1	/* Pass to detect and issue warnings for violations of the restrict
2	qualifier.
3	Copyright (C) 2017-2023 Free Software Foundation, Inc.
4	Contributed by Martin Sebor <msebor@redhat.com>.
5
6	This file is part of GCC.
7
8	GCC is free software; you can redistribute it and/or modify it under
9	the terms of the GNU General Public License as published by the Free
10	Software Foundation; either version 3, or (at your option) any later
11	version.
12
13	GCC is distributed in the hope that it will be useful, but WITHOUT ANY
14	WARRANTY; without even the implied warranty of MERCHANTABILITY or
15	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16	for more details.
17
18	You should have received a copy of the GNU General Public License
19	along with GCC; see the file COPYING3. If not see
20	<http://www.gnu.org/licenses/>. */
21
22	#include "config.h"
23	#include "system.h"
24	#include "coretypes.h"
25	#include "backend.h"
26	#include "tree.h"
27	#include "gimple.h"
28	#include "tree-pass.h"
29	#include "pointer-query.h"
30	#include "ssa.h"
31	#include "gimple-pretty-print.h"
32	#include "gimple-ssa-warn-access.h"
33	#include "gimple-ssa-warn-restrict.h"
34	#include "diagnostic-core.h"
35	#include "fold-const.h"
36	#include "gimple-iterator.h"
37	#include "tree-dfa.h"
38	#include "tree-ssa.h"
39	#include "tree-cfg.h"
40	#include "tree-object-size.h"
41	#include "calls.h"
42	#include "cfgloop.h"
43	#include "intl.h"
44	#include "gimple-range.h"
45
46	namespace {
47
48	const pass_data pass_data_wrestrict = {
49	.type: GIMPLE_PASS,
50	.name: "wrestrict",
51	.optinfo_flags: OPTGROUP_NONE,
52	.tv_id: TV_NONE,
53	PROP_cfg, /* Properties_required. */
54	.properties_provided: 0, /* properties_provided. */
55	.properties_destroyed: 0, /* properties_destroyed. */
56	.todo_flags_start: 0, /* properties_start */
57	.todo_flags_finish: 0, /* properties_finish */
58	};
59
60	/* Pass to detect violations of strict aliasing requirements in calls
61	to built-in string and raw memory functions. */
62	class pass_wrestrict : public gimple_opt_pass
63	{
64	public:
65	pass_wrestrict (gcc::context *);
66
67	bool gate (function *) final override;
68	unsigned int execute (function *) final override;
69
70	void check_call (gimple *);
71
72	void check_block (basic_block);
73
74	/* A pointer_query object to store information about pointers and
75	their targets in. */
76	pointer_query m_ptr_qry;
77	};
78
79	pass_wrestrict::pass_wrestrict (gcc::context *ctxt)
80	: gimple_opt_pass (pass_data_wrestrict, ctxt),
81	m_ptr_qry ()
82	{ }
83
84	bool
85	pass_wrestrict::gate (function *fun ATTRIBUTE_UNUSED)
86	{
87	return warn_array_bounds || warn_restrict || warn_stringop_overflow;
88	}
89
90	void
91	pass_wrestrict::check_block (basic_block bb)
92	{
93	/* Iterate over statements, looking for function calls. */
94	for (auto si = gsi_start_bb (bb); !gsi_end_p (i: si); gsi_next (i: &si))
95	{
96	gimple *stmt = gsi_stmt (i: si);
97	if (!is_gimple_call (gs: stmt))
98	continue;
99
100	check_call (stmt);
101	}
102	}
103
104	unsigned
105	pass_wrestrict::execute (function *fun)
106	{
107	/* Create a new ranger instance and associate it with FUN. */
108	m_ptr_qry.rvals = enable_ranger (m: fun);
109
110	basic_block bb;
111	FOR_EACH_BB_FN (bb, fun)
112	check_block (bb);
113
114	m_ptr_qry.flush_cache ();
115
116	/* Release the ranger instance and replace it with a global ranger.
117	Also reset the pointer since calling disable_ranger() deletes it. */
118	disable_ranger (fun);
119	m_ptr_qry.rvals = NULL;
120
121	return 0;
122	}
123
124	/* Description of a memory reference by a built-in function. This
125	is similar to ao_ref but made especially suitable for -Wrestrict
126	and not for optimization. */
127	class builtin_memref
128	{
129	public:
130	/* The original pointer argument to the built-in function. */
131	tree ptr;
132	/* The referenced subobject or NULL if not available, and the base
133	object of the memory reference or NULL. */
134	tree ref;
135	tree base;
136
137	/* The size of the BASE object, PTRDIFF_MAX if indeterminate,
138	and negative until (possibly lazily) initialized. */
139	offset_int basesize;
140	/* Same for the subobject. */
141	offset_int refsize;
142
143	/* The non-negative offset of the referenced subobject. Used to avoid
144	warnings for (apparently) possibly but not definitively overlapping
145	accesses to member arrays. Negative when unknown/invalid. */
146	offset_int refoff;
147
148	/* The offset range relative to the base. */
149	offset_int offrange[2];
150	/* The size range of the access to this reference. */
151	offset_int sizrange[2];
152
153	/* Cached result of get_max_objsize(). */
154	const offset_int maxobjsize;
155
156	/* True for "bounded" string functions like strncat, and strncpy
157	and their variants that specify either an exact or upper bound
158	on the size of the accesses they perform. For strncat both
159	the source and destination references are bounded. For strncpy
160	only the destination reference is. */
161	bool strbounded_p;
162
163	builtin_memref (pointer_query &, gimple *, tree, tree);
164
165	tree offset_out_of_bounds (int, offset_int[3]) const;
166
167	private:
168	/* Call statement to the built-in. */
169	gimple *stmt;
170
171	pointer_query &m_ptr_qry;
172
173	/* Ctor helper to set or extend OFFRANGE based on argument. */
174	void extend_offset_range (tree);
175
176	/* Ctor helper to determine BASE and OFFRANGE from argument. */
177	void set_base_and_offset (tree);
178	};
179
180	/* Description of a memory access by a raw memory or string built-in
181	function involving a pair of builtin_memref's. */
182	class builtin_access
183	{
184	public:
185	/* Destination and source memory reference. */
186	builtin_memref* const dstref;
187	builtin_memref* const srcref;
188	/* The size range of the access. It's the greater of the accesses
189	to the two references. */
190	HOST_WIDE_INT sizrange[2];
191
192	/* The minimum and maximum offset of an overlap of the access
193	(if it does, in fact, overlap), and the size of the overlap. */
194	HOST_WIDE_INT ovloff[2];
195	HOST_WIDE_INT ovlsiz[2];
196
197	/* True to consider valid only accesses to the smallest subobject
198	and false for raw memory functions. */
199	bool strict () const
200	{
201	return (detect_overlap != &builtin_access::generic_overlap
202	&& detect_overlap != &builtin_access::no_overlap);
203	}
204
205	builtin_access (pointer_query &, gimple *,
206	builtin_memref &, builtin_memref &);
207
208	/* Entry point to determine overlap. */
209	bool overlap ();
210
211	offset_int write_off (tree) const;
212
213	void dump (FILE *) const;
214
215	private:
216	/* Implementation functions used to determine overlap. */
217	bool generic_overlap ();
218	bool strcat_overlap ();
219	bool strcpy_overlap ();
220
221	bool no_overlap ()
222	{
223	return false;
224	}
225
226	offset_int overlap_size (const offset_int [2], const offset_int[2],
227	offset_int [2]);
228
229	private:
230	/* Temporaries used to compute the final result. */
231	offset_int dstoff[2];
232	offset_int srcoff[2];
233	offset_int dstsiz[2];
234	offset_int srcsiz[2];
235
236	/* Pointer to a member function to call to determine overlap. */
237	bool (builtin_access::*detect_overlap) ();
238	};
239
240	/* Initialize a memory reference representation from a pointer EXPR and
241	a size SIZE in bytes. If SIZE is NULL_TREE then the size is assumed
242	to be unknown. STMT is the statement in which expr appears in. */
243
244	builtin_memref::builtin_memref (pointer_query &ptrqry, gimple *stmt, tree expr,
245	tree size)
246	: ptr (expr),
247	ref (),
248	base (),
249	basesize (-1),
250	refsize (-1),
251	refoff (HOST_WIDE_INT_MIN),
252	offrange (),
253	sizrange (),
254	maxobjsize (tree_to_shwi (max_object_size ())),
255	strbounded_p (),
256	stmt (stmt),
257	m_ptr_qry (ptrqry)
258	{
259	/* Unfortunately, wide_int default ctor is a no-op so array members
260	of the type must be set individually. */
261	offrange[0] = offrange[1] = 0;
262	sizrange[0] = sizrange[1] = 0;
263
264	if (!expr)
265	return;
266
267	/* Find the BASE object or pointer referenced by EXPR and set
268	the offset range OFFRANGE in the process. */
269	set_base_and_offset (expr);
270
271	if (size)
272	{
273	tree range[2];
274	/* Determine the size range, allowing for the result to be [0, 0]
275	for SIZE in the anti-range ~[0, N] where N >= PTRDIFF_MAX. */
276	get_size_range (m_ptr_qry.rvals, size, stmt, range, SR_ALLOW_ZERO);
277	sizrange[0] = wi::to_offset (t: range[0]);
278	sizrange[1] = wi::to_offset (t: range[1]);
279	/* get_size_range returns SIZE_MAX for the maximum size.
280	Constrain it to the real maximum of PTRDIFF_MAX. */
281	if (sizrange[0] <= maxobjsize && sizrange[1] > maxobjsize)
282	sizrange[1] = maxobjsize;
283	}
284	else
285	sizrange[1] = maxobjsize;
286
287	if (!DECL_P (base))
288	return;
289
290	/* If the offset could be in the range of the referenced object
291	constrain its bounds so neither exceeds those of the object. */
292	if (offrange[0] < 0 && offrange[1] > 0)
293	offrange[0] = 0;
294
295	offset_int maxoff = maxobjsize;
296	tree basetype = TREE_TYPE (base);
297	if (TREE_CODE (basetype) == ARRAY_TYPE)
298	{
299	if (ref && array_ref_flexible_size_p (ref))
300	; /* Use the maximum possible offset for an array that might
301	have flexible size. */
302	else if (tree basesize = TYPE_SIZE_UNIT (basetype))
303	if (TREE_CODE (basesize) == INTEGER_CST)
304	/* Size could be non-constant for a variable-length type such
305	as a struct with a VLA member (a GCC extension). */
306	maxoff = wi::to_offset (t: basesize);
307	}
308
309	if (offrange[0] >= 0)
310	{
311	if (offrange[1] < 0)
312	offrange[1] = offrange[0] <= maxoff ? maxoff : maxobjsize;
313	else if (offrange[0] <= maxoff && offrange[1] > maxoff)
314	offrange[1] = maxoff;
315	}
316	}
317
318	/* Based on the initial length of the destination STARTLEN, returns
319	the offset of the first write access from the beginning of
320	the destination. Nonzero only for strcat-type of calls. */
321
322	offset_int builtin_access::write_off (tree startlen) const
323	{
324	if (detect_overlap != &builtin_access::strcat_overlap
325	|| !startlen || TREE_CODE (startlen) != INTEGER_CST)
326	return 0;
327
328	return wi::to_offset (t: startlen);
329	}
330
331	/* Ctor helper to set or extend OFFRANGE based on the OFFSET argument.
