/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc

Bug Summary

File:	build/gcc/ubsan.cc
Warning:	line 598, column 21 Assigned value is garbage or undefined
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple x86_64-suse-linux -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name ubsan.cc -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model static -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/buildworker/marxinbox-gcc-clang-static-analyzer/objdir/gcc -resource-dir /usr/lib64/clang/15.0.7 -D IN_GCC -D HAVE_CONFIG_H -I . -I . -I /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc -I /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/. -I /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/../include -I /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/../libcpp/include -I /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/../libcody -I /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/../libdecnumber -I /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/../libdecnumber/bid -I ../libdecnumber -I /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/../libbacktrace -internal-isystem /usr/bin/../lib64/gcc/x86_64-suse-linux/13/../../../../include/c++/13 -internal-isystem /usr/bin/../lib64/gcc/x86_64-suse-linux/13/../../../../include/c++/13/x86_64-suse-linux -internal-isystem /usr/bin/../lib64/gcc/x86_64-suse-linux/13/../../../../include/c++/13/backward -internal-isystem /usr/lib64/clang/15.0.7/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib64/gcc/x86_64-suse-linux/13/../../../../x86_64-suse-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-narrowing -Wwrite-strings -Wno-long-long -Wno-variadic-macros -Wno-overlength-strings -fdeprecated-macro -fdebug-compilation-dir=/buildworker/marxinbox-gcc-clang-static-analyzer/objdir/gcc -ferror-limit 19 -fno-rtti -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=plist-html -analyzer-config silence-checkers=core.NullDereference -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /buildworker/marxinbox-gcc-clang-static-analyzer/objdir/clang-static-analyzer/2023-03-27-141847-20772-1/report-MmS35m.plist -x c++ /buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc
1/* UndefinedBehaviorSanitizer, undefined behavior detector.
 Copyright (C) 2013-2023 Free Software Foundation, Inc.
 Contributed by Marek Polacek <polacek@redhat.com>

5This file is part of GCC.

7GCC is free software; you can redistribute it and/or modify it under
8the terms of the GNU General Public License as published by the Free
9Software Foundation; either version 3, or (at your option) any later
10version.

12GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13WARRANTY; without even the implied warranty of MERCHANTABILITY or
14FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15for more details.

17You should have received a copy of the GNU General Public License
18along with GCC; see the file COPYING3.  If not see
19<http://www.gnu.org/licenses/>.  */

21#include "config.h"
22#include "system.h"
23#include "coretypes.h"
24#include "backend.h"
25#include "rtl.h"
26#include "c-family/c-common.h"
27#include "gimple.h"
28#include "cfghooks.h"
29#include "tree-pass.h"
30#include "memmodel.h"
31#include "tm_p.h"
32#include "ssa.h"
33#include "cgraph.h"
34#include "tree-pretty-print.h"
35#include "stor-layout.h"
36#include "cfganal.h"
37#include "gimple-iterator.h"
38#include "output.h"
39#include "cfgloop.h"
40#include "ubsan.h"
41#include "expr.h"
42#include "stringpool.h"
43#include "attribs.h"
44#include "asan.h"
45#include "gimplify-me.h"
46#include "dfp.h"
47#include "builtins.h"
48#include "tree-object-size.h"
49#include "tree-cfg.h"
50#include "gimple-fold.h"
51#include "varasm.h"

53/* Map from a tree to a VAR_DECL tree.  */

55struct GTY((for_user)) tree_type_map {
struct tree_map_base type;
tree decl;
58};

60struct tree_type_map_cache_hasher : ggc_cache_ptr_hash<tree_type_map>
61{
static inline hashval_t
hash (tree_type_map *t)
{
  return TYPE_UID (t->type.from)((tree_class_check ((t->type.from), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 65, __FUNCTION__))->type_common.uid);
}

static inline bool
equal (tree_type_map *a, tree_type_map *b)
{
  return a->type.from == b->type.from;
}

static int
keep_cache_entry (tree_type_map *&m)
{
  return ggc_marked_p (m->type.from);
}
79};

81static GTY ((cache))
   hash_table<tree_type_map_cache_hasher> *decl_tree_for_type;

84/* Lookup a VAR_DECL for TYPE, and return it if we find one.  */

86static tree
87decl_for_type_lookup (tree type)
88{
/* If the hash table is not initialized yet, create it now.  */
if (decl_tree_for_type == NULLnullptr)
  {
    decl_tree_for_type
= hash_table<tree_type_map_cache_hasher>::create_ggc (10);
    /* That also means we don't have to bother with the lookup.  */
    return NULL_TREE(tree) nullptr;
  }

struct tree_type_map *h, in;
in.type.from = type;

h = decl_tree_for_type->find_with_hash (&in, TYPE_UID (type)((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 101, __FUNCTION__))->type_common.uid));
return h ? h->decl : NULL_TREE(tree) nullptr;
103}

105/* Insert a mapping TYPE->DECL in the VAR_DECL for type hashtable.  */

107static void
108decl_for_type_insert (tree type, tree decl)
109{
struct tree_type_map *h;

h = ggc_alloc<tree_type_map> ();
h->type.from = type;
h->decl = decl;
*decl_tree_for_type->find_slot_with_hash (h, TYPE_UID (type)((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 115, __FUNCTION__))->type_common.uid), INSERT) = h;
116}

118/* Helper routine, which encodes a value in the pointer_sized_int_node.
 Arguments with precision <= POINTER_SIZE are passed directly,
 the rest is passed by reference.  T is a value we are to encode.
 PHASE determines when this function is called.  */

123tree
124ubsan_encode_value (tree t, enum ubsan_encode_value_phase phase)
125{
tree type = TREE_TYPE (t)((contains_struct_check ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 126, __FUNCTION__))->typed.type);
scalar_mode mode = SCALAR_TYPE_MODE (type)(as_a <scalar_mode> ((tree_class_check ((type), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 127, __FUNCTION__))->type_common.mode));
const unsigned int bitsize = GET_MODE_BITSIZE (mode);
if (bitsize <= POINTER_SIZE(((global_options.x_ix86_isa_flags & (1UL << 58)) !=
 0) ? 32 : ((8) * (((global_options.x_ix86_isa_flags & (1UL
 << 1)) != 0) ? 8 : 4))))
  switch (TREE_CODE (type)((enum tree_code) (type)->base.code))
    {
    case BOOLEAN_TYPE:
    case ENUMERAL_TYPE:
    case INTEGER_TYPE:
return fold_build1 (NOP_EXPR, pointer_sized_int_node, t)fold_build1_loc (((location_t) 0), NOP_EXPR, global_trees[TI_POINTER_SIZED_TYPE
], t );
    case REAL_TYPE:
{
 tree itype = build_nonstandard_integer_type (bitsize, true);
 t = fold_build1 (VIEW_CONVERT_EXPR, itype, t)fold_build1_loc (((location_t) 0), VIEW_CONVERT_EXPR, itype, t
 );
 return fold_convert (pointer_sized_int_node, t)fold_convert_loc (((location_t) 0), global_trees[TI_POINTER_SIZED_TYPE
], t);
}
    default:
gcc_unreachable ()(fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 143, __FUNCTION__));
    }
else
  {
    if (!DECL_P (t)(tree_code_type_tmpl <0>::tree_code_type[(int) (((enum tree_code
) (t)->base.code))] == tcc_declaration) || !TREE_ADDRESSABLE (t)((t)->base.addressable_flag))
{
 /* The reason for this is that we don't want to pessimize
    code by making vars unnecessarily addressable.  */
 tree var;
 if (phase != UBSAN_ENCODE_VALUE_GENERIC)
   {
     var = create_tmp_var (type);
     mark_addressable (var);
   }
 else
   {
     var = create_tmp_var_raw (type);
     TREE_ADDRESSABLE (var)((var)->base.addressable_flag) = 1;
     DECL_CONTEXT (var)((contains_struct_check ((var), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 161, __FUNCTION__))->decl_minimal.context) = current_function_decl;
   }
 if (phase == UBSAN_ENCODE_VALUE_RTL)
   {
     rtx mem = assign_stack_temp_for_type (mode, GET_MODE_SIZE (mode),
				    type);
     SET_DECL_RTL (var, mem)set_decl_rtl (var, mem);
     expand_assignment (var, t, false);
     return build_fold_addr_expr (var)build_fold_addr_expr_loc (((location_t) 0), (var));
   }
 if (phase != UBSAN_ENCODE_VALUE_GENERIC)
   {
     tree tem = build2 (MODIFY_EXPR, void_type_nodeglobal_trees[TI_VOID_TYPE], var, t);
     t = build_fold_addr_expr (var)build_fold_addr_expr_loc (((location_t) 0), (var));
     return build2 (COMPOUND_EXPR, TREE_TYPE (t)((contains_struct_check ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 175, __FUNCTION__))->typed.type), tem, t);
   }
 else
   {
     var = build4 (TARGET_EXPR, type, var, t, NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
     return build_fold_addr_expr (var)build_fold_addr_expr_loc (((location_t) 0), (var));
   }
}
    else
return build_fold_addr_expr (t)build_fold_addr_expr_loc (((location_t) 0), (t));
  }
186}

188/* Cached ubsan_get_type_descriptor_type () return value.  */
189static GTY(()) tree ubsan_type_descriptor_type;

191/* Build
 struct __ubsan_type_descriptor
 {
   unsigned short __typekind;
   unsigned short __typeinfo;
   char __typename[];
 }
 type.  */

