+2017-01-12 Martin Sebor <msebor@redhat.com>
+
+ to -Wformat-overflow.
+ * gimple-ssa-sprintf.c (pass_sprintf_length::gate): Adjust.
+ (min_bytes_remaining): Same.
+ (get_string_length): Same.
+ (format_string): Same.
+ (format_directive): Same.
+ (add_bytes): Same.
+ (pass_sprintf_length::handle_gimple_call): Same.
+
2017-01-12 Jakub Jelinek <jakub@redhat.com>
* gimple-ssa-sprintf.c (try_substitute_return_value): Remove
+2017-01-12 Martin Sebor <msebor@redhat.com>
+
+ (-Wformat-overflow): ...to this.
+
2017-01-11 Martin Sebor <msebor@redhat.com>
PR c/78768
C ObjC C++ ObjC++ Var(warn_format_extra_args) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 1, 0)
Warn if passing too many arguments to a function for its format string.
-Wformat-length
-C ObjC C++ LTO ObjC++ Warning Alias(Wformat-length=, 1, 0)
-Warn about function calls with format strings that write past the end
-of the destination region. Same as -Wformat-length=1.
-
Wformat-nonliteral
C ObjC C++ ObjC++ Var(warn_format_nonliteral) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0)
Warn about format strings that are not literals.
+Wformat-overflow
+C ObjC C++ LTO ObjC++ Warning Alias(Wformat-overflow=, 1, 0)
+Warn about function calls with format strings that write past the end
+of the destination region. Same as -Wformat-overflow=1.
+
Wformat-security
C ObjC C++ ObjC++ Var(warn_format_security) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0)
Warn about possible security problems with format functions.
C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_format) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall, 1, 0)
Warn about printf/scanf/strftime/strfmon format string anomalies.
-Wformat-length=
-C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_format_length) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 1, 0)
+Wformat-overflow=
+C ObjC C++ LTO ObjC++ Joined RejectNegative UInteger Var(warn_format_overflow) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 1, 0)
Warn about function calls with format strings that write past the end
of the destination region.
-Wno-div-by-zero -Wdouble-promotion -Wduplicated-cond @gol
-Wempty-body -Wenum-compare -Wno-endif-labels -Wexpansion-to-defined @gol
-Werror -Werror=* -Wfatal-errors -Wfloat-equal -Wformat -Wformat=2 @gol
--Wno-format-contains-nul -Wno-format-extra-args -Wformat-length=@var{n} @gol
--Wformat-nonliteral @gol
+-Wno-format-contains-nul -Wno-format-extra-args @gol
+-Wformat-nonliteral -Wformat-overflow=@var{n} @gol
-Wformat-security -Wformat-signedness -Wformat-truncation=@var{n} @gol
-Wformat-y2k -Wframe-address @gol
-Wframe-larger-than=@var{len} -Wno-free-nonheap-object -Wjump-misses-init @gol
warning if the unused arguments are all pointers, since the Single
Unix Specification says that such unused arguments are allowed.
-@item -Wformat-length
-@itemx -Wformat-length=@var{level}
-@opindex Wformat-length
-@opindex Wno-format-length
+@item -Wformat-overflow
+@itemx -Wformat-overflow=@var{level}
+@opindex Wformat-overflow
+@opindex Wno-format-overflow
Warn about calls to formatted input/output functions such as @code{sprintf}
and @code{vsprintf} that might overflow the destination buffer. When the
exact number of bytes written by a format directive cannot be determined
result in false positives.