332	Pointer offsets are represented as unsigned sizetype but must be
333	treated as signed. */
334
335	void
336	builtin_memref::extend_offset_range (tree offset)
337	{
338	if (TREE_CODE (offset) == INTEGER_CST)
339	{
340	offset_int off = int_cst_value (offset);
341	if (off != 0)
342	{
343	offrange[0] += off;
344	offrange[1] += off;
345	}
346	return;
347	}
348
349	if (TREE_CODE (offset) == SSA_NAME)
350	{
351	/* A pointer offset is represented as sizetype but treated
352	as signed. */
353	wide_int min, max;
354	value_range_kind rng = VR_VARYING;
355	value_range vr;
356	if (m_ptr_qry.rvals->range_of_expr (r&: vr, expr: offset, stmt))
357	{
358	tree vr_min, vr_max;
359	rng = get_legacy_range (vr, min&: vr_min, max&: vr_max);
360	if (!vr.undefined_p ())
361	{
362	min = wi::to_wide (t: vr_min);
363	max = wi::to_wide (t: vr_max);
364	}
365	}
366
367	if (rng == VR_ANTI_RANGE && wi::lts_p (x: max, y: min))
368	{
369	/* Convert an anti-range whose upper bound is less than
370	its lower bound to a signed range. */
371	offrange[0] += offset_int::from (x: max + 1, sgn: SIGNED);
372	offrange[1] += offset_int::from (x: min - 1, sgn: SIGNED);
373	return;
374	}
375
376	if (rng == VR_RANGE
377	&& (DECL_P (base) || wi::lts_p (x: min, y: max)))
378	{
379	/* Preserve the bounds of the range for an offset into
380	a known object (it may be adjusted later relative to
381	a constant offset from its beginning). Otherwise use
382	the bounds only when they are ascending when treated
383	as signed. */
384	offrange[0] += offset_int::from (x: min, sgn: SIGNED);
385	offrange[1] += offset_int::from (x: max, sgn: SIGNED);
386	return;
387	}
388
389	/* Handle an anti-range the same as no range at all. */
390	gimple *stmt = SSA_NAME_DEF_STMT (offset);
391	tree type;
392	if (is_gimple_assign (gs: stmt)
393	&& (type = TREE_TYPE (gimple_assign_rhs1 (stmt)))
394	&& INTEGRAL_TYPE_P (type))
395	{
396	tree_code code = gimple_assign_rhs_code (gs: stmt);
397	if (code == NOP_EXPR)
398	{
399	/* Use the bounds of the type of the NOP_EXPR operand
400	even if it's signed. The result doesn't trigger
401	warnings but makes their output more readable. */
402	offrange[0] += wi::to_offset (TYPE_MIN_VALUE (type));
403	offrange[1] += wi::to_offset (TYPE_MAX_VALUE (type));
404	return;
405	}
406	}
407	}
408
409	const offset_int maxoff = tree_to_shwi (max_object_size ()) >> 1;
410	const offset_int minoff = -maxoff - 1;
411
412	offrange[0] += minoff;
413	offrange[1] += maxoff;
414	}
415
416	/* Determines the base object or pointer of the reference EXPR
417	and the offset range from the beginning of the base. */
418
419	void
420	builtin_memref::set_base_and_offset (tree expr)
421	{
422	tree offset = NULL_TREE;
423
424	if (TREE_CODE (expr) == SSA_NAME)
425	{
426	/* Try to tease the offset out of the pointer. */
427	gimple *stmt = SSA_NAME_DEF_STMT (expr);
428	if (!base
429	&& gimple_assign_single_p (gs: stmt)
430	&& gimple_assign_rhs_code (gs: stmt) == ADDR_EXPR)
431	expr = gimple_assign_rhs1 (gs: stmt);
432	else if (is_gimple_assign (gs: stmt))
433	{
434	tree_code code = gimple_assign_rhs_code (gs: stmt);
435	if (CONVERT_EXPR_CODE_P (code))
436	{
437	tree rhs = gimple_assign_rhs1 (gs: stmt);
438	if (POINTER_TYPE_P (TREE_TYPE (rhs)))
439	expr = gimple_assign_rhs1 (gs: stmt);
440	else
441	{
442	base = expr;
443	return;
444	}
445	}
446	else if (code == POINTER_PLUS_EXPR)
447	{
448	expr = gimple_assign_rhs1 (gs: stmt);
449	offset = gimple_assign_rhs2 (gs: stmt);
450	}
451	else
452	{
453	base = expr;
454	return;
455	}
456	}
457	else
458	{
459	/* FIXME: Handle PHI nodes in case like:
460	_12 = &MEM[(void *)&a + 2B] + _10;
461
462	<bb> [local count: 1073741824]:
463	# prephitmp_13 = PHI <_12, &MEM[(void *)&a + 2B]>
464	memcpy (prephitmp_13, p_7(D), 6); */
465	base = expr;
466	return;
467	}
468	}
469
470	if (TREE_CODE (expr) == ADDR_EXPR)
471	expr = TREE_OPERAND (expr, 0);
472
473	/* Stash the reference for offset validation. */
474	ref = expr;
475
476	poly_int64 bitsize, bitpos;
477	tree var_off;
478	machine_mode mode;
479	int sign, reverse, vol;
480
481	/* Determine the base object or pointer of the reference and
482	the constant bit offset from the beginning of the base.
483	If the offset has a non-constant component, it will be in
484	VAR_OFF. MODE, SIGN, REVERSE, and VOL are write only and
485	unused here. */
486	base = get_inner_reference (expr, &bitsize, &bitpos, &var_off,
487	&mode, &sign, &reverse, &vol);
488
489	/* get_inner_reference is not expected to return null. */
490	gcc_assert (base != NULL);
491
492	if (offset)
493	extend_offset_range (offset);
494
495	poly_int64 bytepos = exact_div (a: bitpos, BITS_PER_UNIT);
496
497	/* Convert the poly_int64 offset to offset_int. The offset
498	should be constant but be prepared for it not to be just in
499	case. */
500	offset_int cstoff;
501	if (bytepos.is_constant (const_value: &cstoff))
502	{
503	offrange[0] += cstoff;
504	offrange[1] += cstoff;
505
506	/* Besides the reference saved above, also stash the offset
507	for validation. */
508	if (TREE_CODE (expr) == COMPONENT_REF)
509	refoff = cstoff;
510	}
511	else
512	offrange[1] += maxobjsize;
513
514	if (var_off)
515	{
516	if (TREE_CODE (var_off) == INTEGER_CST)
517	{
518	cstoff = wi::to_offset (t: var_off);
519	offrange[0] += cstoff;
520	offrange[1] += cstoff;
521	}
522	else
523	offrange[1] += maxobjsize;
524	}
525
526	if (TREE_CODE (base) == MEM_REF)
527	{
528	tree memrefoff = fold_convert (ptrdiff_type_node, TREE_OPERAND (base, 1));
529	extend_offset_range (offset: memrefoff);
530
531	if (refoff != HOST_WIDE_INT_MIN
532	&& TREE_CODE (expr) == COMPONENT_REF)
533	{
534	/* Bump up the offset of the referenced subobject to reflect
535	the offset to the enclosing object. For example, so that
536	in
537	struct S { char a, b[3]; } s[2];
538	strcpy (s[1].b, "1234");
539	REFOFF is set to s[1].b - (char*)s. */
540	offset_int off = tree_to_shwi (memrefoff);
541	refoff += off;
542
543	if (!integer_zerop (memrefoff)
544	&& !COMPLETE_TYPE_P (TREE_TYPE (expr))
545	&& multiple_of_p (sizetype, memrefoff,
546	TYPE_SIZE_UNIT (TREE_TYPE (base)), true))
547	/* A non-zero offset into an array of struct with flexible array
548	members implies that the array is empty because there is no
549	way to initialize such a member when it belongs to an array.
550	This must be some sort of a bug. */
551	refsize = 0;
552	}
553
554	base = TREE_OPERAND (base, 0);
555	}
556
557	if (TREE_CODE (ref) == COMPONENT_REF)
558	if (tree size = component_ref_size (ref))
559	if (TREE_CODE (size) == INTEGER_CST)
560	refsize = wi::to_offset (t: size);
561
562	if (TREE_CODE (base) == SSA_NAME)
563	set_base_and_offset (base);
564	}
565
566	/* Return error_mark_node if the signed offset exceeds the bounds
567	of the address space (PTRDIFF_MAX). Otherwise, return either BASE
568	or REF when the offset exceeds the bounds of the BASE or REF object,
569	and set OOBOFF to the past-the-end offset formed by the reference,
570	including its size. OOBOFF is initially setto the range of offsets,
571	and OOBOFF[2] to the offset of the first write access (nonzero for
572	the strcat family). When STRICT is nonzero use REF size, when
573	available, otherwise use BASE size. When STRICT is greater than 1,
574	use the size of the last array member as the bound, otherwise treat
575	such a member as a flexible array member. Return NULL when the offset
576	is in bounds. */
577
578	tree
579	builtin_memref::offset_out_of_bounds (int strict, offset_int ooboff[3]) const
580	{
581	if (!ptr)
582	return NULL_TREE;
583
584	/* The offset of the first write access or zero. */
585	offset_int wroff = ooboff[2];
586
587	/* A temporary, possibly adjusted, copy of the offset range. */
588	offset_int offrng[2] = { ooboff[0], ooboff[1] };
589
590	if (DECL_P (base) && TREE_CODE (TREE_TYPE (base)) == ARRAY_TYPE)
591	{
592	/* Check for offset in an anti-range with a negative lower bound.
