127 appear in non-artificial testcases, except when the __*_chk routines
4128 are badly declared. */
4129 && !stmt_ends_bb_p (info.callstmt))
4130 {
4131 tree cst = build_int_cst (lhs ? TREE_TYPE (lhs) : integer_type_node,
4132 retval[0]);
4133
4134 if (lhs == NULL_TREE && info.nowrite)
4135 {
4136 /* Remove the call to the bounded function with a zero size
4137 (e.g., snprintf(0, 0, "%i", 123)) if there is no lhs. */
4138 unlink_stmt_vdef (info.callstmt);
4139 gsi_remove (gsi, true);
4140 removed = true;
4141 }
4142 else if (info.nowrite)
4143 {
4144 /* Replace the call to the bounded function with a zero size
4145 (e.g., snprintf(0, 0, "%i", 123) with the constant result
4146 of the function. */
4147 if (!update_call_from_tree (gsi, cst))
4148 gimplify_and_update_call_from_tree (gsi, cst);
4149 gimple *callstmt = gsi_stmt (*gsi);
4150 update_stmt (callstmt);
4151 }
4152 else if (lhs)
4153 {
4154 /* Replace the left-hand side of the call with the constant
4155 result of the formatted function. */
4156 gimple_call_set_lhs (info.callstmt, NULL_TREE);
4157 gimple *g = gimple_build_assign (lhs, cst);
4158 gsi_insert_after (gsi, g, GSI_NEW_STMT);
4159 update_stmt (info.callstmt);
4160 }
4161
4162 if (dump_file)
4163 {
4164 if (removed)
4165 fprintf (dump_file, " Removing call statement.");
4166 else
4167 {
4168 fprintf (dump_file, " Substituting ");
4169 print_generic_expr (dump_file, cst, dump_flags);
4170 fprintf (dump_file, " for %s.\n",
4171 info.nowrite ? "statement" : "return value");
4172 }
4173 }
4174 }
4175 else if (lhs && types_compatible_p (TREE_TYPE (lhs), integer_type_node))
4176 {
4177 bool setrange = false;
4178
4179 if (safe
4180 && (info.bounded || retval[1] < info.objsize)
4181 && (retval[0] < target_int_max ()
4182 && retval[1] < target_int_max ()))
4183 {
4184 /* If the result is in a valid range bounded by the size of
4185 the destination set it so that it can be used for subsequent
4186 optimizations. */
4187 int prec = TYPE_PRECISION (integer_type_node);
4188
4189 wide_int min = wi::shwi (retval[0], prec);
4190 wide_int max = wi::shwi (retval[1], prec);
4191 set_range_info (lhs, VR_RANGE, min, max);
4192
4193 setrange = true;
4194 }
4195
4196 if (dump_file)
4197 {
4198 const char *inbounds
4199 = (retval[0] < info.objsize
4200 ? (retval[1] < info.objsize
4201 ? "in" : "potentially out-of")
4202 : "out-of");
4203
4204 const char *what = setrange ? "Setting" : "Discarding";
4205 if (retval[0] != retval[1])
4206 fprintf (dump_file,
4207 " %s %s-bounds return value range ["
4208 HOST_WIDE_INT_PRINT_UNSIGNED ", "
4209 HOST_WIDE_INT_PRINT_UNSIGNED "].\n",
4210 what, inbounds, retval[0], retval[1]);
4211 else
4212 fprintf (dump_file, " %s %s-bounds return value "
4213 HOST_WIDE_INT_PRINT_UNSIGNED ".\n",
4214 what, inbounds, retval[0]);
4215 }
4216 }
4217
4218 if (dump_file)
4219 fputc ('\n', dump_file);
4220
4221 return removed;
4222 }
4223
4224 /* Try to simplify a s{,n}printf call described by INFO with result
4225 RES by replacing it with a simpler and presumably more efficient
4226 call (such as strcpy). */
4227
4228 static bool
4229 try_simplify_call (gimple_stmt_iterator *gsi,
4230 const call_info &info,
4231 const format_result &res)
4232 {
4233 unsigned HOST_WIDE_INT dummy[2];
4234 if (!is_call_safe (info, res, info.retval_used (), dummy))
4235 return false;
4236
4237 switch (info.fncode)
4238 {
4239 case BUILT_IN_SNPRINTF:
4240 return gimple_fold_builtin_snprintf (gsi);
4241
4242 case BUILT_IN_SPRINTF:
4243 return gimple_fold_builtin_sprintf (gsi);
4244
4245 default:
