CbC/CbC_gcc: gcc/gimple-ssa-sprintf.c comparison

comparison gcc/gimple-ssa-sprintf.c @ 131:84e7813d76e9

gcc-8.2

author	mir3636
date	Thu, 25 Oct 2018 07:37:49 +0900
parents	04ced10e8804
children	1830386684a0

comparison

equal deleted inserted replaced

-:04ced10e8804
+:84e7813d76e9
-/* Copyright (C) 2016-2017 Free Software Foundation, Inc.
+/* Copyright (C) 2016-2018 Free Software Foundation, Inc.
 Contributed by Martin Sebor <msebor@redhat.com>.
 This file is part of GCC.
 GCC is free software; you can redistribute it and/or modify it under
 #include "cpplib.h"
 #include "input.h"
 #include "toplev.h"
 #include "substring-locations.h"
 #include "diagnostic.h"
+#include "domwalk.h"
+#include "alloc-pool.h"
+#include "vr-values.h"
+#include "gimple-ssa-evrp-analyze.h"
 /* The likely worst case value of MB_LEN_MAX for the target, large enough
 for UTF-8.  Ideally, this would be obtained by a target hook if it were
 to be used for optimization but it's good enough as is for warnings.  */
 #define target_mb_len_max()   6
 static int warn_level;
 struct format_result;
+class sprintf_dom_walker : public dom_walker
+{
+public:
+sprintf_dom_walker () : dom_walker (CDI_DOMINATORS) {}
+~sprintf_dom_walker () {}
+edge before_dom_children (basic_block) FINAL OVERRIDE;
+void after_dom_children (basic_block) FINAL OVERRIDE;
+bool handle_gimple_call (gimple_stmt_iterator *);
+struct call_info;
+bool compute_format_length (call_info &, format_result *);
+class evrp_range_analyzer evrp_range_analyzer;
+};
 class pass_sprintf_length : public gimple_opt_pass
 {
 bool fold_return_value;
 public:
 {
 gcc_assert (n == 0);
 fold_return_value = param;
 }
-bool handle_gimple_call (gimple_stmt_iterator *);
-struct call_info;
-bool compute_format_length (call_info &, format_result *);
 };
 bool
 pass_sprintf_length::gate (function *)
 {
 in cases where strings of unknown lengths are bounded by the arrays
 they are determined to refer to.  KNOWNRANGE must not be used for
 the return value optimization.  */
 bool knownrange;
-/* True if no individual directive resulted in more than 4095 bytes
+/* True if no individual directive could fail or result in more than
-of output (the total NUMBER_CHARS_{MIN,MAX} might be greater).
+4095 bytes of output (the total NUMBER_CHARS_{MIN,MAX} might be
-Implementations are not required to handle directives that produce
+greater).  Implementations are not required to handle directives
-more than 4K bytes (leading to undefined behavior) and so when one
+that produce more than 4K bytes (leading to undefined behavior)
-is found it disables the return value optimization.  */
+and so when one is found it disables the return value optimization.
-bool under4k;
+Similarly, directives that can fail (such as wide character
+directives) disable the optimization.  */
+bool posunder4k;
 /* True when a floating point directive has been seen in the format
 string.  */
 bool floating;
 }
 return val;
 }
-/* Return the constant initial value of DECL if available or DECL
-otherwise.  Same as the synonymous function in c/c-typeck.c.  */
-static tree
-decl_constant_value (tree decl)
-{
-if (/* Don't change a variable array bound or initial value to a constant
-	 in a place where a variable is invalid.  Note that DECL_INITIAL
-	 isn't valid for a PARM_DECL.  */
-current_function_decl != 0
-&& TREE_CODE (decl) != PARM_DECL
-&& !TREE_THIS_VOLATILE (decl)
-&& TREE_READONLY (decl)
-&& DECL_INITIAL (decl) != 0
-&& TREE_CODE (DECL_INITIAL (decl)) != ERROR_MARK
-/* This is invalid if initial value is not constant.
-	 If it has either a function call, a memory reference,
-	 or a variable, then re-evaluating it could give different results.  */
-&& TREE_CONSTANT (DECL_INITIAL (decl))
-/* Check for cases where this is sub-optimal, even though valid.  */
-&& TREE_CODE (DECL_INITIAL (decl)) != CONSTRUCTOR)
-return DECL_INITIAL (decl);
-return decl;
-}
 /* Given FORMAT, set *PLOC to the source location of the format string
 and return the format string if it is known or null otherwise.  */
 static const char*
 get_format_string (tree format, location_t *ploc)
 {
-if (VAR_P (format))
-{
-/* Pull out a constant value if the front end didn't.  */
-format = decl_constant_value (format);
-STRIP_NOPS (format);
-}
-if (integer_zerop (format))
-{
-/* FIXME: Diagnose null format string if it hasn't been diagnosed
-	 by -Wformat (the latter diagnoses only nul pointer constants,
-	 this pass can do better).  */
-return NULL;
-}
-HOST_WIDE_INT offset = 0;
-if (TREE_CODE (format) == POINTER_PLUS_EXPR)
-{
-tree arg0 = TREE_OPERAND (format, 0);
-tree arg1 = TREE_OPERAND (format, 1);
-STRIP_NOPS (arg0);
-STRIP_NOPS (arg1);
-if (TREE_CODE (arg1) != INTEGER_CST)
-	return NULL;
-format = arg0;
-/* POINTER_PLUS_EXPR offsets are to be interpreted signed.  */
-if (!cst_and_fits_in_hwi (arg1))
-	return NULL;
-offset = int_cst_value (arg1);
-}
-if (TREE_CODE (format) != ADDR_EXPR)
-return NULL;
 *ploc = EXPR_LOC_OR_LOC (format, input_location);
-format = TREE_OPERAND (format, 0);
+return c_getstr (format);
+}
-if (TREE_CODE (format) == ARRAY_REF
-&& tree_fits_shwi_p (TREE_OPERAND (format, 1))
+/* For convenience and brevity, shorter named entrypoints of
-&& (offset += tree_to_shwi (TREE_OPERAND (format, 1))) >= 0)
+format_string_diagnostic_t::emit_warning_va and
-format = TREE_OPERAND (format, 0);
+format_string_diagnostic_t::emit_warning_n_va.
+These have to be functions with the attribute so that exgettext
-if (offset < 0)
+works properly.  */
-return NULL;
-tree array_init;
-tree array_size = NULL_TREE;
-if (VAR_P (format)
-&& TREE_CODE (TREE_TYPE (format)) == ARRAY_TYPE
-&& (array_init = decl_constant_value (format)) != format
-&& TREE_CODE (array_init) == STRING_CST)
-{
-/* Extract the string constant initializer.  Note that this may
-	 include a trailing NUL character that is not in the array (e.g.
-	 const char a[3] = "foo";).  */
-array_size = DECL_SIZE_UNIT (format);
-format = array_init;
-}
-if (TREE_CODE (format) != STRING_CST)
-return NULL;
-tree type = TREE_TYPE (format);
-scalar_int_mode char_mode;
-if (!is_int_mode (TYPE_MODE (TREE_TYPE (type)), &char_mode)
-|| GET_MODE_SIZE (char_mode) != 1)
-{
-/* Wide format string.  */
-return NULL;
-}
-const char *fmtstr = TREE_STRING_POINTER (format);
-unsigned fmtlen = TREE_STRING_LENGTH (format);
-if (array_size)
-{
-/* Variable length arrays can't be initialized.  */
-gcc_assert (TREE_CODE (array_size) == INTEGER_CST);
-if (tree_fits_shwi_p (array_size))
-	{
-	  HOST_WIDE_INT array_size_value = tree_to_shwi (array_size);
-	  if (array_size_value > 0
-	      && array_size_value == (int) array_size_value
-	      && fmtlen > array_size_value)
-	    fmtlen = array_size_value;
-	}
-}
-if (offset)
-{
-if (offset >= fmtlen)
-	return NULL;
-fmtstr += offset;
-fmtlen -= offset;
-}
-if (fmtlen < 1 || fmtstr[--fmtlen] != 0)
-{
-/* FIXME: Diagnose an unterminated format string if it hasn't been
-	 diagnosed by -Wformat.  Similarly to a null format pointer,
-	 -Wformay diagnoses only nul pointer constants, this pass can
-	 do better).  */
-return NULL;
-}
-return fmtstr;
-}
-/* The format_warning_at_substring function is not used here in a way
-that makes using attribute format viable.  Suppress the warning.  */
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wsuggest-attribute=format"
-/* For convenience and brevity.  */
 static bool
-(* const fmtwarn) (const substring_loc &, location_t,
+ATTRIBUTE_GCC_DIAG (5, 6)
-		     const char *, int, const char *, ...)
+fmtwarn (const substring_loc &fmt_loc, location_t param_loc,
-= format_warning_at_substring;
+	 const char *corrected_substring, int opt, const char *gmsgid, ...)
+{
+format_string_diagnostic_t diag (fmt_loc, NULL, param_loc, NULL,
+				   corrected_substring);
+va_list ap;
+va_start (ap, gmsgid);
+bool warned = diag.emit_warning_va (opt, gmsgid, &ap);
+va_end (ap);
+return warned;
+}
+static bool
+ATTRIBUTE_GCC_DIAG (6, 8) ATTRIBUTE_GCC_DIAG (7, 8)
+fmtwarn_n (const substring_loc &fmt_loc, location_t param_loc,
+	   const char *corrected_substring, int opt, unsigned HOST_WIDE_INT n,
+	   const char *singular_gmsgid, const char *plural_gmsgid, ...)
+{
+format_string_diagnostic_t diag (fmt_loc, NULL, param_loc, NULL,
+				   corrected_substring);
+va_list ap;
+va_start (ap, plural_gmsgid);
+bool warned = diag.emit_warning_n_va (opt, n, singular_gmsgid, plural_gmsgid,
+					&ap);
+va_end (ap);
+return warned;
+}
 /* Format length modifiers.  */
 enum format_lengths
 {
 struct fmtresult
 {
 /* Construct a FMTRESULT object with all counters initialized
 to MIN.  KNOWNRANGE is set when MIN is valid.  */
 fmtresult (unsigned HOST_WIDE_INT min = HOST_WIDE_INT_MAX)
-: argmin (), argmax (),
+: argmin (), argmax (), nonstr (),
 knownrange (min < HOST_WIDE_INT_MAX),
-nullp ()
+mayfail (), nullp ()
 {
 range.min = min;
 range.max = min;
 range.likely = min;
 range.unlikely = min;
 /* Construct a FMTRESULT object with MIN, MAX, and LIKELY counters.
