* builtin-attrs.def (DEF_ATTR_FOR_INT): Add for 5 and 6.

	(DEF_LIST_INT_INT): Add for 4,0, 4,5, 5,0, 5,6.
	(ATTR_NOTHROW_NONNULL_4, ATTR_NOTHROW_NONNULL_5): Define.
	(ATTR_FORMAT_PRINTF_4_0, ATTR_FORMAT_PRINTF_4_5,
	ATTR_FORMAT_PRINTF_5_0, ATTR_FORMAT_PRINTF_5_6): Define.
	* builtins.c: Include tree-flow.h.
	(expand_builtin_mempcpy, expand_builtin_memmove): Comment fixes.
	(expand_builtin_object_size, expand_builtin_memory_chk,
	maybe_emit_chk_warning, maybe_emit_sprintf_chk_warning,
	compute_object_offset, compute_builtin_object_size,
	fold_builtin_object_size): New functions.
	(expand_builtin): Handle BUILT_IN_OBJECT_SIZE and BUILT_IN_*_CHK.
	(fold_builtin_1): Likewise.  Handle BUILT_IN_{,V}{,F}PRINTF
	and BUILT_IN_{,F}PRINTF_UNLOCKED.
	(fold_builtin_memory_chk, fold_builtin_stxcpy_chk,
	fold_builtin_strncpy_chk, fold_builtin_strcat_chk,
	fold_builtin_strncat_chk, fold_builtin_sprintf_chk,
	fold_builtin_snprintf_chk, fold_builtin_printf, fold_builtin_fprintf):
	New functions.
	* builtins.def (BUILT_IN_OBJECT_SIZE, BUILT_IN_MEMCPY_CHK,
	BUILT_IN_MEMMOVE_CHK, BUILT_IN_MEMPCPY_CHK, BUILT_IN_MEMSET_CHK,
	BUILT_IN_STPCPY_CHK, BUILT_IN_STRCAT_CHK, BUILT_IN_STRCPY_CHK,
	BUILT_IN_STRNCAT_CHK, BUILT_IN_STRNCPY_CHK, BUILT_IN_SNPRINTF_CHK,
	BUILT_IN_SPRINTF_CHK, BUILT_IN_VSNPRINTF_CHK, BUILT_IN_VSPRINTF_CHK,
	BUILT_IN_FPRINTF_CHK, BUILT_IN_PRINTF_CHK, BUILT_IN_VFPRINTF_CHK,
	BUILT_IN_VPRINTF_CHK): New builtins.
	* builtin-types.def (DEF_FUNCTION_TYPE_5, DEF_FUNCTION_TYPE_VAR_4):
	Document.
	(BT_FN_SIZE_CONST_PTR_INT, BT_FN_INT_INT_CONST_STRING_VALIST_ARG,
	BT_FN_PTR_PTR_CONST_PTR_SIZE_SIZE, BT_FN_PTR_PTR_INT_SIZE_SIZE,
	BT_FN_STRING_STRING_CONST_STRING_SIZE_SIZE,
	BT_FN_INT_FILEPTR_INT_CONST_STRING_VALIST_ARG,
	BT_FN_INT_STRING_INT_SIZE_CONST_STRING_VALIST_ARG,
	BT_FN_INT_STRING_SIZE_INT_SIZE_CONST_STRING_VALIST_ARG,
	BT_FN_INT_INT_CONST_STRING_VAR, BT_FN_INT_FILEPTR_INT_CONST_STRING_VAR,
	BT_FN_INT_STRING_INT_SIZE_CONST_STRING_VAR,
	BT_FN_INT_STRING_SIZE_INT_SIZE_CONST_STRING_VAR): New types.
	* c-common.c (DEF_FUNCTION_TYPE_5, DEF_FUNCTION_TYPE_6,
	DEF_FUNCTION_TYPE_VAR_4, DEF_FUNCTION_TYPE_VAR_5): Define.
	* Makefile.in (OBJS-common): Add tree-object-size.o.
	(tree-object-size.o): Add dependencies.
	* tree-pass.h (pass_object_sizes): Add.
	* tree-optimize.c (init_tree_optimization_passes): Add
	pass_object_sizes.
	* tree-object-size.c: New file.