@table @gcctabopt
-@item -Wformat-length
-@item -Wformat-length=1
-@opindex Wformat-length
-@opindex Wno-format-length
-Level @var{1} of @option{-Wformat-length} enabled by @option{-Wformat}
+@item -Wformat-overflow
+@item -Wformat-overflow=1
+@opindex Wformat-overflow
+@opindex Wno-format-overflow
+Level @var{1} of @option{-Wformat-overflow} enabled by @option{-Wformat}
employs a conservative approach that warns only about calls that most
likely overflow the buffer. At this level, numeric arguments to format
directives with unknown values are assumed to have the value of one, and
@}
@end smallexample
-@item -Wformat-length=2
+@item -Wformat-overflow=2
Level @var{2} warns also about calls that might overflow the destination
buffer given an argument of sufficient length or magnitude. At level
@var{2}, unknown numeric arguments are assumed to have the minimum
the @var{level} argument and on optimization. While enabling optimization
will in most cases improve the accuracy of the warning, it may also result
in false positives. Except as noted otherwise, the option uses the same
-logic @option{-Wformat-length}.
+logic @option{-Wformat-overflow}.
@table @gcctabopt
@item -Wformat-truncation
@item -Wformat-truncation=1
@opindex Wformat-truncation
-@opindex Wno-format-length
+@opindex Wno-format-overflow
Level @var{1} of @option{-Wformat-truncation} enabled by @option{-Wformat}
employs a conservative approach that warns only about calls to bounded
functions whose return value is unused and that will most likely result
The @option{-fprintf-return-value} option relies on other optimizations
and yields best results with @option{-O2}. It works in tandem with the
-@option{-Wformat-length} and @option{-Wformat-truncation} options.
+@option{-Wformat-overflow} and @option{-Wformat-truncation} options.
The @option{-fprintf-return-value} option is enabled by default.
@item -fno-peephole
not optimizing and the pass is being invoked early, or when
optimizing and the pass is being invoked during optimization
(i.e., "late"). */
- return ((warn_format_length > 0 || flag_printf_return_value)
+ return ((warn_format_overflow > 0 || flag_printf_return_value)
&& (optimize > 0) == fold_return_value);
}
if (HOST_WIDE_INT_MAX <= navail)
return navail;
- if (1 < warn_format_length || res.knownrange)
+ if (warn_format_overflow > 1 || res.knownrange)
{
/* At level 2, or when all directives output an exact number
of bytes or when their arguments were bounded by known
/* Return the warning option corresponding to the called function. */
int warnopt () const
{
- return bounded ? OPT_Wformat_truncation_ : OPT_Wformat_length_;
+ return bounded ? OPT_Wformat_truncation_ : OPT_Wformat_overflow_;
}
};
fmtresult res;
res.range.min = (tree_fits_uhwi_p (lenrange[0])
- ? tree_to_uhwi (lenrange[0]) : 1 < warn_format_length);
+ ? tree_to_uhwi (lenrange[0]) : warn_format_overflow > 1);
res.range.max = (tree_fits_uhwi_p (lenrange[1])
? tree_to_uhwi (lenrange[1]) : HOST_WIDE_INT_M1U);
to a "%lc" directive adjusted for precision but not field width.