4246 ;
4247 }
4248
4249 return false;
4250 }
4251
4252 /* Return the zero-based index of the format string argument of a printf
4253 like function and set *IDX_ARGS to the first format argument. When
4254 no such index exists return UINT_MAX. */
4255
4256 static unsigned
4257 get_user_idx_format (tree fndecl, unsigned *idx_args)
4258 {
4259 tree attrs = lookup_attribute ("format", DECL_ATTRIBUTES (fndecl));
4260 if (!attrs)
4261 attrs = lookup_attribute ("format", TYPE_ATTRIBUTES (TREE_TYPE (fndecl)));
4262
4263 if (!attrs)
4264 return UINT_MAX;
4265
4266 attrs = TREE_VALUE (attrs);
4267
4268 tree archetype = TREE_VALUE (attrs);
4269 if (strcmp ("printf", IDENTIFIER_POINTER (archetype)))
4270 return UINT_MAX;
4271
4272 attrs = TREE_CHAIN (attrs);
4273 tree fmtarg = TREE_VALUE (attrs);
4274
4275 attrs = TREE_CHAIN (attrs);
4276 tree elliparg = TREE_VALUE (attrs);
4277
4278 /* Attribute argument indices are 1-based but we use zero-based. */
4279 *idx_args = tree_to_uhwi (elliparg) - 1;
4280 return tree_to_uhwi (fmtarg) - 1;
4281 }
4282
4283 } /* Unnamed namespace. */
4284
4285 /* Determine if a GIMPLE call at *GSI is to one of the sprintf-like built-in
4286 functions and if so, handle it. Return true if the call is removed and
4287 gsi_next should not be performed in the caller. */
4288
4289 bool
4290 handle_printf_call (gimple_stmt_iterator *gsi, const vr_values *vr_values)
4291 {
4292 init_target_to_host_charmap ();
4293
4294 call_info info = call_info ();
4295
4296 info.callstmt = gsi_stmt (*gsi);
4297 info.func = gimple_call_fndecl (info.callstmt);
4298 if (!info.func)
4299 return false;
4300
4301 /* Format string argument number (valid for all functions). */
4302 unsigned idx_format = UINT_MAX;
4303 if (gimple_call_builtin_p (info.callstmt, BUILT_IN_NORMAL))
4304 info.fncode = DECL_FUNCTION_CODE (info.func);
4305 else
4306 {
4307 unsigned idx_args;
4308 idx_format = get_user_idx_format (info.func, &idx_args);
4309 if (idx_format == UINT_MAX
4310 || idx_format >= gimple_call_num_args (info.callstmt)
4311 || idx_args > gimple_call_num_args (info.callstmt)
4312 || !POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (info.callstmt,
4313 idx_format))))
4314 return false;
4315 info.fncode = BUILT_IN_NONE;
4316 info.argidx = idx_args;
4317 }
4318
4319 /* The size of the destination as in snprintf(dest, size, ...). */
4320 unsigned HOST_WIDE_INT dstsize = HOST_WIDE_INT_M1U;
4321
4322 /* The size of the destination determined by __builtin_object_size. */
4323 unsigned HOST_WIDE_INT objsize = HOST_WIDE_INT_M1U;
4324
4325 /* Zero-based buffer size argument number (snprintf and vsnprintf). */
4326 unsigned idx_dstsize = UINT_MAX;
4327
4328 /* Object size argument number (snprintf_chk and vsnprintf_chk). */
4329 unsigned idx_objsize = UINT_MAX;
4330
4331 /* Destinaton argument number (valid for sprintf functions only). */
4332 unsigned idx_dstptr = 0;
4333
4334 switch (info.fncode)
4335 {
4336 case BUILT_IN_NONE:
4337 // User-defined function with attribute format (printf).
4338 idx_dstptr = -1;
4339 break;
4340
4341 case BUILT_IN_FPRINTF:
4342 // Signature:
4343 // __builtin_fprintf (FILE*, format, ...)
4344 idx_format = 1;
4345 info.argidx = 2;
4346 idx_dstptr = -1;
4347 break;
4348
4349 case BUILT_IN_FPRINTF_CHK:
4350 // Signature:
4351 // __builtin_fprintf_chk (FILE*, ost, format, ...)
4352 idx_format = 2;
4353 info.argidx = 3;
4354 idx_dstptr = -1;
4355 break;
4356
4357 case BUILT_IN_FPRINTF_UNLOCKED:
4358 // Signature:
4359 // __builtin_fprintf_unnlocked (FILE*, format, ...)