 KNOWNRANGE is set when both MIN and MAX are valid.   */
 fmtresult (unsigned HOST_WIDE_INT min, unsigned HOST_WIDE_INT max,
 	     unsigned HOST_WIDE_INT likely = HOST_WIDE_INT_MAX)
-: argmin (), argmax (),
+: argmin (), argmax (), nonstr (),
 knownrange (min < HOST_WIDE_INT_MAX && max < HOST_WIDE_INT_MAX),
-nullp ()
+mayfail (), nullp ()
 {
 range.min = min;
 range.max = max;
 range.likely = max < likely ? min : likely;
 range.unlikely = max;
 /* The minimum and maximum number of bytes that a directive
 results in on output for an argument in the range above.  */
 result_range range;
+/* Non-nul when the argument of a string directive is not a nul
+terminated string.  */
+tree nonstr;
 /* True when the range above is obtained from a known value of
 a directive's argument or its bounds and not the result of
 heuristics that depend on warning levels.  */
 bool knownrange;
+/* True for a directive that may fail (such as wide character
+directives).  */
+bool mayfail;
 /* True when the argument is a null pointer.  */
 bool nullp;
 };
 unsigned
 fmtresult::type_max_digits (tree type, int base)
 {
 unsigned prec = TYPE_PRECISION (type);
-if (base == 8)
+switch (base)
-return (prec + 2) / 3;
+{
+case 8:
-if (base == 16)
+return (prec + 2) / 3;
-return prec / 4;
+case 10:
+/* Decimal approximation: yields 3, 5, 10, and 20 for precision
-/* Decimal approximation: yields 3, 5, 10, and 20 for precision
+	 of 8, 16, 32, and 64 bits.  */
-of 8, 16, 32, and 64 bits.  */
+return prec * 301 / 1000 + 1;
-return prec * 301 / 1000 + 1;
+case 16:
+return prec / 4;
+}
+gcc_unreachable ();
 }
 static bool
-get_int_range (tree, HOST_WIDE_INT *, HOST_WIDE_INT *, bool, HOST_WIDE_INT);
+get_int_range (tree, HOST_WIDE_INT *, HOST_WIDE_INT *, bool, HOST_WIDE_INT,
+	       class vr_values *vr_values);
 /* Description of a format directive.  A directive is either a plain
 string or a conversion specification that starts with '%'.  */
 struct directive
 take one or when none is available (such as for vararg functions).  */
 tree arg;
 /* Format conversion function that given a directive and an argument
 returns the formatting result.  */
-fmtresult (*fmtfunc) (const directive &, tree);
+fmtresult (*fmtfunc) (const directive &, tree, vr_values *);
 /* Return True when a the format flag CHR has been used.  */
 bool get_flag (char chr) const
 {
 unsigned char c = chr & 0xff;
 /* Set the width range according to ARG, with both bounds being
 no less than 0.  For a constant ARG set both bounds to its value
 or 0, whichever is greater.  For a non-constant ARG in some range
 set width to its range adjusting each bound to -1 if it's less.
 For an indeterminate ARG set width to [0, INT_MAX].  */
-void set_width (tree arg)
+void set_width (tree arg, vr_values *vr_values)
 {
-get_int_range (arg, width, width + 1, true, 0);
+get_int_range (arg, width, width + 1, true, 0, vr_values);
 }
 /* Set both bounds of the precision range to VAL.  */
 void set_precision (HOST_WIDE_INT val)
 {
 /* Set the precision range according to ARG, with both bounds being
 no less than -1.  For a constant ARG set both bounds to its value
 or -1 whichever is greater.  For a non-constant ARG in some range
 set precision to its range adjusting each bound to -1 if it's less.
 For an indeterminate ARG set precision to [-1, INT_MAX].  */
-void set_precision (tree arg)
+void set_precision (tree arg, vr_values *vr_values)
 {
-get_int_range (arg, prec, prec + 1, false, -1);
+get_int_range (arg, prec, prec + 1, false, -1, vr_values);
 }
 /* Return true if both width and precision are known to be
 either constant or in some range, false otherwise.  */
 bool known_width_and_precision () const
 return range;
 }
 /* Description of a call to a formatted function.  */
-struct pass_sprintf_length::call_info
+struct sprintf_dom_walker::call_info
 {
 /* Function call statement.  */
 gimple *callstmt;
 /* Function called.  */
 };
 /* Return the result of formatting a no-op directive (such as '%n').  */
 static fmtresult
-format_none (const directive &, tree)
+format_none (const directive &, tree, vr_values *)
 {
 fmtresult res (0);
 return res;
 }
 /* Return the result of formatting the '%%' directive.  */
 static fmtresult
-format_percent (const directive &, tree)
+format_percent (const directive &, tree, vr_values *)
 {
 fmtresult res (1);
 return res;
 }
 the argument.  When ABSOLUTE is false, negative bounds of
 the determined range are replaced with NEGBOUND.  */
 static bool
 get_int_range (tree arg, HOST_WIDE_INT *pmin, HOST_WIDE_INT *pmax,
-	       bool absolute, HOST_WIDE_INT negbound)
+	       bool absolute, HOST_WIDE_INT negbound,
+	       class vr_values *vr_values)
 {
 /* The type of the result.  */
 const_tree type = integer_type_node;
 bool knownrange = false;
 if (TREE_CODE (arg) == SSA_NAME
 	  && INTEGRAL_TYPE_P (argtype)
 	  && TYPE_PRECISION (argtype) <= TYPE_PRECISION (type))
 	{
 	  /* Try to determine the range of values of the integer argument.  */
-	  wide_int min, max;
+	  value_range *vr = vr_values->get_value_range (arg);
-	  enum value_range_type range_type = get_range_info (arg, &min, &max);
+	  if (range_int_cst_p (vr))
-	  if (range_type == VR_RANGE)
 	    {
 	      HOST_WIDE_INT type_min
 		= (TYPE_UNSIGNED (argtype)
 		   ? tree_to_uhwi (TYPE_MIN_VALUE (argtype))
 		   : tree_to_shwi (TYPE_MIN_VALUE (argtype)));
 	      HOST_WIDE_INT type_max = tree_to_uhwi (TYPE_MAX_VALUE (argtype));
-	      *pmin = min.to_shwi ();
+	      *pmin = TREE_INT_CST_LOW (vr->min ());
-	      *pmax = max.to_shwi ();
+	      *pmax = TREE_INT_CST_LOW (vr->max ());
 	      if (*pmin < *pmax)
 		{
 		  /* Return true if the adjusted range is a subrange of
 		     the full range of the argument's type.  *PMAX may
 	}
 /* Handle an argument with an unknown range as if none had been
 	 provided.  */
 if (unknown)
-	return get_int_range (NULL_TREE, pmin, pmax, absolute, negbound);
+	return get_int_range (NULL_TREE, pmin, pmax, absolute,
+			      negbound, vr_values);
 }
 /* Adjust each bound as specified by ABSOLUTE and NEGBOUND.  */
 if (absolute)
 {
 that the format directive DIR will output for any argument given
 the WIDTH and PRECISION (extracted from DIR).  This function is
 used when the directive argument or its value isn't known.  */
 static fmtresult
-format_integer (const directive &dir, tree arg)
+format_integer (const directive &dir, tree arg, vr_values *vr_values)
 {
 tree intmax_type_node;
 tree uintmax_type_node;
 /* Base to format the number in.  */
 && TREE_CODE (arg) == SSA_NAME
 && INTEGRAL_TYPE_P (argtype))
 {
 /* Try to determine the range of values of the integer argument
 	 (range information is not available for pointers).  */
-wide_int min, max;
+value_range *vr = vr_values->get_value_range (arg);
-enum value_range_type range_type = get_range_info (arg, &min, &max);
+if (range_int_cst_p (vr))
-if (range_type == VR_RANGE)
+	{
-	{
+	  argmin = vr->min ();
-	  argmin = wide_int_to_tree (argtype, min);
+	  argmax = vr->max ();
-	  argmax = wide_int_to_tree (argtype, max);
 	  /* Set KNOWNRANGE if the argument is in a known subrange
 	     of the directive's type and neither width nor precision
 	     is unknown.  (KNOWNRANGE may be reset below).  */
 	  res.knownrange
 	       && dir.known_width_and_precision ());
 	  res.argmin = argmin;
 	  res.argmax = argmax;
 	}
-else if (range_type == VR_ANTI_RANGE)
+else if (vr->kind () == VR_ANTI_RANGE)
 	{
 	  /* Handle anti-ranges if/when bug 71690 is resolved.  */
 	}
-else if (range_type == VR_VARYING)
+else if (vr->varying_p () || vr->undefined_p ())
 	{
 	  /* The argument here may be the result of promoting the actual
 	     argument to int.  Try to determine the type of the actual
 	     argument before promotion and narrow down its range that
 	     way.  */
 	    {
 	      tree_code code = gimple_assign_rhs_code (def);
 	      if (code == INTEGER_CST)
 		{
 		  arg = gimple_assign_rhs1 (def);
-		  return format_integer (dir, arg);
+		  return format_integer (dir, arg, vr_values);
 		}
 	      if (code == NOP_EXPR)
 		{
 		  tree type = TREE_TYPE (gimple_assign_rhs1 (def));
 if (TYPE_UNSIGNED (dirtype) || tree_int_cst_sgn (argmin) >= 0)
 {
 /* For unsigned conversions/directives or signed when
 	 the minimum is positive, use the minimum and maximum to compute
 	 the shortest and longest output, respectively.  */
-res.range.min = format_integer (dir, argmin).range.min;
+res.range.min = format_integer (dir, argmin, vr_values).range.min;
