1 1.1 mrg /* Definitions of the pointer_query and related classes. 2 1.1 mrg 3 1.1 mrg Copyright (C) 2020-2022 Free Software Foundation, Inc. 4 1.1 mrg 5 1.1 mrg This file is part of GCC. 6 1.1 mrg 7 1.1 mrg GCC is free software; you can redistribute it and/or modify it under 8 1.1 mrg the terms of the GNU General Public License as published by the Free 9 1.1 mrg Software Foundation; either version 3, or (at your option) any later 10 1.1 mrg version. 11 1.1 mrg 12 1.1 mrg GCC is distributed in the hope that it will be useful, but WITHOUT ANY 13 1.1 mrg WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 1.1 mrg FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15 1.1 mrg for more details. 16 1.1 mrg 17 1.1 mrg You should have received a copy of the GNU General Public License 18 1.1 mrg along with GCC; see the file COPYING3. If not see 19 1.1 mrg <http://www.gnu.org/licenses/>. */ 20 1.1 mrg 21 1.1 mrg #include "config.h" 22 1.1 mrg #include "system.h" 23 1.1 mrg #include "coretypes.h" 24 1.1 mrg #include "backend.h" 25 1.1 mrg #include "tree.h" 26 1.1 mrg #include "gimple.h" 27 1.1 mrg #include "stringpool.h" 28 1.1 mrg #include "tree-vrp.h" 29 1.1 mrg #include "diagnostic-core.h" 30 1.1 mrg #include "fold-const.h" 31 1.1 mrg #include "tree-object-size.h" 32 1.1 mrg #include "tree-ssa-strlen.h" 33 1.1 mrg #include "langhooks.h" 34 1.1 mrg #include "stringpool.h" 35 1.1 mrg #include "attribs.h" 36 1.1 mrg #include "gimple-fold.h" 37 1.1 mrg #include "gimple-ssa.h" 38 1.1 mrg #include "intl.h" 39 1.1 mrg #include "attr-fnspec.h" 40 1.1 mrg #include "gimple-range.h" 41 1.1 mrg #include "pointer-query.h" 42 1.1 mrg #include "tree-pretty-print.h" 43 1.1 mrg #include "tree-ssanames.h" 44 1.1 mrg #include "target.h" 45 1.1 mrg 46 1.1 mrg static bool compute_objsize_r (tree, gimple *, bool, int, access_ref *, 47 1.1 mrg ssa_name_limit_t &, pointer_query *); 48 1.1 mrg 49 1.1 mrg /* Wrapper around the wide_int overload of get_range that accepts 50 1.1 mrg offset_int instead. For middle end expressions returns the same 51 1.1 mrg result. For a subset of nonconstamt expressions emitted by the front 52 1.1 mrg end determines a more precise range than would be possible otherwise. */ 53 1.1 mrg 54 1.1 mrg static bool 55 1.1 mrg get_offset_range (tree x, gimple *stmt, offset_int r[2], range_query *rvals) 56 1.1 mrg { 57 1.1 mrg offset_int add = 0; 58 1.1 mrg if (TREE_CODE (x) == PLUS_EXPR) 59 1.1 mrg { 60 1.1 mrg /* Handle constant offsets in pointer addition expressions seen 61 1.1 mrg n the front end IL. */ 62 1.1 mrg tree op = TREE_OPERAND (x, 1); 63 1.1 mrg if (TREE_CODE (op) == INTEGER_CST) 64 1.1 mrg { 65 1.1 mrg op = fold_convert (signed_type_for (TREE_TYPE (op)), op); 66 1.1 mrg add = wi::to_offset (op); 67 1.1 mrg x = TREE_OPERAND (x, 0); 68 1.1 mrg } 69 1.1 mrg } 70 1.1 mrg 71 1.1 mrg if (TREE_CODE (x) == NOP_EXPR) 72 1.1 mrg /* Also handle conversions to sizetype seen in the front end IL. */ 73 1.1 mrg x = TREE_OPERAND (x, 0); 74 1.1 mrg 75 1.1 mrg tree type = TREE_TYPE (x); 76 1.1 mrg if (!INTEGRAL_TYPE_P (type) && !POINTER_TYPE_P (type)) 77 1.1 mrg return false; 78 1.1 mrg 79 1.1 mrg if (TREE_CODE (x) != INTEGER_CST 80 1.1 mrg && TREE_CODE (x) != SSA_NAME) 81 1.1 mrg { 82 1.1 mrg if (TYPE_UNSIGNED (type) 83 1.1 mrg && TYPE_PRECISION (type) == TYPE_PRECISION (sizetype)) 84 1.1 mrg type = signed_type_for (type); 85 1.1 mrg 86 1.1 mrg r[0] = wi::to_offset (TYPE_MIN_VALUE (type)) + add; 87 1.1 mrg r[1] = wi::to_offset (TYPE_MAX_VALUE (type)) + add; 88 1.1 mrg return x; 89 1.1 mrg } 90 1.1 mrg 91 1.1 mrg wide_int wr[2]; 92 1.1 mrg if (!get_range (x, stmt, wr, rvals)) 93 1.1 mrg return false; 94 1.1 mrg 95 1.1 mrg signop sgn = SIGNED; 96 1.1 mrg /* Only convert signed integers or unsigned sizetype to a signed 97 1.1 mrg offset and avoid converting large positive values in narrower 98 1.1 mrg types to negative offsets. */ 99 1.1 mrg if (TYPE_UNSIGNED (type) 100 1.1 mrg && wr[0].get_precision () < TYPE_PRECISION (sizetype)) 101 1.1 mrg sgn = UNSIGNED; 102 1.1 mrg 103 1.1 mrg r[0] = offset_int::from (wr[0], sgn); 104 1.1 mrg r[1] = offset_int::from (wr[1], sgn); 105 1.1 mrg return true; 106 1.1 mrg } 107 1.1 mrg 108 1.1 mrg /* Return the argument that the call STMT to a built-in function returns 109 1.1 mrg or null if it doesn't. On success, set OFFRNG[] to the range of offsets 110 1.1 mrg from the argument reflected in the value returned by the built-in if it 111 1.1 mrg can be determined, otherwise to 0 and HWI_M1U respectively. Set 112 1.1 mrg *PAST_END for functions like mempcpy that might return a past the end 113 1.1 mrg pointer (most functions return a dereferenceable pointer to an existing 114 1.1 mrg element of an array). */ 115 1.1 mrg 116 1.1 mrg static tree 117 1.1 mrg gimple_call_return_array (gimple *stmt, offset_int offrng[2], bool *past_end, 118 1.1 mrg ssa_name_limit_t &snlim, pointer_query *qry) 119 1.1 mrg { 120 1.1 mrg /* Clear and set below for the rare function(s) that might return 121 1.1 mrg a past-the-end pointer. */ 122 1.1 mrg *past_end = false; 123 1.1 mrg 124 1.1 mrg { 125 1.1 mrg /* Check for attribute fn spec to see if the function returns one 126 1.1 mrg of its arguments. */ 127 1.1 mrg attr_fnspec fnspec = gimple_call_fnspec (as_a <gcall *>(stmt)); 128 1.1 mrg unsigned int argno; 129 1.1 mrg if (fnspec.returns_arg (&argno)) 130 1.1 mrg { 131 1.1 mrg /* Functions return the first argument (not a range). */ 132 1.1 mrg offrng[0] = offrng[1] = 0; 133 1.1 mrg return gimple_call_arg (stmt, argno); 134 1.1 mrg } 135 1.1 mrg } 136 1.1 mrg 137 1.1 mrg if (gimple_call_num_args (stmt) < 1) 138 1.1 mrg return NULL_TREE; 139 1.1 mrg 140 1.1 mrg tree fn = gimple_call_fndecl (stmt); 141 1.1 mrg if (!gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) 142 1.1 mrg { 143 1.1 mrg /* See if this is a call to placement new. */ 144 1.1 mrg if (!fn 145 1.1 mrg || !DECL_IS_OPERATOR_NEW_P (fn) 146 1.1 mrg || DECL_IS_REPLACEABLE_OPERATOR_NEW_P (fn)) 147 1.1 mrg return NULL_TREE; 148 1.1 mrg 149 1.1 mrg /* Check the mangling, keeping in mind that operator new takes 150 1.1 mrg a size_t which could be unsigned int or unsigned long. */ 151 1.1 mrg tree fname = DECL_ASSEMBLER_NAME (fn); 152 1.1 mrg if (!id_equal (fname, "_ZnwjPv") // ordinary form 153 1.1 mrg && !id_equal (fname, "_ZnwmPv") // ordinary form 154 1.1 mrg && !id_equal (fname, "_ZnajPv") // array form 155 1.1 mrg && !id_equal (fname, "_ZnamPv")) // array form 156 1.1 mrg return NULL_TREE; 157 1.1 mrg 158 1.1 mrg if (gimple_call_num_args (stmt) != 2) 159 1.1 mrg return NULL_TREE; 160 1.1 mrg 161 1.1 mrg /* Allocation functions return a pointer to the beginning. */ 162 1.1 mrg offrng[0] = offrng[1] = 0; 163 1.1 mrg return gimple_call_arg (stmt, 1); 164 1.1 mrg } 165 1.1 mrg 166 1.1 mrg switch (DECL_FUNCTION_CODE (fn)) 167 1.1 mrg { 168 1.1 mrg case BUILT_IN_MEMCPY: 169 1.1 mrg case BUILT_IN_MEMCPY_CHK: 170 1.1 mrg case BUILT_IN_MEMMOVE: 171 1.1 mrg case BUILT_IN_MEMMOVE_CHK: 172 1.1 mrg case BUILT_IN_MEMSET: 173 1.1 mrg case BUILT_IN_STRCAT: 174 1.1 mrg case BUILT_IN_STRCAT_CHK: 175 1.1 mrg case BUILT_IN_STRCPY: 176 1.1 mrg case BUILT_IN_STRCPY_CHK: 177 1.1 mrg case BUILT_IN_STRNCAT: 178 1.1 mrg case BUILT_IN_STRNCAT_CHK: 179 1.1 mrg case BUILT_IN_STRNCPY: 180 1.1 mrg case BUILT_IN_STRNCPY_CHK: 181 1.1 mrg /* Functions return the first argument (not a range). */ 182 1.1 mrg offrng[0] = offrng[1] = 0; 183 1.1 mrg return gimple_call_arg (stmt, 0); 184 1.1 mrg 185 1.1 mrg case BUILT_IN_MEMPCPY: 186 1.1 mrg case BUILT_IN_MEMPCPY_CHK: 187 1.1 mrg { 188 1.1 mrg /* The returned pointer is in a range constrained by the smaller 189 1.1 mrg of the upper bound of the size argument and the source object 190 1.1 mrg size. */ 191 1.1 mrg offrng[0] = 0; 192 1.1 mrg offrng[1] = HOST_WIDE_INT_M1U; 193 1.1 mrg tree off = gimple_call_arg (stmt, 2); 194 1.1 mrg bool off_valid = get_offset_range (off, stmt, offrng, qry->rvals); 195 1.1 mrg if (!off_valid || offrng[0] != offrng[1]) 196 1.1 mrg { 197 1.1 mrg /* If the offset is either indeterminate or in some range, 198 1.1 mrg try to constrain its upper bound to at most the size 199 1.1 mrg of the source object. */ 200 1.1 mrg access_ref aref; 201 1.1 mrg tree src = gimple_call_arg (stmt, 1); 202 1.1 mrg if (compute_objsize_r (src, stmt, false, 1, &aref, snlim, qry) 203 1.1 mrg && aref.sizrng[1] < offrng[1]) 204 1.1 mrg offrng[1] = aref.sizrng[1]; 205 1.1 mrg } 206 1.1 mrg 207 1.1 mrg /* Mempcpy may return a past-the-end pointer. */ 208 1.1 mrg *past_end = true; 209 1.1 mrg return gimple_call_arg (stmt, 0); 210 1.1 mrg } 211 1.1 mrg 212 1.1 mrg case BUILT_IN_MEMCHR: 213 1.1 mrg { 214 1.1 mrg tree off = gimple_call_arg (stmt, 2); 215 1.1 mrg if (get_offset_range (off, stmt, offrng, qry->rvals)) 216 1.1 mrg offrng[1] -= 1; 217 1.1 mrg else 218 1.1 mrg offrng[1] = HOST_WIDE_INT_M1U; 219 1.1 mrg 220 1.1 mrg offrng[0] = 0; 221 1.1 mrg return gimple_call_arg (stmt, 0); 222 1.1 mrg } 223 1.1 mrg 224 1.1 mrg case BUILT_IN_STRCHR: 225 1.1 mrg case BUILT_IN_STRRCHR: 226 1.1 mrg case BUILT_IN_STRSTR: 227 1.1 mrg offrng[0] = 0; 228 1.1 mrg offrng[1] = HOST_WIDE_INT_M1U; 229 1.1 mrg return gimple_call_arg (stmt, 0); 230 1.1 mrg 231 1.1 mrg case BUILT_IN_STPCPY: 232 1.1 mrg case BUILT_IN_STPCPY_CHK: 233 1.1 mrg { 234 1.1 mrg access_ref aref; 235 1.1 mrg tree src = gimple_call_arg (stmt, 1); 236 1.1 mrg if (compute_objsize_r (src, stmt, false, 1, &aref, snlim, qry)) 237 1.1 mrg offrng[1] = aref.sizrng[1] - 1; 238 1.1 mrg else 239 1.1 mrg offrng[1] = HOST_WIDE_INT_M1U; 240 1.1 mrg 241 1.1 mrg offrng[0] = 0; 242 1.1 mrg return gimple_call_arg (stmt, 0); 243 1.1 mrg } 244 1.1 mrg 245 1.1 mrg case BUILT_IN_STPNCPY: 246 1.1 mrg case BUILT_IN_STPNCPY_CHK: 247 1.1 mrg { 248 1.1 mrg /* The returned pointer is in a range between the first argument 249 1.1 mrg and it plus the smaller of the upper bound of the size argument 250 1.1 mrg and the source object size. */ 251 1.1 mrg offrng[1] = HOST_WIDE_INT_M1U; 252 1.1 mrg tree off = gimple_call_arg (stmt, 2); 253 1.1 mrg if (!get_offset_range (off, stmt, offrng, qry->rvals) 254 1.1 mrg || offrng[0] != offrng[1]) 255 1.1 mrg { 256 1.1 mrg /* If the offset is either indeterminate or in some range, 257 1.1 mrg try to constrain its upper bound to at most the size 258 1.1 mrg of the source object. */ 259 1.1 mrg access_ref aref; 260 1.1 mrg tree src = gimple_call_arg (stmt, 1); 261 1.1 mrg if (compute_objsize_r (src, stmt, false, 1, &aref, snlim, qry) 262 1.1 mrg && aref.sizrng[1] < offrng[1]) 263 1.1 mrg offrng[1] = aref.sizrng[1]; 264 1.1 mrg } 265 1.1 mrg 266 1.1 mrg /* When the source is the empty string the returned pointer is 267 1.1 mrg a copy of the argument. Otherwise stpcpy can also return 268 1.1 mrg a past-the-end pointer. */ 269 1.1 mrg offrng[0] = 0; 270 1.1 mrg *past_end = true; 271 1.1 mrg return gimple_call_arg (stmt, 0); 272 1.1 mrg } 273 1.1 mrg 274 1.1 mrg default: 275 1.1 mrg break; 276 1.1 mrg } 277 1.1 mrg 278 1.1 mrg return NULL_TREE; 279 1.1 mrg } 280 1.1 mrg 281 1.1 mrg /* Return true when EXP's range can be determined and set RANGE[] to it 282 1.1 mrg after adjusting it if necessary to make EXP a represents a valid size 283 1.1 mrg of object, or a valid size argument to an allocation function declared 284 1.1 mrg with attribute alloc_size (whose argument may be signed), or to a string 285 1.1 mrg manipulation function like memset. 286 1.1 mrg When ALLOW_ZERO is set in FLAGS, allow returning a range of [0, 0] for 287 1.1 mrg a size in an anti-range [1, N] where N > PTRDIFF_MAX. A zero range is 288 1.1 mrg a (nearly) invalid argument to allocation functions like malloc but it 289 1.1 mrg is a valid argument to functions like memset. 