200static tree
201ubsan_get_type_descriptor_type (void)
202{
static const char *field_names[3]
  = { "__typekind", "__typeinfo", "__typename" };
tree fields[3], ret;

if (ubsan_type_descriptor_type)
  return ubsan_type_descriptor_type;

tree itype = build_range_type (sizetypesizetype_tab[(int) stk_sizetype], size_zero_nodeglobal_trees[TI_SIZE_ZERO], NULL_TREE(tree) nullptr);
tree flex_arr_type = build_array_type (char_type_nodeinteger_types[itk_char], itype);

ret = make_node (RECORD_TYPE);
for (int i = 0; i < 3; i++)
  {
    fields[i] = build_decl (UNKNOWN_LOCATION((location_t) 0), FIELD_DECL,
	      get_identifier (field_names[i])(__builtin_constant_p (field_names[i]) ? get_identifier_with_length
 ((field_names[i]), strlen (field_names[i])) : get_identifier
 (field_names[i])),
	      (i == 2) ? flex_arr_type
	      : short_unsigned_type_nodeinteger_types[itk_unsigned_short]);
    DECL_CONTEXT (fields[i])((contains_struct_check ((fields[i]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 220, __FUNCTION__))->decl_minimal.context) = ret;
    if (i)
DECL_CHAIN (fields[i - 1])(((contains_struct_check (((contains_struct_check ((fields[i -
 1]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 222, __FUNCTION__))), (TS_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 222, __FUNCTION__))->common.chain)) = fields[i];
  }
tree type_decl = build_decl (input_location, TYPE_DECL,
	       get_identifier ("__ubsan_type_descriptor")(__builtin_constant_p ("__ubsan_type_descriptor") ? get_identifier_with_length
 (("__ubsan_type_descriptor"), strlen ("__ubsan_type_descriptor"
)) : get_identifier ("__ubsan_type_descriptor")),
	       ret);
DECL_IGNORED_P (type_decl)((contains_struct_check ((type_decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 227, __FUNCTION__))->decl_common.ignored_flag) = 1;
DECL_ARTIFICIAL (type_decl)((contains_struct_check ((type_decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 228, __FUNCTION__))->decl_common.artificial_flag) = 1;
TYPE_FIELDS (ret)((tree_check3 ((ret), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 229, __FUNCTION__, (RECORD_TYPE), (UNION_TYPE), (QUAL_UNION_TYPE
)))->type_non_common.values) = fields[0];
TYPE_NAME (ret)((tree_class_check ((ret), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 230, __FUNCTION__))->type_common.name) = type_decl;
TYPE_STUB_DECL (ret)(((contains_struct_check (((tree_class_check ((ret), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 231, __FUNCTION__))), (TS_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 231, __FUNCTION__))->common.chain)) = type_decl;
TYPE_ARTIFICIAL (ret)((tree_class_check ((ret), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 232, __FUNCTION__))->base.nowarning_flag) = 1;
layout_type (ret);
ubsan_type_descriptor_type = ret;
return ret;
236}

238/* Cached ubsan_get_source_location_type () return value.  */
239static GTY(()) tree ubsan_source_location_type;

241/* Build
 struct __ubsan_source_location
 {
   const char *__filename;
   unsigned int __line;
   unsigned int __column;
 }
 type.  */

250tree
251ubsan_get_source_location_type (void)
252{
static const char *field_names[3]
  = { "__filename", "__line", "__column" };
tree fields[3], ret;
if (ubsan_source_location_type)
  return ubsan_source_location_type;

tree const_char_type = build_qualified_type (char_type_nodeinteger_types[itk_char],
			       TYPE_QUAL_CONST);

ret = make_node (RECORD_TYPE);
for (int i = 0; i < 3; i++)
  {
    fields[i] = build_decl (UNKNOWN_LOCATION((location_t) 0), FIELD_DECL,
	      get_identifier (field_names[i])(__builtin_constant_p (field_names[i]) ? get_identifier_with_length
 ((field_names[i]), strlen (field_names[i])) : get_identifier
 (field_names[i])),
	      (i == 0) ? build_pointer_type (const_char_type)
	      : unsigned_type_nodeinteger_types[itk_unsigned_int]);
    DECL_CONTEXT (fields[i])((contains_struct_check ((fields[i]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 269, __FUNCTION__))->decl_minimal.context) = ret;
    if (i)
DECL_CHAIN (fields[i - 1])(((contains_struct_check (((contains_struct_check ((fields[i -
 1]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 271, __FUNCTION__))), (TS_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 271, __FUNCTION__))->common.chain)) = fields[i];
  }
tree type_decl = build_decl (input_location, TYPE_DECL,
	       get_identifier ("__ubsan_source_location")(__builtin_constant_p ("__ubsan_source_location") ? get_identifier_with_length
 (("__ubsan_source_location"), strlen ("__ubsan_source_location"
)) : get_identifier ("__ubsan_source_location")),
	       ret);
DECL_IGNORED_P (type_decl)((contains_struct_check ((type_decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 276, __FUNCTION__))->decl_common.ignored_flag) = 1;
DECL_ARTIFICIAL (type_decl)((contains_struct_check ((type_decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 277, __FUNCTION__))->decl_common.artificial_flag) = 1;
TYPE_FIELDS (ret)((tree_check3 ((ret), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 278, __FUNCTION__, (RECORD_TYPE), (UNION_TYPE), (QUAL_UNION_TYPE
)))->type_non_common.values) = fields[0];
TYPE_NAME (ret)((tree_class_check ((ret), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 279, __FUNCTION__))->type_common.name) = type_decl;
TYPE_STUB_DECL (ret)(((contains_struct_check (((tree_class_check ((ret), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 280, __FUNCTION__))), (TS_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 280, __FUNCTION__))->common.chain)) = type_decl;
TYPE_ARTIFICIAL (ret)((tree_class_check ((ret), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 281, __FUNCTION__))->base.nowarning_flag) = 1;
layout_type (ret);
ubsan_source_location_type = ret;
return ret;
285}

287/* Helper routine that returns a CONSTRUCTOR of __ubsan_source_location
 type with its fields filled from a location_t LOC.  */

290static tree
291ubsan_source_location (location_t loc)
292{
expanded_location xloc;
tree type = ubsan_get_source_location_type ();

xloc = expand_location (loc);
tree str;
if (xloc.file == NULLnullptr)
  {
    str = build_int_cst (ptr_type_nodeglobal_trees[TI_PTR_TYPE], 0);
    xloc.line = 0;
    xloc.column = 0;
  }
else
  {
    /* Fill in the values from LOC.  */
    size_t len = strlen (xloc.file) + 1;
    str = build_string (len, xloc.file);
    TREE_TYPE (str)((contains_struct_check ((str), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 309, __FUNCTION__))->typed.type) = build_array_type_nelts (char_type_nodeinteger_types[itk_char], len);
    TREE_READONLY (str)((non_type_check ((str), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 310, __FUNCTION__))->base.readonly_flag) = 1;
    TREE_STATIC (str)((str)->base.static_flag) = 1;
    str = build_fold_addr_expr (str)build_fold_addr_expr_loc (((location_t) 0), (str));
  }
tree ctor = build_constructor_va (type, 3, NULL_TREE(tree) nullptr, str, NULL_TREE(tree) nullptr,
		    build_int_cst (unsigned_type_nodeinteger_types[itk_unsigned_int],
				   xloc.line), NULL_TREE(tree) nullptr,
		    build_int_cst (unsigned_type_nodeinteger_types[itk_unsigned_int],
				   xloc.column));
TREE_CONSTANT (ctor)((non_type_check ((ctor), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 319, __FUNCTION__))->base.constant_flag) = 1;
TREE_STATIC (ctor)((ctor)->base.static_flag) = 1;

return ctor;
323}

325/* This routine returns a magic number for TYPE.  */

327static unsigned short
328get_ubsan_type_info_for_type (tree type)
329{
if (TREE_CODE (type)((enum tree_code) (type)->base.code) == REAL_TYPE)
  return tree_to_uhwi (TYPE_SIZE (type)((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 331, __FUNCTION__))->type_common.size));
else if (INTEGRAL_TYPE_P (type)(((enum tree_code) (type)->base.code) == ENUMERAL_TYPE || (
(enum tree_code) (type)->base.code) == BOOLEAN_TYPE || ((enum
 tree_code) (type)->base.code) == INTEGER_TYPE))
  {
    int prec = exact_log2 (tree_to_uhwi (TYPE_SIZE (type)((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 334, __FUNCTION__))->type_common.size)));
    gcc_assert (prec != -1)((void)(!(prec != -1) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 335, __FUNCTION__), 0 : 0));
    return (prec << 1) | !TYPE_UNSIGNED (type)((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 336, __FUNCTION__))->base.u.bits.unsigned_flag);
  }
else
  return 0;
340}

342/* Counters for internal labels.  ubsan_ids[0] for Lubsan_type,
 ubsan_ids[1] for Lubsan_data labels.  */
344static GTY(()) unsigned int ubsan_ids[2];

346/* Helper routine that returns ADDR_EXPR of a VAR_DECL of a type
 descriptor.  It first looks into the hash table; if not found,
 create the VAR_DECL, put it into the hash table and return the
 ADDR_EXPR of it.  TYPE describes a particular type.  PSTYLE is
 an enum controlling how we want to print the type.  */

352tree
353ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
354{
/* See through any typedefs.  */
type = TYPE_MAIN_VARIANT (type)((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 356, __FUNCTION__))->type_common.main_variant);

tree decl = decl_for_type_lookup (type);
/* It is possible that some of the earlier created DECLs were found
   unused, in that case they weren't emitted and varpool_node::get
   returns NULL node on them.  But now we really need them.  Thus,
   renew them here.  */
if (decl != NULL_TREE(tree) nullptr && varpool_node::get (decl))
  return build_fold_addr_expr (decl)build_fold_addr_expr_loc (((location_t) 0), (decl));

tree dtype = ubsan_get_type_descriptor_type ();
tree type2 = type;
const char *tname = NULLnullptr;
pretty_printer pretty_name;
unsigned char deref_depth = 0;
unsigned short tkind, tinfo;

/* Get the name of the type, or the name of the pointer type.  */
if (pstyle == UBSAN_PRINT_POINTER)
  {
    gcc_assert (POINTER_TYPE_P (type))((void)(!((((enum tree_code) (type)->base.code) == POINTER_TYPE
 || ((enum tree_code) (type)->base.code) == REFERENCE_TYPE
)) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 376, __FUNCTION__), 0 : 0));
    type2 = TREE_TYPE (type)((contains_struct_check ((type), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 377, __FUNCTION__))->typed.type);

