Add -Wstringop-overread for reading past the end by string functions.

gcc/ChangeLog:

	* attribs.c (init_attr_rdwr_indices): Use global access_mode.
	* attribs.h (struct attr_access): Same.
	* builtins.c (fold_builtin_strlen): Add argument.
	(compute_objsize): Declare.
	(get_range): Declare.
	(check_read_access): New function.
	(access_ref::access_ref): Define ctor.
	(warn_string_no_nul): Add arguments.  Handle -Wstrintop-overread.
	(check_nul_terminated_array): Handle source strings of different
	ranges of sizes.
	(expand_builtin_strlen): Remove warning code, call check_read_access
	instead.  Declare locals closer to their initialization.
	(expand_builtin_strnlen): Same.
	(maybe_warn_for_bound): New function.
	(warn_for_access): Remove argument.  Handle -Wstrintop-overread.
	(inform_access): Change argument type.
	(get_size_range): New function.
	(check_access): Remove unused arguments.  Add new arguments.  Handle
	-Wstrintop-overread.  Move warning code to helpers and call them.
	Call check_nul_terminated_array.
	(check_memop_access): Remove unnecessary and provide additional
	arguments in calls.
	(expand_builtin_memchr): Call check_read_access.
	(expand_builtin_strcat): Remove unnecessary and provide additional
	arguments in calls.
	(expand_builtin_strcpy): Same.
	(expand_builtin_strcpy_args): Same.  Avoid testing no-warning bit.
	(expand_builtin_stpcpy_1): Remove unnecessary and provide additional
	arguments in calls.
	(expand_builtin_stpncpy): Same.
	(check_strncat_sizes): Same.
	(expand_builtin_strncat): Remove unnecessary and provide additional
	arguments in calls.  Adjust comments.
	(expand_builtin_strncpy): Remove unnecessary and provide additional
	arguments in calls.
	(expand_builtin_memcmp): Remove warning code.  Call check_access.
	(expand_builtin_strcmp): Call check_access instead of
	check_nul_terminated_array.
	(expand_builtin_strncmp): Handle -Wstrintop-overread.
	(expand_builtin_fork_or_exec): Call check_access instead of
	check_nul_terminated_array.
	(expand_builtin): Same.
	(fold_builtin_1): Pass additional argument.
	(fold_builtin_n): Same.
	(fold_builtin_strpbrk): Remove calls to check_nul_terminated_array.
	(expand_builtin_memory_chk): Add comments.
	(maybe_emit_chk_warning): Remove unnecessary and provide additional
	arguments in calls.
	(maybe_emit_sprintf_chk_warning): Same.  Adjust comments.
	* builtins.h (warn_string_no_nul): Add arguments.
	(struct access_ref): Add member and ctor argument.
	(struct access_data): Add members and ctor.
	(check_access): Adjust signature.
	* calls.c (maybe_warn_nonstring_arg): Return an indication of
	whether a warning was issued.  Issue -Wstrintop-overread instead
	of -Wstringop-overflow.
	(append_attrname): Adjust to naming changes.
	(maybe_warn_rdwr_sizes): Same.  Remove unnecessary and provide
	additional arguments in calls.
	* calls.h (maybe_warn_nonstring_arg): Return bool.
	* doc/invoke.texi (-Wstringop-overread): Document new option.
	* gimple-fold.c (gimple_fold_builtin_strcpy): Provide an additional
	argument in call.
	(gimple_fold_builtin_stpcpy): Same.
	* tree-ssa-uninit.c (maybe_warn_pass_by_reference): Adjust to naming
	changes.
	* tree.h (enum access_mode): New type.

gcc/c-family/ChangeLog:

	* c.opt (Wstringop-overread): New option.

gcc/testsuite/ChangeLog:

	* c-c++-common/Warray-bounds-7.c: Adjust expected warnings.
	* c-c++-common/Wrestrict.c: Remove xfail.
	* c-c++-common/attr-nonstring-3.c: Adjust text of expected warnings.
	* c-c++-common/attr-nonstring-6.c: Suppress -Wstringop-overread
	instead of -Wstringop-overflow.
	* c-c++-common/attr-nonstring-8.c: Adjust text of expected warnings.
	* g++.dg/torture/Wsizeof-pointer-memaccess1.C: Also suppress
	 -Wstringop-overread.
	* g++.dg/torture/Wsizeof-pointer-memaccess2.C: Same.
	* gcc.dg/Warray-bounds-39.c: Adjust expected warnings.
	* gcc.dg/Warray-bounds-40.c: Also suppress -Wstringop-overread.
	* gcc.dg/Warray-bounds-58.c: Remove xfail.  Also expect
	-Wstringop-overread.  Adjust text of expected warnings.
	* gcc.dg/Wsizeof-pointer-memaccess1.c: Also suppress
	 -Wstringop-overread.
	* gcc.dg/Wstringop-overflow-22.c: Adjust text of expected warnings.
	* gcc.dg/Wstringop-overflow-33.c: Expect -Wstringop-overread.
	* gcc.dg/Wstringop-overflow-9.c: Expect -Wstringop-overread.
	* gcc.dg/attr-nonstring-2.c: Adjust text of expected warnings.
	* gcc.dg/attr-nonstring-3.c: Same.
	* gcc.dg/attr-nonstring-4.c: Same.
	* gcc.dg/attr-nonstring.c: Expect -Wstringop-overread.
	* gcc.dg/builtin-stringop-chk-5.c: Adjust comment.
	* gcc.dg/builtin-stringop-chk-8.c: Enable -Wstringop-overread instead
	of -Wstringop-overflow.
	* gcc.dg/pr78902.c: Also expect -Wstringop-overread.
	* gcc.dg/pr79214.c: Adjust text of expected warnings.
	* gcc.dg/strcmpopt_10.c: Suppress valid -Wno-stringop-overread.
	* gcc.dg/strlenopt-57.c: Also expect -Wstringop-overread.
	* gcc.dg/torture/Wsizeof-pointer-memaccess1.c: Also suppress valid
	-Wno-stringop-overread.
	* gcc.dg/tree-ssa/builtins-folding-gimple-ub.c: Same.
	* gcc.dg/uninit-33.c: Same.
	* gcc.dg/warn-strnlen-no-nul-2.c: Adjust text of expected warning.
	* gcc.dg/warn-strnlen-no-nul.c: Same.
	* gcc.target/i386/strcmpopt_6.c: Suppress -Wstringop-overread.
	* gcc.dg/Wstringop-overread-2.c: New test.
	* gcc.dg/Wstringop-overread.c: New test.

1 files changed, 31 insertions, 13 deletions

diff --git a/gcc/builtins.h b/gcc/builtins.h
index 8b812ce..94ff96b 100644
--- a/gcc/builtins.h
+++ b/gcc/builtins.h
@@ -153,38 +153,56 @@ extern internal_fn associated_internal_fn (tree);
 extern internal_fn replacement_internal_fn (gcall *);
 
 extern bool check_nul_terminated_array (tree, tree, tree = NULL_TREE);
-extern void warn_string_no_nul (location_t, const char *, tree, tree);
+extern void warn_string_no_nul (location_t, tree, const char *, tree,
+				tree, tree = NULL_TREE, bool = false,
+				const wide_int[2] = NULL);
 extern tree unterminated_array (tree, tree * = NULL, bool * = NULL);
 extern bool builtin_with_linkage_p (tree);
 
 /* Describes a reference to an object used in an access.  */
 struct access_ref
 {
-  access_ref (): ref ()
-  {
-    /* Set to valid.  */
-    offrng[0] = offrng[1] = 0;
-    /* Invalidate.   */
-    sizrng[0] = sizrng[1] = -1;
-  }
-
-  /* Reference to the object.  */
+  /* Set the bounds of the reference to at most as many bytes
+     as the first argument or unknown when null, and at least
+     one when the second argument is true unless the first one
+     is a constant zero.  */
+  access_ref (tree = NULL_TREE, bool = false);
+
+  /* Reference to the accessed object(s).  */
   tree ref;
 
-  /* Range of offsets into and sizes of the object(s).  */
+  /* Range of byte offsets into and sizes of the object(s).  */
   offset_int offrng[2];
   offset_int sizrng[2];
+  /* Range of the bound of the access: denotes that the access
+     is at least BNDRNG[0] bytes but no more than BNDRNG[1].
+     For string functions the size of the actual access is
+     further constrained by the length of the string.  */
+  offset_int bndrng[2];
 };
 
 /* Describes a pair of references used in an access by built-in
    functions like memcpy.  */
 struct access_data
 {
+  /* Set the access to at most MAXWRITE and MAXREAD bytes, and
+     at least 1 when MINWRITE or MINREAD, respectively, is set.  */
+  access_data (tree expr, access_mode mode,
+	       tree maxwrite = NULL_TREE, bool minwrite = false,
+	       tree maxread = NULL_TREE, bool minread = false)
+    : call (expr),
+      dst (maxwrite, minwrite), src (maxread, minread), mode (mode) { }
+
+  /* Built-in function call.  */
+  tree call;
   /* Destination and source of the access.  */
   access_ref dst, src;
+  /* Read-only for functions like memcmp or strlen, write-only
+     for memset, read-write for memcpy or strcat.  */
+  access_mode mode;
 };
 
-extern bool check_access (tree, tree, tree, tree, tree, tree, tree,
-			  bool = true, const access_data * = NULL);
+extern bool check_access (tree, tree, tree, tree, tree,
+			  access_mode, const access_data * = NULL);
 
 #endif /* GCC_BUILTINS_H */