290 1.1 mrg When USE_LARGEST is set in FLAGS set RANGE to the largest valid subrange 291 1.1 mrg in a multi-range, otherwise to the smallest valid subrange. */ 292 1.1 mrg 293 1.1 mrg bool 294 1.1 mrg get_size_range (range_query *query, tree exp, gimple *stmt, tree range[2], 295 1.1 mrg int flags /* = 0 */) 296 1.1 mrg { 297 1.1 mrg if (!exp) 298 1.1 mrg return false; 299 1.1 mrg 300 1.1 mrg if (tree_fits_uhwi_p (exp)) 301 1.1 mrg { 302 1.1 mrg /* EXP is a constant. */ 303 1.1 mrg range[0] = range[1] = exp; 304 1.1 mrg return true; 305 1.1 mrg } 306 1.1 mrg 307 1.1 mrg tree exptype = TREE_TYPE (exp); 308 1.1 mrg bool integral = INTEGRAL_TYPE_P (exptype); 309 1.1 mrg 310 1.1 mrg wide_int min, max; 311 1.1 mrg enum value_range_kind range_type; 312 1.1 mrg 313 1.1 mrg if (!query) 314 1.1 mrg query = get_range_query (cfun); 315 1.1 mrg 316 1.1 mrg if (integral) 317 1.1 mrg { 318 1.1 mrg value_range vr; 319 1.1 mrg 320 1.1 mrg query->range_of_expr (vr, exp, stmt); 321 1.1 mrg 322 1.1 mrg if (vr.undefined_p ()) 323 1.1 mrg vr.set_varying (TREE_TYPE (exp)); 324 1.1 mrg range_type = vr.kind (); 325 1.1 mrg min = wi::to_wide (vr.min ()); 326 1.1 mrg max = wi::to_wide (vr.max ()); 327 1.1 mrg } 328 1.1 mrg else 329 1.1 mrg range_type = VR_VARYING; 330 1.1 mrg 331 1.1 mrg if (range_type == VR_VARYING) 332 1.1 mrg { 333 1.1 mrg if (integral) 334 1.1 mrg { 335 1.1 mrg /* Use the full range of the type of the expression when 336 1.1 mrg no value range information is available. */ 337 1.1 mrg range[0] = TYPE_MIN_VALUE (exptype); 338 1.1 mrg range[1] = TYPE_MAX_VALUE (exptype); 339 1.1 mrg return true; 340 1.1 mrg } 341 1.1 mrg 342 1.1 mrg range[0] = NULL_TREE; 343 1.1 mrg range[1] = NULL_TREE; 344 1.1 mrg return false; 345 1.1 mrg } 346 1.1 mrg 347 1.1 mrg unsigned expprec = TYPE_PRECISION (exptype); 348 1.1 mrg 349 1.1 mrg bool signed_p = !TYPE_UNSIGNED (exptype); 350 1.1 mrg 351 1.1 mrg if (range_type == VR_ANTI_RANGE) 352 1.1 mrg { 353 1.1 mrg if (signed_p) 354 1.1 mrg { 355 1.1 mrg if (wi::les_p (max, 0)) 356 1.1 mrg { 357 1.1 mrg /* EXP is not in a strictly negative range. That means 358 1.1 mrg it must be in some (not necessarily strictly) positive 359 1.1 mrg range which includes zero. Since in signed to unsigned 360 1.1 mrg conversions negative values end up converted to large 361 1.1 mrg positive values, and otherwise they are not valid sizes, 362 1.1 mrg the resulting range is in both cases [0, TYPE_MAX]. */ 363 1.1 mrg min = wi::zero (expprec); 364 1.1 mrg max = wi::to_wide (TYPE_MAX_VALUE (exptype)); 365 1.1 mrg } 366 1.1 mrg else if (wi::les_p (min - 1, 0)) 367 1.1 mrg { 368 1.1 mrg /* EXP is not in a negative-positive range. That means EXP 369 1.1 mrg is either negative, or greater than max. Since negative 370 1.1 mrg sizes are invalid make the range [MAX + 1, TYPE_MAX]. */ 371 1.1 mrg min = max + 1; 372 1.1 mrg max = wi::to_wide (TYPE_MAX_VALUE (exptype)); 373 1.1 mrg } 374 1.1 mrg else 375 1.1 mrg { 376 1.1 mrg max = min - 1; 377 1.1 mrg min = wi::zero (expprec); 378 1.1 mrg } 379 1.1 mrg } 380 1.1 mrg else 381 1.1 mrg { 382 1.1 mrg wide_int maxsize = wi::to_wide (max_object_size ()); 383 1.1 mrg min = wide_int::from (min, maxsize.get_precision (), UNSIGNED); 384 1.1 mrg max = wide_int::from (max, maxsize.get_precision (), UNSIGNED); 385 1.1 mrg if (wi::eq_p (0, min - 1)) 386 1.1 mrg { 387 1.1 mrg /* EXP is unsigned and not in the range [1, MAX]. That means 388 1.1 mrg it's either zero or greater than MAX. Even though 0 would 389 1.1 mrg normally be detected by -Walloc-zero, unless ALLOW_ZERO 390 1.1 mrg is set, set the range to [MAX, TYPE_MAX] so that when MAX 391 1.1 mrg is greater than the limit the whole range is diagnosed. */ 392 1.1 mrg wide_int maxsize = wi::to_wide (max_object_size ()); 393 1.1 mrg if (flags & SR_ALLOW_ZERO) 394 1.1 mrg { 395 1.1 mrg if (wi::leu_p (maxsize, max + 1) 396 1.1 mrg || !(flags & SR_USE_LARGEST)) 397 1.1 mrg min = max = wi::zero (expprec); 398 1.1 mrg else 399 1.1 mrg { 400 1.1 mrg min = max + 1; 401 1.1 mrg max = wi::to_wide (TYPE_MAX_VALUE (exptype)); 402 1.1 mrg } 403 1.1 mrg } 404 1.1 mrg else 405 1.1 mrg { 406 1.1 mrg min = max + 1; 407 1.1 mrg max = wi::to_wide (TYPE_MAX_VALUE (exptype)); 408 1.1 mrg } 409 1.1 mrg } 410 1.1 mrg else if ((flags & SR_USE_LARGEST) 411 1.1 mrg && wi::ltu_p (max + 1, maxsize)) 412 1.1 mrg { 413 1.1 mrg /* When USE_LARGEST is set and the larger of the two subranges 414 1.1 mrg is a valid size, use it... */ 415 1.1 mrg min = max + 1; 416 1.1 mrg max = maxsize; 417 1.1 mrg } 418 1.1 mrg else 419 1.1 mrg { 420 1.1 mrg /* ...otherwise use the smaller subrange. */ 421 1.1 mrg max = min - 1; 422 1.1 mrg min = wi::zero (expprec); 423 1.1 mrg } 424 1.1 mrg } 425 1.1 mrg } 426 1.1 mrg 427 1.1 mrg range[0] = wide_int_to_tree (exptype, min); 428 1.1 mrg range[1] = wide_int_to_tree (exptype, max); 429 1.1 mrg 430 1.1 mrg return true; 431 1.1 mrg } 432 1.1 mrg 433 1.1 mrg bool 434 1.1 mrg get_size_range (tree exp, tree range[2], int flags /* = 0 */) 435 1.1 mrg { 436 1.1 mrg return get_size_range (/*query=*/NULL, exp, /*stmt=*/NULL, range, flags); 437 1.1 mrg } 438 1.1 mrg 439 1.1 mrg /* If STMT is a call to an allocation function, returns the constant 440 1.1 mrg maximum size of the object allocated by the call represented as 441 1.1 mrg sizetype. If nonnull, sets RNG1[] to the range of the size. 442 1.1 mrg When nonnull, uses RVALS for range information, otherwise gets global 443 1.1 mrg range info. 444 1.1 mrg Returns null when STMT is not a call to a valid allocation function. */ 445 1.1 mrg 446 1.1 mrg tree 447 1.1 mrg gimple_call_alloc_size (gimple *stmt, wide_int rng1[2] /* = NULL */, 448 1.1 mrg range_query *qry /* = NULL */) 449 1.1 mrg { 450 1.1 mrg if (!stmt || !is_gimple_call (stmt)) 451 1.1 mrg return NULL_TREE; 452 1.1 mrg 453 1.1 mrg tree allocfntype; 454 1.1 mrg if (tree fndecl = gimple_call_fndecl (stmt)) 455 1.1 mrg allocfntype = TREE_TYPE (fndecl); 456 1.1 mrg else 457 1.1 mrg allocfntype = gimple_call_fntype (stmt); 458 1.1 mrg 459 1.1 mrg if (!allocfntype) 460 1.1 mrg return NULL_TREE; 461 1.1 mrg 462 1.1 mrg unsigned argidx1 = UINT_MAX, argidx2 = UINT_MAX; 463 1.1 mrg tree at = lookup_attribute ("alloc_size", TYPE_ATTRIBUTES (allocfntype)); 464 1.1 mrg if (!at) 465 1.1 mrg { 466 1.1 mrg if (!gimple_call_builtin_p (stmt, BUILT_IN_ALLOCA_WITH_ALIGN)) 467 1.1 mrg return NULL_TREE; 468 1.1 mrg 469 1.1 mrg argidx1 = 0; 470 1.1 mrg } 471 1.1 mrg 472 1.1 mrg unsigned nargs = gimple_call_num_args (stmt); 473 1.1 mrg 474 1.1 mrg if (argidx1 == UINT_MAX) 475 1.1 mrg { 476 1.1 mrg tree atval = TREE_VALUE (at); 477 1.1 mrg if (!atval) 478 1.1 mrg return NULL_TREE; 479 1.1 mrg 480 1.1 mrg argidx1 = TREE_INT_CST_LOW (TREE_VALUE (atval)) - 1; 481 1.1 mrg if (nargs <= argidx1) 482 1.1 mrg return NULL_TREE; 483 1.1 mrg 484 1.1 mrg atval = TREE_CHAIN (atval); 485 1.1 mrg if (atval) 486 1.1 mrg { 487 1.1 mrg argidx2 = TREE_INT_CST_LOW (TREE_VALUE (atval)) - 1; 488 1.1 mrg if (nargs <= argidx2) 489 1.1 mrg return NULL_TREE; 490 1.1 mrg } 491 1.1 mrg } 492 1.1 mrg 493 1.1 mrg tree size = gimple_call_arg (stmt, argidx1); 494 1.1 mrg 495 1.1 mrg wide_int rng1_buf[2]; 496 1.1 mrg /* If RNG1 is not set, use the buffer. */ 497 1.1 mrg if (!rng1) 498 1.1 mrg rng1 = rng1_buf; 499 1.1 mrg 500 1.1 mrg /* Use maximum precision to avoid overflow below. */ 501 1.1 mrg const int prec = ADDR_MAX_PRECISION; 502 1.1 mrg 503 1.1 mrg { 504 1.1 mrg tree r[2]; 505 1.1 mrg /* Determine the largest valid range size, including zero. */ 506 1.1 mrg if (!get_size_range (qry, size, stmt, r, SR_ALLOW_ZERO | SR_USE_LARGEST)) 507 1.1 mrg return NULL_TREE; 508 1.1 mrg rng1[0] = wi::to_wide (r[0], prec); 509 1.1 mrg rng1[1] = wi::to_wide (r[1], prec); 510 1.1 mrg } 511 1.1 mrg 512 1.1 mrg if (argidx2 > nargs && TREE_CODE (size) == INTEGER_CST) 513 1.1 mrg return fold_convert (sizetype, size); 514 1.1 mrg 515 1.1 mrg /* To handle ranges do the math in wide_int and return the product 516 1.1 mrg of the upper bounds as a constant. Ignore anti-ranges. */ 517 1.1 mrg tree n = argidx2 < nargs ? gimple_call_arg (stmt, argidx2) : integer_one_node; 518 1.1 mrg wide_int rng2[2]; 519 1.1 mrg { 520 1.1 mrg tree r[2]; 521 1.1 mrg /* As above, use the full non-negative range on failure. */ 522 1.1 mrg if (!get_size_range (qry, n, stmt, r, SR_ALLOW_ZERO | SR_USE_LARGEST)) 523 1.1 mrg return NULL_TREE; 524 1.1 mrg rng2[0] = wi::to_wide (r[0], prec); 525 1.1 mrg rng2[1] = wi::to_wide (r[1], prec); 526 1.1 mrg } 527 1.1 mrg 528 1.1 mrg /* Compute products of both bounds for the caller but return the lesser 529 1.1 mrg of SIZE_MAX and the product of the upper bounds as a constant. */ 530 1.1 mrg rng1[0] = rng1[0] * rng2[0]; 531 1.1 mrg rng1[1] = rng1[1] * rng2[1]; 532 1.1 mrg 533 1.1 mrg const tree size_max = TYPE_MAX_VALUE (sizetype); 534 1.1 mrg if (wi::gtu_p (rng1[1], wi::to_wide (size_max, prec))) 535 1.1 mrg { 536 1.1 mrg rng1[1] = wi::to_wide (size_max, prec); 537 1.1 mrg return size_max; 538 1.1 mrg } 539 1.1 mrg 540 1.1 mrg return wide_int_to_tree (sizetype, rng1[1]); 541 1.1 mrg } 542 1.1 mrg 543 1.1 mrg /* For an access to an object referenced to by the function parameter PTR 544 1.1 mrg of pointer type, and set RNG[] to the range of sizes of the object 545 1.1 mrg obtainedfrom the attribute access specification for the current function. 546 1.1 mrg Set STATIC_ARRAY if the array parameter has been declared [static]. 547 1.1 mrg Return the function parameter on success and null otherwise. */ 548 1.1 mrg 549 1.1 mrg static tree 550 1.1 mrg gimple_parm_array_size (tree ptr, wide_int rng[2], 551 1.1 mrg bool *static_array /* = NULL */) 552 1.1 mrg { 553 1.1 mrg /* For a function argument try to determine the byte size of the array 554 1.1 mrg from the current function declaratation (e.g., attribute access or 555 1.1 mrg related). */ 556 1.1 mrg tree var = SSA_NAME_VAR (ptr); 557 1.1 mrg if (TREE_CODE (var) != PARM_DECL || !POINTER_TYPE_P (TREE_TYPE (var))) 558 1.1 mrg return NULL_TREE; 559 1.1 mrg 560 1.1 mrg const unsigned prec = TYPE_PRECISION (sizetype); 561 1.1 mrg 562 1.1 mrg rdwr_map rdwr_idx; 563 1.1 mrg attr_access *access = get_parm_access (rdwr_idx, var); 564 1.1 mrg if (!access) 565 1.1 mrg return NULL_TREE; 566 1.1 mrg 567 1.1 mrg if (access->sizarg != UINT_MAX) 568 1.1 mrg { 569 1.1 mrg /* TODO: Try to extract the range from the argument based on 570 1.1 mrg those of subsequent assertions or based on known calls to 571 1.1 mrg the current function. */ 572 1.1 mrg return NULL_TREE; 573 1.1 mrg } 574 1.1 mrg 575 1.1 mrg if (!access->minsize) 576 1.1 mrg return NULL_TREE; 577 1.1 mrg 578 1.1 mrg /* Only consider ordinary array bound at level 2 (or above if it's 579 1.1 mrg ever added). */ 580 1.1 mrg if (warn_array_parameter < 2 && !access->static_p) 581 1.1 mrg return NULL_TREE; 582 1.1 mrg 583 1.1 mrg if (static_array) 584 1.1 mrg *static_array = access->static_p; 585 1.1 mrg 586 1.1 mrg rng[0] = wi::zero (prec); 587 1.1 mrg rng[1] = wi::uhwi (access->minsize, prec); 588 1.1 mrg /* Multiply the array bound encoded in the attribute by the size 589 1.1 mrg of what the pointer argument to which it decays points to. */ 590 1.1 mrg tree eltype = TREE_TYPE (TREE_TYPE (ptr)); 591 1.1 mrg tree size = TYPE_SIZE_UNIT (eltype); 592 1.1 mrg if (!size || TREE_CODE (size) != INTEGER_CST) 593 1.1 mrg return NULL_TREE; 594 1.1 mrg 595 1.1 mrg rng[1] *= wi::to_wide (size, prec); 596 1.1 mrg return var; 597 1.1 mrg } 598 1.1 mrg 599 1.1 mrg /* Initialize the object. */ 600 1.1 mrg 601 1.1 mrg access_ref::access_ref () 602 1.1 mrg : ref (), eval ([](tree x){ return x; }), deref (), trail1special (true), 603 1.1 mrg base0 (true), parmarray () 604 1.1 mrg { 605 1.1 mrg /* Set to valid. */ 606 1.1 mrg offrng[0] = offrng[1] = 0; 607 1.1 mrg offmax[0] = offmax[1] = 0; 608 1.1 mrg /* Invalidate. */ 609 1.1 mrg sizrng[0] = sizrng[1] = -1; 610 1.1 mrg } 611 1.1 mrg 612 1.1 mrg /* Return the PHI node REF refers to or null if it doesn't. */ 613 1.1 mrg 614 1.1 mrg gphi * 615 1.1 mrg access_ref::phi () const 616 1.1 mrg { 617 1.1 mrg if (!ref || TREE_CODE (ref) != SSA_NAME) 618 1.1 mrg return NULL; 619 1.1 mrg 620 1.1 mrg gimple *def_stmt = SSA_NAME_DEF_STMT (ref); 621 1.1 mrg if (!def_stmt || gimple_code (def_stmt) != GIMPLE_PHI) 622 1.1 mrg return NULL; 623 1.1 mrg 624 1.1 mrg return as_a <gphi *> (def_stmt); 625 1.1 mrg } 626 1.1 mrg 627 1.1 mrg /* Determine the size and offset for ARG, append it to ALL_REFS, and 628 1.1 mrg merge the result with *THIS. Ignore ARG if SKIP_NULL is set and 629 1.1 mrg ARG refers to the null pointer. Return true on success and false 630 1.1 mrg on failure. */ 631 1.1 mrg 632 1.1 mrg void 633 1.1 mrg access_ref::merge_ref (vec<access_ref> *all_refs, tree arg, gimple *stmt, 634 1.1 mrg int ostype, bool skip_null, 635 1.1 mrg ssa_name_limit_t &snlim, pointer_query &qry) 636 1.1 mrg { 637 1.1 mrg access_ref aref; 638 1.1 mrg if (!compute_objsize_r (arg, stmt, false, ostype, &aref, snlim, &qry) 639 1.1 mrg || aref.sizrng[0] < 0) 640 1.1 mrg { 641 1.1 mrg /* This may be a PHI with all null pointer arguments. Handle it 642 1.1 mrg conservatively by setting all properties to the most permissive 643 1.1 mrg values. */ 644 1.1 mrg base0 = false; 645 1.1 mrg offrng[0] = offrng[1] = 0; 646 1.1 mrg add_max_offset (); 647 1.1 mrg set_max_size_range (); 648 1.1 mrg return; 649 1.1 mrg } 650 1.1 mrg 651 1.1 mrg if (all_refs) 652 1.1 mrg { 653 1.1 mrg access_ref dummy_ref; 654 1.1 mrg aref.get_ref (all_refs, &dummy_ref, ostype, &snlim, &qry); 655 1.1 mrg } 656 1.1 mrg 657 1.1 mrg if (TREE_CODE (arg) == SSA_NAME) 658 1.1 mrg qry.put_ref (arg, aref, ostype); 659 1.1 mrg 660 1.1 mrg if (all_refs) 661 1.1 mrg all_refs->safe_push (aref); 662 1.1 mrg 663 1.1 mrg aref.deref += deref; 664 1.1 mrg 665 1.1 mrg bool merged_parmarray = aref.parmarray; 666 1.1 mrg 667 1.1 mrg const bool nullp = skip_null && integer_zerop (arg); 668 1.1 mrg const offset_int maxobjsize = wi::to_offset (max_object_size ()); 669 1.1 mrg offset_int minsize = sizrng[0]; 670 1.1 mrg 671 1.1 mrg if (sizrng[0] < 0) 672 1.1 mrg { 673 1.1 mrg /* If *THIS doesn't contain a meaningful result yet set it to AREF 674 1.1 mrg unless the argument is null and it's okay to ignore it. */ 675 1.1 mrg if (!nullp) 676 1.1 mrg *this = aref; 677 1.1 mrg 678 1.1 mrg /* Set if the current argument refers to one or more objects of 679 1.1 mrg known size (or range of sizes), as opposed to referring to 680 1.1 mrg one or more unknown object(s). */ 681 1.1 mrg const bool arg_known_size = (aref.sizrng[0] != 0 682 1.1 mrg || aref.sizrng[1] != maxobjsize); 683 1.1 mrg if (arg_known_size) 684 1.1 mrg sizrng[0] = aref.sizrng[0]; 685 1.1 mrg 686 1.1 mrg return; 687 1.1 mrg } 688 1.1 mrg 689 1.1 mrg /* Disregard null pointers in PHIs with two or more arguments. 