593	For such a range, consider only the non-negative subrange. */
594	if (offrng[1] < offrng[0] && offrng[1] < 0)
595	offrng[1] = maxobjsize;
596	}
597
598	/* Conservative offset of the last byte of the referenced object. */
599	offset_int endoff;
600
601	/* The bounds need not be ordered. Set HIB to use as the index
602	of the larger of the bounds and LOB as the opposite. */
603	bool hib = wi::les_p (x: offrng[0], y: offrng[1]);
604	bool lob = !hib;
605
606	/* Set to the size remaining in the object after subtracting
607	REFOFF. It may become negative as a result of negative indices
608	into the enclosing object, such as in:
609	extern struct S { char a[4], b[3], c[1]; } *p;
610	strcpy (p[-3].b, "123"); */
611	offset_int size = basesize;
612	tree obj = base;
613
614	const bool decl_p = DECL_P (obj);
615
616	if (basesize < 0)
617	{
618	endoff = offrng[lob] + (sizrange[0] - wroff);
619
620	/* For a reference through a pointer to an object of unknown size
621	all initial offsets are considered valid, positive as well as
622	negative, since the pointer itself can point past the beginning
623	of the object. However, the sum of the lower bound of the offset
624	and that of the size must be less than or equal than PTRDIFF_MAX. */
625	if (endoff > maxobjsize)
626	return error_mark_node;
627
628	/* When the referenced subobject is known, the end offset must be
629	within its bounds. Otherwise there is nothing to do. */
630	if (strict
631	&& !decl_p
632	&& ref
633	&& refsize >= 0
634	&& TREE_CODE (ref) == COMPONENT_REF)
635	{
636	/* If REFOFF is negative, SIZE will become negative here. */
637	size = refoff + refsize;
638	obj = ref;
639	}
640	else
641	return NULL_TREE;
642	}
643
644	/* A reference to an object of known size must be within the bounds
645	of either the base object or the subobject (see above for when
646	a subobject can be used). */
647	if ((decl_p && offrng[hib] < 0) || offrng[lob] > size)
648	return obj;
649
650	/* The extent of the reference must also be within the bounds of
651	the base object (if known) or the subobject or the maximum object
652	size otherwise. */
653	endoff = offrng[lob] + sizrange[0];
654	if (endoff > maxobjsize)
655	return error_mark_node;
656
657	if (strict
658	&& decl_p
659	&& ref
660	&& refsize >= 0
661	&& TREE_CODE (ref) == COMPONENT_REF)
662	{
663	/* If the reference is to a member subobject of a declared object,
664	the offset must be within the bounds of the subobject. */
665	size = refoff + refsize;
666	obj = ref;
667	}
668
669	if (endoff <= size)
670	return NULL_TREE;
671
672	/* Set the out-of-bounds offset range to be one greater than
673	that delimited by the reference including its size. */
674	ooboff[lob] = size;
675
676	if (endoff > ooboff[lob])
677	ooboff[hib] = endoff - 1;
678	else
679	ooboff[hib] = offrng[lob] + sizrange[1];
680
681	return obj;
682	}
683
684	/* Create an association between the memory references DST and SRC
685	for access by a call EXPR to a memory or string built-in funtion. */
686
687	builtin_access::builtin_access (pointer_query &ptrqry, gimple *call,
688	builtin_memref &dst,
689	builtin_memref &src)
690	: dstref (&dst), srcref (&src), sizrange (), ovloff (), ovlsiz (),
691	dstoff (), srcoff (), dstsiz (), srcsiz ()
692	{
693	dstoff[0] = dst.offrange[0];
694	dstoff[1] = dst.offrange[1];
695
696	/* Zero out since the offset_int ctors invoked above are no-op. */
697	srcoff[0] = srcoff[1] = 0;
698	dstsiz[0] = dstsiz[1] = 0;
699	srcsiz[0] = srcsiz[1] = 0;
700
701	/* Object Size Type to use to determine the size of the destination
702	and source objects. Overridden below for raw memory functions. */
703	int ostype = 1;
704
705	/* True when the size of one reference depends on the offset of
706	itself or the other. */
707	bool depends_p = true;
708
709	/* True when the size of the destination reference DSTREF has been
710	determined from SRCREF and so needs to be adjusted by the latter's
711	offset. Only meaningful for bounded string functions like strncpy. */
712	bool dstadjust_p = false;
713
714	/* The size argument number (depends on the built-in). */
715	unsigned sizeargno = 2;
716
717	tree func = gimple_call_fndecl (gs: call);
718	switch (DECL_FUNCTION_CODE (decl: func))
719	{
720	case BUILT_IN_MEMCPY:
721	case BUILT_IN_MEMCPY_CHK:
722	case BUILT_IN_MEMPCPY:
723	case BUILT_IN_MEMPCPY_CHK:
724	ostype = 0;
725	depends_p = false;
726	detect_overlap = &builtin_access::generic_overlap;
727	break;
728
729	case BUILT_IN_MEMMOVE:
730	case BUILT_IN_MEMMOVE_CHK:
731	/* For memmove there is never any overlap to check for. */
732	ostype = 0;
733	depends_p = false;
734	detect_overlap = &builtin_access::no_overlap;
735	break;
736
737	case BUILT_IN_MEMSET:
738	case BUILT_IN_MEMSET_CHK:
739	/* For memset there is never any overlap to check for. */
740	ostype = 0;
741	depends_p = false;
742	detect_overlap = &builtin_access::no_overlap;
743	break;
744
745	case BUILT_IN_STPNCPY:
746	case BUILT_IN_STPNCPY_CHK:
747	case BUILT_IN_STRNCPY:
748	case BUILT_IN_STRNCPY_CHK:
749	dstref->strbounded_p = true;
750	detect_overlap = &builtin_access::strcpy_overlap;
751	break;
752
753	case BUILT_IN_STPCPY:
754	case BUILT_IN_STPCPY_CHK:
755	case BUILT_IN_STRCPY:
756	case BUILT_IN_STRCPY_CHK:
757	detect_overlap = &builtin_access::strcpy_overlap;
758	break;
759
760	case BUILT_IN_STRCAT:
761	case BUILT_IN_STRCAT_CHK:
762	detect_overlap = &builtin_access::strcat_overlap;
763	break;
764
765	case BUILT_IN_STRNCAT:
766	case BUILT_IN_STRNCAT_CHK:
767	dstref->strbounded_p = true;
768	srcref->strbounded_p = true;
769	detect_overlap = &builtin_access::strcat_overlap;
770	break;
771
772	default:
773	/* Handle other string functions here whose access may need
774	to be validated for in-bounds offsets and non-overlapping
775	copies. */
776	return;
777	}
778
779	/* Try to determine the size of the base object. compute_objsize
780	expects a pointer so create one if BASE is a non-pointer object. */
781	if (dst.basesize < 0)
782	{
783	access_ref aref;
784	if (ptrqry.get_ref (dst.base, call, &aref, ostype) && aref.base0)
785	dst.basesize = aref.sizrng[1];
786	else
787	dst.basesize = HOST_WIDE_INT_MIN;
788	}
789
790	if (src.base && src.basesize < 0)
791	{
792	access_ref aref;
793	if (ptrqry.get_ref (src.base, call, &aref, ostype) && aref.base0)
794	src.basesize = aref.sizrng[1];
795	else
796	src.basesize = HOST_WIDE_INT_MIN;
797	}
798
799	const offset_int maxobjsize = dst.maxobjsize;
800
801	/* Make adjustments for references to the same object by string
802	built-in functions to reflect the constraints imposed by
803	the function. */
804
805	/* For bounded string functions determine the range of the bound
806	on the access. For others, the range stays unbounded. */
807	offset_int bounds[2] = { maxobjsize, maxobjsize };
808	if (dstref->strbounded_p)
809	{
810	unsigned nargs = gimple_call_num_args (gs: call);
811	if (nargs <= sizeargno)
812	return;
813
814	tree size = gimple_call_arg (gs: call, index: sizeargno);
815	tree range[2];
816	if (get_size_range (ptrqry.rvals, size, call, range, true))
817	{
818	bounds[0] = wi::to_offset (t: range[0]);
819	bounds[1] = wi::to_offset (t: range[1]);
820	}
821
822	/* If both references' size ranges are indeterminate use the last
823	(size) argument from the function call as a substitute. This
824	may only be necessary for strncpy (but not for memcpy where
825	the size range would have been already determined this way). */
826	if (dstref->sizrange[0] == 0 && dstref->sizrange[1] == maxobjsize
827	&& srcref->sizrange[0] == 0 && srcref->sizrange[1] == maxobjsize)
828	{
829	dstref->sizrange[0] = bounds[0];
830	dstref->sizrange[1] = bounds[1];
831	}
832	}
833
834	bool dstsize_set = false;
835	/* The size range of one reference involving the same base object
836	can be determined from the size range of the other reference.