4360 idx_format = 1;
4361 info.argidx = 2;
4362 idx_dstptr = -1;
4363 break;
4364
4365 case BUILT_IN_PRINTF:
4366 // Signature:
4367 // __builtin_printf (format, ...)
4368 idx_format = 0;
4369 info.argidx = 1;
4370 idx_dstptr = -1;
4371 break;
4372
4373 case BUILT_IN_PRINTF_CHK:
4374 // Signature:
4375 // __builtin_printf_chk (ost, format, ...)
4376 idx_format = 1;
4377 info.argidx = 2;
4378 idx_dstptr = -1;
4379 break;
4380
4381 case BUILT_IN_PRINTF_UNLOCKED:
4382 // Signature:
4383 // __builtin_printf (format, ...)
4384 idx_format = 0;
4385 info.argidx = 1;
4386 idx_dstptr = -1;
4387 break;
4388
4389 case BUILT_IN_SPRINTF:
4390 // Signature:
4391 // __builtin_sprintf (dst, format, ...)
4392 idx_format = 1;
4393 info.argidx = 2;
4394 break;
4395
4396 case BUILT_IN_SPRINTF_CHK:
4397 // Signature:
4398 // __builtin___sprintf_chk (dst, ost, objsize, format, ...)
4399 idx_objsize = 2;
4400 idx_format = 3;
4401 info.argidx = 4;
4402 break;
4403
4404 case BUILT_IN_SNPRINTF:
4405 // Signature:
4406 // __builtin_snprintf (dst, size, format, ...)
4407 idx_dstsize = 1;
4408 idx_format = 2;
4409 info.argidx = 3;
4410 info.bounded = true;
4411 break;
4412
4413 case BUILT_IN_SNPRINTF_CHK:
4414 // Signature:
4415 // __builtin___snprintf_chk (dst, size, ost, objsize, format, ...)
4416 idx_dstsize = 1;
4417 idx_objsize = 3;
4418 idx_format = 4;
4419 info.argidx = 5;
4420 info.bounded = true;
4421 break;
4422
4423 case BUILT_IN_VFPRINTF:
4424 // Signature:
4425 // __builtin_vprintf (FILE*, format, va_list)
4426 idx_format = 1;
4427 info.argidx = -1;
4428 idx_dstptr = -1;
4429 break;
4430
4431 case BUILT_IN_VFPRINTF_CHK:
4432 // Signature:
4433 // __builtin___vfprintf_chk (FILE*, ost, format, va_list)
4434 idx_format = 2;
4435 info.argidx = -1;
4436 idx_dstptr = -1;
4437 break;
4438
4439 case BUILT_IN_VPRINTF:
4440 // Signature:
4441 // __builtin_vprintf (format, va_list)
4442 idx_format = 0;
4443 info.argidx = -1;
4444 idx_dstptr = -1;
4445 break;
4446
4447 case BUILT_IN_VPRINTF_CHK:
4448 // Signature:
4449 // __builtin___vprintf_chk (ost, format, va_list)
4450 idx_format = 1;
4451 info.argidx = -1;
4452 idx_dstptr = -1;
4453 break;
4454
4455 case BUILT_IN_VSNPRINTF:
4456 // Signature:
4457 // __builtin_vsprintf (dst, size, format, va)
4458 idx_dstsize = 1;
4459 idx_format = 2;
4460 info.argidx = -1;
4461 info.bounded = true;
4462 break;
4463
4464 case BUILT_IN_VSNPRINTF_CHK:
4465 // Signature:
4466 // __builtin___vsnprintf_chk (dst, size, ost, objsize, format, va)
4467 idx_dstsize = 1;
4468 idx_objsize = 3;
4469 idx_format = 4;
4470 info.argidx = -1;
4471 info.bounded = true;
4472 break;
4473
4474 case BUILT_IN_VSPRINTF:
4475 // Signature:
4476 // __builtin_vsprintf (dst, format, va)
4477 idx_format = 1;
4478 info.argidx = -1;
4479 break;
4480
4481 case BUILT_IN_VSPRINTF_CHK:
4482 // Signature:
4483 // __builtin___vsprintf_chk (dst, ost, objsize, format, va)
4484 idx_format = 3;
4485 idx_objsize = 2;
4486 info.argidx = -1;
4487 break;
4488
4489 default:
4490 return false;
4491 }
4492
4493 /* Set the global warning level for this function. */
4494 warn_level = info.bounded ? warn_format_trunc : warn_format_overflow;
4495
4496 /* For all string functions the first argument is a pointer to
4497 the destination. */
4498 tree dstptr = (idx_dstptr < gimple_call_num_args (info.callstmt)
4499 ? gimple_call_arg (info.callstmt, 0) : NULL_TREE);
4500
4501 info.format = gimple_call_arg (info.callstmt, idx_format);
4502
4503 /* True when the destination size is constant as opposed to the lower
4504 or upper bound of a range. */
4505 bool dstsize_cst_p = true;
4506 bool posunder4k = true;
4507
4508 if (idx_dstsize == UINT_MAX)
4509 {
4510 /* For non-bounded functions like sprintf, determine the size
4511 of the destination from the object or pointer passed to it
4512 as the first argument. */
4513 dstsize = get_destination_size (dstptr);
4514 }
4515 else if (tree size = gimple_call_arg (info.callstmt, idx_dstsize))
4516 {
4517 /* For bounded functions try to get the size argument. */
4518
4519 if (TREE_CODE (size) == INTEGER_CST)
4520 {
4521 dstsize = tree_to_uhwi (size);
4522 /* No object can be larger than SIZE_MAX bytes (half the address
4523 space) on the target.