    /* Remove any '*' operators from TYPE.  */
    while (POINTER_TYPE_P (type2)(((enum tree_code) (type2)->base.code) == POINTER_TYPE || (
(enum tree_code) (type2)->base.code) == REFERENCE_TYPE))
      deref_depth++, type2 = TREE_TYPE (type2)((contains_struct_check ((type2), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 381, __FUNCTION__))->typed.type);

    if (TREE_CODE (type2)((enum tree_code) (type2)->base.code) == METHOD_TYPE)
      type2 = TYPE_METHOD_BASETYPE (type2)((tree_check2 ((type2), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 384, __FUNCTION__, (FUNCTION_TYPE), (METHOD_TYPE)))->type_non_common
.maxval);
  }

/* If an array, get its type.  */
type2 = strip_array_types (type2);

if (pstyle == UBSAN_PRINT_ARRAY)
  {
    while (POINTER_TYPE_P (type2)(((enum tree_code) (type2)->base.code) == POINTER_TYPE || (
(enum tree_code) (type2)->base.code) == REFERENCE_TYPE))
      deref_depth++, type2 = TREE_TYPE (type2)((contains_struct_check ((type2), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 393, __FUNCTION__))->typed.type);
  }

if (TYPE_NAME (type2)((tree_class_check ((type2), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 396, __FUNCTION__))->type_common.name) != NULLnullptr)
  {
    if (TREE_CODE (TYPE_NAME (type2))((enum tree_code) (((tree_class_check ((type2), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 398, __FUNCTION__))->type_common.name))->base.code) == IDENTIFIER_NODE)
tname = IDENTIFIER_POINTER (TYPE_NAME (type2))((const char *) (tree_check ((((tree_class_check ((type2), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 399, __FUNCTION__))->type_common.name)), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 399, __FUNCTION__, (IDENTIFIER_NODE)))->identifier.id.str
);
    else if (DECL_NAME (TYPE_NAME (type2))((contains_struct_check ((((tree_class_check ((type2), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 400, __FUNCTION__))->type_common.name)), (TS_DECL_MINIMAL
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 400, __FUNCTION__))->decl_minimal.name) != NULLnullptr)
tname = IDENTIFIER_POINTER (DECL_NAME (TYPE_NAME (type2)))((const char *) (tree_check ((((contains_struct_check ((((tree_class_check
 ((type2), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 401, __FUNCTION__))->type_common.name)), (TS_DECL_MINIMAL
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 401, __FUNCTION__))->decl_minimal.name)), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 401, __FUNCTION__, (IDENTIFIER_NODE)))->identifier.id.str
);
  }

if (tname == NULLnullptr)
  /* We weren't able to determine the type name.  */
  tname = "<unknown>";

pp_quote (&pretty_name)pp_character (&pretty_name, '\'');

tree eltype = type;
if (pstyle == UBSAN_PRINT_POINTER)
  {
    pp_printf (&pretty_name, "%s%s%s%s%s%s%s",
 TYPE_VOLATILE (type2)((tree_class_check ((type2), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 414, __FUNCTION__))->base.volatile_flag) ? "volatile " : "",
 TYPE_READONLY (type2)((tree_class_check ((type2), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 415, __FUNCTION__))->base.readonly_flag) ? "const " : "",
 TYPE_RESTRICT (type2)((tree_class_check ((type2), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 416, __FUNCTION__))->type_common.restrict_flag) ? "restrict " : "",
 TYPE_ATOMIC (type2)((tree_class_check ((type2), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 417, __FUNCTION__))->base.u.bits.atomic_flag) ? "_Atomic " : "",
 TREE_CODE (type2)((enum tree_code) (type2)->base.code) == RECORD_TYPE
 ? "struct "
 : TREE_CODE (type2)((enum tree_code) (type2)->base.code) == UNION_TYPE
   ? "union " : "", tname,
 deref_depth == 0 ? "" : " ");
    while (deref_depth-- > 0)
pp_star (&pretty_name)pp_character (&pretty_name, '*');
  }
else if (pstyle == UBSAN_PRINT_ARRAY)
  {
    /* Pretty print the array dimensions.  */
    gcc_assert (TREE_CODE (type) == ARRAY_TYPE)((void)(!(((enum tree_code) (type)->base.code) == ARRAY_TYPE
) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 429, __FUNCTION__), 0 : 0));
    tree t = type;
    pp_string (&pretty_name, tname);
    pp_space (&pretty_name)pp_character (&pretty_name, ' ');
    while (deref_depth-- > 0)
pp_star (&pretty_name)pp_character (&pretty_name, '*');
    while (TREE_CODE (t)((enum tree_code) (t)->base.code) == ARRAY_TYPE)
{
 pp_left_bracket (&pretty_name)pp_character (&pretty_name, '[');
 tree dom = TYPE_DOMAIN (t)((tree_check ((t), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 438, __FUNCTION__, (ARRAY_TYPE)))->type_non_common.values
);
 if (dom != NULL_TREE(tree) nullptr
     && TYPE_MAX_VALUE (dom)((tree_check5 ((dom), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 440, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.maxval
) != NULL_TREE(tree) nullptr
     && TREE_CODE (TYPE_MAX_VALUE (dom))((enum tree_code) (((tree_check5 ((dom), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 441, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.maxval
))->base.code) == INTEGER_CST)
   {
     unsigned HOST_WIDE_INTlong m;
     if (tree_fits_uhwi_p (TYPE_MAX_VALUE (dom)((tree_check5 ((dom), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 444, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.maxval
))
  && (m = tree_to_uhwi (TYPE_MAX_VALUE (dom)((tree_check5 ((dom), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 445, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.maxval
))) + 1 != 0)
pp_unsigned_wide_integer (&pretty_name, m + 1)do { sprintf ((&pretty_name)->buffer->digit_buffer,
 "%" "l" "u", (unsigned long) m + 1); pp_string (&pretty_name
, (&pretty_name)->buffer->digit_buffer); } while (0
);
     else
pp_wide_int (&pretty_name,do { print_dec (wi::add (wi::to_widest (((tree_check5 ((dom),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 449, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.maxval
)), 1), (&pretty_name)->buffer->digit_buffer, ((signop
) ((tree_class_check ((((contains_struct_check ((dom), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 450, __FUNCTION__))->typed.type)), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 450, __FUNCTION__))->base.u.bits.unsigned_flag))); pp_string
 (&pretty_name, (&pretty_name)->buffer->digit_buffer
); } while (0)
	     wi::add (wi::to_widest (TYPE_MAX_VALUE (dom)), 1),do { print_dec (wi::add (wi::to_widest (((tree_check5 ((dom),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 449, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.maxval
)), 1), (&pretty_name)->buffer->digit_buffer, ((signop
) ((tree_class_check ((((contains_struct_check ((dom), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 450, __FUNCTION__))->typed.type)), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 450, __FUNCTION__))->base.u.bits.unsigned_flag))); pp_string
 (&pretty_name, (&pretty_name)->buffer->digit_buffer
); } while (0)
	     TYPE_SIGN (TREE_TYPE (dom)))do { print_dec (wi::add (wi::to_widest (((tree_check5 ((dom),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 449, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.maxval
)), 1), (&pretty_name)->buffer->digit_buffer, ((signop
) ((tree_class_check ((((contains_struct_check ((dom), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 450, __FUNCTION__))->typed.type)), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 450, __FUNCTION__))->base.u.bits.unsigned_flag))); pp_string
 (&pretty_name, (&pretty_name)->buffer->digit_buffer
); } while (0);
   }
 else
   /* ??? We can't determine the variable name; print VLA unspec.  */
   pp_star (&pretty_name)pp_character (&pretty_name, '*');
 pp_right_bracket (&pretty_name)pp_character (&pretty_name, ']');
 t = TREE_TYPE (t)((contains_struct_check ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 456, __FUNCTION__))->typed.type);
}

    /* Save the tree with stripped types.  */
    eltype = t;
  }
else
  pp_string (&pretty_name, tname);

pp_quote (&pretty_name)pp_character (&pretty_name, '\'');

switch (TREE_CODE (eltype)((enum tree_code) (eltype)->base.code))
  {
  case BOOLEAN_TYPE:
  case ENUMERAL_TYPE:
  case INTEGER_TYPE:
    tkind = 0x0000;
    break;
  case REAL_TYPE:
    /* FIXME: libubsan right now only supports float, double and
long double type formats.  */
    if (TYPE_MODE (eltype)((((enum tree_code) ((tree_class_check ((eltype), (tcc_type),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 477, __FUNCTION__)))->base.code) == VECTOR_TYPE) ? vector_type_mode
 (eltype) : (eltype)->type_common.mode) == TYPE_MODE (float_type_node)((((enum tree_code) ((tree_class_check ((global_trees[TI_FLOAT_TYPE
]), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 477, __FUNCTION__)))->base.code) == VECTOR_TYPE) ? vector_type_mode
 (global_trees[TI_FLOAT_TYPE]) : (global_trees[TI_FLOAT_TYPE]
)->type_common.mode)
 || TYPE_MODE (eltype)((((enum tree_code) ((tree_class_check ((eltype), (tcc_type),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 478, __FUNCTION__)))->base.code) == VECTOR_TYPE) ? vector_type_mode
 (eltype) : (eltype)->type_common.mode) == TYPE_MODE (double_type_node)((((enum tree_code) ((tree_class_check ((global_trees[TI_DOUBLE_TYPE
]), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 478, __FUNCTION__)))->base.code) == VECTOR_TYPE) ? vector_type_mode
 (global_trees[TI_DOUBLE_TYPE]) : (global_trees[TI_DOUBLE_TYPE
])->type_common.mode)
 || TYPE_MODE (eltype)((((enum tree_code) ((tree_class_check ((eltype), (tcc_type),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 479, __FUNCTION__)))->base.code) == VECTOR_TYPE) ? vector_type_mode
 (eltype) : (eltype)->type_common.mode) == TYPE_MODE (long_double_type_node)((((enum tree_code) ((tree_class_check ((global_trees[TI_LONG_DOUBLE_TYPE
]), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 479, __FUNCTION__)))->base.code) == VECTOR_TYPE) ? vector_type_mode
 (global_trees[TI_LONG_DOUBLE_TYPE]) : (global_trees[TI_LONG_DOUBLE_TYPE
])->type_common.mode))
tkind = 0x0001;
    else
tkind = 0xffff;
    break;
  default:
    tkind = 0xffff;
    break;
  }
tinfo = get_ubsan_type_info_for_type (eltype);