-res.range.max = format_integer (dir, argmax).range.max;
+res.range.max = format_integer (dir, argmax, vr_values).range.max;
 }
 else if (tree_int_cst_sgn (argmax) < 0)
 {
 /* For signed conversions/directives if maximum is negative,
 	 use the minimum as the longest output and maximum as the
 	 shortest output.  */
-res.range.min = format_integer (dir, argmax).range.min;
+res.range.min = format_integer (dir, argmax, vr_values).range.min;
-res.range.max = format_integer (dir, argmin).range.max;
+res.range.max = format_integer (dir, argmin, vr_values).range.max;
 }
 else
 {
 /* Otherwise, 0 is inside of the range and minimum negative.  Use 0
 	 as the shortest output and for the longest output compute the
 	 length of the output of both minimum and maximum and pick the
 	 longer.  */
-unsigned HOST_WIDE_INT max1 = format_integer (dir, argmin).range.max;
+unsigned HOST_WIDE_INT max1
-unsigned HOST_WIDE_INT max2 = format_integer (dir, argmax).range.max;
+	= format_integer (dir, argmin, vr_values).range.max;
-res.range.min = format_integer (dir, integer_zero_node).range.min;
+unsigned HOST_WIDE_INT max2
+	= format_integer (dir, argmax, vr_values).range.max;
+res.range.min
+	= format_integer (dir, integer_zero_node, vr_values).range.min;
 res.range.max = MAX (max1, max2);
 }
 /* If the range is known, use the maximum as the likely length.  */
 if (res.knownrange)
 When plus or space are set the output is preceded by either a sign
 or a space.  */
 unsigned flagmin = (1 /* for the first digit */
 		      + (dir.get_flag ('+') | dir.get_flag (' ')));
+/* The minimum is 3 for "inf" and "nan" for all specifiers, plus 1
+for the plus sign/space with the '+' and ' ' flags, respectively,
+unless reduced below.  */
+res.range.min = 2 + flagmin;
 /* When the pound flag is set the decimal point is included in output
 regardless of precision.  Whether or not a decimal point is included
 otherwise depends on the specification and precision.  */
 bool radix = dir.get_flag ('#');
 	if (dir.prec[0] <= 0)
 	  minprec = 0;
 	else if (dir.prec[0] > 0)
 	  minprec = dir.prec[0] + !radix /* decimal point */;
-	res.range.min = (2 /* 0x */
+	res.range.likely = (2 /* 0x */
-			 + flagmin
+			    + flagmin
-			 + radix
+			    + radix
-			 + minprec
+			    + minprec
-			 + 3 /* p+0 */);
+			    + 3 /* p+0 */);
 	res.range.max = format_floating_max (type, 'a', prec[1]);
-	res.range.likely = res.range.min;
 	/* The unlikely maximum accounts for the longest multibyte
 	   decimal point character.  */
 	res.range.unlikely = res.range.max;
 	if (dir.prec[1] > 0)
 {
 	/* Minimum output attributable to precision and, when it's
 	   non-zero, decimal point.  */
 	HOST_WIDE_INT minprec = prec[0] ? prec[0] + !radix : 0;
-	/* The minimum output is "[-+]1.234567e+00" regardless
+	/* The likely minimum output is "[-+]1.234567e+00" regardless
 	   of the value of the actual argument.  */
-	res.range.min = (flagmin
+	res.range.likely = (flagmin
-			 + radix
+			    + radix
-			 + minprec
+			    + minprec
-			 + 2 /* e+ */ + 2);
+			    + 2 /* e+ */ + 2);
 	res.range.max = format_floating_max (type, 'e', prec[1]);
-	res.range.likely = res.range.min;
 	/* The unlikely maximum accounts for the longest multibyte
 	   decimal point character.  */
 	if (dir.prec[0] != dir.prec[1]
 	    || dir.prec[0] == -1 || dir.prec[0] > 0)
 {
 	/* Minimum output attributable to precision and, when it's non-zero,
 	   decimal point.  */
 	HOST_WIDE_INT minprec = prec[0] ? prec[0] + !radix : 0;
-	/* The lower bound when precision isn't specified is 8 bytes
+	/* For finite numbers (i.e., not infinity or NaN) the lower bound
-	   ("1.23456" since precision is taken to be 6).  When precision
+	   when precision isn't specified is 8 bytes ("1.23456" since
-	   is zero, the lower bound is 1 byte (e.g., "1").  Otherwise,
+	   precision is taken to be 6).  When precision is zero, the lower
-	   when precision is greater than zero, then the lower bound
+	   bound is 1 byte (e.g., "1").  Otherwise, when precision is greater
-	   is 2 plus precision (plus flags).  */
+	   than zero, then the lower bound is 2 plus precision (plus flags).
-	res.range.min = flagmin + radix + minprec;
+	   But in all cases, the lower bound is no greater than 3.  */
+	unsigned HOST_WIDE_INT min = flagmin + radix + minprec;
+	if (min < res.range.min)
+	  res.range.min = min;
 	/* Compute the upper bound for -TYPE_MAX.  */
 	res.range.max = format_floating_max (type, 'f', prec[1]);
 	/* The minimum output with unknown precision is a single byte
 	   (e.g., "0") but the more likely output is 3 bytes ("0.0").  */
 	if (dir.prec[0] < 0 && dir.prec[1] > 0)
 	  res.range.likely = 3;
 	else
-	  res.range.likely = res.range.min;
+	  res.range.likely = min;
 	/* The unlikely maximum accounts for the longest multibyte
 	   decimal point character.  */
 	if (dir.prec[0] != dir.prec[1]
 	    || dir.prec[0] == -1 || dir.prec[0] > 0)
 	/* The %g output depends on precision and the exponent of
 	   the argument.  Since the value of the argument isn't known
 	   the lower bound on the range of bytes (not counting flags
 	   or width) is 1 plus radix (i.e., either "0" or "0." for
 	   "%g" and "%#g", respectively, with a zero argument).  */
-	res.range.min = flagmin + radix;
+	unsigned HOST_WIDE_INT min = flagmin + radix;
+	if (min < res.range.min)
+	  res.range.min = min;
 	char spec = 'g';
 	HOST_WIDE_INT maxprec = dir.prec[1];
 	if (radix && maxprec)
 	  {
 /* Return a range representing the minimum and maximum number of bytes
 that the directive DIR will write on output for the floating argument
 ARG.  */
 static fmtresult
-format_floating (const directive &dir, tree arg)
+format_floating (const directive &dir, tree arg, vr_values *)
 {
 HOST_WIDE_INT prec[] = { dir.prec[0], dir.prec[1] };
+tree type = (dir.modifier == FMT_LEN_L || dir.modifier == FMT_LEN_ll
+	       ? long_double_type_node : double_type_node);
 /* For an indeterminate precision the lower bound must be assumed
 to be zero.  */
 if (TOUPPER (dir.specifier) == 'A')
 {
 /* Get the number of fractional decimal digits needed to represent
 	 the argument without a loss of accuracy.  */
-tree type = arg ? TREE_TYPE (arg) :
-	(dir.modifier == FMT_LEN_L || dir.modifier == FMT_LEN_ll
-	 ? long_double_type_node : double_type_node);
 unsigned fmtprec
 	= REAL_MODE_FORMAT (TYPE_MODE (type))->p;
 /* The precision of the IEEE 754 double format is 53.
 	 The precision of all other GCC binary double formats
 	  prec[0] = 0;
 	  prec[1] = dir.prec[1] < 6 ? 6 : dir.prec[1];
 	}
 }
-if (!arg || TREE_CODE (arg) != REAL_CST)
+if (!arg
+|| TREE_CODE (arg) != REAL_CST
+|| !useless_type_conversion_p (type, TREE_TYPE (arg)))
 return format_floating (dir, prec);
 /* The minimum and maximum number of bytes produced by the directive.  */
 fmtresult res;
 /* Get the real type format desription for the target.  */
 const REAL_VALUE_TYPE *rvp = TREE_REAL_CST_PTR (arg);
 const real_format *rfmt = REAL_MODE_FORMAT (TYPE_MODE (TREE_TYPE (arg)));
+if (!real_isfinite (rvp))
+{
+/* The format for Infinity and NaN is "[-]inf"/"[-]infinity"
+	 and "[-]nan" with the choice being implementation-defined
+	 but not locale dependent.  */
+bool sign = dir.get_flag ('+') || real_isneg (rvp);
+res.range.min = 3 + sign;
+res.range.likely = res.range.min;
+res.range.max = res.range.min;
+/* The unlikely maximum is "[-/+]infinity" or "[-/+][qs]nan".
+	 For NaN, the C/POSIX standards specify two formats:
+	   "[-/+]nan"
+	 and
+	   "[-/+]nan(n-char-sequence)"
+	 No known printf implementation outputs the latter format but AIX
+	 outputs QNaN and SNaN for quiet and signalling NaN, respectively,
+	 so the unlikely maximum reflects that.  */
+res.range.unlikely = sign + (real_isinf (rvp) ? 8 : 4);
+/* The range for infinity and NaN is known unless either width
+	 or precision is unknown.  Width has the same effect regardless
+	 of whether the argument is finite.  Precision is either ignored
+	 (e.g., Glibc) or can have an effect on the short vs long format
+	 such as inf/infinity (e.g., Solaris).  */
+res.knownrange = dir.known_width_and_precision ();
+/* Adjust the range for width but ignore precision.  */
+res.adjust_for_width_or_precision (dir.width);
+return res;
+}
 char fmtstr [40];
 char *pfmt = fmtstr;
 /* Append flags.  */
 /* Return a FMTRESULT struct set to the lengths of the shortest and longest
 strings referenced by the expression STR, or (-1, -1) when not known.