6 is the longest UTF-8 sequence for a single wide character. */
const unsigned HOST_WIDE_INT max_bytes_for_unknown_wc
- = (0 <= prec ? prec : 1 < warn_format_length ? 6 : 1);
+ = (0 <= prec ? prec : warn_format_overflow > 1 ? 6 : 1);
/* The maximum number of bytes for an unknown string argument to either
a "%s" or "%ls" directive adjusted for precision but not field width. */
const unsigned HOST_WIDE_INT max_bytes_for_unknown_str
- = (0 <= prec ? prec : 1 < warn_format_length);
+ = (0 <= prec ? prec : warn_format_overflow > 1);
/* The result is bounded unless overriddden for a non-constant string
of an unknown length. */
is the smaller of either 0 (at level 1) or 1 (at level 2)
and WIDTH, and the maximum is MB_CUR_MAX in the selected
locale, which is unfortunately, unknown. */
- res.range.min = 1 == warn_format_length ? !nul : nul < 1;
+ res.range.min = warn_format_overflow == 1 ? !nul : nul < 1;
res.range.max = max_bytes_for_unknown_wc;
/* The range above is good enough to issue warnings but not
for value range propagation, so clear BOUNDED. */
{
bounded = false;
- if (warn_format_length > 1)
+ if (warn_format_overflow > 1)
{
/* Leave the minimum number of bytes the wide string
converts to equal to its length and set the maximum
|| warn_format_trunc > 1))
|| (!info.bounded
&& (spec.specifier == 's'
- || 1 < warn_format_length))))
+ || warn_format_overflow > 1))))
{
/* The maximum directive output is longer than there is
room in the destination and the output length is either
if (!minunder4k || fmtres.range.max > 4095)
res->under4k = false;
- if (!warned && 1 < warn_format_length
+ if (!warned && warn_format_overflow > 1
&& (!minunder4k || fmtres.range.max > 4095))
{
/* The directive output may be longer than the maximum required
if (!warned
&& (exceedmin
- || (1 < warn_format_length
+ || (warn_format_overflow > 1
&& res->number_chars_max > target_int_max ())))
{
/* The directive output causes the total length of output
are bounded by the arrays they are known to refer to. */
if (!res->warned
&& (avail_range.max < nbytes
- || ((res->knownrange || 1 < warn_format_length)
+ || ((res->knownrange || warn_format_overflow > 1)
&& avail_range.min < nbytes)))
{
/* Set NAVAIL to the number of available bytes used to decide
warning will depend on AVAIL_RANGE. */
unsigned HOST_WIDE_INT navail = avail_range.max;
if (nbytes <= navail && avail_range.min < HOST_WIDE_INT_MAX
- && (res->knownrange || 1 < warn_format_length))
+ && (res->knownrange || warn_format_overflow > 1))
navail = avail_range.min;
/* Compute the offset of the first format character that is beyond
if (!res->warned
&& (exceedmin
- || (1 < warn_format_length
+ || (warn_format_overflow > 1
&& (res->number_chars_max - !end) > target_int_max ())))
{
/* The function's output exceeds INT_MAX bytes. */
warning will depend on AVAIL_RANGE. */
unsigned HOST_WIDE_INT navail = avail_range.max;
if (nbytes <= navail && avail_range.min < HOST_WIDE_INT_MAX
- && (res->bounded || 1 < warn_format_length))
+ && (res->bounded || warn_format_overflow > 1))
navail = avail_range.min;
/* Compute the offset of the first format character that is beyond
if (range_type == VR_RANGE)
{
dstsize
- = (warn_format_length < 2
+ = (warn_format_overflow < 2
? wi::fits_uhwi_p (max) ? max.to_uhwi () : max.to_shwi ()
: wi::fits_uhwi_p (min) ? min.to_uhwi () : min.to_shwi ());
}
+2017-01-12 Martin Sebor <msebor@redhat.com>
+
+ * gcc.dg/pr78138.c: Adjust.
+ * gcc.dg/pr78768.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-4.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-warn-1.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-warn-2.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-warn-3.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-warn-4.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-warn-6.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-warn-7.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-warn-8.c: Adjust.
+ * gcc.dg/tree-ssa/builtin-sprintf-warn-9.c: Adjust.
+ * gcc.dg/tree-ssa/pr78605.c: Adjust.
+ * gcc.dg/tree-ssa/pr78622.c: Adjust.
+
2017-01-12 Jakub Jelinek <jakub@redhat.com>
* gcc.dg/tree-ssa/builtin-snprintf-1.c: New test.