690 1.1 mrg TODO: Handle this better! */ 691 1.1 mrg if (nullp) 692 1.1 mrg return; 693 1.1 mrg 694 1.1 mrg const bool known_size = (sizrng[0] != 0 || sizrng[1] != maxobjsize); 695 1.1 mrg 696 1.1 mrg if (known_size && aref.sizrng[0] < minsize) 697 1.1 mrg minsize = aref.sizrng[0]; 698 1.1 mrg 699 1.1 mrg /* Extend the size and offset of *THIS to account for AREF. The result 700 1.1 mrg can be cached but results in false negatives. */ 701 1.1 mrg 702 1.1 mrg offset_int orng[2]; 703 1.1 mrg if (sizrng[1] < aref.sizrng[1]) 704 1.1 mrg { 705 1.1 mrg orng[0] = offrng[0]; 706 1.1 mrg orng[1] = offrng[1]; 707 1.1 mrg *this = aref; 708 1.1 mrg } 709 1.1 mrg else 710 1.1 mrg { 711 1.1 mrg orng[0] = aref.offrng[0]; 712 1.1 mrg orng[1] = aref.offrng[1]; 713 1.1 mrg } 714 1.1 mrg 715 1.1 mrg if (orng[0] < offrng[0]) 716 1.1 mrg offrng[0] = orng[0]; 717 1.1 mrg if (offrng[1] < orng[1]) 718 1.1 mrg offrng[1] = orng[1]; 719 1.1 mrg 720 1.1 mrg /* Reset the PHI's BASE0 flag if any of the nonnull arguments 721 1.1 mrg refers to an object at an unknown offset. */ 722 1.1 mrg if (!aref.base0) 723 1.1 mrg base0 = false; 724 1.1 mrg 725 1.1 mrg sizrng[0] = minsize; 726 1.1 mrg parmarray = merged_parmarray; 727 1.1 mrg 728 1.1 mrg return; 729 1.1 mrg } 730 1.1 mrg 731 1.1 mrg /* Determine and return the largest object to which *THIS refers. If 732 1.1 mrg *THIS refers to a PHI and PREF is nonnull, fill *PREF with the details 733 1.1 mrg of the object determined by compute_objsize(ARG, OSTYPE) for each PHI 734 1.1 mrg argument ARG. */ 735 1.1 mrg 736 1.1 mrg tree 737 1.1 mrg access_ref::get_ref (vec<access_ref> *all_refs, 738 1.1 mrg access_ref *pref /* = NULL */, 739 1.1 mrg int ostype /* = 1 */, 740 1.1 mrg ssa_name_limit_t *psnlim /* = NULL */, 741 1.1 mrg pointer_query *qry /* = NULL */) const 742 1.1 mrg { 743 1.1 mrg if (!ref || TREE_CODE (ref) != SSA_NAME) 744 1.1 mrg return NULL; 745 1.1 mrg 746 1.1 mrg /* FIXME: Calling get_ref() with a null PSNLIM is dangerous and might 747 1.1 mrg cause unbounded recursion. */ 748 1.1 mrg ssa_name_limit_t snlim_buf; 749 1.1 mrg if (!psnlim) 750 1.1 mrg psnlim = &snlim_buf; 751 1.1 mrg 752 1.1 mrg pointer_query empty_qry; 753 1.1 mrg if (!qry) 754 1.1 mrg qry = &empty_qry; 755 1.1 mrg 756 1.1 mrg if (gimple *def_stmt = SSA_NAME_DEF_STMT (ref)) 757 1.1 mrg { 758 1.1 mrg if (is_gimple_assign (def_stmt)) 759 1.1 mrg { 760 1.1 mrg tree_code code = gimple_assign_rhs_code (def_stmt); 761 1.1 mrg if (code != MIN_EXPR && code != MAX_EXPR) 762 1.1 mrg return NULL_TREE; 763 1.1 mrg 764 1.1 mrg access_ref aref; 765 1.1 mrg tree arg1 = gimple_assign_rhs1 (def_stmt); 766 1.1 mrg aref.merge_ref (all_refs, arg1, def_stmt, ostype, false, 767 1.1 mrg *psnlim, *qry); 768 1.1 mrg 769 1.1 mrg tree arg2 = gimple_assign_rhs2 (def_stmt); 770 1.1 mrg aref.merge_ref (all_refs, arg2, def_stmt, ostype, false, 771 1.1 mrg *psnlim, *qry); 772 1.1 mrg 773 1.1 mrg if (pref && pref != this) 774 1.1 mrg { 775 1.1 mrg tree ref = pref->ref; 776 1.1 mrg *pref = aref; 777 1.1 mrg pref->ref = ref; 778 1.1 mrg } 779 1.1 mrg 780 1.1 mrg return aref.ref; 781 1.1 mrg } 782 1.1 mrg } 783 1.1 mrg else 784 1.1 mrg return NULL_TREE; 785 1.1 mrg 786 1.1 mrg gphi *phi_stmt = this->phi (); 787 1.1 mrg if (!phi_stmt) 788 1.1 mrg return ref; 789 1.1 mrg 790 1.1 mrg if (!psnlim->visit_phi (ref)) 791 1.1 mrg return NULL_TREE; 792 1.1 mrg 793 1.1 mrg /* The conservative result of the PHI reflecting the offset and size 794 1.1 mrg of the largest PHI argument, regardless of whether or not they all 795 1.1 mrg refer to the same object. */ 796 1.1 mrg access_ref phi_ref; 797 1.1 mrg if (pref) 798 1.1 mrg { 799 1.1 mrg /* The identity of the object has not been determined yet but 800 1.1 mrg PREF->REF is set by the caller to the PHI for convenience. 801 1.1 mrg The size is negative/invalid and the offset is zero (it's 802 1.1 mrg updated only after the identity of the object has been 803 1.1 mrg established). */ 804 1.1 mrg gcc_assert (pref->sizrng[0] < 0); 805 1.1 mrg gcc_assert (pref->offrng[0] == 0 && pref->offrng[1] == 0); 806 1.1 mrg 807 1.1 mrg phi_ref = *pref; 808 1.1 mrg } 809 1.1 mrg 810 1.1 mrg const offset_int maxobjsize = wi::to_offset (max_object_size ()); 811 1.1 mrg const unsigned nargs = gimple_phi_num_args (phi_stmt); 812 1.1 mrg for (unsigned i = 0; i < nargs; ++i) 813 1.1 mrg { 814 1.1 mrg access_ref phi_arg_ref; 815 1.1 mrg bool skip_null = i || i + 1 < nargs; 816 1.1 mrg tree arg = gimple_phi_arg_def (phi_stmt, i); 817 1.1 mrg phi_ref.merge_ref (all_refs, arg, phi_stmt, ostype, skip_null, 818 1.1 mrg *psnlim, *qry); 819 1.1 mrg 820 1.1 mrg if (!phi_ref.base0 821 1.1 mrg && phi_ref.sizrng[0] == 0 822 1.1 mrg && phi_ref.sizrng[1] >= maxobjsize) 823 1.1 mrg /* When an argument results in the most permissive result, 824 1.1 mrg the remaining arguments cannot constrain it. Short-circuit 825 1.1 mrg the evaluation. */ 826 1.1 mrg break; 827 1.1 mrg } 828 1.1 mrg 829 1.1 mrg if (phi_ref.sizrng[0] < 0) 830 1.1 mrg { 831 1.1 mrg /* Fail if none of the PHI's arguments resulted in updating PHI_REF 832 1.1 mrg (perhaps because they have all been already visited by prior 833 1.1 mrg recursive calls). */ 834 1.1 mrg psnlim->leave_phi (ref); 835 1.1 mrg return NULL_TREE; 836 1.1 mrg } 837 1.1 mrg 838 1.1 mrg /* Avoid changing *THIS. */ 839 1.1 mrg if (pref && pref != this) 840 1.1 mrg { 841 1.1 mrg /* Keep the SSA_NAME of the PHI unchanged so that all PHI arguments 842 1.1 mrg can be referred to later if necessary. This is useful even if 843 1.1 mrg they all refer to the same object. */ 844 1.1 mrg tree ref = pref->ref; 845 1.1 mrg *pref = phi_ref; 846 1.1 mrg pref->ref = ref; 847 1.1 mrg } 848 1.1 mrg 849 1.1 mrg psnlim->leave_phi (ref); 850 1.1 mrg 851 1.1 mrg return phi_ref.ref; 852 1.1 mrg } 853 1.1 mrg 854 1.1 mrg /* Return the maximum amount of space remaining and if non-null, set 855 1.1 mrg argument to the minimum. */ 856 1.1 mrg 857 1.1 mrg offset_int 858 1.1 mrg access_ref::size_remaining (offset_int *pmin /* = NULL */) const 859 1.1 mrg { 860 1.1 mrg offset_int minbuf; 861 1.1 mrg if (!pmin) 862 1.1 mrg pmin = &minbuf; 863 1.1 mrg 864 1.1 mrg if (sizrng[0] < 0) 865 1.1 mrg { 866 1.1 mrg /* If the identity of the object hasn't been determined return 867 1.1 mrg the maximum size range. */ 868 1.1 mrg *pmin = 0; 869 1.1 mrg return wi::to_offset (max_object_size ()); 870 1.1 mrg } 871 1.1 mrg 872 1.1 mrg /* add_offset() ensures the offset range isn't inverted. */ 873 1.1 mrg gcc_checking_assert (offrng[0] <= offrng[1]); 874 1.1 mrg 875 1.1 mrg if (base0) 876 1.1 mrg { 877 1.1 mrg /* The offset into referenced object is zero-based (i.e., it's 878 1.1 mrg not referenced by a pointer into middle of some unknown object). */ 879 1.1 mrg if (offrng[0] < 0 && offrng[1] < 0) 880 1.1 mrg { 881 1.1 mrg /* If the offset is negative the remaining size is zero. */ 882 1.1 mrg *pmin = 0; 883 1.1 mrg return 0; 884 1.1 mrg } 885 1.1 mrg 886 1.1 mrg if (sizrng[1] <= offrng[0]) 887 1.1 mrg { 888 1.1 mrg /* If the starting offset is greater than or equal to the upper 889 1.1 mrg bound on the size of the object, the space remaining is zero. 890 1.1 mrg As a special case, if it's equal, set *PMIN to -1 to let 891 1.1 mrg the caller know the offset is valid and just past the end. */ 892 1.1 mrg *pmin = sizrng[1] == offrng[0] ? -1 : 0; 893 1.1 mrg return 0; 894 1.1 mrg } 895 1.1 mrg 896 1.1 mrg /* Otherwise return the size minus the lower bound of the offset. */ 897 1.1 mrg offset_int or0 = offrng[0] < 0 ? 0 : offrng[0]; 898 1.1 mrg 899 1.1 mrg *pmin = sizrng[0] - or0; 900 1.1 mrg return sizrng[1] - or0; 901 1.1 mrg } 902 1.1 mrg 903 1.1 mrg /* The offset to the referenced object isn't zero-based (i.e., it may 904 1.1 mrg refer to a byte other than the first. The size of such an object 905 1.1 mrg is constrained only by the size of the address space (the result 906 1.1 mrg of max_object_size()). */ 907 1.1 mrg if (sizrng[1] <= offrng[0]) 908 1.1 mrg { 909 1.1 mrg *pmin = 0; 910 1.1 mrg return 0; 911 1.1 mrg } 912 1.1 mrg 913 1.1 mrg offset_int or0 = offrng[0] < 0 ? 0 : offrng[0]; 914 1.1 mrg 915 1.1 mrg *pmin = sizrng[0] - or0; 916 1.1 mrg return sizrng[1] - or0; 917 1.1 mrg } 918 1.1 mrg 919 1.1 mrg /* Return true if the offset and object size are in range for SIZE. */ 920 1.1 mrg 921 1.1 mrg bool 922 1.1 mrg access_ref::offset_in_range (const offset_int &size) const 923 1.1 mrg { 924 1.1 mrg if (size_remaining () < size) 925 1.1 mrg return false; 926 1.1 mrg 927 1.1 mrg if (base0) 928 1.1 mrg return offmax[0] >= 0 && offmax[1] <= sizrng[1]; 929 1.1 mrg 930 1.1 mrg offset_int maxoff = wi::to_offset (TYPE_MAX_VALUE (ptrdiff_type_node)); 931 1.1 mrg return offmax[0] > -maxoff && offmax[1] < maxoff; 932 1.1 mrg } 933 1.1 mrg 934 1.1 mrg /* Add the range [MIN, MAX] to the offset range. For known objects (with 935 1.1 mrg zero-based offsets) at least one of whose offset's bounds is in range, 936 1.1 mrg constrain the other (or both) to the bounds of the object (i.e., zero 937 1.1 mrg and the upper bound of its size). This improves the quality of 938 1.1 mrg diagnostics. */ 939 1.1 mrg 940 1.1 mrg void access_ref::add_offset (const offset_int &min, const offset_int &max) 941 1.1 mrg { 942 1.1 mrg if (min <= max) 943 1.1 mrg { 944 1.1 mrg /* To add an ordinary range just add it to the bounds. */ 945 1.1 mrg offrng[0] += min; 946 1.1 mrg offrng[1] += max; 947 1.1 mrg } 948 1.1 mrg else if (!base0) 949 1.1 mrg { 950 1.1 mrg /* To add an inverted range to an offset to an unknown object 951 1.1 mrg expand it to the maximum. */ 952 1.1 mrg add_max_offset (); 953 1.1 mrg return; 954 1.1 mrg } 955 1.1 mrg else 956 1.1 mrg { 957 1.1 mrg /* To add an inverted range to an offset to an known object set 958 1.1 mrg the upper bound to the maximum representable offset value 959 1.1 mrg (which may be greater than MAX_OBJECT_SIZE). 960 1.1 mrg The lower bound is either the sum of the current offset and 961 1.1 mrg MIN when abs(MAX) is greater than the former, or zero otherwise. 