837	This makes it possible to compute accurate offsets for warnings
838	involving functions like strcpy where the length of just one of
839	the two arguments is known (determined by tree-ssa-strlen). */
840	if (dstref->sizrange[0] == 0 && dstref->sizrange[1] == maxobjsize)
841	{
842	/* When the destination size is unknown set it to the size of
843	the source. */
844	dstref->sizrange[0] = srcref->sizrange[0];
845	dstref->sizrange[1] = srcref->sizrange[1];
846	dstsize_set = true;
847	}
848	else if (srcref->sizrange[0] == 0 && srcref->sizrange[1] == maxobjsize)
849	{
850	/* When the size of the source access is unknown set it to the size
851	of the destination first and adjust it later if necessary. */
852	srcref->sizrange[0] = dstref->sizrange[0];
853	srcref->sizrange[1] = dstref->sizrange[1];
854
855	if (depends_p)
856	{
857	if (dstref->strbounded_p)
858	{
859	/* Read access by strncpy is constrained by the third
860	argument but except for a zero bound is at least one. */
861	srcref->sizrange[0] = bounds[1] > 0 ? 1 : 0;
862	offset_int bound = wi::umin (x: srcref->basesize, y: bounds[1]);
863	if (bound < srcref->sizrange[1])
864	srcref->sizrange[1] = bound;
865	}
866	/* For string functions, adjust the size range of the source
867	reference by the inverse boundaries of the offset (because
868	the higher the offset into the string the shorter its
869	length). */
870	if (srcref->offrange[1] >= 0
871	&& srcref->offrange[1] < srcref->sizrange[0])
872	srcref->sizrange[0] -= srcref->offrange[1];
873	else
874	srcref->sizrange[0] = 1;
875
876	if (srcref->offrange[0] > 0)
877	{
878	if (srcref->offrange[0] < srcref->sizrange[1])
879	srcref->sizrange[1] -= srcref->offrange[0];
880	else
881	srcref->sizrange[1] = 0;
882	}
883
884	dstadjust_p = true;
885	}
886	}
887
888	if (detect_overlap == &builtin_access::generic_overlap)
889	{
890	if (dstref->strbounded_p)
891	{
892	dstref->sizrange[0] = bounds[0];
893	dstref->sizrange[1] = bounds[1];
894
895	if (dstref->sizrange[0] < srcref->sizrange[0])
896	srcref->sizrange[0] = dstref->sizrange[0];
897
898	if (dstref->sizrange[1] < srcref->sizrange[1])
899	srcref->sizrange[1] = dstref->sizrange[1];
900	}
901	}
902	else if (detect_overlap == &builtin_access::strcpy_overlap)
903	{
904	if (!dstref->strbounded_p)
905	{
906	/* For strcpy, adjust the destination size range to match that
907	of the source computed above. */
908	if (depends_p && dstadjust_p)
909	{
910	dstref->sizrange[0] = srcref->sizrange[0];
911	dstref->sizrange[1] = srcref->sizrange[1];
912	}
913	}
914	}
915	else if (!dstsize_set && detect_overlap == &builtin_access::strcat_overlap)
916	{
917	dstref->sizrange[0] += srcref->sizrange[0] - 1;
918	dstref->sizrange[1] += srcref->sizrange[1] - 1;
919	}
920
921	if (dstref->strbounded_p)
922	{
923	/* For strncpy, adjust the destination size range to match that
924	of the source computed above. */
925	dstref->sizrange[0] = bounds[0];
926	dstref->sizrange[1] = bounds[1];
927
928	if (bounds[0] < srcref->sizrange[0])
929	srcref->sizrange[0] = bounds[0];
930
931	if (bounds[1] < srcref->sizrange[1])
932	srcref->sizrange[1] = bounds[1];
933	}
934	}
935
936	offset_int
937	builtin_access::overlap_size (const offset_int a[2], const offset_int b[2],
938	offset_int *off)
939	{
940	const offset_int *p = a;
941	const offset_int *q = b;
942
943	/* Point P at the bigger of the two ranges and Q at the smaller. */
944	if (wi::lts_p (x: a[1] - a[0], y: b[1] - b[0]))
945	{
946	p = b;
947	q = a;
948	}
949
950	if (p[0] < q[0])
951	{
952	if (p[1] < q[0])
953	return 0;
954
955	*off = q[0];
956	return wi::smin (x: p[1], y: q[1]) - q[0];
957	}
958
959	if (q[1] < p[0])
960	return 0;
961
962	off[0] = p[0];
963	return q[1] - p[0];
964	}
965
966	/* Return true if the bounded mempry (memcpy amd similar) or string function
967	access (strncpy and similar) ACS overlaps. */
968
969	bool
970	builtin_access::generic_overlap ()
971	{
972	builtin_access &acs = *this;
973	const builtin_memref *dstref = acs.dstref;
974	const builtin_memref *srcref = acs.srcref;
975
976	gcc_assert (dstref->base == srcref->base);
977
978	const offset_int maxobjsize = acs.dstref->maxobjsize;
979
980	offset_int maxsize = dstref->basesize < 0 ? maxobjsize : dstref->basesize;
981
982	/* Adjust the larger bounds of the offsets (which may be the first
983	element if the lower bound is larger than the upper bound) to
984	make them valid for the smallest access (if possible) but no smaller
985	than the smaller bounds. */
986	gcc_assert (wi::les_p (acs.dstoff[0], acs.dstoff[1]));
987
988	if (maxsize < acs.dstoff[1] + acs.dstsiz[0])
989	acs.dstoff[1] = maxsize - acs.dstsiz[0];
990	if (acs.dstoff[1] < acs.dstoff[0])
991	acs.dstoff[1] = acs.dstoff[0];
992
993	gcc_assert (wi::les_p (acs.srcoff[0], acs.srcoff[1]));
994
995	if (maxsize < acs.srcoff[1] + acs.srcsiz[0])
996	acs.srcoff[1] = maxsize - acs.srcsiz[0];
997	if (acs.srcoff[1] < acs.srcoff[0])
998	acs.srcoff[1] = acs.srcoff[0];
999
1000	/* Determine the minimum and maximum space for the access given
1001	the offsets. */
1002	offset_int space[2];
1003	space[0] = wi::abs (x: acs.dstoff[0] - acs.srcoff[0]);
1004	space[1] = space[0];
1005
1006	offset_int d = wi::abs (x: acs.dstoff[0] - acs.srcoff[1]);
1007	if (acs.srcsiz[0] > 0)
1008	{
1009	if (d < space[0])
1010	space[0] = d;
1011
1012	if (space[1] < d)
1013	space[1] = d;
1014	}
1015	else
1016	space[1] = acs.dstsiz[1];
1017
1018	d = wi::abs (x: acs.dstoff[1] - acs.srcoff[0]);
1019	if (d < space[0])
1020	space[0] = d;
1021
1022	if (space[1] < d)
1023	space[1] = d;
1024
1025	/* Treat raw memory functions both of whose references are bounded
1026	as special and permit uncertain overlaps to go undetected. For
1027	all kinds of constant offset and constant size accesses, if
1028	overlap isn't certain it is not possible. */
1029	bool overlap_possible = space[0] < acs.dstsiz[1];
1030	if (!overlap_possible)
1031	return false;
1032
1033	bool overlap_certain = space[1] < acs.dstsiz[0];
1034
1035	/* True when the size of one reference depends on the offset of
1036	the other. */
1037	bool depends_p = detect_overlap != &builtin_access::generic_overlap;
1038
1039	if (!overlap_certain)
1040	{
1041	if (!dstref->strbounded_p && !depends_p)
1042	/* Memcpy only considers certain overlap. */
1043	return false;
1044
1045	/* There's no way to distinguish an access to the same member
1046	of a structure from one to two distinct members of the same
1047	structure. Give up to avoid excessive false positives. */
1048	tree basetype = TREE_TYPE (dstref->base);
1049
1050	if (POINTER_TYPE_P (basetype))
1051	basetype = TREE_TYPE (basetype);
1052	else
1053	while (TREE_CODE (basetype) == ARRAY_TYPE)
1054	basetype = TREE_TYPE (basetype);
1055
1056	if (RECORD_OR_UNION_TYPE_P (basetype))
1057	return false;
1058	}
1059
1060	/* True for stpcpy and strcpy. */
1061	bool stxcpy_p = (!dstref->strbounded_p
1062	&& detect_overlap == &builtin_access::strcpy_overlap);
1063
1064	if (dstref->refoff >= 0
1065	&& srcref->refoff >= 0
1066	&& dstref->refoff != srcref->refoff
1067	&& (stxcpy_p || dstref->strbounded_p || srcref->strbounded_p))
1068	return false;
1069
1070	offset_int siz[2] = { maxobjsize + 1, 0 };
1071
1072	ovloff[0] = HOST_WIDE_INT_MAX;
1073	ovloff[1] = HOST_WIDE_INT_MIN;
1074
1075	if (stxcpy_p)
1076	{
1077	/* Iterate over the extreme locations (on the horizontal axis formed
1078	by their offsets) and sizes of two regions and find their smallest
1079	and largest overlap and the corresponding offsets. */
1080	for (unsigned i = 0; i != 2; ++i)
1081	{
1082	const offset_int a[2] = {
1083	acs.dstoff[i], acs.dstoff[i] + acs.dstsiz[!i]
1084	};
1085
1086	const offset_int b[2] = {
1087	acs.srcoff[i], acs.srcoff[i] + acs.srcsiz[!i]
1088	};
1089
1090	offset_int off;
1091	offset_int sz = overlap_size (a, b, off: &off);
1092	if (sz < siz[0])
1093	siz[0] = sz;
1094
1095	if (siz[1] <= sz)
1096	siz[1] = sz;
1097
1098	if (sz != 0)
1099	{
1100	if (wi::lts_p (x: off, y: ovloff[0]))
1101	ovloff[0] = off.to_shwi ();
1102	if (wi::lts_p (x: ovloff[1], y: off))
1103	ovloff[1] = off.to_shwi ();
1104	}
1105	}
1106	}
1107	else
1108	{
1109	/* Iterate over the extreme locations (on the horizontal axis
1110	formed by their offsets) and sizes of the two regions and
1111	find their smallest and largest overlap and the corresponding
1112	offsets. */
1113
1114	for (unsigned io = 0; io != 2; ++io)
1115	for (unsigned is = 0; is != 2; ++is)
1116	{
1117	const offset_int a[2] = {
1118	acs.dstoff[io], acs.dstoff[io] + acs.dstsiz[is]
1119	};
1120
1121	for (unsigned jo = 0; jo != 2; ++jo)
1122	for (unsigned js = 0; js != 2; ++js)
1123	{
1124	const offset_int b[2] = {
1125	acs.srcoff[jo], acs.srcoff[jo] + acs.srcsiz[js]
1126	};
1127
1128	offset_int off;
1129	offset_int sz = overlap_size (a, b, off: &off);
1130	if (sz < siz[0])
1131	siz[0] = sz;
1132
1133	if (siz[1] <= sz)
1134	siz[1] = sz;
1135
1136	if (sz != 0)
1137	{
1138	if (wi::lts_p (x: off, y: ovloff[0]))
1139	ovloff[0] = off.to_shwi ();
1140	if (wi::lts_p (x: ovloff[1], y: off))
1141	ovloff[1] = off.to_shwi ();
1142	}
1143	}
1144	}
1145	}
1146
1147	ovlsiz[0] = siz[0].to_shwi ();
1148	ovlsiz[1] = siz[1].to_shwi ();
1149
1150	/* Adjust the overlap offset range to reflect the overlap size range. */
1151	if (ovlsiz[0] == 0 && ovlsiz[1] > 1)
1152	ovloff[1] = ovloff[0] + ovlsiz[1] - 1;
1153
1154	return true;
1155	}
1156
1157	/* Return true if the strcat-like access overlaps. */
1158
1159	bool
1160	builtin_access::strcat_overlap ()
1161	{
1162	builtin_access &acs = *this;
1163	const builtin_memref *dstref = acs.dstref;