-/* PR middle-end/78622 - [7 Regression] -Wformat-length/-fprintf-return-value
+/* PR middle-end/78622 - [7 Regression] -Wformat-overflow/-fprintf-return-value
incorrect with overflow/wrapping
- { dg-additional-options "-Wformat-length=2" } */
+ { dg-additional-options "-Wformat-overflow=2" } */
__attribute__((noinline, noclone)) int
foo (int x)
/* PR middle-end/78138 - missing warnings on buffer overflow with non-constant
source length
{ dg-do compile }
- { dg-options "-O2 -Wformat-length" } */
+ { dg-options "-O2 -Wformat-overflow" } */
char d [5];
-/* PR c/78768 - -Walloca-larger-than and -Wformat-length warnings disabled
+/* PR c/78768 - -Walloca-larger-than and -Wformat-overflow warnings disabled
by -flto
{ dg-do run }
{ dg-require-effective-target lto }
- { dg-options "-O2 -Walloca-larger-than=10 -Wformat -Wformat-length -flto" } */
+ { dg-options "-O2 -Walloca-larger-than=10 -Wformat -Wformat-overflow -flto" } */
int main (void)
{
char *d = (char *)__builtin_alloca (12); /* { dg-warning "argument to .alloca. is too large" } */
- __builtin_sprintf (d, "%32s", "x"); /* { dg-warning "directive writing 32 bytes into a region of size 12" "-Wformat-length" { xfail *-*-* } } */
+ __builtin_sprintf (d, "%32s", "x"); /* { dg-warning "directive writing 32 bytes into a region of size 12" "-Wformat-overflow" { xfail *-*-* } } */
return 0;
}
/* PR middle-end/78461 - [7 Regression] ICE: in operator+=, at
gimple-ssa-sprintf.c:214
Disable warnings to exercise code paths through the pass that may
- not be exercised when the -Wformat-length option is in effect. */
+ not be exercised when the -Wformat-overflow option is in effect. */
/* { dg-compile }
{ dg-options "-O2 -fdump-tree-optimized -w" } */
/* { dg-do compile } */
-/* { dg-options "-Wformat -Wformat-length=1 -ftrack-macro-expansion=0" } */
+/* { dg-options "-Wformat -Wformat-overflow=1 -ftrack-macro-expansion=0" } */
/* { dg-require-effective-target int32plus } */
/* When debugging, define LINE to the line number of the test case to exercise
T (12, "%Le", 9.9999999e+99L);/* { dg-warning "terminating nul" } */
}
-/* At -Wformat-length level 1 unknown numbers are assumed to have
+/* At -Wformat-overflow level 1 unknown numbers are assumed to have
the value one, and unknown strings are assumed to have a zero
length. */
/* { dg-do compile } */
-/* { dg-options "-std=c99 -Wformat -Wformat-length=2 -ftrack-macro-expansion=0" } */
+/* { dg-options "-std=c99 -Wformat -Wformat-overflow=2 -ftrack-macro-expansion=0" } */
/* When debugging, define LINE to the line number of the test case to exercise
and avoid exercising any of the others. The buffer and objsize macros
-O2 (-ftree-vrp) is necessary for the tests involving ranges to pass,
otherwise -O1 is sufficient.
{ dg-do compile }
- { dg-options "-O2 -Wformat -Wformat-length=1 -ftrack-macro-expansion=0" } */
+ { dg-options "-O2 -Wformat -Wformat-overflow=1 -ftrack-macro-expansion=0" } */
typedef __SIZE_TYPE__ size_t;
/* { dg-do compile } */
-/* { dg-options "-Wformat -Wformat-length=1 -fdiagnostics-show-caret" } */
+/* { dg-options "-Wformat -Wformat-overflow=1 -fdiagnostics-show-caret" } */
extern int sprintf (char*, const char*, ...);
sprintf (dst + 2, "1", 0);
^~~
{ dg-end-multiline-output "" }
- { dg-begin-multiline-output "-Wformat-length output" }
+ { dg-begin-multiline-output "-Wformat-overflow output" }
sprintf (dst + 2, "1", 0);
~^
{ dg-end-multiline-output "" }
sprintf (dst, "1234", 0);
^~~~~~