 Used by the format_string function below.  */
 static fmtresult
-get_string_length (tree str)
+get_string_length (tree str, unsigned eltsize)
 {
 if (!str)
 return fmtresult ();
-if (tree slen = c_strlen (str, 1))
+c_strlen_data data;
-{
+memset (&data, 0, sizeof (c_strlen_data));
-/* Simply return the length of the string.  */
+tree slen = c_strlen (str, 1, &data, eltsize);
+if (slen && TREE_CODE (slen) == INTEGER_CST)
+{
+/* The string is properly terminated and
+	 we know its length.  */
 fmtresult res (tree_to_shwi (slen));
+res.nonstr = NULL_TREE;
+return res;
+}
+else if (!slen
+	   && data.decl
+	   && data.len
+	   && TREE_CODE (data.len) == INTEGER_CST)
+{
+/* STR was not properly NUL terminated, but we have
+	 length information about the unterminated string.  */
+fmtresult res (tree_to_shwi (data.len));
+res.nonstr = data.decl;
 return res;
 }
 /* Determine the length of the shortest and longest string referenced
 by STR.  Strings of unknown lengths are bounded by the sizes of
 arrays that subexpressions of STR may refer to.  Pointers that
 aren't known to point any such arrays result in LENRANGE[1] set
-to SIZE_MAX.  */
+to SIZE_MAX.  NONSTR is set to the declaration of the constant
+array that is known not to be nul-terminated.  */
 tree lenrange[2];
-bool flexarray = get_range_strlen (str, lenrange);
+tree nonstr;
+bool flexarray = get_range_strlen (str, lenrange, eltsize, false, &nonstr);
 if (lenrange [0] || lenrange [1])
 {
 HOST_WIDE_INT min
 	= (tree_fits_uhwi_p (lenrange[0])
 	min = HOST_WIDE_INT_M1U;
 if ((unsigned HOST_WIDE_INT)max == target_size_max ())
 	max = HOST_WIDE_INT_M1U;
 fmtresult res (min, max);
+res.nonstr = nonstr;
 /* Set RES.KNOWNRANGE to true if and only if all strings referenced
 	 by STR are known to be bounded (though not necessarily by their
 	 actual length but perhaps by their maximum possible length).  */
 if (res.range.max < target_int_max ())
 res.range.unlikely = flexarray ? HOST_WIDE_INT_MAX : res.range.max;
 return res;
 }
-return get_string_length (NULL_TREE);
+return fmtresult ();
 }
 /* Return the minimum and maximum number of characters formatted
 by the '%c' format directives and its wide character form for
 the argument ARG.  ARG can be null (for functions such as
 vsprinf).  */
 static fmtresult
-format_character (const directive &dir, tree arg)
+format_character (const directive &dir, tree arg, vr_values *vr_values)
 {
 fmtresult res;
 res.knownrange = true;
-if (dir.modifier == FMT_LEN_l)
+if (dir.specifier == 'C'
+|| dir.modifier == FMT_LEN_l)
 {
 /* A wide character can result in as few as zero bytes.  */
 res.range.min = 0;
 HOST_WIDE_INT min, max;
-if (get_int_range (arg, &min, &max, false, 0))
+if (get_int_range (arg, &min, &max, false, 0, vr_values))
 	{
 	  if (min == 0 && max == 0)
 	    {
 	      /* The NUL wide character results in no bytes.  */
 	      res.range.max = 0;
 	      res.range.likely = 0;
 	      res.range.unlikely = 0;
 	    }
-	  else if (min > 0 && min < 128)
+	  else if (min >= 0 && min < 128)
 	    {
+	      /* Be conservative if the target execution character set
+		 is not a 1-to-1 mapping to the source character set or
+		 if the source set is not ASCII.  */
+	      bool one_2_one_ascii
+		= (target_to_host_charmap[0] == 1 && target_to_host ('a') == 97);
 	      /* A wide character in the ASCII range most likely results
 		 in a single byte, and only unlikely in up to MB_LEN_MAX.  */
-	      res.range.max = 1;
+	      res.range.max = one_2_one_ascii ? 1 : target_mb_len_max ();;
 	      res.range.likely = 1;
 	      res.range.unlikely = target_mb_len_max ();
+	      res.mayfail = !one_2_one_ascii;
 	    }
 	  else
 	    {
 	      /* A wide character outside the ASCII range likely results
 		 in up to two bytes, and only unlikely in up to MB_LEN_MAX.  */
 	      res.range.max = target_mb_len_max ();
 	      res.range.likely = 2;
 	      res.range.unlikely = res.range.max;
+	      /* Converting such a character may fail.  */
+	      res.mayfail = true;
 	    }
 	}
 else
 	{
 	  /* An unknown wide character is treated the same as a wide
 	     character outside the ASCII range.  */
 	  res.range.max = target_mb_len_max ();
 	  res.range.likely = 2;
 	  res.range.unlikely = res.range.max;
+	  res.mayfail = true;
 	}
 }
 else
 {
 /* A plain '%c' directive.  Its ouput is exactly 1.  */
 by the '%s' format directive and its wide character form for
 the argument ARG.  ARG can be null (for functions such as
 vsprinf).  */
 static fmtresult
-format_string (const directive &dir, tree arg)
+format_string (const directive &dir, tree arg, vr_values *)
 {
 fmtresult res;
 /* Compute the range the argument's length can be in.  */
-fmtresult slen = get_string_length (arg);
+int count_by = 1;
+if (dir.specifier == 'S' || dir.modifier == FMT_LEN_l)
+{
+/* Get a node for a C type that will be the same size
+	 as a wchar_t on the target.  */
+tree node = get_typenode_from_name (MODIFIED_WCHAR_TYPE);
+/* Now that we have a suitable node, get the number of
+	 bytes it occupies.  */
+count_by = int_size_in_bytes (node);
+gcc_checking_assert (count_by == 2 || count_by == 4);
+}
+fmtresult slen = get_string_length (arg, count_by);
 if (slen.range.min == slen.range.max
 && slen.range.min < HOST_WIDE_INT_MAX)
 {
 /* The argument is either a string constant or it refers
 	 to one of a number of strings of the same length.  */
 /* A '%s' directive with a string argument with constant length.  */
 res.range = slen.range;
-if (dir.modifier == FMT_LEN_l)
+if (dir.specifier == 'S'
+	  || dir.modifier == FMT_LEN_l)
 	{
 	  /* In the worst case the length of output of a wide string S
 	     is bounded by MB_LEN_MAX * wcslen (S).  */
 	  res.range.max *= target_mb_len_max ();
 	  res.range.unlikely = res.range.max;
 	    res.range.likely = dir.prec[0];
 	  /* Even a non-empty wide character string need not convert into
 	     any bytes.  */
 	  res.range.min = 0;
+	  /* A non-empty wide character conversion may fail.  */
+	  if (slen.range.max > 0)
+	    res.mayfail = true;
 	}
 else
 	{
 	  res.knownrange = true;
 	 PTRDIFF_MAX and PRECISION[1].  The likely length is either
 	 the minimum at level 1 and the greater of the minimum and 1
 	 at level 2.  This result is adjust upward for width (if it's
 	 specified).  */
-if (dir.modifier == FMT_LEN_l)
+if (dir.specifier == 'S'
+	  || dir.modifier == FMT_LEN_l)
 	{
 	  /* A wide character converts to as few as zero bytes.  */
 	  slen.range.min = 0;
 	  if (slen.range.max < target_int_max ())
 	    slen.range.max *= target_mb_len_max ();
 	  if (slen.range.likely < target_int_max ())
 	    slen.range.likely *= 2;
 	  if (slen.range.likely < target_int_max ())
 	    slen.range.unlikely *= target_mb_len_max ();
+	  /* A non-empty wide character conversion may fail.  */
+	  if (slen.range.max > 0)
+	    res.mayfail = true;
 	}
 res.range = slen.range;
 if (dir.prec[0] >= 0)
 	}
 res.range.unlikely = res.range.max;
 }
+/* If the argument isn't a nul-terminated string and the number
+of bytes on output isn't bounded by precision, set NONSTR.  */
+if (slen.nonstr && slen.range.min < (unsigned HOST_WIDE_INT)dir.prec[0])
+res.nonstr = slen.nonstr;
 /* Bump up the byte counters if WIDTH is greater.  */
 return res.adjust_for_width_or_precision (dir.width);
 }
 /* Format plain string (part of the format string itself).  */
 static fmtresult
-format_plain (const directive &dir, tree)
+format_plain (const directive &dir, tree, vr_values *)
 {
 fmtresult res (dir.len);
 return res;
 }
 /* Return true if the RESULT of a directive in a call describe by INFO
 should be diagnosed given the AVAILable space in the destination.  */
 static bool
-should_warn_p (const pass_sprintf_length::call_info &info,
+should_warn_p (const sprintf_dom_walker::call_info &info,
 	       const result_range &avail, const result_range &result)
 {
 if (result.max <= avail.min)
 {
 /* The least amount of space remaining in the destination is big
 past the end or truncation and, if so, format the warning.