	* tree.h (fold_builtin_memory_chk, fold_builtin_stxcpy_chk,
	fold_builtin_strncpy_chk, fold_builtin_snprintf_chk,
	compute_builtin_object_size, init_object_sizes, fini_object_sizes):
	New prototypes.
	* tree-ssa-ccp.c (get_strlen): Rename to ...
	(get_maxval_strlen): ...this function.  Handle also computing of maximum
	string length and maximum integral value.
	(ccp_fold_builtin): Handle BUILT_IN_*_CHK.  Use get_maxval_strlen
	instead of get_strlen.  Pass CALLEE and ARGLIST variables to the
	folding functions instead of computing them again.
	(execute_fold_all_builtins): Retry ccp_fold_builtin if a builtin changed
	into some other builtin.
	* doc/extend.texi (Object Size Checking): Document.

	* gcc.c-torture/execute/builtins/lib/main.c (abort): Add prototype.
	* gcc.c-torture/execute/builtins/lib/strncat.c (strncat): Avoid
	testing uninitialized var.

	* gcc.c-torture/execute/builtins/chk.h: New.
	* gcc.c-torture/execute/builtins/lib/chk.c: New.
	* gcc.c-torture/execute/builtins/memcpy-chk.c: New test.
	* gcc.c-torture/execute/builtins/memcpy-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/memmove-chk.c: New test.
	* gcc.c-torture/execute/builtins/memmove-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/mempcpy-chk.c: New test.
	* gcc.c-torture/execute/builtins/mempcpy-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/memset-chk.c: New test.
	* gcc.c-torture/execute/builtins/memset-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/snprintf-chk.c: New test.
	* gcc.c-torture/execute/builtins/snprintf-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/sprintf-chk.c: New test.
	* gcc.c-torture/execute/builtins/sprintf-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/stpcpy-chk.c: New test.
	* gcc.c-torture/execute/builtins/stpcpy-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/strcat-chk.c: New test.
	* gcc.c-torture/execute/builtins/strcat-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/strcpy-chk.c: New test.
	* gcc.c-torture/execute/builtins/strcpy-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/strncat-chk.c: New test.
	* gcc.c-torture/execute/builtins/strncat-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/strncpy-chk.c: New test.
	* gcc.c-torture/execute/builtins/strncpy-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/vsnprintf-chk.c: New test.
	* gcc.c-torture/execute/builtins/vsnprintf-chk-lib.c: New.
	* gcc.c-torture/execute/builtins/vsprintf-chk.c: New test.
	* gcc.c-torture/execute/builtins/vsprintf-chk-lib.c: New.
	* gcc.dg/builtin-object-size-1.c: New test.
	* gcc.dg/builtin-object-size-2.c: New test.
	* gcc.dg/builtin-object-size-3.c: New test.
	* gcc.dg/builtin-object-size-4.c: New test.
	* gcc.dg/builtin-object-size-5.c: New test.
	* gcc.dg/builtin-stringop-chk-1.c: New test.
	* gcc.dg/builtin-stringop-chk-2.c: New test.
	* gcc.dg/tree-ssa/builtin-fprintf-1.c: New test.
	* gcc.dg/tree-ssa/builtin-fprintf-chk-1.c: New test.
	* gcc.dg/tree-ssa/builtin-printf-1.c: New test.
	* gcc.dg/tree-ssa/builtin-printf-chk-1.c: New test.
	* gcc.dg/tree-ssa/builtin-vfprintf-1.c: New test.
	* gcc.dg/tree-ssa/builtin-vfprintf-chk-1.c: New test.
	* gcc.dg/tree-ssa/builtin-vprintf-1.c: New test.
	* gcc.dg/tree-ssa/builtin-vprintf-chk-1.c: New test.
	* gcc.c-torture/execute/printf-1.c: New test.
	* gcc.c-torture/execute/fprintf-1.c: New test.
	* gcc.c-torture/execute/vprintf-1.c: New test.
	* gcc.c-torture/execute/vfprintf-1.c: New test.
	* gcc.c-torture/execute/printf-chk-1.c: New test.
	* gcc.c-torture/execute/fprintf-chk-1.c: New test.
	* gcc.c-torture/execute/vprintf-chk-1.c: New test.
