From eafe8ee7af13c39805ea09bbf5b4f9ab2a48304a Mon Sep 17 00:00:00 2001 From: Martin Sebor Date: Sun, 29 Nov 2020 15:09:30 -0700 Subject: Handle PHIs in compute_objsize. PR middle-end/92936 - missing warning on a past-the-end store to a PHI PR middle-end/92940 - incorrect offset and size in -Wstringop-overflow for out-of-bounds store into VLA and two offset ranges PR middle-end/89428 - missing -Wstringop-overflow on a PHI with variable offset gcc/ChangeLog: PR middle-end/92936 PR middle-end/92940 PR middle-end/89428 * builtins.c (access_ref::access_ref): Initialize member. (access_ref::phi): New function. (access_ref::get_ref): New function. (access_ref::add_offset): Remove duplicate assignment. (maybe_warn_for_bound): Add "maybe" kind of warning messages. (warn_for_access): Same. (inform_access): Rename... (access_ref::inform_access): ...to this. Print PHI arguments. Format offset the same as size and simplify. Improve printing of allocation functions and VLAs. (check_access): Adjust to the above. (gimple_parm_array_size): Change argument. (handle_min_max_size): New function. * builtins.h (class ssa_name_limit_t): Move class here from tree-ssa-strlen.c. (struct access_ref): Declare new members. (gimple_parm_array_size): Change argument. * tree-ssa-strlen.c (maybe_warn_overflow): Use access_ref and simplify. (handle_builtin_memcpy): Correct argument passed to maybe_warn_overflow. (handle_builtin_memset): Same. (class ssa_name_limit_t): Move class to builtins.{h,c}. gcc/testsuite/ChangeLog: PR middle-end/92936 PR middle-end/92940 PR middle-end/89428 * c-c++-common/Wstringop-overflow-2.c: Adjust text of expected informational notes. * g++.dg/warn/Wstringop-overflow-3.C: Same. * g++.dg/warn/Wplacement-new-size.C: Remove a test for a no longer issued warning. * gcc.dg/Warray-bounds-43.c: Removed unused declarations. * gcc.dg/Wstringop-overflow-11.c: Remove xfails. * gcc.dg/Wstringop-overflow-12.c: Same. * gcc.dg/Wstringop-overflow-17.c: Adjust text of expected messages. * gcc.dg/Wstringop-overflow-27.c: Same. Remove xfails. * gcc.dg/Wstringop-overflow-28.c: Adjust text of expected messages. * gcc.dg/Wstringop-overflow-29.c: Same. * gcc.dg/Wstringop-overflow-37.c: Same. * gcc.dg/Wstringop-overflow-46.c: Same. * gcc.dg/Wstringop-overflow-47.c: Same. * gcc.dg/Wstringop-overflow-54.c: Same. * gcc.dg/warn-strnlen-no-nul.c: Add expected warning. * gcc.dg/Wstringop-overflow-7.c: New test. * gcc.dg/Wstringop-overflow-58.c: New test. * gcc.dg/Wstringop-overflow-59.c: New test. * gcc.dg/Wstringop-overflow-60.c: New test. * gcc.dg/Wstringop-overflow-61.c: New test. * gcc.dg/Wstringop-overflow-62.c: New test. * gcc.dg/Wstringop-overflow-63.c: New test. * gcc.dg/Wstringop-overflow-64.c: New test. --- gcc/builtins.h | 73 ++++++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 61 insertions(+), 12 deletions(-) (limited to 'gcc/builtins.h') diff --git a/gcc/builtins.h b/gcc/builtins.h index c09f36da02b..b00af627223 100644 --- a/gcc/builtins.h +++ b/gcc/builtins.h @@ -153,6 +153,42 @@ extern void warn_string_no_nul (location_t, tree, const char *, tree, extern tree unterminated_array (tree, tree * = NULL, bool * = NULL); extern bool builtin_with_linkage_p (tree); +/* Describes recursion limits used by functions that follow use-def + chains of SSA_NAMEs. */ + +class ssa_name_limit_t +{ + bitmap visited; /* Bitmap of visited SSA_NAMEs. */ + unsigned ssa_def_max; /* Longest chain of SSA_NAMEs to follow. */ + + /* Not copyable or assignable. */ + DISABLE_COPY_AND_ASSIGN (ssa_name_limit_t); + +public: + + ssa_name_limit_t () + : visited (), + ssa_def_max (param_ssa_name_def_chain_limit) { } + + /* Set a bit for the PHI in VISITED and return true if it wasn't + already set. */ + bool visit_phi (tree); + /* Clear a bit for the PHI in VISITED. */ + void leave_phi (tree); + /* Return false if the SSA_NAME chain length counter has reached + the limit, otherwise increment the counter and return true. */ + bool next (); + + /* If the SSA_NAME has already been "seen" return a positive value. + Otherwise add it to VISITED. If the SSA_NAME limit has been + reached, return a negative value. Otherwise return zero. */ + int next_phi (tree); + + ~ssa_name_limit_t (); +}; + +class range_query; + /* Describes a reference to an object used in an access. */ struct access_ref { @@ -162,17 +198,12 @@ struct access_ref is a constant zero. */ access_ref (tree = NULL_TREE, bool = false); - /* Reference to the accessed object(s). */ - tree ref; + /* Return the PHI node REF refers to or null if it doesn't. */ + gphi *phi () const; - /* Range of byte offsets into and sizes of the object(s). */ - offset_int offrng[2]; - offset_int sizrng[2]; - /* Range of the bound of the access: denotes that the access - is at least BNDRNG[0] bytes but no more than BNDRNG[1]. - For string functions the size of the actual access is - further constrained by the length of the string. */ - offset_int bndrng[2]; + /* Return the object to which REF refers. */ + tree get_ref (vec *, access_ref * = NULL, int = 1, + ssa_name_limit_t * = NULL, range_query * = NULL) const; /* Return true if OFFRNG is the constant zero. */ bool offset_zero () const @@ -211,6 +242,22 @@ struct access_ref add_offset (-maxoff - 1, maxoff); } + /* Issue an informational message describing the target of an access + with the given mode. */ + void inform_access (access_mode) const; + + /* Reference to the accessed object(s). */ + tree ref; + + /* Range of byte offsets into and sizes of the object(s). */ + offset_int offrng[2]; + offset_int sizrng[2]; + /* Range of the bound of the access: denotes that the access + is at least BNDRNG[0] bytes but no more than BNDRNG[1]. + For string functions the size of the actual access is + further constrained by the length of the string. */ + offset_int bndrng[2]; + /* Used to fold integer expressions when called from front ends. */ tree (*eval)(tree); /* Set if trailing one-element arrays should be treated as flexible @@ -219,6 +266,9 @@ struct access_ref /* Set if valid offsets must start at zero (for declared and allocated objects but not for others referenced by pointers). */ bool base0; + /* Set if REF refers to a function array parameter not declared + static. */ + bool parmarray; }; /* Describes a pair of references used in an access by built-in @@ -242,10 +292,9 @@ struct access_data access_mode mode; }; -class range_query; extern tree gimple_call_alloc_size (gimple *, wide_int[2] = NULL, range_query * = NULL); -extern tree gimple_parm_array_size (tree, wide_int[2], range_query * = NULL); +extern tree gimple_parm_array_size (tree, wide_int[2], bool * = NULL); extern tree compute_objsize (tree, int, access_ref *, range_query * = NULL); extern tree compute_objsize (tree, int, tree * = NULL, tree * = NULL, range_query * = NULL); -- cgit v1.2.1