962 1.1 mrg Zero because then the inverted range includes the negative of 963 1.1 mrg the lower bound. */ 964 1.1 mrg offset_int maxoff = wi::to_offset (TYPE_MAX_VALUE (ptrdiff_type_node)); 965 1.1 mrg offrng[1] = maxoff; 966 1.1 mrg 967 1.1 mrg if (max >= 0) 968 1.1 mrg { 969 1.1 mrg offrng[0] = 0; 970 1.1 mrg if (offmax[0] > 0) 971 1.1 mrg offmax[0] = 0; 972 1.1 mrg return; 973 1.1 mrg } 974 1.1 mrg 975 1.1 mrg offset_int absmax = wi::abs (max); 976 1.1 mrg if (offrng[0] < absmax) 977 1.1 mrg { 978 1.1 mrg offrng[0] += min; 979 1.1 mrg /* Cap the lower bound at the upper (set to MAXOFF above) 980 1.1 mrg to avoid inadvertently recreating an inverted range. */ 981 1.1 mrg if (offrng[1] < offrng[0]) 982 1.1 mrg offrng[0] = offrng[1]; 983 1.1 mrg } 984 1.1 mrg else 985 1.1 mrg offrng[0] = 0; 986 1.1 mrg } 987 1.1 mrg 988 1.1 mrg /* Set the minimum and maximmum computed so far. */ 989 1.1 mrg if (offrng[1] < 0 && offrng[1] < offmax[0]) 990 1.1 mrg offmax[0] = offrng[1]; 991 1.1 mrg if (offrng[0] > 0 && offrng[0] > offmax[1]) 992 1.1 mrg offmax[1] = offrng[0]; 993 1.1 mrg 994 1.1 mrg if (!base0) 995 1.1 mrg return; 996 1.1 mrg 997 1.1 mrg /* When referencing a known object check to see if the offset computed 998 1.1 mrg so far is in bounds... */ 999 1.1 mrg offset_int remrng[2]; 1000 1.1 mrg remrng[1] = size_remaining (remrng); 1001 1.1 mrg if (remrng[1] > 0 || remrng[0] < 0) 1002 1.1 mrg { 1003 1.1 mrg /* ...if so, constrain it so that neither bound exceeds the size of 1004 1.1 mrg the object. Out of bounds offsets are left unchanged, and, for 1005 1.1 mrg better or worse, become in bounds later. They should be detected 1006 1.1 mrg and diagnosed at the point they first become invalid by 1007 1.1 mrg -Warray-bounds. */ 1008 1.1 mrg if (offrng[0] < 0) 1009 1.1 mrg offrng[0] = 0; 1010 1.1 mrg if (offrng[1] > sizrng[1]) 1011 1.1 mrg offrng[1] = sizrng[1]; 1012 1.1 mrg } 1013 1.1 mrg } 1014 1.1 mrg 1015 1.1 mrg /* Issue one inform message describing each target of an access REF. 1016 1.1 mrg WRITE is set for a write access and clear for a read access. */ 1017 1.1 mrg 1018 1.1 mrg void 1019 1.1 mrg access_ref::inform_access (access_mode mode, int ostype /* = 1 */) const 1020 1.1 mrg { 1021 1.1 mrg const access_ref &aref = *this; 1022 1.1 mrg if (!aref.ref) 1023 1.1 mrg return; 1024 1.1 mrg 1025 1.1 mrg if (phi ()) 1026 1.1 mrg { 1027 1.1 mrg /* Set MAXREF to refer to the largest object and fill ALL_REFS 1028 1.1 mrg with data for all objects referenced by the PHI arguments. */ 1029 1.1 mrg access_ref maxref; 1030 1.1 mrg auto_vec<access_ref> all_refs; 1031 1.1 mrg if (!get_ref (&all_refs, &maxref, ostype)) 1032 1.1 mrg return; 1033 1.1 mrg 1034 1.1 mrg if (all_refs.length ()) 1035 1.1 mrg { 1036 1.1 mrg /* Except for MAXREF, the rest of the arguments' offsets need not 1037 1.1 mrg reflect one added to the PHI itself. Determine the latter from 1038 1.1 mrg MAXREF on which the result is based. */ 1039 1.1 mrg const offset_int orng[] = 1040 1.1 mrg { 1041 1.1 mrg offrng[0] - maxref.offrng[0], 1042 1.1 mrg wi::smax (offrng[1] - maxref.offrng[1], offrng[0]), 1043 1.1 mrg }; 1044 1.1 mrg 1045 1.1 mrg /* Add the final PHI's offset to that of each of the arguments 1046 1.1 mrg and recurse to issue an inform message for it. */ 1047 1.1 mrg for (unsigned i = 0; i != all_refs.length (); ++i) 1048 1.1 mrg { 1049 1.1 mrg /* Skip any PHIs; those could lead to infinite recursion. */ 1050 1.1 mrg if (all_refs[i].phi ()) 1051 1.1 mrg continue; 1052 1.1 mrg 1053 1.1 mrg all_refs[i].add_offset (orng[0], orng[1]); 1054 1.1 mrg all_refs[i].inform_access (mode, ostype); 1055 1.1 mrg } 1056 1.1 mrg return; 1057 1.1 mrg } 1058 1.1 mrg } 1059 1.1 mrg 1060 1.1 mrg /* Convert offset range and avoid including a zero range since it 1061 1.1 mrg isn't necessarily meaningful. */ 1062 1.1 mrg HOST_WIDE_INT diff_min = tree_to_shwi (TYPE_MIN_VALUE (ptrdiff_type_node)); 1063 1.1 mrg HOST_WIDE_INT diff_max = tree_to_shwi (TYPE_MAX_VALUE (ptrdiff_type_node)); 1064 1.1 mrg HOST_WIDE_INT minoff; 1065 1.1 mrg HOST_WIDE_INT maxoff = diff_max; 1066 1.1 mrg if (wi::fits_shwi_p (aref.offrng[0])) 1067 1.1 mrg minoff = aref.offrng[0].to_shwi (); 1068 1.1 mrg else 1069 1.1 mrg minoff = aref.offrng[0] < 0 ? diff_min : diff_max; 1070 1.1 mrg 1071 1.1 mrg if (wi::fits_shwi_p (aref.offrng[1])) 1072 1.1 mrg maxoff = aref.offrng[1].to_shwi (); 1073 1.1 mrg 1074 1.1 mrg if (maxoff <= diff_min || maxoff >= diff_max) 1075 1.1 mrg /* Avoid mentioning an upper bound that's equal to or in excess 1076 1.1 mrg of the maximum of ptrdiff_t. */ 1077 1.1 mrg maxoff = minoff; 1078 1.1 mrg 1079 1.1 mrg /* Convert size range and always include it since all sizes are 1080 1.1 mrg meaningful. */ 1081 1.1 mrg unsigned long long minsize = 0, maxsize = 0; 1082 1.1 mrg if (wi::fits_shwi_p (aref.sizrng[0]) 1083 1.1 mrg && wi::fits_shwi_p (aref.sizrng[1])) 1084 1.1 mrg { 1085 1.1 mrg minsize = aref.sizrng[0].to_shwi (); 1086 1.1 mrg maxsize = aref.sizrng[1].to_shwi (); 1087 1.1 mrg } 1088 1.1 mrg 1089 1.1 mrg /* SIZRNG doesn't necessarily have the same range as the allocation 1090 1.1 mrg size determined by gimple_call_alloc_size (). */ 1091 1.1 mrg char sizestr[80]; 1092 1.1 mrg if (minsize == maxsize) 1093 1.1 mrg sprintf (sizestr, "%llu", minsize); 1094 1.1 mrg else 1095 1.1 mrg sprintf (sizestr, "[%llu, %llu]", minsize, maxsize); 1096 1.1 mrg 1097 1.1 mrg char offstr[80]; 1098 1.1 mrg if (minoff == 0 1099 1.1 mrg && (maxoff == 0 || aref.sizrng[1] <= maxoff)) 1100 1.1 mrg offstr[0] = '\0'; 1101 1.1 mrg else if (minoff == maxoff) 1102 1.1 mrg sprintf (offstr, "%lli", (long long) minoff); 1103 1.1 mrg else 1104 1.1 mrg sprintf (offstr, "[%lli, %lli]", (long long) minoff, (long long) maxoff); 1105 1.1 mrg 1106 1.1 mrg location_t loc = UNKNOWN_LOCATION; 1107 1.1 mrg 1108 1.1 mrg tree ref = this->ref; 1109 1.1 mrg tree allocfn = NULL_TREE; 1110 1.1 mrg if (TREE_CODE (ref) == SSA_NAME) 1111 1.1 mrg { 1112 1.1 mrg gimple *stmt = SSA_NAME_DEF_STMT (ref); 1113 1.1 mrg if (!stmt) 1114 1.1 mrg return; 1115 1.1 mrg 1116 1.1 mrg if (is_gimple_call (stmt)) 1117 1.1 mrg { 1118 1.1 mrg loc = gimple_location (stmt); 1119 1.1 mrg if (gimple_call_builtin_p (stmt, BUILT_IN_ALLOCA_WITH_ALIGN)) 1120 1.1 mrg { 1121 1.1 mrg /* Strip the SSA_NAME suffix from the variable name and 1122 1.1 mrg recreate an identifier with the VLA's original name. */ 1123 1.1 mrg ref = gimple_call_lhs (stmt); 1124 1.1 mrg if (SSA_NAME_IDENTIFIER (ref)) 1125 1.1 mrg { 1126 1.1 mrg ref = SSA_NAME_IDENTIFIER (ref); 1127 1.1 mrg const char *id = IDENTIFIER_POINTER (ref); 1128 1.1 mrg size_t len = strcspn (id, ".$"); 1129 1.1 mrg if (!len) 1130 1.1 mrg len = strlen (id); 1131 1.1 mrg ref = get_identifier_with_length (id, len); 1132 1.1 mrg } 1133 1.1 mrg } 1134 1.1 mrg else 1135 1.1 mrg { 1136 1.1 mrg /* Except for VLAs, retrieve the allocation function. */ 1137 1.1 mrg allocfn = gimple_call_fndecl (stmt); 1138 1.1 mrg if (!allocfn) 1139 1.1 mrg allocfn = gimple_call_fn (stmt); 1140 1.1 mrg if (TREE_CODE (allocfn) == SSA_NAME) 1141 1.1 mrg { 1142 1.1 mrg /* For an ALLOC_CALL via a function pointer make a small 1143 1.1 mrg effort to determine the destination of the pointer. */ 1144 1.1 mrg gimple *def = SSA_NAME_DEF_STMT (allocfn); 1145 1.1 mrg if (gimple_assign_single_p (def)) 1146 1.1 mrg { 1147 1.1 mrg tree rhs = gimple_assign_rhs1 (def); 1148 1.1 mrg if (DECL_P (rhs)) 1149 1.1 mrg allocfn = rhs; 1150 1.1 mrg else if (TREE_CODE (rhs) == COMPONENT_REF) 1151 1.1 mrg allocfn = TREE_OPERAND (rhs, 1); 1152 1.1 mrg } 1153 1.1 mrg } 1154 1.1 mrg } 1155 1.1 mrg } 1156 1.1 mrg else if (gimple_nop_p (stmt)) 1157 1.1 mrg /* Handle DECL_PARM below. */ 1158 1.1 mrg ref = SSA_NAME_VAR (ref); 1159 1.1 mrg else if (is_gimple_assign (stmt) 1160 1.1 mrg && (gimple_assign_rhs_code (stmt) == MIN_EXPR 1161 1.1 mrg || gimple_assign_rhs_code (stmt) == MAX_EXPR)) 1162 1.1 mrg { 1163 1.1 mrg /* MIN or MAX_EXPR here implies a reference to a known object 1164 1.1 mrg and either an unknown or distinct one (the latter being 1165 1.1 mrg the result of an invalid relational expression). Determine 1166 1.1 mrg the identity of the former and point to it in the note. 1167 1.1 mrg TODO: Consider merging with PHI handling. */ 1168 1.1 mrg access_ref arg_ref[2]; 1169 1.1 mrg tree arg = gimple_assign_rhs1 (stmt); 1170 1.1 mrg compute_objsize (arg, /* ostype = */ 1 , &arg_ref[0]); 1171 1.1 mrg arg = gimple_assign_rhs2 (stmt); 1172 1.1 mrg compute_objsize (arg, /* ostype = */ 1 , &arg_ref[1]); 1173 1.1 mrg 1174 1.1 mrg /* Use the argument that references a known object with more 1175 1.1 mrg space remaining. */ 1176 1.1 mrg const bool idx 1177 1.1 mrg = (!arg_ref[0].ref || !arg_ref[0].base0 1178 1.1 mrg || (arg_ref[0].base0 && arg_ref[1].base0 1179 1.1 mrg && (arg_ref[0].size_remaining () 1180 1.1 mrg < arg_ref[1].size_remaining ()))); 1181 1.1 mrg 1182 1.1 mrg arg_ref[idx].offrng[0] = offrng[0]; 1183 1.1 mrg arg_ref[idx].offrng[1] = offrng[1]; 1184 1.1 mrg arg_ref[idx].inform_access (mode); 1185 1.1 mrg return; 1186 1.1 mrg } 1187 1.1 mrg } 1188 1.1 mrg 1189 1.1 mrg if (DECL_P (ref)) 1190 1.1 mrg loc = DECL_SOURCE_LOCATION (ref); 1191 1.1 mrg else if (EXPR_P (ref) && EXPR_HAS_LOCATION (ref)) 1192 1.1 mrg loc = EXPR_LOCATION (ref); 1193 1.1 mrg else if (TREE_CODE (ref) != IDENTIFIER_NODE 1194 1.1 mrg && TREE_CODE (ref) != SSA_NAME) 1195 1.1 mrg return; 1196 1.1 mrg 1197 1.1 mrg if (mode == access_read_write || mode == access_write_only) 1198 1.1 mrg { 1199 1.1 mrg if (allocfn == NULL_TREE) 1200 1.1 mrg { 1201 1.1 mrg if (*offstr) 1202 1.1 mrg inform (loc, "at offset %s into destination object %qE of size %s", 1203 1.1 mrg offstr, ref, sizestr); 1204 1.1 mrg else 1205 1.1 mrg inform (loc, "destination object %qE of size %s", ref, sizestr); 1206 1.1 mrg return; 1207 1.1 mrg } 1208 1.1 mrg 1209 1.1 mrg if (*offstr) 1210 1.1 mrg inform (loc, 1211 1.1 mrg "at offset %s into destination object of size %s " 1212 1.1 mrg "allocated by %qE", offstr, sizestr, allocfn); 1213 1.1 mrg else 1214 1.1 mrg inform (loc, "destination object of size %s allocated by %qE", 1215 1.1 mrg sizestr, allocfn); 1216 1.1 mrg return; 1217 1.1 mrg } 1218 1.1 mrg 1219 1.1 mrg if (mode == access_read_only) 1220 1.1 mrg { 1221 1.1 mrg if (allocfn == NULL_TREE) 1222 1.1 mrg { 1223 1.1 mrg if (*offstr) 1224 1.1 mrg inform (loc, "at offset %s into source object %qE of size %s", 1225 1.1 mrg offstr, ref, sizestr); 1226 1.1 mrg else 1227 1.1 mrg inform (loc, "source object %qE of size %s", ref, sizestr); 1228 1.1 mrg 1229 1.1 mrg return; 1230 1.1 mrg } 1231 1.1 mrg 1232 1.1 mrg if (*offstr) 1233 1.1 mrg inform (loc, 1234 1.1 mrg "at offset %s into source object of size %s allocated by %qE", 1235 1.1 mrg offstr, sizestr, allocfn); 1236 1.1 mrg else 1237 1.1 mrg inform (loc, "source object of size %s allocated by %qE", 1238 1.1 mrg sizestr, allocfn); 1239 1.1 mrg return; 1240 1.1 mrg } 1241 1.1 mrg 1242 1.1 mrg if (allocfn == NULL_TREE) 1243 1.1 mrg { 1244 1.1 mrg if (*offstr) 1245 1.1 mrg inform (loc, "at offset %s into object %qE of size %s", 1246 1.1 mrg offstr, ref, sizestr); 1247 1.1 mrg else 1248 1.1 mrg inform (loc, "object %qE of size %s", ref, sizestr); 1249 1.1 mrg 1250 1.1 mrg return; 1251 1.1 mrg } 1252 1.1 mrg 1253 1.1 mrg if (*offstr) 1254 1.1 mrg inform (loc, 1255 1.1 mrg "at offset %s into object of size %s allocated by %qE", 1256 1.1 mrg offstr, sizestr, allocfn); 1257 1.1 mrg else 1258 1.1 mrg inform (loc, "object of size %s allocated by %qE", 1259 1.1 mrg sizestr, allocfn); 1260 1.1 mrg } 1261 1.1 mrg 1262 1.1 mrg /* Dump *THIS to FILE. */ 1263 1.1 mrg 1264 1.1 mrg void 1265 1.1 mrg access_ref::dump (FILE *file) const 1266 1.1 mrg { 1267 1.1 mrg for (int i = deref; i < 0; ++i) 1268 1.1 mrg fputc ('&', file); 1269 1.1 mrg 1270 1.1 mrg for (int i = 0; i < deref; ++i) 1271 1.1 mrg fputc ('*', file); 1272 1.1 mrg 1273 1.1 mrg if (gphi *phi_stmt = phi ()) 1274 1.1 mrg { 1275 1.1 mrg fputs ("PHI <", file); 1276 1.1 mrg unsigned nargs = gimple_phi_num_args (phi_stmt); 1277 1.1 mrg for (unsigned i = 0; i != nargs; ++i) 1278 1.1 mrg { 1279 1.1 mrg tree arg = gimple_phi_arg_def (phi_stmt, i); 1280 1.1 mrg print_generic_expr (file, arg); 1281 1.1 mrg if (i + 1 < nargs) 1282 1.1 mrg fputs (", ", file); 1283 1.1 mrg } 1284 1.1 mrg fputc ('>', file); 1285 1.1 mrg } 1286 1.1 mrg else 1287 1.1 mrg print_generic_expr (file, ref); 1288 1.1 mrg 1289 1.1 mrg if (offrng[0] != offrng[1]) 1290 1.1 mrg fprintf (file, " + [%lli, %lli]", 1291 1.1 mrg (long long) offrng[0].to_shwi (), 1292 1.1 mrg (long long) offrng[1].to_shwi ()); 1293 1.1 mrg else if (offrng[0] != 0) 1294 1.1 mrg fprintf (file, " %c %lli", 1295 1.1 mrg offrng[0] < 0 ? '-' : '+', 1296 1.1 mrg (long long) offrng[0].to_shwi ()); 1297 1.1 mrg 1298 1.1 mrg if (base0) 1299 1.1 mrg fputs (" (base0)", file); 1300 1.1 mrg 1301 1.1 mrg fputs ("; size: ", file); 1302 1.1 mrg if (sizrng[0] != sizrng[1]) 1303 1.1 mrg { 1304 1.1 mrg offset_int maxsize = wi::to_offset (max_object_size ()); 1305 1.1 mrg if (sizrng[0] == 0 && sizrng[1] >= maxsize) 1306 1.1 mrg fputs ("unknown", file); 1307 1.1 mrg else 1308 1.1 mrg fprintf (file, "[%llu, %llu]", 1309 1.1 mrg (unsigned long long) sizrng[0].to_uhwi (), 1310 1.1 mrg (unsigned long long) sizrng[1].to_uhwi ()); 1311 1.1 mrg } 1312 1.1 mrg else if (sizrng[0] != 0) 1313 1.1 mrg fprintf (file, "%llu", 1314 1.1 mrg (unsigned long long) sizrng[0].to_uhwi ()); 1315 1.1 mrg 1316 1.1 mrg fputc ('\n', file); 1317 1.1 mrg } 1318 1.1 mrg 1319 1.1 mrg /* Set the access to at most MAXWRITE and MAXREAD bytes, and at least 1 1320 1.1 mrg when MINWRITE or MINREAD, respectively, is set. */ 1321 1.1 mrg access_data::access_data (range_query *query, gimple *stmt, access_mode mode, 1322 1.1 mrg tree maxwrite /* = NULL_TREE */, 1323 1.1 mrg bool minwrite /* = false */, 1324 1.1 mrg tree maxread /* = NULL_TREE */, 1325 1.1 mrg bool minread /* = false */) 1326 1.1 mrg : stmt (stmt), call (), dst (), src (), mode (mode), ostype () 1327 1.1 mrg { 1328 1.1 mrg set_bound (dst_bndrng, maxwrite, minwrite, query, stmt); 1329 1.1 mrg set_bound (src_bndrng, maxread, minread, query, stmt); 1330 1.1 mrg } 1331 1.1 mrg 1332 1.1 mrg /* Set the access to at most MAXWRITE and MAXREAD bytes, and at least 1 1333 1.1 mrg when MINWRITE or MINREAD, respectively, is set. */ 1334 1.1 mrg access_data::access_data (range_query *query, tree expr, access_mode mode, 1335 1.1 mrg tree maxwrite /* = NULL_TREE */, 1336 1.1 mrg bool minwrite /* = false */, 1337 1.1 mrg tree maxread /* = NULL_TREE */, 1338 1.1 mrg bool minread /* = false */) 1339 1.1 mrg : stmt (), call (expr), dst (), src (), mode (mode), ostype () 1340 1.1 mrg { 1341 1.1 mrg set_bound (dst_bndrng, maxwrite, minwrite, query, stmt); 1342 1.1 mrg set_bound (src_bndrng, maxread, minread, query, stmt); 1343 1.1 mrg } 1344 1.1 mrg 1345 1.1 mrg /* Set BNDRNG to the range of BOUND for the statement STMT. */ 1346 1.1 mrg 1347 1.1 mrg void 1348 1.1 mrg access_data::set_bound (offset_int bndrng[2], tree bound, bool minaccess, 1349 1.1 mrg range_query *query, gimple *stmt) 1350 1.1 mrg { 1351 1.1 mrg /* Set the default bounds of the access and adjust below. */ 1352 1.1 mrg bndrng[0] = minaccess ? 