	* gcc.c-torture/execute/vfprintf-chk-1.c: New test.


git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@101352 138bc75d-0d04-0410-961f-82ee72b054a4

1 files changed, 234 insertions, 0 deletions

diff --git a/gcc/testsuite/gcc.c-torture/execute/builtins/strcpy-chk.c b/gcc/testsuite/gcc.c-torture/execute/builtins/strcpy-chk.c
new file mode 100644
index 00000000000..002dd19500e
--- /dev/null
+++ b/gcc/testsuite/gcc.c-torture/execute/builtins/strcpy-chk.c
@@ -0,0 +1,234 @@
+/* Copyright (C) 2004, 2005  Free Software Foundation.
+
+   Ensure builtin __strcpy_chk performs correctly.  */
+
+extern void abort (void);
+typedef __SIZE_TYPE__ size_t;
+extern size_t strlen(const char *);
+extern void *memcpy (void *, const void *, size_t);
+extern char *strcpy (char *, const char *);
+extern int memcmp (const void *, const void *, size_t);
+
+#include "chk.h"
+
+const char s1[] = "123";
+char p[32] = "";
+char *s2 = "defg";
+char *s3 = "FGH";
+char *s4;
+size_t l1 = 1;
+
+void
+__attribute__((noinline))
+test1 (void)
+{
+  chk_calls = 0;
+#ifndef __OPTIMIZE_SIZE__
+  strcpy_disallowed = 1;
+#else
+  strcpy_disallowed = 0;
+#endif
+
+  if (strcpy (p, "abcde") != p || memcmp (p, "abcde", 6))
+    abort ();
+  if (strcpy (p + 16, "vwxyz" + 1) != p + 16 || memcmp (p + 16, "wxyz", 5))
+    abort ();
+  if (strcpy (p + 1, "") != p + 1 || memcmp (p, "a\0cde", 6))
+    abort ();  
+  if (strcpy (p + 3, "fghij") != p + 3 || memcmp (p, "a\0cfghij", 9))
+    abort ();
+
+  /* Test at least one instance of the __builtin_ style.  We do this
+     to ensure that it works and that the prototype is correct.  */
+  if (__builtin_strcpy (p, "abcde") != p || memcmp (p, "abcde", 6))
+    abort ();
+
+  strcpy_disallowed = 0;
+  if (chk_calls)
+    abort ();
+}
+
+#ifndef MAX_OFFSET
+#define MAX_OFFSET (sizeof (long long))
+#endif
+
+#ifndef MAX_COPY
+#define MAX_COPY (10 * sizeof (long long))
+#endif
+
+#ifndef MAX_EXTRA
+#define MAX_EXTRA (sizeof (long long))
+#endif
+
+#define MAX_LENGTH (MAX_OFFSET + MAX_COPY + 1 + MAX_EXTRA)
+
+/* Use a sequence length that is not divisible by two, to make it more
+   likely to detect when words are mixed up.  */
+#define SEQUENCE_LENGTH 31
+
+static union {
+  char buf[MAX_LENGTH];
+  long long align_int;
+  long double align_fp;
+} u1, u2;
+
+void
+__attribute__((noinline))
+test2 (void)
+{
+  int off1, off2, len, i;
+  char *p, *q, c;
+
+  for (off1 = 0; off1 < MAX_OFFSET; off1++)
+    for (off2 = 0; off2 < MAX_OFFSET; off2++)
+      for (len = 1; len < MAX_COPY; len++)
+	{
+	  for (i = 0, c = 'A'; i < MAX_LENGTH; i++, c++)
+	    {
+	      u1.buf[i] = 'a';
+	      if (c >= 'A' + SEQUENCE_LENGTH)
+		c = 'A';
+	      u2.buf[i] = c;
+	    }
+	  u2.buf[off2 + len] = '\0';
+
+	  p = strcpy (u1.buf + off1, u2.buf + off2);
+	  if (p != u1.buf + off1)
+	    abort ();
+
+	  q = u1.buf;
+	  for (i = 0; i < off1; i++, q++)
+	    if (*q != 'a')
+	      abort ();
+
+	  for (i = 0, c = 'A' + off2; i < len; i++, q++, c++)
+	    {