/* Create a new VAR_DECL of type descriptor.  */
const char *tmp = pp_formatted_text (&pretty_name);
size_t len = strlen (tmp) + 1;
tree str = build_string (len, tmp);
TREE_TYPE (str)((contains_struct_check ((str), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 494, __FUNCTION__))->typed.type) = build_array_type_nelts (char_type_nodeinteger_types[itk_char], len);
TREE_READONLY (str)((non_type_check ((str), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 495, __FUNCTION__))->base.readonly_flag) = 1;
TREE_STATIC (str)((str)->base.static_flag) = 1;

char tmp_name[32];
ASM_GENERATE_INTERNAL_LABEL (tmp_name, "Lubsan_type", ubsan_ids[0]++)do { char *__p; (tmp_name)[0] = '*'; (tmp_name)[1] = '.'; __p
 = stpcpy (&(tmp_name)[2], "Lubsan_type"); sprint_ul (__p
, (unsigned long) (ubsan_ids[0]++)); } while (0);
decl = build_decl (UNKNOWN_LOCATION((location_t) 0), VAR_DECL, get_identifier (tmp_name)(__builtin_constant_p (tmp_name) ? get_identifier_with_length
 ((tmp_name), strlen (tmp_name)) : get_identifier (tmp_name)),
     dtype);
TREE_STATIC (decl)((decl)->base.static_flag) = 1;
TREE_PUBLIC (decl)((decl)->base.public_flag) = 0;
DECL_ARTIFICIAL (decl)((contains_struct_check ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 504, __FUNCTION__))->decl_common.artificial_flag) = 1;
DECL_IGNORED_P (decl)((contains_struct_check ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 505, __FUNCTION__))->decl_common.ignored_flag) = 1;
DECL_EXTERNAL (decl)((contains_struct_check ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 506, __FUNCTION__))->decl_common.decl_flag_1) = 0;
DECL_SIZE (decl)((contains_struct_check ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 507, __FUNCTION__))->decl_common.size)
  = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (TREE_TYPE (str)))size_binop_loc (((location_t) 0), PLUS_EXPR, ((contains_struct_check
 ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 508, __FUNCTION__))->decl_common.size), ((tree_class_check
 ((((contains_struct_check ((str), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 508, __FUNCTION__))->typed.type)), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 508, __FUNCTION__))->type_common.size));
DECL_SIZE_UNIT (decl)((contains_struct_check ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 509, __FUNCTION__))->decl_common.size_unit)
  = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),size_binop_loc (((location_t) 0), PLUS_EXPR, ((contains_struct_check
 ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 510, __FUNCTION__))->decl_common.size_unit), ((tree_class_check
 ((((contains_struct_check ((str), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 511, __FUNCTION__))->typed.type)), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 511, __FUNCTION__))->type_common.size_unit))
  TYPE_SIZE_UNIT (TREE_TYPE (str)))size_binop_loc (((location_t) 0), PLUS_EXPR, ((contains_struct_check
 ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 510, __FUNCTION__))->decl_common.size_unit), ((tree_class_check
 ((((contains_struct_check ((str), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 511, __FUNCTION__))->typed.type)), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 511, __FUNCTION__))->type_common.size_unit));

tree ctor = build_constructor_va (dtype, 3, NULL_TREE(tree) nullptr,
		    build_int_cst (short_unsigned_type_nodeinteger_types[itk_unsigned_short],
				   tkind), NULL_TREE(tree) nullptr,
		    build_int_cst (short_unsigned_type_nodeinteger_types[itk_unsigned_short],
				   tinfo), NULL_TREE(tree) nullptr, str);
TREE_CONSTANT (ctor)((non_type_check ((ctor), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 518, __FUNCTION__))->base.constant_flag) = 1;
TREE_STATIC (ctor)((ctor)->base.static_flag) = 1;
DECL_INITIAL (decl)((contains_struct_check ((decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 520, __FUNCTION__))->decl_common.initial) = ctor;
varpool_node::finalize_decl (decl);

/* Save the VAR_DECL into the hash table.  */
decl_for_type_insert (type, decl);

return build_fold_addr_expr (decl)build_fold_addr_expr_loc (((location_t) 0), (decl));
527}

529/* Create a structure for the ubsan library.  NAME is a name of the new
 structure.  LOCCNT is number of locations, PLOC points to array of
 locations.  The arguments in ... are of __ubsan_type_descriptor type
 and there are at most two of them, followed by NULL_TREE, followed
 by optional extra arguments and another NULL_TREE.  */

535tree
536ubsan_create_data (const char *name, int loccnt, const location_t *ploc, ...)
537{
va_list args;
tree ret, t;
tree fields[6];
vec<tree, va_gc> *saved_args = NULLnullptr;
size_t i = 0;
int j;

/* It is possible that PCH zapped table with definitions of sanitizer
   builtins.  Reinitialize them if needed.  */
initialize_sanitizer_builtins ();

/* Firstly, create a pointer to type descriptor type.  */
tree td_type = ubsan_get_type_descriptor_type ();
td_type = build_pointer_type (td_type);

/* Create the structure type.  */
ret = make_node (RECORD_TYPE);
for (j = 0; j < loccnt; j++)
1
Assuming 'j' is >= 'loccnt'→
2
←
Loop condition is false. Execution continues on line 566→
  {
    gcc_checking_assert (i < 2)((void)(!(i < 2) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 557, __FUNCTION__), 0 : 0));
    fields[i] = build_decl (UNKNOWN_LOCATION((location_t) 0), FIELD_DECL, NULL_TREE(tree) nullptr,
	      ubsan_get_source_location_type ());
    DECL_CONTEXT (fields[i])((contains_struct_check ((fields[i]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 560, __FUNCTION__))->decl_minimal.context) = ret;
    if (i)
DECL_CHAIN (fields[i - 1])(((contains_struct_check (((contains_struct_check ((fields[i -
 1]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 562, __FUNCTION__))), (TS_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 562, __FUNCTION__))->common.chain)) = fields[i];
    i++;
  }

va_start (args, ploc)__builtin_va_start(args, ploc);
for (t = va_arg (args, tree)__builtin_va_arg(args, tree); t != NULL_TREE(tree) nullptr;
3
←
Assuming the condition is false→
4
←
Loop condition is false. Execution continues on line 580→
     i++, t = va_arg (args, tree)__builtin_va_arg(args, tree))
  {
    gcc_checking_assert (i < 4)((void)(!(i < 4) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 570, __FUNCTION__), 0 : 0));
    /* Save the tree arguments for later use.  */
    vec_safe_push (saved_args, t);
    fields[i] = build_decl (UNKNOWN_LOCATION((location_t) 0), FIELD_DECL, NULL_TREE(tree) nullptr,
	      td_type);
    DECL_CONTEXT (fields[i])((contains_struct_check ((fields[i]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 575, __FUNCTION__))->decl_minimal.context) = ret;
    if (i)
DECL_CHAIN (fields[i - 1])(((contains_struct_check (((contains_struct_check ((fields[i -
 1]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 577, __FUNCTION__))), (TS_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 577, __FUNCTION__))->common.chain)) = fields[i];
  }

for (t = va_arg (args, tree)__builtin_va_arg(args, tree); t != NULL_TREE(tree) nullptr;
5
←
Assuming the condition is false→
6
←
Loop condition is false. Execution continues on line 592→
     i++, t = va_arg (args, tree)__builtin_va_arg(args, tree))
  {
    gcc_checking_assert (i < 6)((void)(!(i < 6) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 583, __FUNCTION__), 0 : 0));
    /* Save the tree arguments for later use.  */
    vec_safe_push (saved_args, t);
    fields[i] = build_decl (UNKNOWN_LOCATION((location_t) 0), FIELD_DECL, NULL_TREE(tree) nullptr,
	      TREE_TYPE (t)((contains_struct_check ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 587, __FUNCTION__))->typed.type));
    DECL_CONTEXT (fields[i])((contains_struct_check ((fields[i]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 588, __FUNCTION__))->decl_minimal.context) = ret;
    if (i)
DECL_CHAIN (fields[i - 1])(((contains_struct_check (((contains_struct_check ((fields[i -
 1]), (TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 590, __FUNCTION__))), (TS_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 590, __FUNCTION__))->common.chain)) = fields[i];
  }
va_end (args)__builtin_va_end(args);

tree type_decl = build_decl (input_location, TYPE_DECL,
	       get_identifier (name)(__builtin_constant_p (name) ? get_identifier_with_length ((name
), strlen (name)) : get_identifier (name)), ret);
7
←
'?' condition is false→
DECL_IGNORED_P (type_decl)((contains_struct_check ((type_decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 596, __FUNCTION__))->decl_common.ignored_flag) = 1;
DECL_ARTIFICIAL (type_decl)((contains_struct_check ((type_decl), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 597, __FUNCTION__))->decl_common.artificial_flag) = 1;
TYPE_FIELDS (ret)((tree_check3 ((ret), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 598, __FUNCTION__, (RECORD_TYPE), (UNION_TYPE), (QUAL_UNION_TYPE
)))->type_non_common.values) = fields[0];
8
←
Assigned value is garbage or undefined
TYPE_NAME (ret)((tree_class_check ((ret), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 599, __FUNCTION__))->type_common.name) = type_decl;
TYPE_STUB_DECL (ret)(((contains_struct_check (((tree_class_check ((ret), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 600, __FUNCTION__))), (TS_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 600, __FUNCTION__))->common.chain)) = type_decl;
TYPE_ARTIFICIAL (ret)((tree_class_check ((ret), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 601, __FUNCTION__))->base.nowarning_flag) = 1;
layout_type (ret);