1 : 0; 1353 1.1 mrg bndrng[1] = HOST_WIDE_INT_M1U; 1354 1.1 mrg 1355 1.1 mrg /* When BOUND is nonnull and a range can be extracted from it, 1356 1.1 mrg set the bounds of the access to reflect both it and MINACCESS. 1357 1.1 mrg BNDRNG[0] is the size of the minimum access. */ 1358 1.1 mrg tree rng[2]; 1359 1.1 mrg if (bound && get_size_range (query, bound, stmt, rng, SR_ALLOW_ZERO)) 1360 1.1 mrg { 1361 1.1 mrg bndrng[0] = wi::to_offset (rng[0]); 1362 1.1 mrg bndrng[1] = wi::to_offset (rng[1]); 1363 1.1 mrg bndrng[0] = bndrng[0] > 0 && minaccess ? 1 : 0; 1364 1.1 mrg } 1365 1.1 mrg } 1366 1.1 mrg 1367 1.1 mrg /* Set a bit for the PHI in VISITED and return true if it wasn't 1368 1.1 mrg already set. */ 1369 1.1 mrg 1370 1.1 mrg bool 1371 1.1 mrg ssa_name_limit_t::visit_phi (tree ssa_name) 1372 1.1 mrg { 1373 1.1 mrg if (!visited) 1374 1.1 mrg visited = BITMAP_ALLOC (NULL); 1375 1.1 mrg 1376 1.1 mrg /* Return false if SSA_NAME has already been visited. */ 1377 1.1 mrg return bitmap_set_bit (visited, SSA_NAME_VERSION (ssa_name)); 1378 1.1 mrg } 1379 1.1 mrg 1380 1.1 mrg /* Clear a bit for the PHI in VISITED. */ 1381 1.1 mrg 1382 1.1 mrg void 1383 1.1 mrg ssa_name_limit_t::leave_phi (tree ssa_name) 1384 1.1 mrg { 1385 1.1 mrg /* Return false if SSA_NAME has already been visited. */ 1386 1.1 mrg bitmap_clear_bit (visited, SSA_NAME_VERSION (ssa_name)); 1387 1.1 mrg } 1388 1.1 mrg 1389 1.1 mrg /* Return false if the SSA_NAME chain length counter has reached 1390 1.1 mrg the limit, otherwise increment the counter and return true. */ 1391 1.1 mrg 1392 1.1 mrg bool 1393 1.1 mrg ssa_name_limit_t::next () 1394 1.1 mrg { 1395 1.1 mrg /* Return a negative value to let caller avoid recursing beyond 1396 1.1 mrg the specified limit. */ 1397 1.1 mrg if (ssa_def_max == 0) 1398 1.1 mrg return false; 1399 1.1 mrg 1400 1.1 mrg --ssa_def_max; 1401 1.1 mrg return true; 1402 1.1 mrg } 1403 1.1 mrg 1404 1.1 mrg /* If the SSA_NAME has already been "seen" return a positive value. 1405 1.1 mrg Otherwise add it to VISITED. If the SSA_NAME limit has been 1406 1.1 mrg reached, return a negative value. Otherwise return zero. */ 1407 1.1 mrg 1408 1.1 mrg int 1409 1.1 mrg ssa_name_limit_t::next_phi (tree ssa_name) 1410 1.1 mrg { 1411 1.1 mrg { 1412 1.1 mrg gimple *def_stmt = SSA_NAME_DEF_STMT (ssa_name); 1413 1.1 mrg /* Return a positive value if the PHI has already been visited. */ 1414 1.1 mrg if (gimple_code (def_stmt) == GIMPLE_PHI 1415 1.1 mrg && !visit_phi (ssa_name)) 1416 1.1 mrg return 1; 1417 1.1 mrg } 1418 1.1 mrg 1419 1.1 mrg /* Return a negative value to let caller avoid recursing beyond 1420 1.1 mrg the specified limit. */ 1421 1.1 mrg if (ssa_def_max == 0) 1422 1.1 mrg return -1; 1423 1.1 mrg 1424 1.1 mrg --ssa_def_max; 1425 1.1 mrg 1426 1.1 mrg return 0; 1427 1.1 mrg } 1428 1.1 mrg 1429 1.1 mrg ssa_name_limit_t::~ssa_name_limit_t () 1430 1.1 mrg { 1431 1.1 mrg if (visited) 1432 1.1 mrg BITMAP_FREE (visited); 1433 1.1 mrg } 1434 1.1 mrg 1435 1.1 mrg /* Default ctor. Initialize object with pointers to the range_query 1436 1.1 mrg instance to use or null. */ 1437 1.1 mrg 1438 1.1 mrg pointer_query::pointer_query (range_query *qry /* = NULL */) 1439 1.1 mrg : rvals (qry), hits (), misses (), failures (), depth (), max_depth (), 1440 1.1 mrg var_cache () 1441 1.1 mrg { 1442 1.1 mrg /* No op. */ 1443 1.1 mrg } 1444 1.1 mrg 1445 1.1 mrg /* Return a pointer to the cached access_ref instance for the SSA_NAME 1446 1.1 mrg PTR if it's there or null otherwise. */ 1447 1.1 mrg 1448 1.1 mrg const access_ref * 1449 1.1 mrg pointer_query::get_ref (tree ptr, int ostype /* = 1 */) const 1450 1.1 mrg { 1451 1.1 mrg unsigned version = SSA_NAME_VERSION (ptr); 1452 1.1 mrg unsigned idx = version << 1 | (ostype & 1); 1453 1.1 mrg if (var_cache.indices.length () <= idx) 1454 1.1 mrg { 1455 1.1 mrg ++misses; 1456 1.1 mrg return NULL; 1457 1.1 mrg } 1458 1.1 mrg 1459 1.1 mrg unsigned cache_idx = var_cache.indices[idx]; 1460 1.1 mrg if (var_cache.access_refs.length () <= cache_idx) 1461 1.1 mrg { 1462 1.1 mrg ++misses; 1463 1.1 mrg return NULL; 1464 1.1 mrg } 1465 1.1 mrg 1466 1.1 mrg const access_ref &cache_ref = var_cache.access_refs[cache_idx]; 1467 1.1 mrg if (cache_ref.ref) 1468 1.1 mrg { 1469 1.1 mrg ++hits; 1470 1.1 mrg return &cache_ref; 1471 1.1 mrg } 1472 1.1 mrg 1473 1.1 mrg ++misses; 1474 1.1 mrg return NULL; 1475 1.1 mrg } 1476 1.1 mrg 1477 1.1 mrg /* Retrieve the access_ref instance for a variable from the cache if it's 1478 1.1 mrg there or compute it and insert it into the cache if it's nonnonull. */ 1479 1.1 mrg 1480 1.1 mrg bool 1481 1.1 mrg pointer_query::get_ref (tree ptr, gimple *stmt, access_ref *pref, 1482 1.1 mrg int ostype /* = 1 */) 1483 1.1 mrg { 1484 1.1 mrg const unsigned version 1485 1.1 mrg = TREE_CODE (ptr) == SSA_NAME ? SSA_NAME_VERSION (ptr) : 0; 1486 1.1 mrg 1487 1.1 mrg if (version) 1488 1.1 mrg { 1489 1.1 mrg unsigned idx = version << 1 | (ostype & 1); 1490 1.1 mrg if (idx < var_cache.indices.length ()) 1491 1.1 mrg { 1492 1.1 mrg unsigned cache_idx = var_cache.indices[idx] - 1; 1493 1.1 mrg if (cache_idx < var_cache.access_refs.length () 1494 1.1 mrg && var_cache.access_refs[cache_idx].ref) 1495 1.1 mrg { 1496 1.1 mrg ++hits; 1497 1.1 mrg *pref = var_cache.access_refs[cache_idx]; 1498 1.1 mrg return true; 1499 1.1 mrg } 1500 1.1 mrg } 1501 1.1 mrg 1502 1.1 mrg ++misses; 1503 1.1 mrg } 1504 1.1 mrg 1505 1.1 mrg if (!compute_objsize (ptr, stmt, ostype, pref, this)) 1506 1.1 mrg { 1507 1.1 mrg ++failures; 1508 1.1 mrg return false; 1509 1.1 mrg } 1510 1.1 mrg 1511 1.1 mrg return true; 1512 1.1 mrg } 1513 1.1 mrg 1514 1.1 mrg /* Add a copy of the access_ref REF for the SSA_NAME to the cache if it's 1515 1.1 mrg nonnull. */ 1516 1.1 mrg 1517 1.1 mrg void 1518 1.1 mrg pointer_query::put_ref (tree ptr, const access_ref &ref, int ostype /* = 1 */) 1519 1.1 mrg { 1520 1.1 mrg /* Only add populated/valid entries. */ 1521 1.1 mrg if (!ref.ref || ref.sizrng[0] < 0) 1522 1.1 mrg return; 1523 1.1 mrg 1524 1.1 mrg /* Add REF to the two-level cache. */ 1525 1.1 mrg unsigned version = SSA_NAME_VERSION (ptr); 1526 1.1 mrg unsigned idx = version << 1 | (ostype & 1); 1527 1.1 mrg 1528 1.1 mrg /* Grow INDICES if necessary. An index is valid if it's nonzero. 1529 1.1 mrg Its value minus one is the index into ACCESS_REFS. Not all 1530 1.1 mrg entries are valid. */ 1531 1.1 mrg if (var_cache.indices.length () <= idx) 1532 1.1 mrg var_cache.indices.safe_grow_cleared (idx + 1); 1533 1.1 mrg 1534 1.1 mrg if (!var_cache.indices[idx]) 1535 1.1 mrg var_cache.indices[idx] = var_cache.access_refs.length () + 1; 1536 1.1 mrg 1537 1.1 mrg /* Grow ACCESS_REF cache if necessary. An entry is valid if its 1538 1.1 mrg REF member is nonnull. All entries except for the last two 1539 1.1 mrg are valid. Once nonnull, the REF value must stay unchanged. */ 1540 1.1 mrg unsigned cache_idx = var_cache.indices[idx]; 1541 1.1 mrg if (var_cache.access_refs.length () <= cache_idx) 1542 1.1 mrg var_cache.access_refs.safe_grow_cleared (cache_idx + 1); 1543 1.1 mrg 1544 1.1 mrg access_ref &cache_ref = var_cache.access_refs[cache_idx]; 1545 1.1 mrg if (cache_ref.ref) 1546 1.1 mrg { 1547 1.1 mrg gcc_checking_assert (cache_ref.ref == ref.ref); 1548 1.1 mrg return; 1549 1.1 mrg } 1550 1.1 mrg 1551 1.1 mrg cache_ref = ref; 1552 1.1 mrg } 1553 1.1 mrg 1554 1.1 mrg /* Flush the cache if it's nonnull. */ 1555 1.1 mrg 1556 1.1 mrg void 1557 1.1 mrg pointer_query::flush_cache () 1558 1.1 mrg { 1559 1.1 mrg var_cache.indices.release (); 1560 1.1 mrg var_cache.access_refs.release (); 1561 1.1 mrg } 1562 1.1 mrg 1563 1.1 mrg /* Dump statistics and, optionally, cache contents to DUMP_FILE. */ 1564 1.1 mrg 1565 1.1 mrg void 1566 1.1 mrg pointer_query::dump (FILE *dump_file, bool contents /* = false */) 1567 1.1 mrg { 1568 1.1 mrg unsigned nused = 0, nrefs = 0; 1569 1.1 mrg unsigned nidxs = var_cache.indices.length (); 1570 1.1 mrg for (unsigned i = 0; i != nidxs; ++i) 1571 1.1 mrg { 1572 1.1 mrg unsigned ari = var_cache.indices[i]; 1573 1.1 mrg if (!ari) 1574 1.1 mrg continue; 1575 1.1 mrg 1576 1.1 mrg ++nused; 1577 1.1 mrg 1578 1.1 mrg const access_ref &aref = var_cache.access_refs[ari]; 1579 1.1 mrg if (!aref.ref) 1580 1.1 mrg continue; 1581 1.1 mrg 1582 1.1 mrg ++nrefs; 1583 1.1 mrg } 1584 1.1 mrg 1585 1.1 mrg fprintf (dump_file, "pointer_query counters:\n" 1586 1.1 mrg " index cache size: %u\n" 1587 1.1 mrg " index entries: %u\n" 1588 1.1 mrg " access cache size: %u\n" 1589 1.1 mrg " access entries: %u\n" 1590 1.1 mrg " hits: %u\n" 1591 1.1 mrg " misses: %u\n" 1592 1.1 mrg " failures: %u\n" 1593 1.1 mrg " max_depth: %u\n", 1594 1.1 mrg nidxs, nused, 1595 1.1 mrg var_cache.access_refs.length (), nrefs, 1596 1.1 mrg hits, misses, failures, max_depth); 1597 1.1 mrg 1598 1.1 mrg if (!contents || !nidxs) 1599 1.1 mrg return; 1600 1.1 mrg 1601 1.1 mrg fputs ("\npointer_query cache contents:\n", dump_file); 1602 1.1 mrg 1603 1.1 mrg for (unsigned i = 0; i != nidxs; ++i) 1604 1.1 mrg { 1605 1.1 mrg unsigned ari = var_cache.indices[i]; 1606 1.1 mrg if (!ari) 1607 1.1 mrg continue; 1608 1.1 mrg 1609 1.1 mrg const access_ref &aref = var_cache.access_refs[ari]; 1610 1.1 mrg if (!aref.ref) 1611 1.1 mrg continue; 1612 1.1 mrg 1613 1.1 mrg /* The level-1 cache index corresponds to the SSA_NAME_VERSION 1614 1.1 mrg shifted left by one and ORed with the Object Size Type in 1615 1.1 mrg the lowest bit. Print the two separately. */ 1616 1.1 mrg unsigned ver = i >> 1; 1617 1.1 mrg unsigned ost = i & 1; 1618 1.1 mrg 1619 1.1 mrg fprintf (dump_file, " %u.%u[%u]: ", ver, ost, ari); 1620 1.1 mrg if (tree name = ssa_name (ver)) 1621 1.1 mrg { 1622 1.1 mrg print_generic_expr (dump_file, name); 1623 1.1 mrg fputs (" = ", dump_file); 1624 1.1 mrg } 1625 1.1 mrg else 1626 1.1 mrg fprintf (dump_file, " _%u = ", ver); 1627 1.1 mrg 1628 1.1 mrg aref.dump (dump_file); 1629 1.1 mrg } 1630 1.1 mrg 1631 1.1 mrg fputc ('\n', dump_file); 1632 1.1 mrg } 1633 1.1 mrg 1634 1.1 mrg /* A helper of compute_objsize_r() to determine the size from an assignment 1635 1.1 mrg statement STMT with the RHS of either MIN_EXPR or MAX_EXPR. On success 1636 1.1 mrg set PREF->REF to the operand with more or less space remaining, 1637 1.1 mrg respectively, if both refer to the same (sub)object, or to PTR if they 1638 1.1 mrg might not, and return true. Otherwise, if the identity of neither 1639 1.1 mrg operand can be determined, return false. */ 1640 1.1 mrg 1641 1.1 mrg static bool 1642 1.1 mrg handle_min_max_size (tree ptr, int ostype, access_ref *pref, 1643 1.1 mrg ssa_name_limit_t &snlim, pointer_query *qry) 1644 1.1 mrg { 1645 1.1 mrg gimple *stmt = SSA_NAME_DEF_STMT (ptr); 1646 1.1 mrg const tree_code code = gimple_assign_rhs_code (stmt); 1647 1.1 mrg 1648 1.1 mrg /* In a valid MAX_/MIN_EXPR both operands must refer to the same array. 