+	      if (c >= 'A' + SEQUENCE_LENGTH)
+		c = 'A';
+	      if (*q != c)
+		abort ();
+	    }
+
+	  if (*q++ != '\0')
+	    abort ();
+	  for (i = 0; i < MAX_EXTRA; i++, q++)
+	    if (*q != 'a')
+	      abort ();
+	}
+}
+
+/* Test whether compile time checking is done where it should
+   and so is runtime object size checking.  */
+void
+__attribute__((noinline))
+test3 (void)
+{
+  struct A { char buf1[10]; char buf2[10]; } a;
+  char *r = l1 == 1 ? &a.buf1[5] : &a.buf2[4];
+  char buf3[20];
+  int i;
+  const char *l;
+
+  /* The following calls should do runtime checking
+     - source length is not known, but destination is.  */
+  chk_calls = 0;
+  strcpy (a.buf1 + 2, s3 + 3);
+  strcpy (r, s3 + 2);
+  r = l1 == 1 ? __builtin_alloca (4) : &a.buf2[7];
+  strcpy (r, s2 + 2);
+  strcpy (r + 2, s3 + 3);
+  r = buf3;
+  for (i = 0; i < 4; ++i)
+    {
+      if (i == l1 - 1)
+	r = &a.buf1[1];
+      else if (i == l1)
+	r = &a.buf2[7];
+      else if (i == l1 + 1)
+	r = &buf3[5];
+      else if (i == l1 + 2)
+	r = &a.buf1[9];
+    }
+  strcpy (r, s2 + 4);
+  if (chk_calls != 5)
+    abort ();
+
+  /* Following have known destination and known source length,
+     so if optimizing certainly shouldn't result in the checking
+     variants.  */
+  chk_calls = 0;
+  strcpy (a.buf1 + 2, "");
+  strcpy (r, "a");
+  r = l1 == 1 ? __builtin_alloca (4) : &a.buf2[7];
+  strcpy (r, s1 + 1);
+  r = buf3;
+  l = "abc";
+  for (i = 0; i < 4; ++i)
+    {
+      if (i == l1 - 1)
+	r = &a.buf1[1], l = "e";
+      else if (i == l1)
+	r = &a.buf2[7], l = "gh";
+      else if (i == l1 + 1)
+	r = &buf3[5], l = "jkl";
+      else if (i == l1 + 2)
+	r = &a.buf1[9], l = "";
+    }
+  strcpy (r, "");
+  /* Here, strlen (l) + 1 is known to be at most 4 and
+     __builtin_object_size (&buf3[16], 0) is 4, so this doesn't need
+     runtime checking.  */
+  strcpy (&buf3[16], l);
+  /* Unknown destination and source, no checking.  */
+  strcpy (s4, s3);
+  if (chk_calls)
+    abort ();
+  chk_calls = 0;
+}
+
+/* Test whether runtime and/or compile time checking catches
+   buffer overflows.  */
+void
+__attribute__((noinline))
+test4 (void)
+{
+  struct A { char buf1[10]; char buf2[10]; } a;
+  char buf3[20];
+
+  chk_fail_allowed = 1;
+  /* Runtime checks.  */
+  if (__builtin_setjmp (chk_fail_buf) == 0)
+    {
+      strcpy (&a.buf2[9], s2 + 3);
+      abort ();
+    }
+  if (__builtin_setjmp (chk_fail_buf) == 0)
+    {
+      strcpy (&a.buf2[7], s3 + strlen (s3) - 3);
+      abort ();
+    }
+  /* This should be detectable at compile time already.  */
+  if (__builtin_setjmp (chk_fail_buf) == 0)
+    {
+      strcpy (&buf3[19], "a");
+      abort ();
+    }
+  chk_fail_allowed = 0;
+}
+
+void
+main_test (void)
+{
+#ifndef __OPTIMIZE__
+  /* Object size checking is only intended for -O[s123].  */
+  return;
+#endif
+  __asm ("" : "=r" (s2) : "0" (s2));
+  __asm ("" : "=r" (s3) : "0" (s3));
+  __asm ("" : "=r" (l1) : "0" (l1));
+  test1 ();
+  test2 ();
+  s4 = p;
+  test3 ();
+  test4 ();
+}