1164	const builtin_memref *srcref = acs.srcref;
1165
1166	gcc_assert (dstref->base == srcref->base);
1167
1168	const offset_int maxobjsize = acs.dstref->maxobjsize;
1169
1170	gcc_assert (dstref->base && dstref->base == srcref->base);
1171
1172	/* Adjust for strcat-like accesses. */
1173
1174	/* As a special case for strcat, set the DSTREF offsets to the length
1175	of the destination string since the function starts writing over
1176	its terminating nul, and set the destination size to 1 for the length
1177	of the nul. */
1178	acs.dstoff[0] += dstsiz[0] - srcref->sizrange[0];
1179	acs.dstoff[1] += dstsiz[1] - srcref->sizrange[1];
1180
1181	bool strfunc_unknown_args = acs.dstsiz[0] == 0 && acs.dstsiz[1] != 0;
1182
1183	/* The lower bound is zero when the size is unknown because then
1184	overlap is not certain. */
1185	acs.dstsiz[0] = strfunc_unknown_args ? 0 : 1;
1186	acs.dstsiz[1] = 1;
1187
1188	offset_int maxsize = dstref->basesize < 0 ? maxobjsize : dstref->basesize;
1189
1190	/* For references to the same base object, determine if there's a pair
1191	of valid offsets into the two references such that access between
1192	them doesn't overlap. Adjust both upper bounds to be valid for
1193	the smaller size (i.e., at most MAXSIZE - SIZE). */
1194
1195	if (maxsize < acs.dstoff[1] + acs.dstsiz[0])
1196	acs.dstoff[1] = maxsize - acs.dstsiz[0];
1197
1198	if (maxsize < acs.srcoff[1] + acs.srcsiz[0])
1199	acs.srcoff[1] = maxsize - acs.srcsiz[0];
1200
1201	/* Check to see if there's enough space for both accesses without
1202	overlap. Determine the optimistic (maximum) amount of available
1203	space. */
1204	offset_int space;
1205	if (acs.dstoff[0] <= acs.srcoff[0])
1206	{
1207	if (acs.dstoff[1] < acs.srcoff[1])
1208	space = acs.srcoff[1] + acs.srcsiz[0] - acs.dstoff[0];
1209	else
1210	space = acs.dstoff[1] + acs.dstsiz[0] - acs.srcoff[0];
1211	}
1212	else
1213	space = acs.dstoff[1] + acs.dstsiz[0] - acs.srcoff[0];
1214
1215	/* Overlap is certain if the distance between the farthest offsets
1216	of the opposite accesses is less than the sum of the lower bounds
1217	of the sizes of the two accesses. */
1218	bool overlap_certain = space < acs.dstsiz[0] + acs.srcsiz[0];
1219
1220	/* For a constant-offset, constant size access, consider the largest
1221	distance between the offset bounds and the lower bound of the access
1222	size. If the overlap isn't certain return success. */
1223	if (!overlap_certain
1224	&& acs.dstoff[0] == acs.dstoff[1]
1225	&& acs.srcoff[0] == acs.srcoff[1]
1226	&& acs.dstsiz[0] == acs.dstsiz[1]
1227	&& acs.srcsiz[0] == acs.srcsiz[1])
1228	return false;
1229
1230	/* Overlap is not certain but may be possible. */
1231
1232	offset_int access_min = acs.dstsiz[0] + acs.srcsiz[0];
1233
1234	/* Determine the conservative (minimum) amount of space. */
1235	space = wi::abs (x: acs.dstoff[0] - acs.srcoff[0]);
1236	offset_int d = wi::abs (x: acs.dstoff[0] - acs.srcoff[1]);
1237	if (d < space)
1238	space = d;
1239	d = wi::abs (x: acs.dstoff[1] - acs.srcoff[0]);
1240	if (d < space)
1241	space = d;
1242
1243	/* For a strict test (used for strcpy and similar with unknown or
1244	variable bounds or sizes), consider the smallest distance between
1245	the offset bounds and either the upper bound of the access size
1246	if known, or the lower bound otherwise. */
1247	if (access_min <= space && (access_min != 0 || !strfunc_unknown_args))
1248	return false;
1249
1250	/* When strcat overlap is certain it is always a single byte:
1251	the terminating NUL, regardless of offsets and sizes. When
1252	overlap is only possible its range is [0, 1]. */
1253	acs.ovlsiz[0] = dstref->sizrange[0] == dstref->sizrange[1] ? 1 : 0;
1254	acs.ovlsiz[1] = 1;
1255
1256	offset_int endoff
1257	= dstref->offrange[0] + (dstref->sizrange[0] - srcref->sizrange[0]);
1258	if (endoff <= srcref->offrange[0])
1259	acs.ovloff[0] = wi::smin (x: maxobjsize, y: srcref->offrange[0]).to_shwi ();
1260	else
1261	acs.ovloff[0] = wi::smin (x: maxobjsize, y: endoff).to_shwi ();
1262
1263	acs.sizrange[0] = wi::smax (x: wi::abs (x: endoff - srcref->offrange[0]) + 1,
1264	y: srcref->sizrange[0]).to_shwi ();
1265	if (dstref->offrange[0] == dstref->offrange[1])
1266	{
1267	if (srcref->offrange[0] == srcref->offrange[1])
1268	acs.ovloff[1] = acs.ovloff[0];
1269	else
1270	acs.ovloff[1]
1271	= wi::smin (x: maxobjsize,
1272	y: srcref->offrange[1] + srcref->sizrange[1]).to_shwi ();
1273	}
1274	else
1275	acs.ovloff[1]
1276	= wi::smin (x: maxobjsize,
1277	y: dstref->offrange[1] + dstref->sizrange[1]).to_shwi ();
1278
1279	if (acs.sizrange[0] == 0)
1280	acs.sizrange[0] = 1;
1281	acs.sizrange[1] = wi::smax (x: acs.dstsiz[1], y: srcref->sizrange[1]).to_shwi ();
1282	return true;
1283	}
1284
1285	/* Return true if the strcpy-like access overlaps. */
1286
1287	bool
1288	builtin_access::strcpy_overlap ()
1289	{
1290	return generic_overlap ();
1291	}
1292
1293	/* For a BASE of array type, clamp REFOFF to at most [0, BASE_SIZE]
1294	if known, or [0, MAXOBJSIZE] otherwise. */
1295
1296	static void
1297	clamp_offset (tree base, offset_int refoff[2], offset_int maxobjsize)
1298	{
1299	if (!base || TREE_CODE (TREE_TYPE (base)) != ARRAY_TYPE)
1300	return;
1301
1302	if (refoff[0] < 0 && refoff[1] >= 0)
1303	refoff[0] = 0;
1304
1305	if (refoff[1] < refoff[0])
1306	{
1307	offset_int maxsize = maxobjsize;
1308	if (tree size = TYPE_SIZE_UNIT (TREE_TYPE (base)))
1309	maxsize = wi::to_offset (t: size);
1310
1311	refoff[1] = wi::umin (x: refoff[1], y: maxsize);
1312	}
1313	}
1314
1315	/* Return true if DSTREF and SRCREF describe accesses that either overlap
1316	one another or that, in order not to overlap, would imply that the size
1317	of the referenced object(s) exceeds the maximum size of an object. Set
1318	Otherwise, if DSTREF and SRCREF do not definitely overlap (even though
1319	they may overlap in a way that's not apparent from the available data),
1320	return false. */
1321
1322	bool
1323	builtin_access::overlap ()
1324	{
1325	builtin_access &acs = *this;
1326
1327	const offset_int maxobjsize = dstref->maxobjsize;
1328
1329	acs.sizrange[0] = wi::smax (x: dstref->sizrange[0],
1330	y: srcref->sizrange[0]).to_shwi ();
1331	acs.sizrange[1] = wi::smax (x: dstref->sizrange[1],
1332	y: srcref->sizrange[1]).to_shwi ();
1333
1334	/* Check to see if the two references refer to regions that are
1335	too large not to overlap in the address space (whose maximum
1336	size is PTRDIFF_MAX). */
1337	offset_int size = dstref->sizrange[0] + srcref->sizrange[0];
1338	if (maxobjsize < size)
1339	{
1340	acs.ovloff[0] = (maxobjsize - dstref->sizrange[0]).to_shwi ();
1341	acs.ovlsiz[0] = (size - maxobjsize).to_shwi ();
1342	return true;
1343	}
1344
1345	/* If both base objects aren't known return the maximum possible
1346	offset that would make them not overlap. */
1347	if (!dstref->base || !srcref->base)
1348	return false;
1349
1350	/* If the base object is an array adjust the bounds of the offset
1351	to be non-negative and within the bounds of the array if possible. */
1352	clamp_offset (base: dstref->base, refoff: acs.dstoff, maxobjsize);
1353
1354	acs.srcoff[0] = srcref->offrange[0];
1355	acs.srcoff[1] = srcref->offrange[1];
1356
1357	clamp_offset (base: srcref->base, refoff: acs.srcoff, maxobjsize);
1358
1359	/* When the upper bound of the offset is less than the lower bound
1360	the former is the result of a negative offset being represented
1361	as a large positive value or vice versa. The resulting range is
1362	a union of two subranges: [MIN, UB] and [LB, MAX]. Since such
1363	a union is not representable using the current data structure
1364	replace it with the full range of offsets. */
1365	if (acs.dstoff[1] < acs.dstoff[0])
1366	{
1367	acs.dstoff[0] = -maxobjsize - 1;
1368	acs.dstoff[1] = maxobjsize;
1369	}
1370
1371	/* Validate the offset and size of each reference on its own first.
1372	This is independent of whether or not the base objects are the
1373	same. Normally, this would have already been detected and
1374	diagnosed by -Warray-bounds, unless it has been disabled. */
1375	offset_int maxoff = acs.dstoff[0] + dstref->sizrange[0];
1376	if (maxobjsize < maxoff)
1377	{
1378	acs.ovlsiz[0] = (maxoff - maxobjsize).to_shwi ();
1379	acs.ovloff[0] = acs.dstoff[0].to_shwi () - acs.ovlsiz[0];
1380	return true;
1381	}
1382
1383	/* Repeat the same as above but for the source offsets. */
1384	if (acs.srcoff[1] < acs.srcoff[0])
1385	{
1386	acs.srcoff[0] = -maxobjsize - 1;
1387	acs.srcoff[1] = maxobjsize;
1388	}
1389
1390	maxoff = acs.srcoff[0] + srcref->sizrange[0];
1391	if (maxobjsize < maxoff)
1392	{
1393	acs.ovlsiz[0] = (maxoff - maxobjsize).to_shwi ();
1394	acs.ovlsiz[1] = (acs.srcoff[0] + srcref->sizrange[1]
1395	- maxobjsize).to_shwi ();
1396	acs.ovloff[0] = acs.srcoff[0].to_shwi () - acs.ovlsiz[0];
1397	return true;
1398	}
1399
1400	if (dstref->base != srcref->base)
1401	return false;
1402
1403	acs.dstsiz[0] = dstref->sizrange[0];
1404	acs.dstsiz[1] = dstref->sizrange[1];
1405
1406	acs.srcsiz[0] = srcref->sizrange[0];
1407	acs.srcsiz[1] = srcref->sizrange[1];
1408
1409	/* Call the appropriate function to determine the overlap. */
1410	if ((this->*detect_overlap) ())
1411	{
1412	if (!sizrange[1])
1413	{
1414	/* Unless the access size range has already been set, do so here. */
1415	sizrange[0] = wi::smax (x: acs.dstsiz[0], y: srcref->sizrange[0]).to_shwi ();
1416	sizrange[1] = wi::smax (x: acs.dstsiz[1], y: srcref->sizrange[1]).to_shwi ();
1417	}
1418	return true;
1419	}
1420
1421	return false;