1649 1.1 mrg Determine the size/offset of each and use the one with more or less 1650 1.1 mrg space remaining, respectively. If either fails, use the information 1651 1.1 mrg determined from the other instead, adjusted up or down as appropriate 1652 1.1 mrg for the expression. */ 1653 1.1 mrg access_ref aref[2] = { *pref, *pref }; 1654 1.1 mrg tree arg1 = gimple_assign_rhs1 (stmt); 1655 1.1 mrg if (!compute_objsize_r (arg1, stmt, false, ostype, &aref[0], snlim, qry)) 1656 1.1 mrg { 1657 1.1 mrg aref[0].base0 = false; 1658 1.1 mrg aref[0].offrng[0] = aref[0].offrng[1] = 0; 1659 1.1 mrg aref[0].add_max_offset (); 1660 1.1 mrg aref[0].set_max_size_range (); 1661 1.1 mrg } 1662 1.1 mrg 1663 1.1 mrg tree arg2 = gimple_assign_rhs2 (stmt); 1664 1.1 mrg if (!compute_objsize_r (arg2, stmt, false, ostype, &aref[1], snlim, qry)) 1665 1.1 mrg { 1666 1.1 mrg aref[1].base0 = false; 1667 1.1 mrg aref[1].offrng[0] = aref[1].offrng[1] = 0; 1668 1.1 mrg aref[1].add_max_offset (); 1669 1.1 mrg aref[1].set_max_size_range (); 1670 1.1 mrg } 1671 1.1 mrg 1672 1.1 mrg if (!aref[0].ref && !aref[1].ref) 1673 1.1 mrg /* Fail if the identity of neither argument could be determined. */ 1674 1.1 mrg return false; 1675 1.1 mrg 1676 1.1 mrg bool i0 = false; 1677 1.1 mrg if (aref[0].ref && aref[0].base0) 1678 1.1 mrg { 1679 1.1 mrg if (aref[1].ref && aref[1].base0) 1680 1.1 mrg { 1681 1.1 mrg /* If the object referenced by both arguments has been determined 1682 1.1 mrg set *PREF to the one with more or less space remainng, whichever 1683 1.1 mrg is appopriate for CODE. 1684 1.1 mrg TODO: Indicate when the objects are distinct so it can be 1685 1.1 mrg diagnosed. */ 1686 1.1 mrg i0 = code == MAX_EXPR; 1687 1.1 mrg const bool i1 = !i0; 1688 1.1 mrg 1689 1.1 mrg if (aref[i0].size_remaining () < aref[i1].size_remaining ()) 1690 1.1 mrg *pref = aref[i1]; 1691 1.1 mrg else 1692 1.1 mrg *pref = aref[i0]; 1693 1.1 mrg 1694 1.1 mrg if (aref[i0].ref != aref[i1].ref) 1695 1.1 mrg /* If the operands don't refer to the same (sub)object set 1696 1.1 mrg PREF->REF to the SSA_NAME from which STMT was obtained 1697 1.1 mrg so that both can be identified in a diagnostic. */ 1698 1.1 mrg pref->ref = ptr; 1699 1.1 mrg 1700 1.1 mrg return true; 1701 1.1 mrg } 1702 1.1 mrg 1703 1.1 mrg /* If only the object referenced by one of the arguments could be 1704 1.1 mrg determined, use it and... */ 1705 1.1 mrg *pref = aref[0]; 1706 1.1 mrg i0 = true; 1707 1.1 mrg } 1708 1.1 mrg else 1709 1.1 mrg *pref = aref[1]; 1710 1.1 mrg 1711 1.1 mrg const bool i1 = !i0; 1712 1.1 mrg /* ...see if the offset obtained from the other pointer can be used 1713 1.1 mrg to tighten up the bound on the offset obtained from the first. */ 1714 1.1 mrg if ((code == MAX_EXPR && aref[i1].offrng[1] < aref[i0].offrng[0]) 1715 1.1 mrg || (code == MIN_EXPR && aref[i0].offrng[0] < aref[i1].offrng[1])) 1716 1.1 mrg { 1717 1.1 mrg pref->offrng[0] = aref[i0].offrng[0]; 1718 1.1 mrg pref->offrng[1] = aref[i0].offrng[1]; 1719 1.1 mrg } 1720 1.1 mrg 1721 1.1 mrg /* Replace PTR->REF with the SSA_NAME to indicate the expression 1722 1.1 mrg might not refer to the same (sub)object. */ 1723 1.1 mrg pref->ref = ptr; 1724 1.1 mrg return true; 1725 1.1 mrg } 1726 1.1 mrg 1727 1.1 mrg /* A helper of compute_objsize_r() to determine the size of a DECL. 1728 1.1 mrg Return true on success and (possibly in the future) false on failure. */ 1729 1.1 mrg 1730 1.1 mrg static bool 1731 1.1 mrg handle_decl (tree decl, bool addr, access_ref *pref) 1732 1.1 mrg { 1733 1.1 mrg tree decl_type = TREE_TYPE (decl); 1734 1.1 mrg 1735 1.1 mrg pref->ref = decl; 1736 1.1 mrg 1737 1.1 mrg /* Reset the offset in case it was set by a prior call and not 1738 1.1 mrg cleared by the caller. The offset is only adjusted after 1739 1.1 mrg the identity of the object has been determined. */ 1740 1.1 mrg pref->offrng[0] = pref->offrng[1] = 0; 1741 1.1 mrg 1742 1.1 mrg if (!addr && POINTER_TYPE_P (decl_type)) 1743 1.1 mrg { 1744 1.1 mrg /* Set the maximum size if the reference is to the pointer 1745 1.1 mrg itself (as opposed to what it points to), and clear 1746 1.1 mrg BASE0 since the offset isn't necessarily zero-based. */ 1747 1.1 mrg pref->set_max_size_range (); 1748 1.1 mrg pref->base0 = false; 1749 1.1 mrg return true; 1750 1.1 mrg } 1751 1.1 mrg 1752 1.1 mrg /* Valid offsets into the object are nonnegative. */ 1753 1.1 mrg pref->base0 = true; 1754 1.1 mrg 1755 1.1 mrg if (tree size = decl_init_size (decl, false)) 1756 1.1 mrg if (TREE_CODE (size) == INTEGER_CST) 1757 1.1 mrg { 1758 1.1 mrg pref->sizrng[0] = wi::to_offset (size); 1759 1.1 mrg pref->sizrng[1] = pref->sizrng[0]; 1760 1.1 mrg return true; 1761 1.1 mrg } 1762 1.1 mrg 1763 1.1 mrg pref->set_max_size_range (); 1764 1.1 mrg return true; 1765 1.1 mrg } 1766 1.1 mrg 1767 1.1 mrg /* A helper of compute_objsize_r() to determine the size from ARRAY_REF 1768 1.1 mrg AREF. ADDR is true if PTR is the operand of ADDR_EXPR. Return true 1769 1.1 mrg on success and false on failure. */ 1770 1.1 mrg 1771 1.1 mrg static bool 1772 1.1 mrg handle_array_ref (tree aref, gimple *stmt, bool addr, int ostype, 1773 1.1 mrg access_ref *pref, ssa_name_limit_t &snlim, 1774 1.1 mrg pointer_query *qry) 1775 1.1 mrg { 1776 1.1 mrg gcc_assert (TREE_CODE (aref) == ARRAY_REF); 1777 1.1 mrg 1778 1.1 mrg tree arefop = TREE_OPERAND (aref, 0); 1779 1.1 mrg tree reftype = TREE_TYPE (arefop); 1780 1.1 mrg if (!addr && TREE_CODE (TREE_TYPE (reftype)) == POINTER_TYPE) 1781 1.1 mrg /* Avoid arrays of pointers. FIXME: Hande pointers to arrays 1782 1.1 mrg of known bound. */ 1783 1.1 mrg return false; 1784 1.1 mrg 1785 1.1 mrg if (!compute_objsize_r (arefop, stmt, addr, ostype, pref, snlim, qry)) 1786 1.1 mrg return false; 1787 1.1 mrg 1788 1.1 mrg offset_int orng[2]; 1789 1.1 mrg tree off = pref->eval (TREE_OPERAND (aref, 1)); 1790 1.1 mrg range_query *const rvals = qry ? qry->rvals : NULL; 1791 1.1 mrg if (!get_offset_range (off, stmt, orng, rvals)) 1792 1.1 mrg { 1793 1.1 mrg /* Set ORNG to the maximum offset representable in ptrdiff_t. */ 1794 1.1 mrg orng[1] = wi::to_offset (TYPE_MAX_VALUE (ptrdiff_type_node)); 1795 1.1 mrg orng[0] = -orng[1] - 1; 1796 1.1 mrg } 1797 1.1 mrg 1798 1.1 mrg /* Convert the array index range determined above to a byte 1799 1.1 mrg offset. */ 1800 1.1 mrg tree lowbnd = array_ref_low_bound (aref); 1801 1.1 mrg if (!integer_zerop (lowbnd) && tree_fits_uhwi_p (lowbnd)) 1802 1.1 mrg { 1803 1.1 mrg /* Adjust the index by the low bound of the array domain 1804 1.1 mrg (normally zero but 1 in Fortran). */ 1805 1.1 mrg unsigned HOST_WIDE_INT lb = tree_to_uhwi (lowbnd); 1806 1.1 mrg orng[0] -= lb; 1807 1.1 mrg orng[1] -= lb; 1808 1.1 mrg } 1809 1.1 mrg 1810 1.1 mrg tree eltype = TREE_TYPE (aref); 1811 1.1 mrg tree tpsize = TYPE_SIZE_UNIT (eltype); 1812 1.1 mrg if (!tpsize || TREE_CODE (tpsize) != INTEGER_CST) 1813 1.1 mrg { 1814 1.1 mrg pref->add_max_offset (); 1815 1.1 mrg return true; 1816 1.1 mrg } 1817 1.1 mrg 1818 1.1 mrg offset_int sz = wi::to_offset (tpsize); 1819 1.1 mrg orng[0] *= sz; 1820 1.1 mrg orng[1] *= sz; 1821 1.1 mrg 1822 1.1 mrg if (ostype && TREE_CODE (eltype) == ARRAY_TYPE) 1823 1.1 mrg { 1824 1.1 mrg /* Except for the permissive raw memory functions which use 1825 1.1 mrg the size of the whole object determined above, use the size 1826 1.1 mrg of the referenced array. Because the overall offset is from 1827 1.1 mrg the beginning of the complete array object add this overall 1828 1.1 mrg offset to the size of array. */ 1829 1.1 mrg offset_int sizrng[2] = 1830 1.1 mrg { 1831 1.1 mrg pref->offrng[0] + orng[0] + sz, 1832 1.1 mrg pref->offrng[1] + orng[1] + sz 1833 1.1 mrg }; 1834 1.1 mrg if (sizrng[1] < sizrng[0]) 1835 1.1 mrg std::swap (sizrng[0], sizrng[1]); 1836 1.1 mrg if (sizrng[0] >= 0 && sizrng[0] <= pref->sizrng[0]) 1837 1.1 mrg pref->sizrng[0] = sizrng[0]; 1838 1.1 mrg if (sizrng[1] >= 0 && sizrng[1] <= pref->sizrng[1]) 1839 1.1 mrg pref->sizrng[1] = sizrng[1]; 1840 1.1 mrg } 1841 1.1 mrg 1842 1.1 mrg pref->add_offset (orng[0], orng[1]); 1843 1.1 mrg return true; 1844 1.1 mrg } 1845 1.1 mrg 1846 1.1 mrg /* Given a COMPONENT_REF CREF, set *PREF size to the size of the referenced 1847 1.1 mrg member. */ 1848 1.1 mrg 1849 1.1 mrg static void 1850 1.1 mrg set_component_ref_size (tree cref, access_ref *pref) 1851 1.1 mrg { 1852 1.1 mrg const tree base = TREE_OPERAND (cref, 0); 1853 1.1 mrg const tree base_type = TREE_TYPE (base); 1854 1.1 mrg 1855 1.1 mrg /* SAM is set for array members that might need special treatment. */ 1856 1.1 mrg special_array_member sam; 1857 1.1 mrg tree size = component_ref_size (cref, &sam); 1858 1.1 mrg if (sam == special_array_member::int_0) 1859 1.1 mrg pref->sizrng[0] = pref->sizrng[1] = 0; 1860 1.1 mrg else if (!pref->trail1special && sam == special_array_member::trail_1) 1861 1.1 mrg pref->sizrng[0] = pref->sizrng[1] = 1; 1862 1.1 mrg else if (size && TREE_CODE (size) == INTEGER_CST) 1863 1.1 mrg pref->sizrng[0] = pref->sizrng[1] = wi::to_offset (size); 1864 1.1 mrg else 1865 1.1 mrg { 1866 1.1 mrg /* When the size of the member is unknown it's either a flexible 1867 1.1 mrg array member or a trailing special array member (either zero 1868 1.1 mrg length or one-element). Set the size to the maximum minus 1869 1.1 mrg the constant size of the base object's type. */ 1870 1.1 mrg pref->sizrng[0] = 0; 1871 1.1 mrg pref->sizrng[1] = wi::to_offset (TYPE_MAX_VALUE (ptrdiff_type_node)); 1872 1.1 mrg if (tree base_size = TYPE_SIZE_UNIT (base_type)) 1873 1.1 mrg if (TREE_CODE (base_size) == INTEGER_CST) 1874 1.1 mrg pref->sizrng[1] -= wi::to_offset (base_size); 1875 1.1 mrg } 1876 1.1 mrg } 1877 1.1 mrg 1878 1.1 mrg /* A helper of compute_objsize_r() to determine the size from COMPONENT_REF 1879 1.1 mrg CREF. Return true on success and false on failure. */ 1880 1.1 mrg 1881 1.1 mrg static bool 1882 1.1 mrg handle_component_ref (tree cref, gimple *stmt, bool addr, int ostype, 1883 1.1 mrg access_ref *pref, ssa_name_limit_t &snlim, 1884 1.1 mrg pointer_query *qry) 1885 1.1 mrg { 1886 1.1 mrg gcc_assert (TREE_CODE (cref) == COMPONENT_REF); 1887 1.1 mrg 1888 1.1 mrg const tree base = TREE_OPERAND (cref, 0); 1889 1.1 mrg const tree field = TREE_OPERAND (cref, 1); 1890 1.1 mrg access_ref base_ref = *pref; 1891 1.1 mrg 1892 1.1 mrg /* Unconditionally determine the size of the base object (it could 1893 1.1 mrg be smaller than the referenced member when the object is stored 1894 1.1 mrg in a buffer with an insufficient size). */ 1895 1.1 mrg if (!compute_objsize_r (base, stmt, addr, 0, &base_ref, snlim, qry)) 1896 1.1 mrg return false; 1897 1.1 mrg 1898 1.1 mrg /* Add the offset of the member to the offset into the object computed 1899 1.1 mrg so far. */ 1900 1.1 mrg tree offset = byte_position (field); 1901 1.1 mrg if (TREE_CODE (offset) == INTEGER_CST) 1902 1.1 mrg base_ref.add_offset (wi::to_offset (offset)); 1903 1.1 mrg else 1904 1.1 mrg base_ref.add_max_offset (); 1905 1.1 mrg 1906 1.1 mrg if (!base_ref.ref) 1907 1.1 mrg /* PREF->REF may have been already set to an SSA_NAME earlier 1908 1.1 mrg to provide better context for diagnostics. In that case, 1909 1.1 mrg leave it unchanged. */ 1910 1.1 mrg base_ref.ref = base; 1911 1.1 mrg 1912 1.1 mrg const tree base_type = TREE_TYPE (base); 1913 1.1 mrg if (TREE_CODE (base_type) == UNION_TYPE) 1914 1.1 mrg /* In accesses through union types consider the entire unions 1915 1.1 mrg rather than just their members. */ 1916 1.1 mrg ostype = 0; 1917 1.1 mrg 1918 1.1 mrg if (ostype == 0) 1919 1.1 mrg { 1920 1.1 mrg /* In OSTYPE zero (for raw memory functions like memcpy), use 1921 1.1 mrg the maximum size instead if the identity of the enclosing 1922 1.1 mrg object cannot be determined. */ 1923 1.1 mrg *pref = base_ref; 1924 1.1 mrg return true; 1925 1.1 mrg } 1926 1.1 mrg 1927 1.1 mrg pref->ref = field; 1928 1.1 mrg 1929 1.1 mrg if (!addr && POINTER_TYPE_P (TREE_TYPE (field))) 1930 1.1 mrg { 1931 1.1 mrg /* Set maximum size if the reference is to the pointer member 1932 1.1 mrg itself (as opposed to what it points to). */ 1933 1.1 mrg pref->set_max_size_range (); 1934 1.1 mrg return true; 1935 1.1 mrg } 1936 1.1 mrg 1937 1.1 mrg set_component_ref_size (cref, pref); 1938 1.1 mrg 1939 1.1 mrg if (base_ref.size_remaining () < pref->size_remaining ()) 1940 1.1 mrg /* Use the base object if it's smaller than the member. */ 1941 1.1 mrg *pref = base_ref; 1942 1.1 mrg 1943 1.1 mrg return true; 1944 1.1 mrg } 1945 1.1 mrg 1946 1.1 mrg /* A helper of compute_objsize_r() to determine the size from MEM_REF 1947 1.1 mrg MREF. Return true on success and false on failure. */ 1948 1.1 mrg 1949 1.1 mrg static bool 1950 1.1 mrg handle_mem_ref (tree mref, gimple *stmt, int ostype, access_ref *pref, 1951 1.1 mrg ssa_name_limit_t &snlim, pointer_query *qry) 1952 1.1 mrg { 1953 1.1 mrg gcc_assert (TREE_CODE (mref) == MEM_REF); 1954 1.1 mrg 1955 1.1 mrg tree mreftype = TYPE_MAIN_VARIANT (TREE_TYPE (mref)); 1956 1.1 mrg if (VECTOR_TYPE_P (mreftype)) 1957 1.1 mrg { 1958 1.1 mrg /* Hack: Handle MEM_REFs of vector types as those to complete 1959 1.1 mrg objects; those may be synthesized from multiple assignments 1960 1.1 mrg to consecutive data members (see PR 93200 and 96963). 1961 1.1 mrg FIXME: Vectorized assignments should only be present after 1962 1.1 mrg vectorization so this hack is only necessary after it has 1963 1.1 mrg run and could be avoided in calls from prior passes (e.g., 1964 1.1 mrg tree-ssa-strlen.cc). 