 Return true if a warning has been issued.  */
 static bool
 maybe_warn (substring_loc &dirloc, location_t argloc,
-	    const pass_sprintf_length::call_info &info,
+	    const sprintf_dom_walker::call_info &info,
 	    const result_range &avail_range, const result_range &res,
 	    const directive &dir)
 {
 if (!should_warn_p (info, avail_range, res))
 return false;
 if (target_to_host (*dir.beg) != '%')
 	{
 	  /* For plain character directives (i.e., the format string itself)
 	     but not others, point the caret at the first character that's
 	     past the end of the destination.  */
-	  dirloc.set_caret_index (dirloc.get_caret_idx () + navail);
+	  if (navail < dir.len)
+	    dirloc.set_caret_index (dirloc.get_caret_idx () + navail);
 	}
 if (*dir.beg == '\0')
 	{
 	  /* This is the terminating nul.  */
 	  gcc_assert (res.min == 1 && res.min == res.max);
-	  const char *fmtstr
-	    = (info.bounded
-	       ? (maybe
-		  ? G_("%qE output may be truncated before the last format "
-		       "character")
-		  : G_("%qE output truncated before the last format character"))
-	       : (maybe
-		  ? G_("%qE may write a terminating nul past the end "
-		       "of the destination")
-		  : G_("%qE writing a terminating nul past the end "
-		       "of the destination")));
 	  return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
-			  fmtstr, info.func);
+			  info.bounded
+			  ? (maybe
+			     ? G_("%qE output may be truncated before the "
+				  "last format character")
+			     : G_("%qE output truncated before the last "
+				  "format character"))
+			  : (maybe
+			     ? G_("%qE may write a terminating nul past the "
+				  "end of the destination")
+			     : G_("%qE writing a terminating nul past the "
+				  "end of the destination")),
+			  info.func);
 	}
 if (res.min == res.max)
 	{
-	  const char* fmtstr
+	  const char *d = target_to_host (hostdir, sizeof hostdir, dir.beg);
-	    = (res.min == 1
+	  if (!info.bounded)
-	       ? (info.bounded
+	    return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
-		  ? (maybe
+			      "%<%.*s%> directive writing %wu byte into a "
-		     ? G_("%<%.*s%> directive output may be truncated writing "
+			      "region of size %wu",
-			  "%wu byte into a region of size %wu")
+			      "%<%.*s%> directive writing %wu bytes into a "
-		     : G_("%<%.*s%> directive output truncated writing "
+			      "region of size %wu",
-			  "%wu byte into a region of size %wu"))
+			      (int) dir.len, d, res.min, navail);
-		  : G_("%<%.*s%> directive writing %wu byte "
+	  else if (maybe)
-		       "into a region of size %wu"))
+	    return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
-	       : (info.bounded
+			      "%<%.*s%> directive output may be truncated "
-		  ? (maybe
+			      "writing %wu byte into a region of size %wu",
-		     ? G_("%<%.*s%> directive output may be truncated writing "
+			      "%<%.*s%> directive output may be truncated "
-			  "%wu bytes into a region of size %wu")
+			      "writing %wu bytes into a region of size %wu",
-		     : G_("%<%.*s%> directive output truncated writing "
+			      (int) dir.len, d, res.min, navail);
-			  "%wu bytes into a region of size %wu"))
+	  else
-		  : G_("%<%.*s%> directive writing %wu bytes "
+	    return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
-		       "into a region of size %wu")));
+			      "%<%.*s%> directive output truncated writing "
-	  return fmtwarn (dirloc, argloc, NULL,
+			      "%wu byte into a region of size %wu",
-			  info.warnopt (), fmtstr, dir.len,
+			      "%<%.*s%> directive output truncated writing "
-			  target_to_host (hostdir, sizeof hostdir, dir.beg),
+			      "%wu bytes into a region of size %wu",
-			  res.min, navail);
+			      (int) dir.len, d, res.min, navail);
 	}
 if (res.min == 0 && res.max < maxbytes)
-	{
+	return fmtwarn (dirloc, argloc, NULL,
-	  const char* fmtstr
+			info.warnopt (),
-	    = (info.bounded
+			info.bounded
-	       ? (maybe
+			? (maybe
-		  ? G_("%<%.*s%> directive output may be truncated writing "
+			   ? G_("%<%.*s%> directive output may be truncated "
-		       "up to %wu bytes into a region of size %wu")
+				"writing up to %wu bytes into a region of "
-		  : G_("%<%.*s%> directive output truncated writing "
+				"size %wu")
-		       "up to %wu bytes into a region of size %wu"))
+			   : G_("%<%.*s%> directive output truncated writing "
-	       : G_("%<%.*s%> directive writing up to %wu bytes "
+				"up to %wu bytes into a region of size %wu"))
-		    "into a region of size %wu"));
+			: G_("%<%.*s%> directive writing up to %wu bytes "
-	  return fmtwarn (dirloc, argloc, NULL,
+			     "into a region of size %wu"), (int) dir.len,
-			  info.warnopt (), fmtstr, dir.len,
+			target_to_host (hostdir, sizeof hostdir, dir.beg),
-			  target_to_host (hostdir, sizeof hostdir, dir.beg),
+			res.max, navail);
-			  res.max, navail);
-	}
 if (res.min == 0 && maxbytes <= res.max)
-	{
+	/* This is a special case to avoid issuing the potentially
-	  /* This is a special case to avoid issuing the potentially
+	   confusing warning:
-	     confusing warning:
+	     writing 0 or more bytes into a region of size 0.  */
-	       writing 0 or more bytes into a region of size 0.  */
+	return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-	  const char* fmtstr
+			info.bounded
-	    = (info.bounded
+			? (maybe
-	       ? (maybe
+			   ? G_("%<%.*s%> directive output may be truncated "
-		  ? G_("%<%.*s%> directive output may be truncated writing "
+				"writing likely %wu or more bytes into a "
-		       "likely %wu or more bytes into a region of size %wu")
+				"region of size %wu")
-		  : G_("%<%.*s%> directive output truncated writing "
+			   : G_("%<%.*s%> directive output truncated writing "
-		       "likely %wu or more bytes into a region of size %wu"))
+				"likely %wu or more bytes into a region of "
-	       : G_("%<%.*s%> directive writing likely %wu or more bytes "
+				"size %wu"))
-		    "into a region of size %wu"));
+			: G_("%<%.*s%> directive writing likely %wu or more "
-	  return fmtwarn (dirloc, argloc, NULL,
+			     "bytes into a region of size %wu"), (int) dir.len,
-			  info.warnopt (), fmtstr, dir.len,
+			target_to_host (hostdir, sizeof hostdir, dir.beg),
-			  target_to_host (hostdir, sizeof hostdir, dir.beg),
+			res.likely, navail);
-			  res.likely, navail);
-	}
 if (res.max < maxbytes)
-	{
+	return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-	  const char* fmtstr
+			info.bounded
-	    = (info.bounded
+			? (maybe
-	       ? (maybe
+			   ? G_("%<%.*s%> directive output may be truncated "
-		  ? G_("%<%.*s%> directive output may be truncated writing "
+				"writing between %wu and %wu bytes into a "
-		       "between %wu and %wu bytes into a region of size %wu")
+				"region of size %wu")
-		  : G_("%<%.*s%> directive output truncated writing "
+			   : G_("%<%.*s%> directive output truncated "
-		       "between %wu and %wu bytes into a region of size %wu"))
+				"writing between %wu and %wu bytes into a "
-	       : G_("%<%.*s%> directive writing between %wu and "
+				"region of size %wu"))
-		    "%wu bytes into a region of size %wu"));
+			: G_("%<%.*s%> directive writing between %wu and "
-	  return fmtwarn (dirloc, argloc, NULL,
+			     "%wu bytes into a region of size %wu"),
-			  info.warnopt (), fmtstr, dir.len,
+			(int) dir.len,
-			  target_to_host (hostdir, sizeof hostdir, dir.beg),
+			target_to_host (hostdir, sizeof hostdir, dir.beg),
-			  res.min, res.max, navail);
+			res.min, res.max, navail);
-	}
+return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-const char* fmtstr
+		      info.bounded
-	= (info.bounded
+		      ? (maybe
-	   ? (maybe
+			 ? G_("%<%.*s%> directive output may be truncated "
-	      ? G_("%<%.*s%> directive output may be truncated writing "
+			      "writing %wu or more bytes into a region of "
-		   "%wu or more bytes into a region of size %wu")
+			      "size %wu")
-	      : G_("%<%.*s%> directive output truncated writing "
+			 : G_("%<%.*s%> directive output truncated writing "
-		   "%wu or more bytes into a region of size %wu"))
+			      "%wu or more bytes into a region of size %wu"))
-	   : G_("%<%.*s%> directive writing %wu or more bytes "
+		      : G_("%<%.*s%> directive writing %wu or more bytes "
-		"into a region of size %wu"));
+			   "into a region of size %wu"), (int) dir.len,
-return fmtwarn (dirloc, argloc, NULL,
-		      info.warnopt (), fmtstr, dir.len,
 		      target_to_host (hostdir, sizeof hostdir, dir.beg),
 		      res.min, navail);
 }
 /* The size of the destination region is a range.  */
 unsigned HOST_WIDE_INT navail = avail_range.max;
 /* For plain character directives (i.e., the format string itself)
 	 but not others, point the caret at the first character that's
 	 past the end of the destination.  */
-dirloc.set_caret_index (dirloc.get_caret_idx () + navail);
+if (navail < dir.len)
+	dirloc.set_caret_index (dirloc.get_caret_idx () + navail);
 }
 if (*dir.beg == '\0')
 {
 gcc_assert (res.min == 1 && res.min == res.max);
-const char *fmtstr
+return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
-	= (info.bounded
+		      info.bounded
-	   ? (maybe
+		      ? (maybe
-	      ? G_("%qE output may be truncated before the last format "
+			 ? G_("%qE output may be truncated before the last "
-		   "character")
+			      "format character")
-	      : G_("%qE output truncated before the last format character"))
+			 : G_("%qE output truncated before the last format "