4524 The functions are defined only for output of at most INT_MAX
4525 bytes. Specifying a bound in excess of that limit effectively
4526 defeats the bounds checking (and on some implementations such
4527 as Solaris cause the function to fail with EINVAL). */
4528 if (dstsize > target_size_max () / 2)
4529 {
4530 /* Avoid warning if -Wstringop-overflow is specified since
4531 it also warns for the same thing though only for the
4532 checking built-ins. */
4533 if ((idx_objsize == UINT_MAX
4534 || !warn_stringop_overflow))
4535 warning_at (gimple_location (info.callstmt), info.warnopt (),
4536 "specified bound %wu exceeds maximum object size "
4537 "%wu",
4538 dstsize, target_size_max () / 2);
4539 /* POSIX requires snprintf to fail if DSTSIZE is greater
4540 than INT_MAX. Even though not all POSIX implementations
4541 conform to the requirement, avoid folding in this case. */
4542 posunder4k = false;
4543 }
4544 else if (dstsize > target_int_max ())
4545 {
4546 warning_at (gimple_location (info.callstmt), info.warnopt (),
4547 "specified bound %wu exceeds %<INT_MAX%>",
4548 dstsize);
4549 /* POSIX requires snprintf to fail if DSTSIZE is greater
4550 than INT_MAX. Avoid folding in that case. */
4551 posunder4k = false;
4552 }
4553 }
4554 else if (TREE_CODE (size) == SSA_NAME)
4555 {
4556 /* Try to determine the range of values of the argument
4557 and use the greater of the two at level 1 and the smaller
4558 of them at level 2. */
4559 const value_range_equiv *vr
4560 = CONST_CAST (class vr_values *, vr_values)->get_value_range (size);
4561
4562 if (range_int_cst_p (vr))
4563 {
4564 unsigned HOST_WIDE_INT minsize = TREE_INT_CST_LOW (vr->min ());
4565 unsigned HOST_WIDE_INT maxsize = TREE_INT_CST_LOW (vr->max ());
4566 dstsize = warn_level < 2 ? maxsize : minsize;
4567
4568 if (minsize > target_int_max ())
4569 warning_at (gimple_location (info.callstmt), info.warnopt (),
4570 "specified bound range [%wu, %wu] exceeds "
4571 "%<INT_MAX%>",
4572 minsize, maxsize);
4573
4574 /* POSIX requires snprintf to fail if DSTSIZE is greater
4575 than INT_MAX. Avoid folding if that's possible. */
4576 if (maxsize > target_int_max ())
4577 posunder4k = false;
4578 }
4579 else if (vr->varying_p ())
4580 {
4581 /* POSIX requires snprintf to fail if DSTSIZE is greater
4582 than INT_MAX. Since SIZE's range is unknown, avoid
4583 folding. */
4584 posunder4k = false;
4585 }
4586
4587 /* The destination size is not constant. If the function is
4588 bounded (e.g., snprintf) a lower bound of zero doesn't
4589 necessarily imply it can be eliminated. */
4590 dstsize_cst_p = false;
4591 }
4592 }
4593
4594 if (idx_objsize != UINT_MAX)
4595 if (tree size = gimple_call_arg (info.callstmt, idx_objsize))
4596 if (tree_fits_uhwi_p (size))
4597 objsize = tree_to_uhwi (size);
4598
4599 if (info.bounded && !dstsize)
4600 {
4601 /* As a special case, when the explicitly specified destination
4602 size argument (to a bounded function like snprintf) is zero
4603 it is a request to determine the number of bytes on output
4604 without actually producing any. Pretend the size is
4605 unlimited in this case. */
4606 info.objsize = HOST_WIDE_INT_MAX;
4607 info.nowrite = dstsize_cst_p;
4608 }
4609 else
4610 {
4611 /* For calls to non-bounded functions or to those of bounded
4612 functions with a non-zero size, warn if the destination
4613 pointer is null. */
4614 if (dstptr && integer_zerop (dstptr))
4615 {
4616 /* This is diagnosed with -Wformat only when the null is a constant