/* Now, fill in the type.  */
char tmp_name[32];
ASM_GENERATE_INTERNAL_LABEL (tmp_name, "Lubsan_data", ubsan_ids[1]++)do { char *__p; (tmp_name)[0] = '*'; (tmp_name)[1] = '.'; __p
 = stpcpy (&(tmp_name)[2], "Lubsan_data"); sprint_ul (__p
, (unsigned long) (ubsan_ids[1]++)); } while (0);
tree var = build_decl (UNKNOWN_LOCATION((location_t) 0), VAR_DECL, get_identifier (tmp_name)(__builtin_constant_p (tmp_name) ? get_identifier_with_length
 ((tmp_name), strlen (tmp_name)) : get_identifier (tmp_name)),
	 ret);
TREE_STATIC (var)((var)->base.static_flag) = 1;
TREE_PUBLIC (var)((var)->base.public_flag) = 0;
DECL_ARTIFICIAL (var)((contains_struct_check ((var), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 611, __FUNCTION__))->decl_common.artificial_flag) = 1;
DECL_IGNORED_P (var)((contains_struct_check ((var), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 612, __FUNCTION__))->decl_common.ignored_flag) = 1;
DECL_EXTERNAL (var)((contains_struct_check ((var), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 613, __FUNCTION__))->decl_common.decl_flag_1) = 0;

vec<constructor_elt, va_gc> *v;
vec_alloc (v, i);
tree ctor = build_constructor (ret, v);

/* If desirable, set the __ubsan_source_location element.  */
for (j = 0; j < loccnt; j++)
  {
    location_t loc = LOCATION_LOCUS (ploc[j])((IS_ADHOC_LOC (ploc[j])) ? get_location_from_adhoc_loc (line_table
, ploc[j]) : (ploc[j]));
    CONSTRUCTOR_APPEND_ELT (v, NULL_TREE, ubsan_source_location (loc))do { constructor_elt _ce___ = {(tree) nullptr, ubsan_source_location
 (loc)}; vec_safe_push ((v), _ce___); } while (0);
  } 

size_t nelts = vec_safe_length (saved_args);
for (i = 0; i < nelts; i++)
  {
    t = (*saved_args)[i];
    CONSTRUCTOR_APPEND_ELT (v, NULL_TREE, t)do { constructor_elt _ce___ = {(tree) nullptr, t}; vec_safe_push
 ((v), _ce___); } while (0);
  }

TREE_CONSTANT (ctor)((non_type_check ((ctor), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 633, __FUNCTION__))->base.constant_flag) = 1;
TREE_STATIC (ctor)((ctor)->base.static_flag) = 1;
DECL_INITIAL (var)((contains_struct_check ((var), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 635, __FUNCTION__))->decl_common.initial) = ctor;
varpool_node::finalize_decl (var);

return var;
639}

641/* Shared between *build_builtin_unreachable.  */

643tree
644sanitize_unreachable_fn (tree *data, location_t loc)
645{
tree fn = NULL_TREE(tree) nullptr;
bool san = sanitize_flags_p (SANITIZE_UNREACHABLE);
if (san
    ? (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_UNREACHABLE)
    : flag_unreachable_trapsglobal_options.x_flag_unreachable_traps)
  {
    fn = builtin_decl_explicit (BUILT_IN_UNREACHABLE_TRAP);
    *data = NULL_TREE(tree) nullptr;
  }
else if (san)
  {
    /* Call ubsan_create_data first as it initializes SANITIZER built-ins.  */
    *data = ubsan_create_data ("__ubsan_unreachable_data", 1, &loc,
		 NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    fn = builtin_decl_explicit (BUILT_IN_UBSAN_HANDLE_BUILTIN_UNREACHABLE);
    *data = build_fold_addr_expr_loc (loc, *data);
  }
else
  {
    fn = builtin_decl_explicit (BUILT_IN_UNREACHABLE);
    *data = NULL_TREE(tree) nullptr;
  }
return fn;
669}

671/* Rewrite a gcall to __builtin_unreachable for -fsanitize=unreachable.  Called
 by the sanopt pass.  */

674bool
675ubsan_instrument_unreachable (gimple_stmt_iterator *gsi)
676{
location_t loc = gimple_location (gsi_stmt (*gsi));
gimple *g = gimple_build_builtin_unreachable (loc);
gsi_replace (gsi, g, false);
return false;
681}

683/* Return true if T is a call to a libubsan routine.  */

685bool
686is_ubsan_builtin_p (tree t)
687{
return TREE_CODE (t)((enum tree_code) (t)->base.code) == FUNCTION_DECL
&& fndecl_built_in_p (t, BUILT_IN_NORMAL)
&& strncmp (IDENTIFIER_POINTER (DECL_NAME (t))((const char *) (tree_check ((((contains_struct_check ((t), (
TS_DECL_MINIMAL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 690, __FUNCTION__))->decl_minimal.name)), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 690, __FUNCTION__, (IDENTIFIER_NODE)))->identifier.id.str
),
     "__builtin___ubsan_", 18) == 0;
692}

694/* Create a callgraph edge for statement STMT.  */

696static void
697ubsan_create_edge (gimple *stmt)
698{
gcall *call_stmt = dyn_cast <gcall *> (stmt);
basic_block bb = gimple_bb (stmt);
cgraph_node *node = cgraph_node::get (current_function_decl);
tree decl = gimple_call_fndecl (call_stmt);
if (decl)
  node->create_edge (cgraph_node::get_create (decl), call_stmt, bb->count);
705}

707/* Expand the UBSAN_BOUNDS special builtin function.  */

709bool
710ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
711{
gimple *stmt = gsi_stmt (*gsi);
location_t loc = gimple_location (stmt);
gcc_assert (gimple_call_num_args (stmt) == 3)((void)(!(gimple_call_num_args (stmt) == 3) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 714, __FUNCTION__), 0 : 0));

/* Pick up the arguments of the UBSAN_BOUNDS call.  */
tree type = TREE_TYPE (TREE_TYPE (gimple_call_arg (stmt, 0)))((contains_struct_check ((((contains_struct_check ((gimple_call_arg
 (stmt, 0)), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 717, __FUNCTION__))->typed.type)), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 717, __FUNCTION__))->typed.type);
tree index = gimple_call_arg (stmt, 1);
tree orig_index = index;
tree bound = gimple_call_arg (stmt, 2);

gimple_stmt_iterator gsi_orig = *gsi;

/* Create condition "if (index >= bound)".  */
basic_block then_bb, fallthru_bb;
gimple_stmt_iterator cond_insert_point
  = create_cond_insert_point (gsi, false, false, true,
		&then_bb, &fallthru_bb);
index = fold_convert (TREE_TYPE (bound), index)fold_convert_loc (((location_t) 0), ((contains_struct_check (
(bound), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 729, __FUNCTION__))->typed.type), index);
index = force_gimple_operand_gsi (&cond_insert_point, index,
		    true, NULL_TREE(tree) nullptr,
		    false, GSI_NEW_STMT);
gimple *g = gimple_build_cond (GE_EXPR, index, bound, NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
gimple_set_location (g, loc);
gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);

/* Generate __ubsan_handle_out_of_bounds call.  */
*gsi = gsi_after_labels (then_bb);
if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_BOUNDS)
  g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
else
  {
    tree data
= ubsan_create_data ("__ubsan_out_of_bounds_data", 1, &loc,
	     ubsan_type_descriptor (type, UBSAN_PRINT_ARRAY),
	     ubsan_type_descriptor (TREE_TYPE (orig_index)((contains_struct_check ((orig_index), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 746, __FUNCTION__))->typed.type)),
	     NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    data = build_fold_addr_expr_loc (loc, data);
    enum built_in_function bcode
= (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_BOUNDS)
 ? BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS
 : BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS_ABORT;
    tree fn = builtin_decl_explicit (bcode);
    tree val = ubsan_encode_value (orig_index, UBSAN_ENCODE_VALUE_GIMPLE);
    val = force_gimple_operand_gsi (gsi, val, true, NULL_TREE(tree) nullptr, true,
		      GSI_SAME_STMT);
    g = gimple_build_call (fn, 2, data, val);
  }
gimple_set_location (g, loc);
gsi_insert_before (gsi, g, GSI_SAME_STMT);

/* Get rid of the UBSAN_BOUNDS call from the IR.  */
unlink_stmt_vdef (stmt);
gsi_remove (&gsi_orig, true);

/* Point GSI to next logical statement.  */
*gsi = gsi_start_bb (fallthru_bb);
return true;
769}

771/* Expand UBSAN_NULL internal call.  The type is kept on the ckind
 argument which is a constant, because the middle-end treats pointer
 conversions as useless and therefore the type of the first argument
 could be changed to any other pointer type.  */

776bool
777ubsan_expand_null_ifn (gimple_stmt_iterator *gsip)
778{
gimple_stmt_iterator gsi = *gsip;
gimple *stmt = gsi_stmt (gsi);
location_t loc = gimple_location (stmt);
gcc_assert (gimple_call_num_args (stmt) == 3)((void)(!(gimple_call_num_args (stmt) == 3) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 782, __FUNCTION__), 0 : 0));
tree ptr = gimple_call_arg (stmt, 0);
tree ckind = gimple_call_arg (stmt, 1);
tree align = gimple_call_arg (stmt, 2);
tree check_align = NULL_TREE(tree) nullptr;
bool check_null;

basic_block cur_bb = gsi_bb (gsi);

gimple *g;
if (!integer_zerop (align))
  {
    unsigned int ptralign = get_pointer_alignment (ptr) / BITS_PER_UNIT(8);
    if (compare_tree_int (align, ptralign) == 1)
{
 check_align = make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]);
 g = gimple_build_assign (check_align, NOP_EXPR, ptr);
 gimple_set_location (g, loc);
 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
}
  }
check_null = sanitize_flags_p (SANITIZE_NULL);

if (check_align == NULL_TREE(tree) nullptr && !check_null)
  {
    gsi_remove (gsip, true);
    /* Unlink the UBSAN_NULLs vops before replacing it.  */
    unlink_stmt_vdef (stmt);
    return true;
  }