-	   : (maybe
+			      "character"))
-	      ? G_("%qE may write a terminating nul past the end "
+		      : (maybe
-		   "of the destination")
+			 ? G_("%qE may write a terminating nul past the end "
-	      : G_("%qE writing a terminating nul past the end "
+			      "of the destination")
-		   "of the destination")));
+			 : G_("%qE writing a terminating nul past the end "
+			      "of the destination")), info.func);
-return fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (), fmtstr,
-		      info.func);
 }
 if (res.min == res.max)
 {
-const char* fmtstr
+const char *d = target_to_host (hostdir, sizeof hostdir, dir.beg);
-	= (res.min == 1
+if (!info.bounded)
-	   ? (info.bounded
+	return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
-	      ? (maybe
+			  "%<%.*s%> directive writing %wu byte into a region "
-		 ? G_("%<%.*s%> directive output may be truncated writing "
+			  "of size between %wu and %wu",
-		      "%wu byte into a region of size between %wu and %wu")
+			  "%<%.*s%> directive writing %wu bytes into a region "
-		 : G_("%<%.*s%> directive output truncated writing "
+			  "of size between %wu and %wu", (int) dir.len, d,
-		      "%wu byte into a region of size between %wu and %wu"))
+			  res.min, avail_range.min, avail_range.max);
-	      : G_("%<%.*s%> directive writing %wu byte "
+else if (maybe)
-		   "into a region of size between %wu and %wu"))
+	return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
-	   : (info.bounded
+			  "%<%.*s%> directive output may be truncated writing "
-	      ? (maybe
+			  "%wu byte into a region of size between %wu and %wu",
-		 ? G_("%<%.*s%> directive output may be truncated writing "
+			  "%<%.*s%> directive output may be truncated writing "
-		      "%wu bytes into a region of size between %wu and %wu")
+			  "%wu bytes into a region of size between %wu and "
-		 : G_("%<%.*s%> directive output truncated writing "
+			  "%wu", (int) dir.len, d, res.min, avail_range.min,
-		      "%wu bytes into a region of size between %wu and %wu"))
+			  avail_range.max);
-	      : G_("%<%.*s%> directive writing %wu bytes "
+else
-		   "into a region of size between %wu and %wu")));
+	return fmtwarn_n (dirloc, argloc, NULL, info.warnopt (), res.min,
+			  "%<%.*s%> directive output truncated writing %wu "
-return fmtwarn (dirloc, argloc, NULL,
+			  "byte into a region of size between %wu and %wu",
-		      info.warnopt (), fmtstr, dir.len,
+			  "%<%.*s%> directive output truncated writing %wu "
-		      target_to_host (hostdir, sizeof hostdir, dir.beg),
+			  "bytes into a region of size between %wu and %wu",
-		      res.min, avail_range.min, avail_range.max);
+			  (int) dir.len, d, res.min, avail_range.min,
+			  avail_range.max);
 }
 if (res.min == 0 && res.max < maxbytes)
-{
+return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-const char* fmtstr
+		    info.bounded
-	= (info.bounded
+		    ? (maybe
-	   ? (maybe
+		       ? G_("%<%.*s%> directive output may be truncated "
-	      ? G_("%<%.*s%> directive output may be truncated writing "
+			    "writing up to %wu bytes into a region of size "
-		   "up to %wu bytes into a region of size between "
+			    "between %wu and %wu")
-		   "%wu and %wu")
+		       : G_("%<%.*s%> directive output truncated writing "
-	      : G_("%<%.*s%> directive output truncated writing "
+			    "up to %wu bytes into a region of size between "
-		   "up to %wu bytes into a region of size between "
+			    "%wu and %wu"))
-		   "%wu and %wu"))
+		    : G_("%<%.*s%> directive writing up to %wu bytes "
-	   : G_("%<%.*s%> directive writing up to %wu bytes "
+			 "into a region of size between %wu and %wu"),
-		"into a region of size between %wu and %wu"));
+		    (int) dir.len,
-return fmtwarn (dirloc, argloc, NULL,
+		    target_to_host (hostdir, sizeof hostdir, dir.beg),
-		      info.warnopt (), fmtstr, dir.len,
+		    res.max, avail_range.min, avail_range.max);
-		      target_to_host (hostdir, sizeof hostdir, dir.beg),
-		      res.max, avail_range.min, avail_range.max);
-}
 if (res.min == 0 && maxbytes <= res.max)
-{
+/* This is a special case to avoid issuing the potentially confusing
-/* This is a special case to avoid issuing the potentially confusing
+warning:
-	 warning:
+	 writing 0 or more bytes into a region of size between 0 and N.  */
-	   writing 0 or more bytes into a region of size between 0 and N.  */
+return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-const char* fmtstr
+		    info.bounded
-	= (info.bounded
+		    ? (maybe
-	   ? (maybe
+		       ? G_("%<%.*s%> directive output may be truncated "
-	      ? G_("%<%.*s%> directive output may be truncated writing "
+			    "writing likely %wu or more bytes into a region "
-		   "likely %wu or more bytes into a region of size between "
+			    "of size between %wu and %wu")
-		   "%wu and %wu")
+		       : G_("%<%.*s%> directive output truncated writing "
-	      : G_("%<%.*s%> directive output truncated writing likely "
+			    "likely %wu or more bytes into a region of size "
-		   "%wu or more bytes into a region of size between "
+			    "between %wu and %wu"))
-		   "%wu and %wu"))
+		    : G_("%<%.*s%> directive writing likely %wu or more bytes "
-	   : G_("%<%.*s%> directive writing likely %wu or more bytes "
+			 "into a region of size between %wu and %wu"),
-		"into a region of size between %wu and %wu"));
+		    (int) dir.len,
-return fmtwarn (dirloc, argloc, NULL,
+		    target_to_host (hostdir, sizeof hostdir, dir.beg),
-		      info.warnopt (), fmtstr, dir.len,
+		    res.likely, avail_range.min, avail_range.max);
-		      target_to_host (hostdir, sizeof hostdir, dir.beg),
-		      res.likely, avail_range.min, avail_range.max);
-}
 if (res.max < maxbytes)
-{
+return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-const char* fmtstr
+		    info.bounded
-	= (info.bounded
+		    ? (maybe
-	   ? (maybe
+		       ? G_("%<%.*s%> directive output may be truncated "
-	      ? G_("%<%.*s%> directive output may be truncated writing "
+			    "writing between %wu and %wu bytes into a region "
-		   "between %wu and %wu bytes into a region of size "
+			    "of size between %wu and %wu")
-		   "between %wu and %wu")
+		       : G_("%<%.*s%> directive output truncated writing "
-	      : G_("%<%.*s%> directive output truncated writing "
+			    "between %wu and %wu bytes into a region of size "
-		   "between %wu and %wu bytes into a region of size "
+			    "between %wu and %wu"))
-		   "between %wu and %wu"))
+		    : G_("%<%.*s%> directive writing between %wu and "
-	   : G_("%<%.*s%> directive writing between %wu and "
+			 "%wu bytes into a region of size between %wu and "
-		"%wu bytes into a region of size between %wu and %wu"));
+			 "%wu"), (int) dir.len,
-return fmtwarn (dirloc, argloc, NULL,
+		    target_to_host (hostdir, sizeof hostdir, dir.beg),
-		      info.warnopt (), fmtstr, dir.len,
+		    res.min, res.max, avail_range.min, avail_range.max);
-		      target_to_host (hostdir, sizeof hostdir, dir.beg),
-		      res.min, res.max, avail_range.min, avail_range.max);
+return fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-}
+		  info.bounded
+		  ? (maybe
-const char* fmtstr
+		     ? G_("%<%.*s%> directive output may be truncated writing "
-= (info.bounded
+			  "%wu or more bytes into a region of size between "
-? (maybe
+			  "%wu and %wu")
-	  ? G_("%<%.*s%> directive output may be truncated writing "
+		     : G_("%<%.*s%> directive output truncated writing "
-	       "%wu or more bytes into a region of size between "
+			  "%wu or more bytes into a region of size between "
-	       "%wu and %wu")
+			  "%wu and %wu"))
-	  : G_("%<%.*s%> directive output truncated writing "
+		  : G_("%<%.*s%> directive writing %wu or more bytes "
-	       "%wu or more bytes into a region of size between "
+		       "into a region of size between %wu and %wu"),
-	       "%wu and %wu"))
+		  (int) dir.len,
-: G_("%<%.*s%> directive writing %wu or more bytes "
-	    "into a region of size between %wu and %wu"));
-return fmtwarn (dirloc, argloc, NULL,
-		  info.warnopt (), fmtstr, dir.len,
 		  target_to_host (hostdir, sizeof hostdir, dir.beg),
 		  res.min, avail_range.min, avail_range.max);
 }
 /* Compute the length of the output resulting from the directive DIR
 in a call described by INFO and update the overall result of the call
 in *RES.  Return true if the directive has been handled.  */
 static bool
-format_directive (const pass_sprintf_length::call_info &info,
+format_directive (const sprintf_dom_walker::call_info &info,
-		  format_result *res, const directive &dir)
+		  format_result *res, const directive &dir,
+		  class vr_values *vr_values)
 {
 /* Offset of the beginning of the directive from the beginning
 of the format string.  */
 size_t offset = dir.beg - info.fmtstr;
 size_t start = offset;
 or when minimum length checking has been disabled.   */
 if (!dir.fmtfunc || res->range.min >= HOST_WIDE_INT_MAX)
 return false;
 /* Compute the range of lengths of the formatted output.  */
-fmtresult fmtres = dir.fmtfunc (dir, dir.arg);
+fmtresult fmtres = dir.fmtfunc (dir, dir.arg, vr_values);
 /* Record whether the output of all directives is known to be
 bounded by some maximum, implying that their arguments are
 either known exactly or determined to be in a known range
 or, for strings, limited by the upper bounds of the arrays
 /* Has the minimum directive output length exceeded the maximum
 of 4095 bytes required to be supported?  */