1422	}
1423
1424	/* Attempt to detect and diagnose an overlapping copy in a call expression
1425	EXPR involving an access ACS to a built-in memory or string function.
1426	Return true when one has been detected, false otherwise. */
1427
1428	static bool
1429	maybe_diag_overlap (location_t loc, gimple *call, builtin_access &acs)
1430	{
1431	if (!acs.overlap ())
1432	return false;
1433
1434	if (warning_suppressed_p (call, OPT_Wrestrict))
1435	return true;
1436
1437	/* For convenience. */
1438	const builtin_memref &dstref = *acs.dstref;
1439	const builtin_memref &srcref = *acs.srcref;
1440
1441	/* Determine the range of offsets and sizes of the overlap if it
1442	exists and issue diagnostics. */
1443	HOST_WIDE_INT *ovloff = acs.ovloff;
1444	HOST_WIDE_INT *ovlsiz = acs.ovlsiz;
1445	HOST_WIDE_INT *sizrange = acs.sizrange;
1446
1447	tree func = gimple_call_fndecl (gs: call);
1448
1449	/* To avoid a combinatorial explosion of diagnostics format the offsets
1450	or their ranges as strings and use them in the warning calls below. */
1451	char offstr[3][64];
1452
1453	if (dstref.offrange[0] == dstref.offrange[1]
1454	|| dstref.offrange[1] > HOST_WIDE_INT_MAX)
1455	sprintf (s: offstr[0], HOST_WIDE_INT_PRINT_DEC,
1456	dstref.offrange[0].to_shwi ());
1457	else
1458	sprintf (s: offstr[0],
1459	format: "[" HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC "]",
1460	dstref.offrange[0].to_shwi (),
1461	dstref.offrange[1].to_shwi ());
1462
1463	if (srcref.offrange[0] == srcref.offrange[1]
1464	|| srcref.offrange[1] > HOST_WIDE_INT_MAX)
1465	sprintf (s: offstr[1],
1466	HOST_WIDE_INT_PRINT_DEC,
1467	srcref.offrange[0].to_shwi ());
1468	else
1469	sprintf (s: offstr[1],
1470	format: "[" HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC "]",
1471	srcref.offrange[0].to_shwi (),
1472	srcref.offrange[1].to_shwi ());
1473
1474	if (ovloff[0] == ovloff[1] || !ovloff[1])
1475	sprintf (s: offstr[2], HOST_WIDE_INT_PRINT_DEC, ovloff[0]);
1476	else
1477	sprintf (s: offstr[2],
1478	format: "[" HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC "]",
1479	ovloff[0], ovloff[1]);
1480
1481	const offset_int maxobjsize = dstref.maxobjsize;
1482	bool must_overlap = ovlsiz[0] > 0;
1483
1484	if (ovlsiz[1] == 0)
1485	ovlsiz[1] = ovlsiz[0];
1486
1487	if (must_overlap)
1488	{
1489	/* Issue definitive "overlaps" diagnostic in this block. */
1490
1491	if (sizrange[0] == sizrange[1])
1492	{
1493	if (ovlsiz[0] == ovlsiz[1])
1494	warning_at (loc, OPT_Wrestrict,
1495	sizrange[0] == 1
1496	? (ovlsiz[0] == 1
1497	? G_("%qD accessing %wu byte at offsets %s "
1498	"and %s overlaps %wu byte at offset %s")
1499	: G_("%qD accessing %wu byte at offsets %s "
1500	"and %s overlaps %wu bytes at offset "
1501	"%s"))
1502	: (ovlsiz[0] == 1
1503	? G_("%qD accessing %wu bytes at offsets %s "
1504	"and %s overlaps %wu byte at offset %s")
1505	: G_("%qD accessing %wu bytes at offsets %s "
1506	"and %s overlaps %wu bytes at offset "
1507	"%s")),
1508	func, sizrange[0],
1509	offstr[0], offstr[1], ovlsiz[0], offstr[2]);
1510	else if (ovlsiz[1] >= 0 && ovlsiz[1] < maxobjsize.to_shwi ())
1511	warning_n (loc, OPT_Wrestrict, sizrange[0],
1512	"%qD accessing %wu byte at offsets %s "
1513	"and %s overlaps between %wu and %wu bytes "
1514	"at offset %s",
1515	"%qD accessing %wu bytes at offsets %s "
1516	"and %s overlaps between %wu and %wu bytes "
1517	"at offset %s",
1518	func, sizrange[0], offstr[0], offstr[1],
1519	ovlsiz[0], ovlsiz[1], offstr[2]);
1520	else
1521	warning_n (loc, OPT_Wrestrict, sizrange[0],
1522	"%qD accessing %wu byte at offsets %s and "
1523	"%s overlaps %wu or more bytes at offset %s",
1524	"%qD accessing %wu bytes at offsets %s and "
1525	"%s overlaps %wu or more bytes at offset %s",
1526	func, sizrange[0],
1527	offstr[0], offstr[1], ovlsiz[0], offstr[2]);
1528	return true;
1529	}
1530
1531	if (sizrange[1] >= 0 && sizrange[1] < maxobjsize.to_shwi ())
1532	{
1533	if (ovlsiz[0] == ovlsiz[1])
1534	warning_n (loc, OPT_Wrestrict, ovlsiz[0],
1535	"%qD accessing between %wu and %wu bytes "
1536	"at offsets %s and %s overlaps %wu byte at "
1537	"offset %s",
1538	"%qD accessing between %wu and %wu bytes "
1539	"at offsets %s and %s overlaps %wu bytes "
1540	"at offset %s",
1541	func, sizrange[0], sizrange[1],
1542	offstr[0], offstr[1], ovlsiz[0], offstr[2]);
1543	else if (ovlsiz[1] >= 0 && ovlsiz[1] < maxobjsize.to_shwi ())
1544	warning_at (loc, OPT_Wrestrict,
1545	"%qD accessing between %wu and %wu bytes at "
1546	"offsets %s and %s overlaps between %wu and %wu "
1547	"bytes at offset %s",
1548	func, sizrange[0], sizrange[1],
1549	offstr[0], offstr[1], ovlsiz[0], ovlsiz[1],
1550	offstr[2]);
1551	else
1552	warning_at (loc, OPT_Wrestrict,
1553	"%qD accessing between %wu and %wu bytes at "
1554	"offsets %s and %s overlaps %wu or more bytes "
1555	"at offset %s",
1556	func, sizrange[0], sizrange[1],
1557	offstr[0], offstr[1], ovlsiz[0], offstr[2]);
1558	return true;
1559	}
1560
1561	if (ovlsiz[0] != ovlsiz[1])
1562	ovlsiz[1] = maxobjsize.to_shwi ();
1563
1564	if (ovlsiz[0] == ovlsiz[1])
1565	warning_n (loc, OPT_Wrestrict, ovlsiz[0],
1566	"%qD accessing %wu or more bytes at offsets "
1567	"%s and %s overlaps %wu byte at offset %s",
1568	"%qD accessing %wu or more bytes at offsets "
1569	"%s and %s overlaps %wu bytes at offset %s",
1570	func, sizrange[0], offstr[0], offstr[1],
1571	ovlsiz[0], offstr[2]);
1572	else if (ovlsiz[1] >= 0 && ovlsiz[1] < maxobjsize.to_shwi ())
1573	warning_at (loc, OPT_Wrestrict,
1574	"%qD accessing %wu or more bytes at offsets %s "
1575	"and %s overlaps between %wu and %wu bytes "
1576	"at offset %s",
1577	func, sizrange[0], offstr[0], offstr[1],
1578	ovlsiz[0], ovlsiz[1], offstr[2]);
1579	else
1580	warning_at (loc, OPT_Wrestrict,
1581	"%qD accessing %wu or more bytes at offsets %s "
1582	"and %s overlaps %wu or more bytes at offset %s",
1583	func, sizrange[0], offstr[0], offstr[1],
1584	ovlsiz[0], offstr[2]);
1585	return true;
1586	}
1587
1588	/* Use more concise wording when one of the offsets is unbounded
1589	to avoid confusing the user with large and mostly meaningless
1590	numbers. */
1591	bool open_range;
1592	if (DECL_P (dstref.base) && TREE_CODE (TREE_TYPE (dstref.base)) == ARRAY_TYPE)
1593	open_range = ((dstref.offrange[0] == 0
1594	&& dstref.offrange[1] == maxobjsize)
1595	|| (srcref.offrange[0] == 0
1596	&& srcref.offrange[1] == maxobjsize));
1597	else
1598	open_range = ((dstref.offrange[0] == -maxobjsize - 1
1599	&& dstref.offrange[1] == maxobjsize)
1600	|| (srcref.offrange[0] == -maxobjsize - 1
1601	&& srcref.offrange[1] == maxobjsize));
1602
1603	if (sizrange[0] == sizrange[1] || sizrange[1] == 1)
1604	{
1605	if (ovlsiz[1] == 1)
1606	{
1607	if (open_range)
1608	warning_n (loc, OPT_Wrestrict, sizrange[1],
1609	"%qD accessing %wu byte may overlap "
1610	"%wu byte",
1611	"%qD accessing %wu bytes may overlap "
1612	"%wu byte",
1613	func, sizrange[1], ovlsiz[1]);
1614	else
1615	warning_n (loc, OPT_Wrestrict, sizrange[1],
1616	"%qD accessing %wu byte at offsets %s "
1617	"and %s may overlap %wu byte at offset %s",
1618	"%qD accessing %wu bytes at offsets %s "
1619	"and %s may overlap %wu byte at offset %s",
1620	func, sizrange[1], offstr[0], offstr[1],
1621	ovlsiz[1], offstr[2]);
1622	return true;
1623	}
1624
1625	if (open_range)
1626	warning_n (loc, OPT_Wrestrict, sizrange[1],
1627	"%qD accessing %wu byte may overlap "
1628	"up to %wu bytes",
1629	"%qD accessing %wu bytes may overlap "
1630	"up to %wu bytes",
1631	func, sizrange[1], ovlsiz[1]);
1632	else
1633	warning_n (loc, OPT_Wrestrict, sizrange[1],
1634	"%qD accessing %wu byte at offsets %s and "
1635	"%s may overlap up to %wu bytes at offset %s",
1636	"%qD accessing %wu bytes at offsets %s and "
1637	"%s may overlap up to %wu bytes at offset %s",
1638	func, sizrange[1], offstr[0], offstr[1],
1639	ovlsiz[1], offstr[2]);
1640	return true;
1641	}
1642
1643	if (sizrange[1] >= 0 && sizrange[1] < maxobjsize.to_shwi ())
1644	{
1645	if (open_range)
1646	warning_n (loc, OPT_Wrestrict, ovlsiz[1],
1647	"%qD accessing between %wu and %wu bytes "
1648	"may overlap %wu byte",
1649	"%qD accessing between %wu and %wu bytes "
1650	"may overlap up to %wu bytes",
1651	func, sizrange[0], sizrange[1], ovlsiz[1]);
1652	else
1653	warning_n (loc, OPT_Wrestrict, ovlsiz[1],
1654	"%qD accessing between %wu and %wu bytes "
1655	"at offsets %s and %s may overlap %wu byte "
1656	"at offset %s",
1657	"%qD accessing between %wu and %wu bytes "
1658	"at offsets %s and %s may overlap up to %wu "
1659	"bytes at offset %s",
1660	func, sizrange[0], sizrange[1],
1661	offstr[0], offstr[1], ovlsiz[1], offstr[2]);
1662	return true;
1663	}
1664
1665	warning_n (loc, OPT_Wrestrict, ovlsiz[1],
1666	"%qD accessing %wu or more bytes at offsets %s "
1667	"and %s may overlap %wu byte at offset %s",
1668	"%qD accessing %wu or more bytes at offsets %s "
1669	"and %s may overlap up to %wu bytes at offset %s",
1670	func, sizrange[0], offstr[0], offstr[1],
1671	ovlsiz[1], offstr[2]);
1672
1673	return true;
1674	}
1675
1676	/* Validate REF size and offsets in an expression passed as an argument
1677	to a CALL to a built-in function FUNC to make sure they are within
1678	the bounds of the referenced object if its size is known, or
1679	PTRDIFF_MAX otherwise. DO_WARN is true when a diagnostic should
1680	be issued, false otherwise.