/* Split the original block holding the pointer dereference.  */
edge e = split_block (cur_bb, stmt);

/* Get a hold on the 'condition block', the 'then block' and the
   'else block'.  */
basic_block cond_bb = e->src;
basic_block fallthru_bb = e->dest;
basic_block then_bb = create_empty_bb (cond_bb);
add_bb_to_loop (then_bb, cond_bb->loop_father);
loops_state_set (LOOPS_NEED_FIXUP);

/* Make an edge coming from the 'cond block' into the 'then block';
   this edge is unlikely taken, so set up the probability accordingly.  */
e = make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE);
e->probability = profile_probability::very_unlikely ();
then_bb->count = e->count ();

/* Connect 'then block' with the 'else block'.  This is needed
   as the ubsan routines we call in the 'then block' are not noreturn.
   The 'then block' only has one outcoming edge.  */
make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);

/* Set up the fallthrough basic block.  */
e = find_edge (cond_bb, fallthru_bb);
e->flags = EDGE_FALSE_VALUE;
e->probability = profile_probability::very_likely ();

/* Update dominance info for the newly created then_bb; note that
   fallthru_bb's dominance info has already been updated by
   split_block.  */
if (dom_info_available_p (CDI_DOMINATORS))
  set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb);

/* Put the ubsan builtin call into the newly created BB.  */
if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & ((check_align ? SANITIZE_ALIGNMENT + 0 : 0)
	    | (check_null ? SANITIZE_NULL + 0 : 0)))
  g = gimple_build_call (builtin_decl_implicit (BUILT_IN_TRAP), 0);
else
  {
    enum built_in_function bcode
= (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & ((check_align ? SANITIZE_ALIGNMENT + 0 : 0)
		    | (check_null ? SANITIZE_NULL + 0 : 0)))
 ? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1
 : BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1_ABORT;
    tree fn = builtin_decl_implicit (bcode);
    int align_log = tree_log2 (align);
    tree data
= ubsan_create_data ("__ubsan_null_data", 1, &loc,
	     ubsan_type_descriptor (TREE_TYPE (ckind)((contains_struct_check ((ckind), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 861, __FUNCTION__))->typed.type),
				    UBSAN_PRINT_POINTER),
	     NULL_TREE(tree) nullptr,
	     build_int_cst (unsigned_char_type_nodeinteger_types[itk_unsigned_char],
			    MAX (align_log, 0)((align_log) > (0) ? (align_log) : (0))),
	     fold_convert (unsigned_char_type_node, ckind)fold_convert_loc (((location_t) 0), integer_types[itk_unsigned_char
], ckind),
	     NULL_TREE(tree) nullptr);
    data = build_fold_addr_expr_loc (loc, data);
    g = gimple_build_call (fn, 2, data,
	     check_align ? check_align
	     : build_zero_cst (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]));
  }
gimple_stmt_iterator gsi2 = gsi_start_bb (then_bb);
gimple_set_location (g, loc);
gsi_insert_after (&gsi2, g, GSI_NEW_STMT);

/* Unlink the UBSAN_NULLs vops before replacing it.  */
unlink_stmt_vdef (stmt);

if (check_null)
  {
    g = gimple_build_cond (EQ_EXPR, ptr, build_int_cst (TREE_TYPE (ptr)((contains_struct_check ((ptr), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 882, __FUNCTION__))->typed.type), 0),
	     NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    gimple_set_location (g, loc);

    /* Replace the UBSAN_NULL with a GIMPLE_COND stmt.  */
    gsi_replace (&gsi, g, false);
    stmt = g;
  }

if (check_align)
  {
    if (check_null)
{
 /* Split the block with the condition again.  */
 e = split_block (cond_bb, stmt);
 basic_block cond1_bb = e->src;
 basic_block cond2_bb = e->dest;

 /* Make an edge coming from the 'cond1 block' into the 'then block';
    this edge is unlikely taken, so set up the probability
    accordingly.  */
 e = make_edge (cond1_bb, then_bb, EDGE_TRUE_VALUE);
 e->probability = profile_probability::very_unlikely ();

 /* Set up the fallthrough basic block.  */
 e = find_edge (cond1_bb, cond2_bb);
 e->flags = EDGE_FALSE_VALUE;
 e->probability = profile_probability::very_likely ();

 /* Update dominance info.  */
 if (dom_info_available_p (CDI_DOMINATORS))
   {
     set_immediate_dominator (CDI_DOMINATORS, fallthru_bb, cond1_bb);
     set_immediate_dominator (CDI_DOMINATORS, then_bb, cond1_bb);
   }

 gsi2 = gsi_start_bb (cond2_bb);
}

    tree mask = build_int_cst (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE],
		 tree_to_uhwi (align) - 1);
    g = gimple_build_assign (make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]),
	       BIT_AND_EXPR, check_align, mask);
    gimple_set_location (g, loc);
    if (check_null)
gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
    else
gsi_insert_before (&gsi, g, GSI_SAME_STMT);

    g = gimple_build_cond (NE_EXPR, gimple_assign_lhs (g),
	     build_int_cst (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE], 0),
	     NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    gimple_set_location (g, loc);
    if (check_null)
gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
    else
/* Replace the UBSAN_NULL with a GIMPLE_COND stmt.  */
gsi_replace (&gsi, g, false);
  }
return false;
942}

944#define OBJSZ_MAX_OFFSET(1024 * 16) (1024 * 16)

946/* Expand UBSAN_OBJECT_SIZE internal call.  */

948bool
949ubsan_expand_objsize_ifn (gimple_stmt_iterator *gsi)
950{
gimple *stmt = gsi_stmt (*gsi);
location_t loc = gimple_location (stmt);
gcc_assert (gimple_call_num_args (stmt) == 4)((void)(!(gimple_call_num_args (stmt) == 4) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 953, __FUNCTION__), 0 : 0));

tree ptr = gimple_call_arg (stmt, 0);
tree offset = gimple_call_arg (stmt, 1);
tree size = gimple_call_arg (stmt, 2);
tree ckind = gimple_call_arg (stmt, 3);
gimple_stmt_iterator gsi_orig = *gsi;
gimple *g;

/* See if we can discard the check.  */
if (TREE_CODE (size)((enum tree_code) (size)->base.code) == INTEGER_CST
    && integer_all_onesp (size))
  /* Yes, __builtin_object_size couldn't determine the
     object size.  */;
else if (TREE_CODE (offset)((enum tree_code) (offset)->base.code) == INTEGER_CST
  && wi::to_widest (offset) >= -OBJSZ_MAX_OFFSET(1024 * 16)
  && wi::to_widest (offset) <= -1)
  /* The offset is in range [-16K, -1].  */;
else
  {
    /* if (offset > objsize) */
    basic_block then_bb, fallthru_bb;
    gimple_stmt_iterator cond_insert_point
= create_cond_insert_point (gsi, false, false, true,
		    &then_bb, &fallthru_bb);
    g = gimple_build_cond (GT_EXPR, offset, size, NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    gimple_set_location (g, loc);
    gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);

    /* If the offset is small enough, we don't need the second
run-time check.  */
    if (TREE_CODE (offset)((enum tree_code) (offset)->base.code) == INTEGER_CST
 && wi::to_widest (offset) >= 0
 && wi::to_widest (offset) <= OBJSZ_MAX_OFFSET(1024 * 16))
*gsi = gsi_after_labels (then_bb);
    else
{
 /* Don't issue run-time error if (ptr > ptr + offset).  That
    may happen when computing a POINTER_PLUS_EXPR.  */
 basic_block then2_bb, fallthru2_bb;

 gimple_stmt_iterator gsi2 = gsi_after_labels (then_bb);
 cond_insert_point = create_cond_insert_point (&gsi2, false, false,
					true, &then2_bb,
					&fallthru2_bb);
 /* Convert the pointer to an integer type.  */
 tree p = make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]);
 g = gimple_build_assign (p, NOP_EXPR, ptr);
 gimple_set_location (g, loc);
 gsi_insert_before (&cond_insert_point, g, GSI_NEW_STMT);
 p = gimple_assign_lhs (g);
 /* Compute ptr + offset.  */
 g = gimple_build_assign (make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]),
		   PLUS_EXPR, p, offset);
 gimple_set_location (g, loc);
 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
 /* Now build the conditional and put it into the IR.  */
 g = gimple_build_cond (LE_EXPR, p, gimple_assign_lhs (g),
		 NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
 gimple_set_location (g, loc);
 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
 *gsi = gsi_after_labels (then2_bb);
}

    /* Generate __ubsan_handle_type_mismatch call.  */
    if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_OBJECT_SIZE)
g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
    else
{
 tree data
   = ubsan_create_data ("__ubsan_objsz_data", 1, &loc,
		 ubsan_type_descriptor (TREE_TYPE (ptr)((contains_struct_check ((ptr), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1024, __FUNCTION__))->typed.type),
					UBSAN_PRINT_POINTER),
		 NULL_TREE(tree) nullptr,
		 build_zero_cst (unsigned_char_type_nodeinteger_types[itk_unsigned_char]),
		 ckind,
		 NULL_TREE(tree) nullptr);
 data = build_fold_addr_expr_loc (loc, data);
 enum built_in_function bcode
   = (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_OBJECT_SIZE)
     ? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1
     : BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1_ABORT;
 tree p = make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]);
 g = gimple_build_assign (p, NOP_EXPR, ptr);
 gimple_set_location (g, loc);
 gsi_insert_before (gsi, g, GSI_SAME_STMT);
 g = gimple_build_call (builtin_decl_explicit (bcode), 2, data, p);
}
    gimple_set_location (g, loc);
    gsi_insert_before (gsi, g, GSI_SAME_STMT);