 bool minunder4k = fmtres.range.min < 4096;
 bool maxunder4k = fmtres.range.max < 4096;
-/* Clear UNDER4K in the overall result if the maximum has exceeded
+/* Clear POSUNDER4K in the overall result if the maximum has exceeded
-the 4k (this is necessary to avoid the return valuye optimization
+the 4k (this is necessary to avoid the return value optimization
 that may not be safe in the maximum case).  */
 if (!maxunder4k)
-res->under4k = false;
+res->posunder4k = false;
+/* Also clear POSUNDER4K if the directive may fail.  */
+if (fmtres.mayfail)
+res->posunder4k = false;
 if (!warned
 /* Only warn at level 2.  */
-&& 1 < warn_level
+&& warn_level > 1
 && (!minunder4k
 	  || (!maxunder4k && fmtres.range.max < HOST_WIDE_INT_MAX)))
 {
 /* The directive output may be longer than the maximum required
 	 to be handled by an implementation according to 7.21.6.1, p15
 	 prevent folding the return value when done.  This allows for
 	 the possibility of the actual libc call failing due to ENOMEM
 	 (like Glibc does under some conditions).  */
 if (fmtres.range.min == fmtres.range.max)
-	warned = fmtwarn (dirloc, argloc, NULL,
+	warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-			  info.warnopt (),
 			  "%<%.*s%> directive output of %wu bytes exceeds "
-			  "minimum required size of 4095",
+			  "minimum required size of 4095", dirlen,
-			  dirlen,
 			  target_to_host (hostdir, sizeof hostdir, dir.beg),
 			  fmtres.range.min);
 else
-	{
+	warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-	  const char *fmtstr
+			  minunder4k
-	    = (minunder4k
+			  ? G_("%<%.*s%> directive output between %wu and %wu "
-	       ? G_("%<%.*s%> directive output between %wu and %wu "
+			       "bytes may exceed minimum required size of "
-		    "bytes may exceed minimum required size of 4095")
+			       "4095")
-	       : G_("%<%.*s%> directive output between %wu and %wu "
+			  : G_("%<%.*s%> directive output between %wu and %wu "
-		    "bytes exceeds minimum required size of 4095"));
+			       "bytes exceeds minimum required size of 4095"),
+			  dirlen,
-	  warned = fmtwarn (dirloc, argloc, NULL,
+			  target_to_host (hostdir, sizeof hostdir, dir.beg),
-			    info.warnopt (), fmtstr, dirlen,
+			  fmtres.range.min, fmtres.range.max);
-			    target_to_host (hostdir, sizeof hostdir, dir.beg),
-			    fmtres.range.min, fmtres.range.max);
-	}
 }
 /* Has the likely and maximum directive output exceeded INT_MAX?  */
 bool likelyximax = *dir.beg && res->range.likely > target_int_max ();
 /* Don't consider the maximum to be in excess when it's the result
 if (!warned
 /* Warn for the likely output size at level 1.  */
 && (likelyximax
 	  /* But only warn for the maximum at level 2.  */
-	  || (1 < warn_level
+	  || (warn_level > 1
 	      && maxximax
 	      && fmtres.range.max < HOST_WIDE_INT_MAX)))
 {
 /* The directive output causes the total length of output
 	 to exceed INT_MAX bytes.  */
 if (fmtres.range.min == fmtres.range.max)
 	warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
 			  "%<%.*s%> directive output of %wu bytes causes "
-			  "result to exceed %<INT_MAX%>",
+			  "result to exceed %<INT_MAX%>", dirlen,
-			  dirlen,
 			  target_to_host (hostdir, sizeof hostdir, dir.beg),
 			  fmtres.range.min);
 else
-	{
+	warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
-	  const char *fmtstr
+			  fmtres.range.min > target_int_max ()
-	    = (fmtres.range.min > target_int_max ()
+			  ? G_("%<%.*s%> directive output between %wu and "
-	       ? G_ ("%<%.*s%> directive output between %wu and %wu "
+			       "%wu bytes causes result to exceed "
-		     "bytes causes result to exceed %<INT_MAX%>")
+			       "%<INT_MAX%>")
-	       : G_ ("%<%.*s%> directive output between %wu and %wu "
+			  : G_("%<%.*s%> directive output between %wu and "
-		     "bytes may cause result to exceed %<INT_MAX%>"));
+			       "%wu bytes may cause result to exceed "
-	  warned = fmtwarn (dirloc, argloc, NULL,
+			       "%<INT_MAX%>"), dirlen,
-			    info.warnopt (), fmtstr, dirlen,
+			  target_to_host (hostdir, sizeof hostdir, dir.beg),
-			    target_to_host (hostdir, sizeof hostdir, dir.beg),
+			  fmtres.range.min, fmtres.range.max);
-			    fmtres.range.min, fmtres.range.max);
+}
-	}
+if (!warned && fmtres.nonstr)
+{
+warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
+			"%<%.*s%> directive argument is not a nul-terminated "
+			"string",
+			dirlen,
+			target_to_host (hostdir, sizeof hostdir, dir.beg));
+if (warned && DECL_P (fmtres.nonstr))
+	inform (DECL_SOURCE_LOCATION (fmtres.nonstr),
+		"referenced argument declared here");
+return false;
 }
 if (warned && fmtres.range.min < fmtres.range.likely
 && fmtres.range.likely < fmtres.range.max)
-{
+inform_n (info.fmtloc, fmtres.range.likely,
-inform (info.fmtloc,
+	      "assuming directive output of %wu byte",
-	      (1 == fmtres.range.likely
+	      "assuming directive output of %wu bytes",
-	       ? G_("assuming directive output of %wu byte")
-	       : G_("assuming directive output of %wu bytes")),
 	      fmtres.range.likely);
-}
 if (warned && fmtres.argmin)
 {
 if (fmtres.argmin == fmtres.argmax)
 	inform (info.fmtloc, "directive argument %qE", fmtres.argmin);
 		info.func, min, info.objsize);
 }
 if (dump_file && *dir.beg)
 {
-fprintf (dump_file, "    Result: %lli, %lli, %lli, %lli "
+fprintf (dump_file,
-	       "(%lli, %lli, %lli, %lli)\n",
+	       "    Result: "
-	       (long long)fmtres.range.min,
+	       HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ", "
-	       (long long)fmtres.range.likely,
+	       HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC " ("
-	       (long long)fmtres.range.max,
+	       HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ", "
-	       (long long)fmtres.range.unlikely,
+	       HOST_WIDE_INT_PRINT_DEC ", " HOST_WIDE_INT_PRINT_DEC ")\n",
-	       (long long)res->range.min,
+	       fmtres.range.min, fmtres.range.likely,
-	       (long long)res->range.likely,
+	       fmtres.range.max, fmtres.range.unlikely,
-	       (long long)res->range.max,
+	       res->range.min, res->range.likely,
-	       (long long)res->range.unlikely);
+	       res->range.max, res->range.unlikely);
 }
 return true;
 }
-#pragma GCC diagnostic pop
 /* Parse a format directive in function call described by INFO starting
 at STR and populate DIR structure.  Bump up *ARGNO by the number of
 arguments extracted for the directive.  Return the length of
 the directive.  */
 static size_t
-parse_directive (pass_sprintf_length::call_info &info,
+parse_directive (sprintf_dom_walker::call_info &info,
 		 directive &dir, format_result *res,
-		 const char *str, unsigned *argno)
+		 const char *str, unsigned *argno,
+		 vr_values *vr_values)
 {
 const char *pcnt = strchr (str, target_percent);
 dir.beg = str;
 if (size_t len = pcnt ? pcnt - str : *str ? strlen (str) : 1)
 dir.len = len;
 dir.fmtfunc = format_plain;
 if (dump_file)
 	{
-	  fprintf (dump_file, "  Directive %u at offset %llu: \"%.*s\", "
+	  fprintf (dump_file, "  Directive %u at offset "
-		   "length = %llu\n",
+		   HOST_WIDE_INT_PRINT_UNSIGNED ": \"%.*s\", "
+		   "length = " HOST_WIDE_INT_PRINT_UNSIGNED "\n",
 		   dir.dirno,
-		   (unsigned long long)(size_t)(dir.beg - info.fmtstr),
+		   (unsigned HOST_WIDE_INT)(size_t)(dir.beg - info.fmtstr),
-		   (int)dir.len, dir.beg, (unsigned long long)dir.len);
+		   (int)dir.len, dir.beg, (unsigned HOST_WIDE_INT) dir.len);
 	}
 return len - !*str;
 }
 	 any buffer.  */
 info.nowrite = false;
 dir.fmtfunc = format_none;
 break;
+case 'C':
 case 'c':
+/* POSIX wide character and C/POSIX narrow character.  */
 dir.fmtfunc = format_character;
 break;
 case 'S':
 case 's':
+/* POSIX wide string and C/POSIX narrow character string.  */
 dir.fmtfunc = format_string;
 break;
 default:
 /* Unknown conversion specification.  */
 char hostdir[32];
 if (star_width)
 {
 if (INTEGRAL_TYPE_P (TREE_TYPE (star_width)))
-	dir.set_width (star_width);
+	dir.set_width (star_width, vr_values);
 else
 	{
 	  /* Width specified by a va_list takes on the range [0, -INT_MIN]
 	     (width is the absolute value of that specified).  */
 	  dir.width[0] = 0;
 	  /* Create a location for the width part of the directive,
 	     pointing the caret at the first out-of-range digit.  */
 	  substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format),
 				caret, begin, end);
-	  fmtwarn (dirloc, UNKNOWN_LOCATION, NULL,
+	  fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
-		   info.warnopt (), "%<%.*s%> directive width out of range",
+		   "%<%.*s%> directive width out of range", (int) dir.len,
-		   dir.len, target_to_host (hostdir, sizeof hostdir, dir.beg));
+		   target_to_host (hostdir, sizeof hostdir, dir.beg));
 	}
 dir.set_width (width);
 }
 if (star_precision)
 {
 if (INTEGRAL_TYPE_P (TREE_TYPE (star_precision)))
-	dir.set_precision (star_precision);
+	dir.set_precision (star_precision, vr_values);
 else
 	{
 	  /* Precision specified by a va_list takes on the range [-1, INT_MAX]
 	     (unlike width, negative precision is ignored).  */
 	  dir.prec[0] = -1;
 	     including the leading period, pointing the caret at the first
 	     out-of-range digit .  */
 	  substring_loc dirloc (info.fmtloc, TREE_TYPE (info.format),
 				caret, begin, end);
-	  fmtwarn (dirloc, UNKNOWN_LOCATION, NULL,
+	  fmtwarn (dirloc, UNKNOWN_LOCATION, NULL, info.warnopt (),
-		   info.warnopt (), "%<%.*s%> directive precision out of range",
+		   "%<%.*s%> directive precision out of range", (int) dir.len,