1681	Both initial values of the offsets and their final value computed
1682	by the function by incrementing the initial value by the size are
1683	validated. Return the warning number if the offsets are not valid
1684	and a diagnostic has been issued, or would have been issued if
1685	DO_WARN had been true, otherwise an invalid warning number. */
1686
1687	static opt_code
1688	maybe_diag_access_bounds (gimple *call, tree func, int strict,
1689	const builtin_memref &ref, offset_int wroff,
1690	bool do_warn)
1691	{
1692	location_t loc = gimple_location (g: call);
1693	const offset_int maxobjsize = ref.maxobjsize;
1694
1695	/* Check for excessive size first and regardless of warning options
1696	since the result is used to make codegen decisions. */
1697	if (ref.sizrange[0] > maxobjsize)
1698	{
1699	const opt_code opt = OPT_Wstringop_overflow_;
1700	/* Return true without issuing a warning. */
1701	if (!do_warn)
1702	return opt;
1703
1704	if (ref.ref && warning_suppressed_p (ref.ref, OPT_Wstringop_overflow_))
1705	return no_warning;
1706
1707	bool warned = false;
1708	if (warn_stringop_overflow)
1709	{
1710	if (ref.sizrange[0] == ref.sizrange[1])
1711	warned = warning_at (loc, opt,
1712	"%qD specified bound %wu "
1713	"exceeds maximum object size %wu",
1714	func, ref.sizrange[0].to_uhwi (),
1715	maxobjsize.to_uhwi ());
1716	else
1717	warned = warning_at (loc, opt,
1718	"%qD specified bound between %wu and %wu "
1719	"exceeds maximum object size %wu",
1720	func, ref.sizrange[0].to_uhwi (),
1721	ref.sizrange[1].to_uhwi (),
1722	maxobjsize.to_uhwi ());
1723	return warned ? opt : no_warning;
1724	}
1725	}
1726
1727	/* Check for out-bounds pointers regardless of warning options since
1728	the result is used to make codegen decisions. An excessive WROFF
1729	can only come up as a result of an invalid strncat bound and is
1730	diagnosed separately using a more meaningful warning. */
1731	if (maxobjsize < wroff)
1732	wroff = 0;
1733	offset_int ooboff[] = { ref.offrange[0], ref.offrange[1], wroff };
1734	tree oobref = ref.offset_out_of_bounds (strict, ooboff);
1735	if (!oobref)
1736	return no_warning;
1737
1738	const opt_code opt = OPT_Warray_bounds_;
1739	/* Return true without issuing a warning. */
1740	if (!do_warn)
1741	return opt;
1742
1743	if (!warn_array_bounds)
1744	return no_warning;
1745
1746	if (warning_suppressed_p (ref.ptr, opt)
1747	|| (ref.ref && warning_suppressed_p (ref.ref, opt)))
1748	return no_warning;
1749
1750	char rangestr[2][64];
1751	if (ooboff[0] == ooboff[1]
1752	|| (ooboff[0] != ref.offrange[0]
1753	&& ooboff[0].to_shwi () >= ooboff[1].to_shwi ()))
1754	sprintf (s: rangestr[0], format: "%lli", (long long) ooboff[0].to_shwi ());
1755	else
1756	sprintf (s: rangestr[0], format: "[%lli, %lli]",
1757	(long long) ooboff[0].to_shwi (),
1758	(long long) ooboff[1].to_shwi ());
1759
1760	bool warned = false;
1761
1762	if (oobref == error_mark_node)
1763	{
1764	if (ref.sizrange[0] == ref.sizrange[1])
1765	sprintf (s: rangestr[1], format: "%llu",
1766	(unsigned long long) ref.sizrange[0].to_shwi ());
1767	else
1768	sprintf (s: rangestr[1], format: "[%lli, %lli]",
1769	(unsigned long long) ref.sizrange[0].to_uhwi (),
1770	(unsigned long long) ref.sizrange[1].to_uhwi ());
1771
1772	tree type;
1773
1774	if (DECL_P (ref.base)
1775	&& TREE_CODE (type = TREE_TYPE (ref.base)) == ARRAY_TYPE)
1776	{
1777	auto_diagnostic_group d;
1778	if (warning_at (loc, opt,
1779	"%qD pointer overflow between offset %s "
1780	"and size %s accessing array %qD with type %qT",
1781	func, rangestr[0], rangestr[1], ref.base, type))
1782	{
1783	inform (DECL_SOURCE_LOCATION (ref.base),
1784	"array %qD declared here", ref.base);
1785	warned = true;
1786	}
1787	else
1788	warned = warning_at (loc, opt,
1789	"%qD pointer overflow between offset %s "
1790	"and size %s",
1791	func, rangestr[0], rangestr[1]);
1792	}
1793	else
1794	warned = warning_at (loc, opt,
1795	"%qD pointer overflow between offset %s "
1796	"and size %s",
1797	func, rangestr[0], rangestr[1]);
1798	}
1799	else if (oobref == ref.base)
1800	{
1801	/* True when the offset formed by an access to the reference
1802	is out of bounds, rather than the initial offset wich is
1803	in bounds. This implies access past the end. */
1804	bool form = ooboff[0] != ref.offrange[0];
1805
1806	if (DECL_P (ref.base))
1807	{
1808	auto_diagnostic_group d;
1809	if ((ref.basesize < maxobjsize
1810	&& warning_at (loc, opt,
1811	form
1812	? G_("%qD forming offset %s is out of "
1813	"the bounds [0, %wu] of object %qD with "
1814	"type %qT")
1815	: G_("%qD offset %s is out of the bounds "
1816	"[0, %wu] of object %qD with type %qT"),
1817	func, rangestr[0], ref.basesize.to_uhwi (),
1818	ref.base, TREE_TYPE (ref.base)))
1819	|| warning_at (loc, opt,
1820	form
1821	? G_("%qD forming offset %s is out of "
1822	"the bounds of object %qD with type %qT")
1823	: G_("%qD offset %s is out of the bounds "
1824	"of object %qD with type %qT"),
1825	func, rangestr[0],
1826	ref.base, TREE_TYPE (ref.base)))
1827	{
1828	inform (DECL_SOURCE_LOCATION (ref.base),
1829	"%qD declared here", ref.base);
1830	warned = true;
1831	}
1832	}
1833	else if (ref.basesize < maxobjsize)
1834	warned = warning_at (loc, opt,
1835	form
1836	? G_("%qD forming offset %s is out "
1837	"of the bounds [0, %wu]")
1838	: G_("%qD offset %s is out "
1839	"of the bounds [0, %wu]"),
1840	func, rangestr[0], ref.basesize.to_uhwi ());
1841	else
1842	warned = warning_at (loc, opt,
1843	form
1844	? G_("%qD forming offset %s is out of bounds")
1845	: G_("%qD offset %s is out of bounds"),
1846	func, rangestr[0]);
1847	}
1848	else if (TREE_CODE (ref.ref) == MEM_REF)
1849	{
1850	tree refop = TREE_OPERAND (ref.ref, 0);
1851	tree type = TREE_TYPE (refop);
1852	if (POINTER_TYPE_P (type))
1853	type = TREE_TYPE (type);
1854	type = TYPE_MAIN_VARIANT (type);
1855
1856	if (warning_at (loc, opt,
1857	"%qD offset %s from the object at %qE is out "
1858	"of the bounds of %qT",
1859	func, rangestr[0], ref.base, type))
1860	{
1861	if (TREE_CODE (ref.ref) == COMPONENT_REF)
1862	refop = TREE_OPERAND (ref.ref, 1);
1863	if (DECL_P (refop))
1864	inform (DECL_SOURCE_LOCATION (refop),
1865	"subobject %qD declared here", refop);
1866	warned = true;
1867	}
1868	}
1869	else
1870	{
1871	tree refop = TREE_OPERAND (ref.ref, 0);
1872	tree type = TYPE_MAIN_VARIANT (TREE_TYPE (ref.ref));
1873
1874	if (warning_at (loc, opt,
1875	"%qD offset %s from the object at %qE is out "
1876	"of the bounds of referenced subobject %qD with "
1877	"type %qT at offset %wi",
1878	func, rangestr[0], ref.base,
1879	TREE_OPERAND (ref.ref, 1), type,
1880	ref.refoff.to_shwi ()))
1881	{
1882	if (TREE_CODE (ref.ref) == COMPONENT_REF)
1883	refop = TREE_OPERAND (ref.ref, 1);
1884	if (DECL_P (refop))
1885	inform (DECL_SOURCE_LOCATION (refop),
1886	"subobject %qD declared here", refop);
1887	warned = true;
1888	}
1889	}
1890
1891	return warned ? opt : no_warning;
1892	}
1893
1894	/* Check a CALL statement for restrict-violations and issue warnings
1895	if/when appropriate. */
1896
1897	void
1898	pass_wrestrict::check_call (gimple *call)
1899	{
1900	/* Avoid checking the call if it has already been diagnosed for
1901	some reason. */
1902	if (warning_suppressed_p (call, OPT_Wrestrict))
1903	return;
1904
1905	tree func = gimple_call_fndecl (gs: call);
1906	if (!func || !fndecl_built_in_p (node: func, klass: BUILT_IN_NORMAL))
1907	return;
1908
1909	/* Argument number to extract from the call (depends on the built-in
1910	and its kind). */
1911	unsigned dst_idx = -1;
1912	unsigned src_idx = -1;
1913	unsigned bnd_idx = -1;
1914
1915	/* Is this CALL to a string function (as opposed to one to a raw
1916	memory function). */
1917	bool strfun = true;
1918
1919	switch (DECL_FUNCTION_CODE (decl: func))
1920	{
1921	case BUILT_IN_MEMCPY:
1922	case BUILT_IN_MEMCPY_CHK:
1923	case BUILT_IN_MEMPCPY:
1924	case BUILT_IN_MEMPCPY_CHK:
1925	case BUILT_IN_MEMMOVE:
1926	case BUILT_IN_MEMMOVE_CHK:
1927	strfun = false;
1928	/* Fall through. */
1929
1930	case BUILT_IN_STPNCPY:
1931	case BUILT_IN_STPNCPY_CHK:
1932	case BUILT_IN_STRNCAT:
1933	case BUILT_IN_STRNCAT_CHK:
1934	case BUILT_IN_STRNCPY:
1935	case BUILT_IN_STRNCPY_CHK:
1936	dst_idx = 0;
1937	src_idx = 1;
1938	bnd_idx = 2;
1939	break;
1940
1941	case BUILT_IN_MEMSET:
1942	case BUILT_IN_MEMSET_CHK:
1943	dst_idx = 0;
1944	bnd_idx = 2;
1945	break;
1946
1947	case BUILT_IN_STPCPY:
1948	case BUILT_IN_STPCPY_CHK:
1949	case BUILT_IN_STRCPY:
1950	case BUILT_IN_STRCPY_CHK:
1951	case BUILT_IN_STRCAT:
1952	case BUILT_IN_STRCAT_CHK:
1953	dst_idx = 0;
1954	src_idx = 1;
1955	break;
1956
1957	default:
1958	/* Handle other string functions here whose access may need
1959	to be validated for in-bounds offsets and non-overlapping
1960	copies. */
1961	return;
1962	}
1963
1964	unsigned nargs = gimple_call_num_args (gs: call);
1965
1966	tree dst = dst_idx < nargs ? gimple_call_arg (gs: call, index: dst_idx) : NULL_TREE;
1967	tree src = src_idx < nargs ? gimple_call_arg (gs: call, index: src_idx) : NULL_TREE;
1968	tree dstwr = bnd_idx < nargs ? gimple_call_arg (gs: call, index: bnd_idx) : NULL_TREE;
1969
1970	/* For string functions with an unspecified or unknown bound,
1971	assume the size of the access is one. */
1972	if (!dstwr && strfun)
1973	dstwr = size_one_node;
1974
1975	/* DST and SRC can be null for a call with an insufficient number
1976	of arguments to a built-in function declared without a protype. */
1977	if (!dst || (src_idx < nargs && !src))
1978	return;
1979
1980	/* DST, SRC, or DSTWR can also have the wrong type in a call to
1981	a function declared without a prototype. Avoid checking such
1982	invalid calls. */
1983	if (TREE_CODE (TREE_TYPE (dst)) != POINTER_TYPE
1984	|| (src && TREE_CODE (TREE_TYPE (src)) != POINTER_TYPE)
1985	|| (dstwr && !INTEGRAL_TYPE_P (TREE_TYPE (dstwr))))
1986	return;
1987
1988	opt_code opt = check_bounds_or_overlap (m_ptr_qry, call, dst, src, dstwr,
1989	NULL_TREE);
1990	/* Avoid diagnosing the call again. */
1991	suppress_warning (call, opt);
1992	}
1993
1994	} /* anonymous namespace */
1995
1996	/* Attempt to detect and diagnose invalid offset bounds and (except for
1997	memmove) overlapping copy in a call expression EXPR from SRC to DST
1998	and DSTSIZE and SRCSIZE bytes, respectively. Both DSTSIZE and
1999	SRCSIZE may be NULL. DO_WARN is false to detect either problem
2000	without issue a warning. Return the OPT_Wxxx constant corresponding
2001	to the warning if one has been detected and zero otherwise. */
2002
2003	opt_code
2004	check_bounds_or_overlap (gimple *call, tree dst, tree src, tree dstsize,
2005	tree srcsize, bool bounds_only /* = false */,
2006	bool do_warn /* = true */)
2007	{
2008	pointer_query ptrqry (get_range_query (cfun));
2009	return check_bounds_or_overlap (ptrqry,
2010	call, dst, src, dstsize, srcsize,
2011	bounds_only, do_warn);
2012	}
2013
2014	opt_code
2015	check_bounds_or_overlap (pointer_query &ptrqry,
2016	gimple *call, tree dst, tree src, tree dstsize,
2017	tree srcsize, bool bounds_only /* = false */,
2018	bool do_warn /* = true */)
2019	{
2020	tree func = gimple_call_fndecl (gs: call);
2021
2022	builtin_memref dstref (ptrqry, call, dst, dstsize);
2023	builtin_memref srcref (ptrqry, call, src, srcsize);
2024
2025	/* Create a descriptor of the access. This may adjust both DSTREF
2026	and SRCREF based on one another and the kind of the access. */
2027	builtin_access acs (ptrqry, call, dstref, srcref);
2028
2029	/* Set STRICT to the value of the -Warray-bounds=N argument for
2030	string functions or when N > 1. */
2031	int strict = (acs.strict () || warn_array_bounds > 1 ? warn_array_bounds : 0);
2032
2033	/* The starting offset of the destination write access. Nonzero only
2034	for the strcat family of functions. */
2035	offset_int wroff = acs.write_off (startlen: dstsize);
2036
2037	/* Validate offsets to each reference before the access first to make
2038	sure they are within the bounds of the destination object if its
2039	size is known, or PTRDIFF_MAX otherwise. */
2040	opt_code opt
2041	= maybe_diag_access_bounds (call, func, strict, ref: dstref, wroff, do_warn);
2042	if (opt == no_warning)
2043	opt = maybe_diag_access_bounds (call, func, strict, ref: srcref, wroff: 0, do_warn);
2044
2045	if (opt != no_warning)
2046	{
2047	if (do_warn)
2048	suppress_warning (call, opt);
2049	return opt;
2050	}
2051
2052	if (!warn_restrict || bounds_only || !src)
2053	return no_warning;
2054
2055	if (!bounds_only)
2056	{
2057	switch (DECL_FUNCTION_CODE (decl: func))
2058	{
2059	case BUILT_IN_MEMMOVE:
2060	case BUILT_IN_MEMMOVE_CHK:
2061	case BUILT_IN_MEMSET:
2062	case BUILT_IN_MEMSET_CHK:
2063	return no_warning;
2064	default:
2065	break;
2066	}
2067	}
2068
2069	location_t loc = gimple_location (g: call);
2070	if (operand_equal_p (dst, src, flags: 0))
2071	{
2072	/* Issue -Wrestrict unless the pointers are null (those do
2073	not point to objects and so do not indicate an overlap;
2074	such calls could be the result of sanitization and jump
2075	threading). */
2076	if (!integer_zerop (dst) && !warning_suppressed_p (call, OPT_Wrestrict))
2077	{
2078	warning_at (loc, OPT_Wrestrict,
2079	"%qD source argument is the same as destination",
2080	func);
2081	suppress_warning (call, OPT_Wrestrict);
2082	return OPT_Wrestrict;
2083	}
2084
2085	return no_warning;
2086	}
2087
2088	/* Return false when overlap has been detected. */
2089	if (maybe_diag_overlap (loc, call, acs))
2090	{
2091	suppress_warning (call, OPT_Wrestrict);
2092	return OPT_Wrestrict;
2093	}
2094
2095	return no_warning;
2096	}
2097
2098	gimple_opt_pass *
2099	make_pass_warn_restrict (gcc::context *ctxt)
2100	{
2101	return new pass_wrestrict (ctxt);
2102	}
2103
2104	DEBUG_FUNCTION void
2105	dump_builtin_memref (FILE *fp, const builtin_memref &ref)
2106	{
2107	fprintf (stream: fp, format: "\n ptr = ");
2108	print_generic_expr (fp, ref.ptr, TDF_LINENO);
2109	fprintf (stream: fp, format: "\n ref = ");
2110	if (ref.ref)
2111	print_generic_expr (fp, ref.ref, TDF_LINENO);
2112	else
2113	fputs (s: "null", stream: fp);
2114	fprintf (stream: fp, format: "\n base = ");
2115	print_generic_expr (fp, ref.base, TDF_LINENO);
2116	fprintf (stream: fp,
2117	format: "\n basesize = %lli"
2118	"\n refsize = %lli"
2119	"\n refoff = %lli"
2120	"\n offrange = [%lli, %lli]"
2121	"\n sizrange = [%lli, %lli]"
2122	"\n strbounded_p = %s\n",
2123	(long long)ref.basesize.to_shwi (),
2124	(long long)ref.refsize.to_shwi (),
2125	(long long)ref.refoff.to_shwi (),
2126	(long long)ref.offrange[0].to_shwi (),
2127	(long long)ref.offrange[1].to_shwi (),
2128	(long long)ref.sizrange[0].to_shwi (),
2129	(long long)ref.sizrange[1].to_shwi (),
2130	ref.strbounded_p ? "true" : "false");
2131	}
2132
2133	void
2134	builtin_access::dump (FILE *fp) const
2135	{
2136	fprintf (stream: fp, format: " dstref:");
2137	dump_builtin_memref (fp, ref: *dstref);
2138	fprintf (stream: fp, format: "\n srcref:");
2139	dump_builtin_memref (fp, ref: *srcref);
2140
2141	fprintf (stream: fp,
2142	format: " sizrange = [%lli, %lli]\n"
2143	" ovloff = [%lli, %lli]\n"
2144	" ovlsiz = [%lli, %lli]\n"
2145	" dstoff = [%lli, %lli]\n"
2146	" dstsiz = [%lli, %lli]\n"
2147	" srcoff = [%lli, %lli]\n"
2148	" srcsiz = [%lli, %lli]\n",
2149	(long long)sizrange[0], (long long)sizrange[1],
2150	(long long)ovloff[0], (long long)ovloff[1],
2151	(long long)ovlsiz[0], (long long)ovlsiz[1],
2152	(long long)dstoff[0].to_shwi (), (long long)dstoff[1].to_shwi (),
2153	(long long)dstsiz[0].to_shwi (), (long long)dstsiz[1].to_shwi (),
2154	(long long)srcoff[0].to_shwi (), (long long)srcoff[1].to_shwi (),
2155	(long long)srcsiz[0].to_shwi (), (long long)srcsiz[1].to_shwi ());
2156	}
2157
2158	DEBUG_FUNCTION void
2159	dump_builtin_access (FILE *fp, gimple *stmt, const builtin_access &acs)
2160	{
2161	if (stmt)
2162	{
2163	fprintf (stream: fp, format: "\nDumping builtin_access for ");
2164	print_gimple_expr (fp, stmt, TDF_LINENO);
2165	fputs (s: ":\n", stream: fp);
2166	}
2167
2168	acs.dump (fp);
2169	}
2170
2171	DEBUG_FUNCTION void
2172	debug (gimple *stmt, const builtin_access &acs)
2173	{
2174	dump_builtin_access (stdout, stmt, acs);
2175	}
2176