    /* Point GSI to next logical statement.  */
    *gsi = gsi_start_bb (fallthru_bb);

    /* Get rid of the UBSAN_OBJECT_SIZE call from the IR.  */
    unlink_stmt_vdef (stmt);
    gsi_remove (&gsi_orig, true);
    return true;
  }

/* Get rid of the UBSAN_OBJECT_SIZE call from the IR.  */
unlink_stmt_vdef (stmt);
gsi_remove (gsi, true);
return true;
1057}

1059/* Expand UBSAN_PTR internal call.  */

1061bool
1062ubsan_expand_ptr_ifn (gimple_stmt_iterator *gsip)
1063{
gimple_stmt_iterator gsi = *gsip;
gimple *stmt = gsi_stmt (gsi);
location_t loc = gimple_location (stmt);
gcc_assert (gimple_call_num_args (stmt) == 2)((void)(!(gimple_call_num_args (stmt) == 2) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1067, __FUNCTION__), 0 : 0));
tree ptr = gimple_call_arg (stmt, 0);
tree off = gimple_call_arg (stmt, 1);

if (integer_zerop (off))
  {
    gsi_remove (gsip, true);
    unlink_stmt_vdef (stmt);
    return true;
  }

basic_block cur_bb = gsi_bb (gsi);
tree ptrplusoff = make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]);
tree ptri = make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]);
int pos_neg = get_range_pos_neg (off);

/* Split the original block holding the pointer dereference.  */
edge e = split_block (cur_bb, stmt);

/* Get a hold on the 'condition block', the 'then block' and the
   'else block'.  */
basic_block cond_bb = e->src;
basic_block fallthru_bb = e->dest;
basic_block then_bb = create_empty_bb (cond_bb);
basic_block cond_pos_bb = NULLnullptr, cond_neg_bb = NULLnullptr;
add_bb_to_loop (then_bb, cond_bb->loop_father);
loops_state_set (LOOPS_NEED_FIXUP);

/* Set up the fallthrough basic block.  */
e->flags = EDGE_FALSE_VALUE;
if (pos_neg != 3)
  {
    e->probability = profile_probability::very_likely ();

    /* Connect 'then block' with the 'else block'.  This is needed
as the ubsan routines we call in the 'then block' are not noreturn.
The 'then block' only has one outcoming edge.  */
    make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);

    /* Make an edge coming from the 'cond block' into the 'then block';
this edge is unlikely taken, so set up the probability
accordingly.  */
    e = make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE);
    e->probability = profile_probability::very_unlikely ();
    then_bb->count = e->count ();
  }
else
  {
    e->probability = profile_probability::even ();

    e = split_block (fallthru_bb, (gimple *) NULLnullptr);
    cond_neg_bb = e->src;
    fallthru_bb = e->dest;
    e->probability = profile_probability::very_likely ();
    e->flags = EDGE_FALSE_VALUE;

    e = make_edge (cond_neg_bb, then_bb, EDGE_TRUE_VALUE);
    e->probability = profile_probability::very_unlikely ();
    then_bb->count = e->count ();

    cond_pos_bb = create_empty_bb (cond_bb);
    add_bb_to_loop (cond_pos_bb, cond_bb->loop_father);

    e = make_edge (cond_bb, cond_pos_bb, EDGE_TRUE_VALUE);
    e->probability = profile_probability::even ();
    cond_pos_bb->count = e->count ();

    e = make_edge (cond_pos_bb, then_bb, EDGE_TRUE_VALUE);
    e->probability = profile_probability::very_unlikely ();

    e = make_edge (cond_pos_bb, fallthru_bb, EDGE_FALSE_VALUE);
    e->probability = profile_probability::very_likely ();

    make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);
  }

gimple *g = gimple_build_assign (ptri, NOP_EXPR, ptr);
gimple_set_location (g, loc);
gsi_insert_before (&gsi, g, GSI_SAME_STMT);
g = gimple_build_assign (ptrplusoff, PLUS_EXPR, ptri, off);
gimple_set_location (g, loc);
gsi_insert_before (&gsi, g, GSI_SAME_STMT);

/* Update dominance info for the newly created then_bb; note that
   fallthru_bb's dominance info has already been updated by
   split_block.  */
if (dom_info_available_p (CDI_DOMINATORS))
  {
    set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb);
    if (pos_neg == 3)
{
 set_immediate_dominator (CDI_DOMINATORS, cond_pos_bb, cond_bb);
 set_immediate_dominator (CDI_DOMINATORS, fallthru_bb, cond_bb);
}
  }

/* Put the ubsan builtin call into the newly created BB.  */
if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_POINTER_OVERFLOW)
  g = gimple_build_call (builtin_decl_implicit (BUILT_IN_TRAP), 0);
else
  {
    enum built_in_function bcode
= (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_POINTER_OVERFLOW)
 ? BUILT_IN_UBSAN_HANDLE_POINTER_OVERFLOW
 : BUILT_IN_UBSAN_HANDLE_POINTER_OVERFLOW_ABORT;
    tree fn = builtin_decl_implicit (bcode);
    tree data
= ubsan_create_data ("__ubsan_ptrovf_data", 1, &loc,
	     NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    data = build_fold_addr_expr_loc (loc, data);
    g = gimple_build_call (fn, 3, data, ptr, ptrplusoff);
  }
gimple_stmt_iterator gsi2 = gsi_start_bb (then_bb);
gimple_set_location (g, loc);
gsi_insert_after (&gsi2, g, GSI_NEW_STMT);

/* Unlink the UBSAN_PTRs vops before replacing it.  */
unlink_stmt_vdef (stmt);

if (TREE_CODE (off)((enum tree_code) (off)->base.code) == INTEGER_CST)
  g = gimple_build_cond (wi::neg_p (wi::to_wide (off)) ? LT_EXPR : GE_EXPR,
	   ptri, fold_build1 (NEGATE_EXPR, sizetype, off)fold_build1_loc (((location_t) 0), NEGATE_EXPR, sizetype_tab[
(int) stk_sizetype], off ),
	   NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
else if (pos_neg != 3)
  g = gimple_build_cond (pos_neg == 1 ? LT_EXPR : GT_EXPR,
	   ptrplusoff, ptri, NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
else
  {
    gsi2 = gsi_start_bb (cond_pos_bb);
    g = gimple_build_cond (LT_EXPR, ptrplusoff, ptri, NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    gimple_set_location (g, loc);
    gsi_insert_after (&gsi2, g, GSI_NEW_STMT);

    gsi2 = gsi_start_bb (cond_neg_bb);
    g = gimple_build_cond (GT_EXPR, ptrplusoff, ptri, NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    gimple_set_location (g, loc);
    gsi_insert_after (&gsi2, g, GSI_NEW_STMT);

    tree t = gimple_build (&gsi, true, GSI_SAME_STMT,
	     loc, NOP_EXPR, ssizetypesizetype_tab[(int) stk_ssizetype], off);
    g = gimple_build_cond (GE_EXPR, t, ssize_int (0)size_int_kind (0, stk_ssizetype),
	     NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
  }
gimple_set_location (g, loc);
/* Replace the UBSAN_PTR with a GIMPLE_COND stmt.  */
gsi_replace (&gsi, g, false);
return false;
1214}


1217/* Cached __ubsan_vptr_type_cache decl.  */
1218static GTY(()) tree ubsan_vptr_type_cache_decl;

1220/* Expand UBSAN_VPTR internal call.  The type is kept on the ckind
 argument which is a constant, because the middle-end treats pointer
 conversions as useless and therefore the type of the first argument
 could be changed to any other pointer type.  */

1225bool
1226ubsan_expand_vptr_ifn (gimple_stmt_iterator *gsip)
1227{
gimple_stmt_iterator gsi = *gsip;
gimple *stmt = gsi_stmt (gsi);
location_t loc = gimple_location (stmt);
gcc_assert (gimple_call_num_args (stmt) == 5)((void)(!(gimple_call_num_args (stmt) == 5) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1231, __FUNCTION__), 0 : 0));
tree op = gimple_call_arg (stmt, 0);
tree vptr = gimple_call_arg (stmt, 1);
tree str_hash = gimple_call_arg (stmt, 2);
tree ti_decl_addr = gimple_call_arg (stmt, 3);
tree ckind_tree = gimple_call_arg (stmt, 4);
ubsan_null_ckind ckind = (ubsan_null_ckind) tree_to_uhwi (ckind_tree);
tree type = TREE_TYPE (TREE_TYPE (ckind_tree))((contains_struct_check ((((contains_struct_check ((ckind_tree
), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1238, __FUNCTION__))->typed.type)), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1238, __FUNCTION__))->typed.type);
gimple *g;
basic_block fallthru_bb = NULLnullptr;

if (ckind == UBSAN_DOWNCAST_POINTER)
  {
    /* Guard everything with if (op != NULL) { ... }.  */
    basic_block then_bb;
    gimple_stmt_iterator cond_insert_point
= create_cond_insert_point (gsip, false, false, true,
		    &then_bb, &fallthru_bb);
    g = gimple_build_cond (NE_EXPR, op, build_zero_cst (TREE_TYPE (op)((contains_struct_check ((op), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1249, __FUNCTION__))->typed.type)),
	     NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    gimple_set_location (g, loc);
    gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
    *gsip = gsi_after_labels (then_bb);
    gsi_remove (&gsi, false);
    gsi_insert_before (gsip, stmt, GSI_NEW_STMT);
    gsi = *gsip;
  }