-		   dir.len, target_to_host (hostdir, sizeof hostdir, dir.beg));
+		   target_to_host (hostdir, sizeof hostdir, dir.beg));
 	}
 dir.set_precision (precision);
 }
 && *argno < gimple_call_num_args (info.callstmt))
 dir.arg = gimple_call_arg (info.callstmt, dollar ? dollar : (*argno)++);
 if (dump_file)
 {
-fprintf (dump_file, "  Directive %u at offset %llu: \"%.*s\"",
+fprintf (dump_file,
-	       dir.dirno, (unsigned long long)(size_t)(dir.beg - info.fmtstr),
+	       "  Directive %u at offset " HOST_WIDE_INT_PRINT_UNSIGNED
+	       ": \"%.*s\"",
+	       dir.dirno,
+	       (unsigned HOST_WIDE_INT)(size_t)(dir.beg - info.fmtstr),
 	       (int)dir.len, dir.beg);
 if (star_width)
 	{
 	  if (dir.width[0] == dir.width[1])
-	    fprintf (dump_file, ", width = %lli", (long long)dir.width[0]);
+	    fprintf (dump_file, ", width = " HOST_WIDE_INT_PRINT_DEC,
+		     dir.width[0]);
 	  else
-	    fprintf (dump_file, ", width in range [%lli, %lli]",
+	    fprintf (dump_file,
-		     (long long)dir.width[0], (long long)dir.width[1]);
+		     ", width in range [" HOST_WIDE_INT_PRINT_DEC
+		     ", " HOST_WIDE_INT_PRINT_DEC "]",
+		     dir.width[0], dir.width[1]);
 	}
 if (star_precision)
 	{
 	  if (dir.prec[0] == dir.prec[1])
-	    fprintf (dump_file, ", precision = %lli", (long long)dir.prec[0]);
+	    fprintf (dump_file, ", precision = " HOST_WIDE_INT_PRINT_DEC,
+		     dir.prec[0]);
 	  else
-	    fprintf (dump_file, ", precision in range [%lli, %lli]",
+	    fprintf (dump_file,
-		     (long long)dir.prec[0], (long long)dir.prec[1]);
+		     ", precision in range [" HOST_WIDE_INT_PRINT_DEC
+		     HOST_WIDE_INT_PRINT_DEC "]",
+		     dir.prec[0], dir.prec[1]);
 	}
 fputc ('\n', dump_file);
 }
 return dir.len;
 if the complete format string has been processed and *RES can be relied
 on, false otherwise (e.g., when a unknown or unhandled directive was seen
 that caused the processing to be terminated early).  */
 bool
-pass_sprintf_length::compute_format_length (call_info &info,
+sprintf_dom_walker::compute_format_length (call_info &info,
-					    format_result *res)
+					   format_result *res)
 {
 if (dump_file)
 {
 location_t callloc = gimple_location (info.callstmt);
 fprintf (dump_file, "%s:%i: ",
 	       LOCATION_FILE (callloc), LOCATION_LINE (callloc));
 print_generic_expr (dump_file, info.func, dump_flags);
-fprintf (dump_file, ": objsize = %llu, fmtstr = \"%s\"\n",
+fprintf (dump_file,
-	       (unsigned long long)info.objsize, info.fmtstr);
+	       ": objsize = " HOST_WIDE_INT_PRINT_UNSIGNED
+	       ", fmtstr = \"%s\"\n",
+	       info.objsize, info.fmtstr);
 }
 /* Reset the minimum and maximum byte counters.  */
 res->range.min = res->range.max = 0;
 /* No directive has been seen yet so the length of output is bounded
-by the known range [0, 0] (with no conversion producing more than
+by the known range [0, 0] (with no conversion resulting in a failure
-4K bytes) until determined otherwise.  */
+or producing more than 4K bytes) until determined otherwise.  */
 res->knownrange = true;
-res->under4k = true;
+res->posunder4k = true;
 res->floating = false;
 res->warned = false;
 /* 1-based directive counter.  */
 unsigned dirno = 1;
 for (const char *pf = info.fmtstr; ; ++dirno)
 {
 directive dir = directive ();
 dir.dirno = dirno;
-size_t n = parse_directive (info, dir, res, pf, &argno);
+size_t n = parse_directive (info, dir, res, pf, &argno,
+				  evrp_range_analyzer.get_vr_values ());
 /* Return failure if the format function fails.  */
-if (!format_directive (info, res, dir))
+if (!format_directive (info, res, dir,
+			     evrp_range_analyzer.get_vr_values ()))
 	return false;
 /* Return success the directive is zero bytes long and it's
 	 the last think in the format string (i.e., it's the terminating
 	 nul, which isn't really a directive but handling it as one makes
 /* Return true if the call described by INFO with result RES safe to
 optimize (i.e., no undefined behavior), and set RETVAL to the range
 of its return values.  */
 static bool
-is_call_safe (const pass_sprintf_length::call_info &info,
+is_call_safe (const sprintf_dom_walker::call_info &info,
 	      const format_result &res, bool under4k,
 	      unsigned HOST_WIDE_INT retval[2])
 {
-if (under4k && !res.under4k)
+if (under4k && !res.posunder4k)
 return false;
 /* The minimum return value.  */
 retval[0] = res.range.min;
 Return true if the call is removed and gsi_next should not be performed
 in the caller.  */
 static bool
 try_substitute_return_value (gimple_stmt_iterator *gsi,
-			     const pass_sprintf_length::call_info &info,
+			     const sprintf_dom_walker::call_info &info,
 			     const format_result &res)
 {
 tree lhs = gimple_get_lhs (info.callstmt);
 /* Set to true when the entire call has been removed.  */
 	       : "out-of");
 	  const char *what = setrange ? "Setting" : "Discarding";
 	  if (retval[0] != retval[1])
 	    fprintf (dump_file,
-		     "  %s %s-bounds return value range [%llu, %llu].\n",
+		     "  %s %s-bounds return value range ["
-		     what, inbounds,
+		     HOST_WIDE_INT_PRINT_UNSIGNED ", "
-		     (unsigned long long)retval[0],
+		     HOST_WIDE_INT_PRINT_UNSIGNED "].\n",
-		     (unsigned long long)retval[1]);
+		     what, inbounds, retval[0], retval[1]);
 	  else
-	    fprintf (dump_file, "  %s %s-bounds return value %llu.\n",
+	    fprintf (dump_file, "  %s %s-bounds return value "
-		     what, inbounds, (unsigned long long)retval[0]);
+		     HOST_WIDE_INT_PRINT_UNSIGNED ".\n",
+		     what, inbounds, retval[0]);
 	}
 }
 if (dump_file)
 fputc ('\n', dump_file);
 RES by replacing it with a simpler and presumably more efficient
 call (such as strcpy).  */
 static bool
 try_simplify_call (gimple_stmt_iterator *gsi,
-		   const pass_sprintf_length::call_info &info,
+		   const sprintf_dom_walker::call_info &info,
 		   const format_result &res)
 {
 unsigned HOST_WIDE_INT dummy[2];
 if (!is_call_safe (info, res, info.retval_used (), dummy))
 return false;
 /* Determine if a GIMPLE CALL is to one of the sprintf-like built-in
 functions and if so, handle it.  Return true if the call is removed
 and gsi_next should not be performed in the caller.  */
 bool
-pass_sprintf_length::handle_gimple_call (gimple_stmt_iterator *gsi)
+sprintf_dom_walker::handle_gimple_call (gimple_stmt_iterator *gsi)
 {
 call_info info = call_info ();
 info.callstmt = gsi_stmt (*gsi);
 if (!gimple_call_builtin_p (info.callstmt, BUILT_IN_NORMAL))
 else if (TREE_CODE (size) == SSA_NAME)
 	{
 	  /* Try to determine the range of values of the argument
 	     and use the greater of the two at level 1 and the smaller
 	     of them at level 2.  */
-	  wide_int min, max;
+	  value_range *vr = evrp_range_analyzer.get_value_range (size);
-	  enum value_range_type range_type
+	  if (range_int_cst_p (vr))
-	    = get_range_info (size, &min, &max);
+	    dstsize = (warn_level < 2
-	  if (range_type == VR_RANGE)
+		       ? TREE_INT_CST_LOW (vr->max ())
-	    {
+		       : TREE_INT_CST_LOW (vr->min ()));
-	      dstsize
-		= (warn_level < 2
-		   ? wi::fits_uhwi_p (max) ? max.to_uhwi () : max.to_shwi ()
-		   : wi::fits_uhwi_p (min) ? min.to_uhwi () : min.to_shwi ());
-	    }
 	  /* The destination size is not constant.  If the function is
 	     bounded (e.g., snprintf) a lower bound of zero doesn't
 	     necessarily imply it can be eliminated.  */
 	  dstsize_cst_p = false;
 /* The result is the number of bytes output by the formatted function,
 including the terminating NUL.  */
 format_result res = format_result ();
 bool success = compute_format_length (info, &res);
+if (res.warned)
+gimple_set_no_warning (info.callstmt, true);
 /* When optimizing and the printf return value optimization is enabled,
 attempt to substitute the computed result for the return value of
 the call.  Avoid this optimization when -frounding-math is in effect
 and the format string contains a floating point directive.  */
 }
 return call_removed;
 }
+edge
+sprintf_dom_walker::before_dom_children (basic_block bb)
+{
+evrp_range_analyzer.enter (bb);
+for (gimple_stmt_iterator si = gsi_start_bb (bb); !gsi_end_p (si); )
+{
+/* Iterate over statements, looking for function calls.  */
+gimple *stmt = gsi_stmt (si);
+/* First record ranges generated by this statement.  */
+evrp_range_analyzer.record_ranges_from_stmt (stmt, false);
+if (is_gimple_call (stmt) && handle_gimple_call (&si))
+	/* If handle_gimple_call returns true, the iterator is
+	   already pointing to the next statement.  */
+	continue;
+gsi_next (&si);
+}
+return NULL;
+}
+void
+sprintf_dom_walker::after_dom_children (basic_block bb)
+{
+evrp_range_analyzer.leave (bb);
+}
 /* Execute the pass for function FUN.  */
 unsigned int
 pass_sprintf_length::execute (function *fun)
 {
 init_target_to_host_charmap ();
-basic_block bb;
+calculate_dominance_info (CDI_DOMINATORS);
-FOR_EACH_BB_FN (bb, fun)
-{
+sprintf_dom_walker sprintf_dom_walker;
-for (gimple_stmt_iterator si = gsi_start_bb (bb); !gsi_end_p (si); )
+sprintf_dom_walker.walk (ENTRY_BLOCK_PTR_FOR_FN (fun));
-	{
-	  /* Iterate over statements, looking for function calls.  */
-	  gimple *stmt = gsi_stmt (si);
-	  if (is_gimple_call (stmt) && handle_gimple_call (&si))
-	    /* If handle_gimple_call returns true, the iterator is
-	       already pointing to the next statement.  */
-	    continue;
-	  gsi_next (&si);
-	}
-}
 /* Clean up object size info.  */
 fini_object_sizes ();
 return 0;
 }
 }   /* Unnamed namespace.  */

Mercurial > hg > CbC > CbC_gcc

comparison gcc/gimple-ssa-sprintf.c @ 131:84e7813d76e9