{ dg-end-multiline-output "" }
- { dg-begin-multiline-output "-Wformat-length output" }
+ { dg-begin-multiline-output "-Wformat-overflow output" }
sprintf (dst, "1234", 0);
^
{ dg-end-multiline-output "" }
sprintf (dst, "12345", 0);
^~~~~~~
{ dg-end-multiline-output "" }
- { dg-begin-multiline-output "-Wformat-length output" }
+ { dg-begin-multiline-output "-Wformat-overflow output" }
sprintf (dst, "12345", 0);
^~
{ dg-end-multiline-output "" }
sprintf (dst + 2, "%-s", "1");
/* { dg-warning "writing a terminating nul past the end of the destination" "warning" { target *-*-* } .-1 }
{ dg-message "format output 2 bytes into a destination of size 1" "note" { target *-*-* } .-2 }
- { dg-begin-multiline-output "-Wformat-length output" }
+ { dg-begin-multiline-output "-Wformat-overflow output" }
sprintf (dst + 2, "%-s", "1");
~~~^
{ dg-end-multiline-output "" }
sprintf (dst + 2, "%-s", "abcd");
/* { dg-warning ".%-s. directive writing 4 bytes into a region of size 1" "warning" { target *-*-* } .-1 }
{ dg-message "format output 5 bytes into a destination of size 1" "note" { target *-*-* } .-2 }
- { dg-begin-multiline-output "-Wformat-length output" }
+ { dg-begin-multiline-output "-Wformat-overflow output" }
sprintf (dst + 2, "%-s", "abcd");
^~~ ~~~~~~
{ dg-end-multiline-output "" }
-/* PR middle-end/77721 - -Wformat-length not uses arg range for converted vars
+/* PR middle-end/77721 - -Wformat-overflow not uses arg range for converted vars
Test to verify that the correct range information is made available to the
-Wformat-lenght check to prevent warnings. */
/* { dg-do compile } */
-/* { dg-options "-O2 -Wformat -Wformat-length -fdump-tree-optimized" } */
+/* { dg-options "-O2 -Wformat -Wformat-overflow -fdump-tree-optimized" } */
void abort (void);
int snprintf (char*, __SIZE_TYPE__, const char*, ...);
precision
{ dg-do compile }
{ dg-require-effective-target int32plus }
- { dg-options "-Wformat-length -ftrack-macro-expansion=0" } */
+ { dg-options "-Wformat-overflow -ftrack-macro-expansion=0" } */
#define INT_MAX __INT_MAX__
#define INT_MIN (-INT_MAX - 1)
/* PR middle-end/78519 - missing warning for sprintf %s with null pointer
Also exercises null destination pointer and null format string.
{ dg-do compile }
- { dg-options "-O2 -Wformat -Wformat-length -Wno-nonnull -ftrack-macro-expansion=0" } */
+ { dg-options "-O2 -Wformat -Wformat-overflow -Wno-nonnull -ftrack-macro-expansion=0" } */
typedef __builtin_va_list va_list;
Test to verify the correctness of ranges of output computed for floating
point directives.
{ dg-do compile }
- { dg-options "-O2 -Wformat -Wformat-length -ftrack-macro-expansion=0" } */
+ { dg-options "-O2 -Wformat -Wformat-overflow -ftrack-macro-expansion=0" } */
typedef __builtin_va_list va_list;
-/* PR middle-end/78605 - bogus -Wformat-length=1 with %f
+/* PR middle-end/78605 - bogus -Wformat-overflow=1 with %f
{ dg-do compile }
- { dg-options "-O2 -Wall -Wextra -Wformat-length=1" } */
+ { dg-options "-O2 -Wall -Wextra -Wformat-overflow=1" } */
char d[10];
-/* PR middle-end/78622 - [7 Regression] -Wformat-length/-fprintf-return-value
+/* PR middle-end/78622 - [7 Regression] -Wformat-overflow/-fprintf-return-value
incorrect with overflow/wrapping
{ dg-do compile }
- { dg-options "-Wformat-length=2" }
+ { dg-options "-Wformat-overflow=2" }
The h and hh length modifiers are a C99 feature (see PR 78959).
{ dg-require-effective-target c99_runtime } */
projects / gcc.git / commitdiff