1965 1.1 mrg FIXME: Deal with this more generally, e.g., by marking up 1966 1.1 mrg such MEM_REFs at the time they're created. */ 1967 1.1 mrg ostype = 0; 1968 1.1 mrg } 1969 1.1 mrg 1970 1.1 mrg tree mrefop = TREE_OPERAND (mref, 0); 1971 1.1 mrg if (!compute_objsize_r (mrefop, stmt, false, ostype, pref, snlim, qry)) 1972 1.1 mrg return false; 1973 1.1 mrg 1974 1.1 mrg ++pref->deref; 1975 1.1 mrg 1976 1.1 mrg offset_int orng[2]; 1977 1.1 mrg tree off = pref->eval (TREE_OPERAND (mref, 1)); 1978 1.1 mrg range_query *const rvals = qry ? qry->rvals : NULL; 1979 1.1 mrg if (!get_offset_range (off, stmt, orng, rvals)) 1980 1.1 mrg { 1981 1.1 mrg /* Set ORNG to the maximum offset representable in ptrdiff_t. */ 1982 1.1 mrg orng[1] = wi::to_offset (TYPE_MAX_VALUE (ptrdiff_type_node)); 1983 1.1 mrg orng[0] = -orng[1] - 1; 1984 1.1 mrg } 1985 1.1 mrg 1986 1.1 mrg pref->add_offset (orng[0], orng[1]); 1987 1.1 mrg return true; 1988 1.1 mrg } 1989 1.1 mrg 1990 1.1 mrg /* A helper of compute_objsize_r() to determine the size from SSA_NAME 1991 1.1 mrg PTR. Return true on success and false on failure. */ 1992 1.1 mrg 1993 1.1 mrg static bool 1994 1.1 mrg handle_ssa_name (tree ptr, bool addr, int ostype, 1995 1.1 mrg access_ref *pref, ssa_name_limit_t &snlim, 1996 1.1 mrg pointer_query *qry) 1997 1.1 mrg { 1998 1.1 mrg if (!snlim.next ()) 1999 1.1 mrg return false; 2000 1.1 mrg 2001 1.1 mrg /* Only process an SSA_NAME if the recursion limit has not yet 2002 1.1 mrg been reached. */ 2003 1.1 mrg if (qry) 2004 1.1 mrg { 2005 1.1 mrg if (++qry->depth > qry->max_depth) 2006 1.1 mrg qry->max_depth = qry->depth; 2007 1.1 mrg if (const access_ref *cache_ref = qry->get_ref (ptr, ostype)) 2008 1.1 mrg { 2009 1.1 mrg /* Add the number of DEREFerences accummulated so far. */ 2010 1.1 mrg const int deref = pref->deref; 2011 1.1 mrg *pref = *cache_ref; 2012 1.1 mrg pref->deref += deref; 2013 1.1 mrg return true; 2014 1.1 mrg } 2015 1.1 mrg } 2016 1.1 mrg 2017 1.1 mrg gimple *stmt = SSA_NAME_DEF_STMT (ptr); 2018 1.1 mrg if (is_gimple_call (stmt)) 2019 1.1 mrg { 2020 1.1 mrg /* If STMT is a call to an allocation function get the size 2021 1.1 mrg from its argument(s). If successful, also set *PREF->REF 2022 1.1 mrg to PTR for the caller to include in diagnostics. */ 2023 1.1 mrg wide_int wr[2]; 2024 1.1 mrg range_query *const rvals = qry ? qry->rvals : NULL; 2025 1.1 mrg if (gimple_call_alloc_size (stmt, wr, rvals)) 2026 1.1 mrg { 2027 1.1 mrg pref->ref = ptr; 2028 1.1 mrg pref->sizrng[0] = offset_int::from (wr[0], UNSIGNED); 2029 1.1 mrg pref->sizrng[1] = offset_int::from (wr[1], UNSIGNED); 2030 1.1 mrg /* Constrain both bounds to a valid size. */ 2031 1.1 mrg offset_int maxsize = wi::to_offset (max_object_size ()); 2032 1.1 mrg if (pref->sizrng[0] > maxsize) 2033 1.1 mrg pref->sizrng[0] = maxsize; 2034 1.1 mrg if (pref->sizrng[1] > maxsize) 2035 1.1 mrg pref->sizrng[1] = maxsize; 2036 1.1 mrg } 2037 1.1 mrg else 2038 1.1 mrg { 2039 1.1 mrg /* For functions known to return one of their pointer arguments 2040 1.1 mrg try to determine what the returned pointer points to, and on 2041 1.1 mrg success add OFFRNG which was set to the offset added by 2042 1.1 mrg the function (e.g., memchr) to the overall offset. */ 2043 1.1 mrg bool past_end; 2044 1.1 mrg offset_int offrng[2]; 2045 1.1 mrg if (tree ret = gimple_call_return_array (stmt, offrng, &past_end, 2046 1.1 mrg snlim, qry)) 2047 1.1 mrg { 2048 1.1 mrg if (!compute_objsize_r (ret, stmt, addr, ostype, pref, snlim, qry)) 2049 1.1 mrg return false; 2050 1.1 mrg 2051 1.1 mrg /* Cap OFFRNG[1] to at most the remaining size of 2052 1.1 mrg the object. */ 2053 1.1 mrg offset_int remrng[2]; 2054 1.1 mrg remrng[1] = pref->size_remaining (remrng); 2055 1.1 mrg if (remrng[1] != 0 && !past_end) 2056 1.1 mrg /* Decrement the size for functions that never return 2057 1.1 mrg a past-the-end pointer. */ 2058 1.1 mrg remrng[1] -= 1; 2059 1.1 mrg 2060 1.1 mrg if (remrng[1] < offrng[1]) 2061 1.1 mrg offrng[1] = remrng[1]; 2062 1.1 mrg pref->add_offset (offrng[0], offrng[1]); 2063 1.1 mrg } 2064 1.1 mrg else 2065 1.1 mrg { 2066 1.1 mrg /* For other calls that might return arbitrary pointers 2067 1.1 mrg including into the middle of objects set the size 2068 1.1 mrg range to maximum, clear PREF->BASE0, and also set 2069 1.1 mrg PREF->REF to include in diagnostics. */ 2070 1.1 mrg pref->set_max_size_range (); 2071 1.1 mrg pref->base0 = false; 2072 1.1 mrg pref->ref = ptr; 2073 1.1 mrg } 2074 1.1 mrg } 2075 1.1 mrg qry->put_ref (ptr, *pref, ostype); 2076 1.1 mrg return true; 2077 1.1 mrg } 2078 1.1 mrg 2079 1.1 mrg if (gimple_nop_p (stmt)) 2080 1.1 mrg { 2081 1.1 mrg /* For a function argument try to determine the byte size 2082 1.1 mrg of the array from the current function declaratation 2083 1.1 mrg (e.g., attribute access or related). */ 2084 1.1 mrg wide_int wr[2]; 2085 1.1 mrg bool static_array = false; 2086 1.1 mrg if (tree ref = gimple_parm_array_size (ptr, wr, &static_array)) 2087 1.1 mrg { 2088 1.1 mrg pref->parmarray = !static_array; 2089 1.1 mrg pref->sizrng[0] = offset_int::from (wr[0], UNSIGNED); 2090 1.1 mrg pref->sizrng[1] = offset_int::from (wr[1], UNSIGNED); 2091 1.1 mrg pref->ref = ref; 2092 1.1 mrg qry->put_ref (ptr, *pref, ostype); 2093 1.1 mrg return true; 2094 1.1 mrg } 2095 1.1 mrg 2096 1.1 mrg pref->set_max_size_range (); 2097 1.1 mrg pref->base0 = false; 2098 1.1 mrg pref->ref = ptr; 2099 1.1 mrg qry->put_ref (ptr, *pref, ostype); 2100 1.1 mrg return true; 2101 1.1 mrg } 2102 1.1 mrg 2103 1.1 mrg if (gimple_code (stmt) == GIMPLE_PHI) 2104 1.1 mrg { 2105 1.1 mrg /* Pass PTR to get_ref() via PREF. If all PHI arguments refer 2106 1.1 mrg to the same object the function will replace it with it. */ 2107 1.1 mrg pref->ref = ptr; 2108 1.1 mrg access_ref phi_ref = *pref; 2109 1.1 mrg if (!pref->get_ref (NULL, &phi_ref, ostype, &snlim, qry)) 2110 1.1 mrg return false; 2111 1.1 mrg *pref = phi_ref; 2112 1.1 mrg qry->put_ref (ptr, *pref, ostype); 2113 1.1 mrg return true; 2114 1.1 mrg } 2115 1.1 mrg 2116 1.1 mrg if (!is_gimple_assign (stmt)) 2117 1.1 mrg { 2118 1.1 mrg /* Clear BASE0 since the assigned pointer might point into 2119 1.1 mrg the middle of the object, set the maximum size range and, 2120 1.1 mrg if the SSA_NAME refers to a function argumnent, set 2121 1.1 mrg PREF->REF to it. */ 2122 1.1 mrg pref->base0 = false; 2123 1.1 mrg pref->set_max_size_range (); 2124 1.1 mrg pref->ref = ptr; 2125 1.1 mrg return true; 2126 1.1 mrg } 2127 1.1 mrg 2128 1.1 mrg tree_code code = gimple_assign_rhs_code (stmt); 2129 1.1 mrg 2130 1.1 mrg if (code == MAX_EXPR || code == MIN_EXPR) 2131 1.1 mrg { 2132 1.1 mrg if (!handle_min_max_size (ptr, ostype, pref, snlim, qry)) 2133 1.1 mrg return false; 2134 1.1 mrg 2135 1.1 mrg qry->put_ref (ptr, *pref, ostype); 2136 1.1 mrg return true; 2137 1.1 mrg } 2138 1.1 mrg 2139 1.1 mrg tree rhs = gimple_assign_rhs1 (stmt); 2140 1.1 mrg 2141 1.1 mrg if (code == ASSERT_EXPR) 2142 1.1 mrg { 2143 1.1 mrg rhs = TREE_OPERAND (rhs, 0); 2144 1.1 mrg return compute_objsize_r (rhs, stmt, addr, ostype, pref, snlim, qry); 2145 1.1 mrg } 2146 1.1 mrg 2147 1.1 mrg if (code == POINTER_PLUS_EXPR 2148 1.1 mrg && TREE_CODE (TREE_TYPE (rhs)) == POINTER_TYPE) 2149 1.1 mrg { 2150 1.1 mrg /* Compute the size of the object first. */ 2151 1.1 mrg if (!compute_objsize_r (rhs, stmt, addr, ostype, pref, snlim, qry)) 2152 1.1 mrg return false; 2153 1.1 mrg 2154 1.1 mrg offset_int orng[2]; 2155 1.1 mrg tree off = gimple_assign_rhs2 (stmt); 2156 1.1 mrg range_query *const rvals = qry ? qry->rvals : NULL; 2157 1.1 mrg if (get_offset_range (off, stmt, orng, rvals)) 2158 1.1 mrg pref->add_offset (orng[0], orng[1]); 2159 1.1 mrg else 2160 1.1 mrg pref->add_max_offset (); 2161 1.1 mrg 2162 1.1 mrg qry->put_ref (ptr, *pref, ostype); 2163 1.1 mrg return true; 2164 1.1 mrg } 2165 1.1 mrg 2166 1.1 mrg if (code == ADDR_EXPR || code == SSA_NAME) 2167 1.1 mrg { 2168 1.1 mrg if (!compute_objsize_r (rhs, stmt, addr, ostype, pref, snlim, qry)) 2169 1.1 mrg return false; 2170 1.1 mrg qry->put_ref (ptr, *pref, ostype); 2171 1.1 mrg return true; 2172 1.1 mrg } 2173 1.1 mrg 2174 1.1 mrg if (ostype > 1 && POINTER_TYPE_P (TREE_TYPE (rhs))) 2175 1.1 mrg { 2176 1.1 mrg /* When determining the qualifiers follow the pointer but 2177 1.1 mrg avoid caching the result. As the pointer is added to 2178 1.1 mrg and/or dereferenced the computed size and offset need 2179 1.1 mrg not be meaningful for other queries involving the same 2180 1.1 mrg pointer. */ 2181 1.1 mrg if (!compute_objsize_r (rhs, stmt, addr, ostype, pref, snlim, qry)) 2182 1.1 mrg return false; 2183 1.1 mrg 2184 1.1 mrg rhs = pref->ref; 2185 1.1 mrg } 2186 1.1 mrg 2187 1.1 mrg /* (This could also be an assignment from a nonlocal pointer.) Save 2188 1.1 mrg PTR to mention in diagnostics but otherwise treat it as a pointer 2189 1.1 mrg to an unknown object. */ 2190 1.1 mrg pref->ref = rhs; 2191 1.1 mrg pref->base0 = false; 2192 1.1 mrg pref->set_max_size_range (); 2193 1.1 mrg return true; 2194 1.1 mrg } 2195 1.1 mrg 2196 1.1 mrg /* Helper to compute the size of the object referenced by the PTR 2197 1.1 mrg expression which must have pointer type, using Object Size type 2198 1.1 mrg OSTYPE (only the least significant 2 bits are used). 2199 1.1 mrg On success, sets PREF->REF to the DECL of the referenced object 2200 1.1 mrg if it's unique, otherwise to null, PREF->OFFRNG to the range of 2201 1.1 mrg offsets into it, and PREF->SIZRNG to the range of sizes of 2202 1.1 mrg the object(s). 2203 1.1 mrg ADDR is true for an enclosing ADDR_EXPR. 2204 1.1 mrg SNLIM is used to avoid visiting the same PHI operand multiple 2205 1.1 mrg times, and, when nonnull, RVALS to determine range information. 2206 1.1 mrg Returns true on success, false when a meaningful size (or range) 2207 1.1 mrg cannot be determined. 2208 1.1 mrg 2209 1.1 mrg The function is intended for diagnostics and should not be used 2210 1.1 mrg to influence code generation or optimization. */ 2211 1.1 mrg 2212 1.1 mrg static bool 2213 1.1 mrg compute_objsize_r (tree ptr, gimple *stmt, bool addr, int ostype, 2214 1.1 mrg access_ref *pref, ssa_name_limit_t &snlim, 2215 1.1 mrg pointer_query *qry) 2216 1.1 mrg { 2217 1.1 mrg STRIP_NOPS (ptr); 2218 1.1 mrg 2219 1.1 mrg if (DECL_P (ptr)) 2220 1.1 mrg return handle_decl (ptr, addr, pref); 2221 1.1 mrg 2222 1.1 mrg switch (TREE_CODE (ptr)) 2223 1.1 mrg { 2224 1.1 mrg case ADDR_EXPR: 2225 1.1 mrg { 2226 1.1 mrg tree ref = TREE_OPERAND (ptr, 0); 2227 1.1 mrg if (!compute_objsize_r (ref, stmt, true, ostype, pref, snlim, qry)) 2228 1.1 mrg return false; 2229 1.1 mrg 2230 1.1 mrg --pref->deref; 2231 1.1 mrg return true; 2232 1.1 mrg } 2233 1.1 mrg 2234 1.1 mrg case BIT_FIELD_REF: 2235 1.1 mrg { 2236 1.1 mrg tree ref = TREE_OPERAND (ptr, 0); 2237 1.1 mrg if (!compute_objsize_r (ref, stmt, addr, ostype, pref, snlim, qry)) 2238 1.1 mrg return false; 2239 1.1 mrg 2240 1.1 mrg offset_int off = wi::to_offset (pref->eval (TREE_OPERAND (ptr, 2))); 2241 1.1 mrg pref->add_offset (off / BITS_PER_UNIT); 2242 1.1 mrg return true; 2243 1.1 mrg } 2244 1.1 mrg 2245 1.1 mrg case ARRAY_REF: 2246 1.1 mrg return handle_array_ref (ptr, stmt, addr, ostype, pref, snlim, qry); 2247 1.1 mrg 2248 1.1 mrg case COMPONENT_REF: 2249 1.1 mrg return handle_component_ref (ptr, stmt, addr, ostype, pref, snlim, qry); 2250 1.1 mrg 2251 1.1 mrg case MEM_REF: 2252 1.1 mrg return handle_mem_ref (ptr, stmt, ostype, pref, snlim, qry); 2253 1.1 mrg 2254 1.1 mrg case TARGET_MEM_REF: 2255 1.1 mrg { 2256 1.1 mrg tree ref = TREE_OPERAND (ptr, 0); 2257 1.1 mrg if (!compute_objsize_r (ref, stmt, addr, ostype, pref, snlim, qry)) 2258 1.1 mrg return false; 2259 1.1 mrg 2260 1.1 mrg /* TODO: Handle remaining operands. Until then, add maximum offset. */ 2261 1.1 mrg pref->ref = ptr; 2262 1.1 mrg pref->add_max_offset (); 2263 1.1 mrg return true; 2264 1.1 mrg } 2265 1.1 mrg 2266 1.1 mrg case INTEGER_CST: 2267 1.1 mrg /* Pointer constants other than null smaller than param_min_pagesize 2268 1.1 mrg might be the result of erroneous null pointer addition/subtraction. 