4617 pointer. The warning here diagnoses instances where the pointer
4618 is not constant. */
4619 location_t loc = gimple_location (info.callstmt);
4620 warning_at (EXPR_LOC_OR_LOC (dstptr, loc),
4621 info.warnopt (), "%Gnull destination pointer",
4622 info.callstmt);
4623 return false;
4624 }
4625
4626 /* Set the object size to the smaller of the two arguments
4627 of both have been specified and they're not equal. */
4628 info.objsize = dstsize < objsize ? dstsize : objsize;
4629
4630 if (info.bounded
4631 && dstsize < target_size_max () / 2 && objsize < dstsize
4632 /* Avoid warning if -Wstringop-overflow is specified since
4633 it also warns for the same thing though only for the
4634 checking built-ins. */
4635 && (idx_objsize == UINT_MAX
4636 || !warn_stringop_overflow))
4637 {
4638 warning_at (gimple_location (info.callstmt), info.warnopt (),
4639 "specified bound %wu exceeds the size %wu "
4640 "of the destination object", dstsize, objsize);
4641 }
4642 }
4643
4644 /* Determine if the format argument may be null and warn if not
4645 and if the argument is null. */
4646 if (integer_zerop (info.format)
4647 && gimple_call_builtin_p (info.callstmt, BUILT_IN_NORMAL))
4648 {
4649 location_t loc = gimple_location (info.callstmt);
4650 warning_at (EXPR_LOC_OR_LOC (info.format, loc),
4651 info.warnopt (), "%Gnull format string",
4652 info.callstmt);
4653 return false;
4654 }
4655
4656 info.fmtstr = get_format_string (info.format, &info.fmtloc);
4657 if (!info.fmtstr)
4658 return false;
4659
4660 if (warn_restrict)
4661 {
4662 /* Compute the origin of the destination pointer and its offset
4663 from the base object/pointer if possible. */
4664 info.dst_offset = 0;
4665 info.dst_origin = get_origin_and_offset (dstptr, &info.dst_field,
4666 &info.dst_offset);
4667 }
4668
4669 /* The result is the number of bytes output by the formatted function,
4670 including the terminating NUL. */
4671 format_result res;
4672
4673 /* I/O functions with no destination argument (i.e., all forms of fprintf
4674 and printf) may fail under any conditions. Others (i.e., all forms of
4675 sprintf) may only fail under specific conditions determined for each
4676 directive. Clear POSUNDER4K for the former set of functions and set
4677 it to true for the latter (it can only be cleared later, but it is
4678 never set to true again). */
4679 res.posunder4k = posunder4k && dstptr;
4680
4681 bool success = compute_format_length (info, &res, vr_values);
4682 if (res.warned)
4683 gimple_set_no_warning (info.callstmt, true);
4684
4685 /* When optimizing and the printf return value optimization is enabled,
4686 attempt to substitute the computed result for the return value of
4687 the call. Avoid this optimization when -frounding-math is in effect
4688 and the format string contains a floating point directive. */
4689 bool call_removed = false;
4690 if (success && optimize > 0)
4691 {
4692 /* Save a copy of the iterator pointing at the call. The iterator
4693 may change to point past the call in try_substitute_return_value
4694 but the original value is needed in try_simplify_call. */
4695 gimple_stmt_iterator gsi_call = *gsi;
4696
4697 if (flag_printf_return_value
4698 && (!flag_rounding_math || !res.floating))
4699 call_removed = try_substitute_return_value (gsi, info, res);
4700
4701 if (!call_removed)
4702 try_simplify_call (&gsi_call, info, res);
4703 }
4704
4705 return call_removed;
4706 }
GNU Compiler Collection
This page took 0.261287 seconds and 5 git commands to generate.