2269 1.1 mrg Unless zero is a valid address set size to zero. For null pointers, 2270 1.1 mrg set size to the maximum for now since those may be the result of 2271 1.1 mrg jump threading. Similarly, for values >= param_min_pagesize in 2272 1.1 mrg order to support (type *) 0x7cdeab00. */ 2273 1.1 mrg if (integer_zerop (ptr) 2274 1.1 mrg || wi::to_widest (ptr) >= param_min_pagesize) 2275 1.1 mrg pref->set_max_size_range (); 2276 1.1 mrg else if (POINTER_TYPE_P (TREE_TYPE (ptr))) 2277 1.1 mrg { 2278 1.1 mrg tree deref_type = TREE_TYPE (TREE_TYPE (ptr)); 2279 1.1 mrg addr_space_t as = TYPE_ADDR_SPACE (deref_type); 2280 1.1 mrg if (targetm.addr_space.zero_address_valid (as)) 2281 1.1 mrg pref->set_max_size_range (); 2282 1.1 mrg else 2283 1.1 mrg pref->sizrng[0] = pref->sizrng[1] = 0; 2284 1.1 mrg } 2285 1.1 mrg else 2286 1.1 mrg pref->sizrng[0] = pref->sizrng[1] = 0; 2287 1.1 mrg 2288 1.1 mrg pref->ref = ptr; 2289 1.1 mrg return true; 2290 1.1 mrg 2291 1.1 mrg case STRING_CST: 2292 1.1 mrg pref->sizrng[0] = pref->sizrng[1] = TREE_STRING_LENGTH (ptr); 2293 1.1 mrg pref->ref = ptr; 2294 1.1 mrg return true; 2295 1.1 mrg 2296 1.1 mrg case POINTER_PLUS_EXPR: 2297 1.1 mrg { 2298 1.1 mrg tree ref = TREE_OPERAND (ptr, 0); 2299 1.1 mrg if (!compute_objsize_r (ref, stmt, addr, ostype, pref, snlim, qry)) 2300 1.1 mrg return false; 2301 1.1 mrg 2302 1.1 mrg /* The below only makes sense if the offset is being applied to the 2303 1.1 mrg address of the object. */ 2304 1.1 mrg if (pref->deref != -1) 2305 1.1 mrg return false; 2306 1.1 mrg 2307 1.1 mrg offset_int orng[2]; 2308 1.1 mrg tree off = pref->eval (TREE_OPERAND (ptr, 1)); 2309 1.1 mrg if (get_offset_range (off, stmt, orng, qry->rvals)) 2310 1.1 mrg pref->add_offset (orng[0], orng[1]); 2311 1.1 mrg else 2312 1.1 mrg pref->add_max_offset (); 2313 1.1 mrg return true; 2314 1.1 mrg } 2315 1.1 mrg 2316 1.1 mrg case VIEW_CONVERT_EXPR: 2317 1.1 mrg ptr = TREE_OPERAND (ptr, 0); 2318 1.1 mrg return compute_objsize_r (ptr, stmt, addr, ostype, pref, snlim, qry); 2319 1.1 mrg 2320 1.1 mrg case SSA_NAME: 2321 1.1 mrg return handle_ssa_name (ptr, addr, ostype, pref, snlim, qry); 2322 1.1 mrg 2323 1.1 mrg default: 2324 1.1 mrg break; 2325 1.1 mrg } 2326 1.1 mrg 2327 1.1 mrg /* Assume all other expressions point into an unknown object 2328 1.1 mrg of the maximum valid size. */ 2329 1.1 mrg pref->ref = ptr; 2330 1.1 mrg pref->base0 = false; 2331 1.1 mrg pref->set_max_size_range (); 2332 1.1 mrg if (TREE_CODE (ptr) == SSA_NAME) 2333 1.1 mrg qry->put_ref (ptr, *pref); 2334 1.1 mrg return true; 2335 1.1 mrg } 2336 1.1 mrg 2337 1.1 mrg /* A "public" wrapper around the above. Clients should use this overload 2338 1.1 mrg instead. */ 2339 1.1 mrg 2340 1.1 mrg tree 2341 1.1 mrg compute_objsize (tree ptr, gimple *stmt, int ostype, access_ref *pref, 2342 1.1 mrg pointer_query *ptr_qry) 2343 1.1 mrg { 2344 1.1 mrg pointer_query qry; 2345 1.1 mrg if (ptr_qry) 2346 1.1 mrg ptr_qry->depth = 0; 2347 1.1 mrg else 2348 1.1 mrg ptr_qry = &qry; 2349 1.1 mrg 2350 1.1 mrg /* Clear and invalidate in case *PREF is being reused. */ 2351 1.1 mrg pref->offrng[0] = pref->offrng[1] = 0; 2352 1.1 mrg pref->sizrng[0] = pref->sizrng[1] = -1; 2353 1.1 mrg 2354 1.1 mrg ssa_name_limit_t snlim; 2355 1.1 mrg if (!compute_objsize_r (ptr, stmt, false, ostype, pref, snlim, ptr_qry)) 2356 1.1 mrg return NULL_TREE; 2357 1.1 mrg 2358 1.1 mrg offset_int maxsize = pref->size_remaining (); 2359 1.1 mrg if (pref->base0 && pref->offrng[0] < 0 && pref->offrng[1] >= 0) 2360 1.1 mrg pref->offrng[0] = 0; 2361 1.1 mrg return wide_int_to_tree (sizetype, maxsize); 2362 1.1 mrg } 2363 1.1 mrg 2364 1.1 mrg /* Transitional wrapper. The function should be removed once callers 2365 1.1 mrg transition to the pointer_query API. */ 2366 1.1 mrg 2367 1.1 mrg tree 2368 1.1 mrg compute_objsize (tree ptr, gimple *stmt, int ostype, access_ref *pref, 2369 1.1 mrg range_query *rvals /* = NULL */) 2370 1.1 mrg { 2371 1.1 mrg pointer_query qry; 2372 1.1 mrg qry.rvals = rvals; 2373 1.1 mrg return compute_objsize (ptr, stmt, ostype, pref, &qry); 2374 1.1 mrg } 2375 1.1 mrg 2376 1.1 mrg /* Legacy wrapper around the above. The function should be removed 2377 1.1 mrg once callers transition to one of the two above. */ 2378 1.1 mrg 2379 1.1 mrg tree 2380 1.1 mrg compute_objsize (tree ptr, gimple *stmt, int ostype, tree *pdecl /* = NULL */, 2381 1.1 mrg tree *poff /* = NULL */, range_query *rvals /* = NULL */) 2382 1.1 mrg { 2383 1.1 mrg /* Set the initial offsets to zero and size to negative to indicate 2384 1.1 mrg none has been computed yet. */ 2385 1.1 mrg access_ref ref; 2386 1.1 mrg tree size = compute_objsize (ptr, stmt, ostype, &ref, rvals); 2387 1.1 mrg if (!size || !ref.base0) 2388 1.1 mrg return NULL_TREE; 2389 1.1 mrg 2390 1.1 mrg if (pdecl) 2391 1.1 mrg *pdecl = ref.ref; 2392 1.1 mrg 2393 1.1 mrg if (poff) 2394 1.1 mrg *poff = wide_int_to_tree (ptrdiff_type_node, ref.offrng[ref.offrng[0] < 0]); 2395 1.1 mrg 2396 1.1 mrg return size; 2397 1.1 mrg } 2398 1.1 mrg 2399 1.1 mrg /* Determine the offset *FLDOFF of the first byte of a struct member 2400 1.1 mrg of TYPE (possibly recursively) into which the byte offset OFF points, 2401 1.1 mrg starting after the field START_AFTER if it's non-null. On success, 2402 1.1 mrg if nonnull, set *FLDOFF to the offset of the first byte, and return 2403 1.1 mrg the field decl. If nonnull, set *NEXTOFF to the offset of the next 2404 1.1 mrg field (which reflects any padding between the returned field and 2405 1.1 mrg the next). Otherwise, if no such member can be found, return null. */ 2406 1.1 mrg 2407 1.1 mrg tree 2408 1.1 mrg field_at_offset (tree type, tree start_after, HOST_WIDE_INT off, 2409 1.1 mrg HOST_WIDE_INT *fldoff /* = nullptr */, 2410 1.1 mrg HOST_WIDE_INT *nextoff /* = nullptr */) 2411 1.1 mrg { 2412 1.1 mrg tree first_fld = TYPE_FIELDS (type); 2413 1.1 mrg 2414 1.1 mrg HOST_WIDE_INT offbuf = 0, nextbuf = 0; 2415 1.1 mrg if (!fldoff) 2416 1.1 mrg fldoff = &offbuf; 2417 1.1 mrg if (!nextoff) 2418 1.1 mrg nextoff = &nextbuf; 2419 1.1 mrg 2420 1.1 mrg *nextoff = 0; 2421 1.1 mrg 2422 1.1 mrg /* The field to return. */ 2423 1.1 mrg tree last_fld = NULL_TREE; 2424 1.1 mrg /* The next field to advance to. */ 2425 1.1 mrg tree next_fld = NULL_TREE; 2426 1.1 mrg 2427 1.1 mrg /* NEXT_FLD's cached offset. */ 2428 1.1 mrg HOST_WIDE_INT next_pos = -1; 2429 1.1 mrg 2430 1.1 mrg for (tree fld = first_fld; fld; fld = next_fld) 2431 1.1 mrg { 2432 1.1 mrg next_fld = fld; 2433 1.1 mrg do 2434 1.1 mrg /* Advance to the next relevant data member. */ 2435 1.1 mrg next_fld = TREE_CHAIN (next_fld); 2436 1.1 mrg while (next_fld 2437 1.1 mrg && (TREE_CODE (next_fld) != FIELD_DECL 2438 1.1 mrg || DECL_ARTIFICIAL (next_fld))); 2439 1.1 mrg 2440 1.1 mrg if (TREE_CODE (fld) != FIELD_DECL || DECL_ARTIFICIAL (fld)) 2441 1.1 mrg continue; 2442 1.1 mrg 2443 1.1 mrg if (fld == start_after) 2444 1.1 mrg continue; 2445 1.1 mrg 2446 1.1 mrg tree fldtype = TREE_TYPE (fld); 2447 1.1 mrg /* The offset of FLD within its immediately enclosing structure. */ 2448 1.1 mrg HOST_WIDE_INT fldpos = next_pos < 0 ? int_byte_position (fld) : next_pos; 2449 1.1 mrg 2450 1.1 mrg tree typesize = TYPE_SIZE_UNIT (fldtype); 2451 1.1 mrg if (typesize && TREE_CODE (typesize) != INTEGER_CST) 2452 1.1 mrg /* Bail if FLD is a variable length member. */ 2453 1.1 mrg return NULL_TREE; 2454 1.1 mrg 2455 1.1 mrg /* If the size is not available the field is a flexible array 2456 1.1 mrg member. Treat this case as success. */ 2457 1.1 mrg HOST_WIDE_INT fldsize = (tree_fits_uhwi_p (typesize) 2458 1.1 mrg ? tree_to_uhwi (typesize) 2459 1.1 mrg : off); 2460 1.1 mrg 2461 1.1 mrg /* If OFF is beyond the end of the current field continue. */ 2462 1.1 mrg HOST_WIDE_INT fldend = fldpos + fldsize; 2463 1.1 mrg if (fldend < off) 2464 1.1 mrg continue; 2465 1.1 mrg 2466 1.1 mrg if (next_fld) 2467 1.1 mrg { 2468 1.1 mrg /* If OFF is equal to the offset of the next field continue 2469 1.1 mrg to it and skip the array/struct business below. */ 2470 1.1 mrg tree pos = byte_position (next_fld); 2471 1.1 mrg if (!tree_fits_shwi_p (pos)) 2472 1.1 mrg /* Bail if NEXT_FLD is a variable length member. */ 2473 1.1 mrg return NULL_TREE; 2474 1.1 mrg next_pos = tree_to_shwi (pos); 2475 1.1 mrg *nextoff = *fldoff + next_pos; 2476 1.1 mrg if (*nextoff == off && TREE_CODE (type) != UNION_TYPE) 2477 1.1 mrg continue; 2478 1.1 mrg } 2479 1.1 mrg else 2480 1.1 mrg *nextoff = HOST_WIDE_INT_MAX; 2481 1.1 mrg 2482 1.1 mrg /* OFF refers somewhere into the current field or just past its end, 2483 1.1 mrg which could mean it refers to the next field. */ 2484 1.1 mrg if (TREE_CODE (fldtype) == ARRAY_TYPE) 2485 1.1 mrg { 2486 1.1 mrg /* Will be set to the offset of the first byte of the array 2487 1.1 mrg element (which may be an array) of FLDTYPE into which 2488 1.1 mrg OFF - FLDPOS points (which may be past ELTOFF). */ 2489 1.1 mrg HOST_WIDE_INT eltoff = 0; 2490 1.1 mrg if (tree ft = array_elt_at_offset (fldtype, off - fldpos, &eltoff)) 2491 1.1 mrg fldtype = ft; 2492 1.1 mrg else 2493 1.1 mrg continue; 2494 1.1 mrg 2495 1.1 mrg /* Advance the position to include the array element above. 2496 1.1 mrg If OFF - FLPOS refers to a member of FLDTYPE, the member 2497 1.1 mrg will be determined below. */ 2498 1.1 mrg fldpos += eltoff; 2499 1.1 mrg } 2500 1.1 mrg 2501 1.1 mrg *fldoff += fldpos; 2502 1.1 mrg 2503 1.1 mrg if (TREE_CODE (fldtype) == RECORD_TYPE) 2504 1.1 mrg /* Drill down into the current field if it's a struct. */ 2505 1.1 mrg fld = field_at_offset (fldtype, start_after, off - fldpos, 2506 1.1 mrg fldoff, nextoff); 2507 1.1 mrg 2508 1.1 mrg last_fld = fld; 2509 1.1 mrg 2510 1.1 mrg /* Unless the offset is just past the end of the field return it. 2511 1.1 mrg Otherwise save it and return it only if the offset of the next 2512 1.1 mrg next field is greater (i.e., there is padding between the two) 2513 1.1 mrg or if there is no next field. */ 2514 1.1 mrg if (off < fldend) 2515 1.1 mrg break; 2516 1.1 mrg } 2517 1.1 mrg 2518 1.1 mrg if (*nextoff == HOST_WIDE_INT_MAX && next_fld) 2519 1.1 mrg *nextoff = next_pos; 2520 1.1 mrg 2521 1.1 mrg return last_fld; 2522 1.1 mrg } 2523 1.1 mrg 2524 1.1 mrg /* Determine the offset *ELTOFF of the first byte of the array element 2525 1.1 mrg of array ARTYPE into which the byte offset OFF points. On success 2526 1.1 mrg set *ELTOFF to the offset of the first byte and return type. 2527 1.1 mrg Otherwise, if no such element can be found, return null. */ 2528 1.1 mrg 2529 1.1 mrg tree 2530 1.1 mrg array_elt_at_offset (tree artype, HOST_WIDE_INT off, 2531 1.1 mrg HOST_WIDE_INT *eltoff /* = nullptr */, 2532 1.1 mrg HOST_WIDE_INT *subar_size /* = nullptr */) 2533 1.1 mrg { 2534 1.1 mrg gcc_assert (TREE_CODE (artype) == ARRAY_TYPE); 2535 1.1 mrg 2536 1.1 mrg HOST_WIDE_INT dummy; 2537 1.1 mrg if (!eltoff) 2538 1.1 mrg eltoff = &dummy; 2539 1.1 mrg if (!subar_size) 2540 1.1 mrg subar_size = &dummy; 2541 1.1 mrg 2542 1.1 mrg tree eltype = artype; 2543 1.1 mrg while (TREE_CODE (TREE_TYPE (eltype)) == ARRAY_TYPE) 2544 1.1 mrg eltype = TREE_TYPE (eltype); 2545 1.1 mrg 2546 1.1 mrg tree subartype = eltype; 2547 1.1 mrg if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (eltype)) 2548 1.1 mrg || TYPE_MODE (TREE_TYPE (eltype)) != TYPE_MODE (char_type_node)) 2549 1.1 mrg eltype = TREE_TYPE (eltype); 2550 1.1 mrg 2551 1.1 mrg *subar_size = int_size_in_bytes (subartype); 2552 1.1 mrg 2553 1.1 mrg if (eltype == artype) 2554 1.1 mrg { 2555 1.1 mrg *eltoff = 0; 2556 1.1 mrg return artype; 2557 1.1 mrg } 2558 1.1 mrg 2559 1.1 mrg HOST_WIDE_INT artype_size = int_size_in_bytes (artype); 2560 1.1 mrg HOST_WIDE_INT eltype_size = int_size_in_bytes (eltype); 2561 1.1 mrg 2562 1.1 mrg if (off < artype_size)// * eltype_size) 2563 1.1 mrg { 2564 1.1 mrg *eltoff = (off / eltype_size) * eltype_size; 2565 1.1 mrg return TREE_CODE (eltype) == ARRAY_TYPE ? TREE_TYPE (eltype) : eltype; 2566 1.1 mrg } 2567 1.1 mrg 2568 1.1 mrg return NULL_TREE; 2569 1.1 mrg } 2570 1.1 mrg 2571 1.1 mrg /* Wrapper around build_array_type_nelts that makes sure the array 2572 1.1 mrg can be created at all and handles zero sized arrays specially. */ 2573 1.1 mrg 2574 1.1 mrg tree 2575 1.1 mrg build_printable_array_type (tree eltype, unsigned HOST_WIDE_INT nelts) 2576 1.1 mrg { 2577 1.1 mrg /* Cannot build an array type of functions or methods without 2578 1.1 mrg an error diagnostic. */ 2579 1.1 mrg if (FUNC_OR_METHOD_TYPE_P (eltype)) 2580 1.1 mrg { 2581 1.1 mrg tree arrtype = make_node (ARRAY_TYPE); 2582 1.1 mrg TREE_TYPE (arrtype) = eltype; 2583 1.1 mrg TYPE_SIZE (arrtype) = bitsize_zero_node; 2584 1.1 mrg TYPE_SIZE_UNIT (arrtype) = size_zero_node; 2585 1.1 mrg return arrtype; 2586 1.1 mrg } 2587 1.1 mrg 2588 1.1 mrg if (TYPE_SIZE_UNIT (eltype) 2589 1.1 mrg && TREE_CODE (TYPE_SIZE_UNIT (eltype)) == INTEGER_CST 2590 1.1 mrg && !integer_zerop (TYPE_SIZE_UNIT (eltype)) 2591 1.1 mrg && TYPE_ALIGN_UNIT (eltype) > 1 2592 1.1 mrg && wi::zext (wi::to_wide (TYPE_SIZE_UNIT (eltype)), 2593 1.1 mrg ffs_hwi (TYPE_ALIGN_UNIT (eltype)) - 1) != 0) 2594 1.1 mrg eltype = TYPE_MAIN_VARIANT (eltype); 2595 1.1 mrg 2596 1.1 mrg /* Consider excessive NELTS an array of unknown bound. */ 2597 1.1 mrg tree idxtype = NULL_TREE; 2598 1.1 mrg if (nelts < HOST_WIDE_INT_MAX) 2599 1.1 mrg { 2600 1.1 mrg if (nelts) 2601 1.1 mrg return build_array_type_nelts (eltype, nelts); 2602 1.1 mrg idxtype = build_range_type (sizetype, size_zero_node, NULL_TREE); 2603 1.1 mrg } 2604 1.1 mrg 2605 1.1 mrg tree arrtype = build_array_type (eltype, idxtype); 2606 1.1 mrg arrtype = build_distinct_type_copy (TYPE_MAIN_VARIANT (arrtype)); 2607 1.1 mrg TYPE_SIZE (arrtype) = bitsize_zero_node; 2608 1.1 mrg TYPE_SIZE_UNIT (arrtype) = size_zero_node; 2609 1.1 mrg return arrtype; 2610 1.1 mrg } 2611
Indexes created Wed Mar 04 15:26:31 UTC 2026