tree htype = TREE_TYPE (str_hash)((contains_struct_check ((str_hash), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1259, __FUNCTION__))->typed.type);
tree cst = wide_int_to_tree (htype,
	       wi::uhwi (((uint64_t) 0x9ddfea08 << 32)
	       | 0xeb382d69, 64));
g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
	   vptr, str_hash);
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
	   gimple_assign_lhs (g), cst);
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
tree t1 = gimple_assign_lhs (g);
g = gimple_build_assign (make_ssa_name (htype), LSHIFT_EXPR,
	   t1, build_int_cst (integer_type_nodeinteger_types[itk_int], 47));
gimple_set_location (g, loc);
tree t2 = gimple_assign_lhs (g);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
	   vptr, t1);
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
	   t2, gimple_assign_lhs (g));
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
	   gimple_assign_lhs (g), cst);
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
tree t3 = gimple_assign_lhs (g);
g = gimple_build_assign (make_ssa_name (htype), LSHIFT_EXPR,
	   t3, build_int_cst (integer_type_nodeinteger_types[itk_int], 47));
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
	   t3, gimple_assign_lhs (g));
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
	   gimple_assign_lhs (g), cst);
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);
if (!useless_type_conversion_p (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE], htype))
  {
    g = gimple_build_assign (make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]),
	       NOP_EXPR, gimple_assign_lhs (g));
    gimple_set_location (g, loc);
    gsi_insert_before (gsip, g, GSI_SAME_STMT);
  }
tree hash = gimple_assign_lhs (g);

if (ubsan_vptr_type_cache_decl == NULL_TREE(tree) nullptr)
  {
    tree atype = build_array_type_nelts (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE], 128);
    tree array = build_decl (UNKNOWN_LOCATION((location_t) 0), VAR_DECL,
	       get_identifier ("__ubsan_vptr_type_cache")(__builtin_constant_p ("__ubsan_vptr_type_cache") ? get_identifier_with_length
 (("__ubsan_vptr_type_cache"), strlen ("__ubsan_vptr_type_cache"
)) : get_identifier ("__ubsan_vptr_type_cache")),
	       atype);
    DECL_ARTIFICIAL (array)((contains_struct_check ((array), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1317, __FUNCTION__))->decl_common.artificial_flag) = 1;
    DECL_IGNORED_P (array)((contains_struct_check ((array), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1318, __FUNCTION__))->decl_common.ignored_flag) = 1;
    TREE_PUBLIC (array)((array)->base.public_flag) = 1;
    TREE_STATIC (array)((array)->base.static_flag) = 1;
    DECL_EXTERNAL (array)((contains_struct_check ((array), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1321, __FUNCTION__))->decl_common.decl_flag_1) = 1;
    DECL_VISIBILITY (array)((contains_struct_check ((array), (TS_DECL_WITH_VIS), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1322, __FUNCTION__))->decl_with_vis.visibility) = VISIBILITY_DEFAULT;
    DECL_VISIBILITY_SPECIFIED (array)((contains_struct_check ((array), (TS_DECL_WITH_VIS), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1323, __FUNCTION__))->decl_with_vis.visibility_specified
) = 1;
    varpool_node::finalize_decl (array);
    ubsan_vptr_type_cache_decl = array;
 }

g = gimple_build_assign (make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]),
	   BIT_AND_EXPR, hash,
	   build_int_cst (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE], 127));
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);

tree c = build4_loc (loc, ARRAY_REF, pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE],
       ubsan_vptr_type_cache_decl, gimple_assign_lhs (g),
       NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
g = gimple_build_assign (make_ssa_name (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE]),
	   ARRAY_REF, c);
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);

basic_block then_bb, fallthru2_bb;
gimple_stmt_iterator cond_insert_point
  = create_cond_insert_point (gsip, false, false, true,
		&then_bb, &fallthru2_bb);
g = gimple_build_cond (NE_EXPR, gimple_assign_lhs (g), hash,
	 NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
gimple_set_location (g, loc);
gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
*gsip = gsi_after_labels (then_bb);
if (fallthru_bb == NULLnullptr)
  fallthru_bb = fallthru2_bb;

tree data
  = ubsan_create_data ("__ubsan_vptr_data", 1, &loc,
	 ubsan_type_descriptor (type), NULL_TREE(tree) nullptr, ti_decl_addr,
	 build_int_cst (unsigned_char_type_nodeinteger_types[itk_unsigned_char], ckind),
	 NULL_TREE(tree) nullptr);
data = build_fold_addr_expr_loc (loc, data);
enum built_in_function bcode
  = (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_VPTR)
    ? BUILT_IN_UBSAN_HANDLE_DYNAMIC_TYPE_CACHE_MISS
    : BUILT_IN_UBSAN_HANDLE_DYNAMIC_TYPE_CACHE_MISS_ABORT;

g = gimple_build_call (builtin_decl_explicit (bcode), 3, data, op, hash);
gimple_set_location (g, loc);
gsi_insert_before (gsip, g, GSI_SAME_STMT);

/* Point GSI to next logical statement.  */
*gsip = gsi_start_bb (fallthru_bb);

/* Get rid of the UBSAN_VPTR call from the IR.  */
unlink_stmt_vdef (stmt);
gsi_remove (&gsi, true);
return true;
1376}

1378/* Instrument a memory reference.  BASE is the base of MEM, IS_LHS says
 whether the pointer is on the left hand side of the assignment.  */

1381static void
1382instrument_mem_ref (tree mem, tree base, gimple_stmt_iterator *iter,
    bool is_lhs)
1384{
enum ubsan_null_ckind ikind = is_lhs ? UBSAN_STORE_OF : UBSAN_LOAD_OF;
unsigned int align = 0;
if (sanitize_flags_p (SANITIZE_ALIGNMENT))
  {
    align = min_align_of_type (TREE_TYPE (base)((contains_struct_check ((base), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1389, __FUNCTION__))->typed.type));
    if (align <= 1)
align = 0;
  }
if (align == 0 && !sanitize_flags_p (SANITIZE_NULL))
  return;
tree t = TREE_OPERAND (base, 0)(*((const_cast<tree*> (tree_operand_check ((base), (0),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1395, __FUNCTION__)))));
if (!POINTER_TYPE_P (TREE_TYPE (t))(((enum tree_code) (((contains_struct_check ((t), (TS_TYPED),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1396, __FUNCTION__))->typed.type))->base.code) == POINTER_TYPE
 || ((enum tree_code) (((contains_struct_check ((t), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1396, __FUNCTION__))->typed.type))->base.code) == REFERENCE_TYPE
))
  return;
if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (base))(((enum tree_code) (((contains_struct_check ((base), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1398, __FUNCTION__))->typed.type))->base.code) == RECORD_TYPE
 || ((enum tree_code) (((contains_struct_check ((base), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1398, __FUNCTION__))->typed.type))->base.code) == UNION_TYPE
 || ((enum tree_code) (((contains_struct_check ((base), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1398, __FUNCTION__))->typed.type))->base.code) == QUAL_UNION_TYPE
) && mem != base)
  ikind = UBSAN_MEMBER_ACCESS;
tree kind = build_int_cst (build_pointer_type (TREE_TYPE (base)((contains_struct_check ((base), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1400, __FUNCTION__))->typed.type)), ikind);
tree alignt = build_int_cst (pointer_sized_int_nodeglobal_trees[TI_POINTER_SIZED_TYPE], align);
gcall *g = gimple_build_call_internal (IFN_UBSAN_NULL, 3, t, kind, alignt);
gimple_set_location (g, gimple_location (gsi_stmt (*iter)));
gsi_insert_before (iter, g, GSI_SAME_STMT);
1405}

1407/* Perform the pointer instrumentation.  */

1409static void
1410instrument_null (gimple_stmt_iterator gsi, tree t, bool is_lhs)
1411{
/* Handle also e.g. &s->i.  */
if (TREE_CODE (t)((enum tree_code) (t)->base.code) == ADDR_EXPR)
  t = TREE_OPERAND (t, 0)(*((const_cast<tree*> (tree_operand_check ((t), (0), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1414, __FUNCTION__)))));
tree base = get_base_address (t);
if (base != NULL_TREE(tree) nullptr
    && TREE_CODE (base)((enum tree_code) (base)->base.code) == MEM_REF
    && TREE_CODE (TREE_OPERAND (base, 0))((enum tree_code) ((*((const_cast<tree*> (tree_operand_check
 ((base), (0), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1418, __FUNCTION__))))))->base.code) == SSA_NAME)
  instrument_mem_ref (t, base, &gsi, is_lhs);
1420}

1422/* Instrument pointer arithmetics PTR p+ OFF.  */

1424static void
1425instrument_pointer_overflow (gimple_stmt_iterator *gsi, tree ptr, tree off)
1426{
if (TYPE_PRECISION (sizetype)((tree_class_check ((sizetype_tab[(int) stk_sizetype]), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1427, __FUNCTION__))->type_common.precision) != POINTER_SIZE(((global_options.x_ix86_isa_flags & (1UL << 58)) !=
 0) ? 32 : ((8) * (((global_options.x_ix86_isa_flags & (1UL
 << 1)) != 0) ? 8 : 4))))
  return;
gcall *g = gimple_build_call_internal (IFN_UBSAN_PTR, 2, ptr, off);
gimple_set_location (g, gimple_location (gsi_stmt (*gsi)));
gsi_insert_before (gsi, g, GSI_SAME_STMT);
1432}

1434/* Instrument pointer arithmetics if any.  */

1436static void
1437maybe_instrument_pointer_overflow (gimple_stmt_iterator *gsi, tree t)
1438{
if (TYPE_PRECISION (sizetype)((tree_class_check ((sizetype_tab[(int) stk_sizetype]), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1439, __FUNCTION__))->type_common.precision) != POINTER_SIZE(((global_options.x_ix86_isa_flags & (1UL << 58)) !=
 0) ? 32 : ((8) * (((global_options.x_ix86_isa_flags & (1UL
 << 1)) != 0) ? 8 : 4))))
  return;

/* Handle also e.g. &s->i.  */
if (TREE_CODE (t)((enum tree_code) (t)->base.code) == ADDR_EXPR)
  t = TREE_OPERAND (t, 0)(*((const_cast<tree*> (tree_operand_check ((t), (0), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1444, __FUNCTION__)))));

if (!handled_component_p (t) && TREE_CODE (t)((enum tree_code) (t)->base.code) != MEM_REF)
  return;

poly_int64 bitsize, bitpos, bytepos;
tree offset;
machine_mode mode;
int volatilep = 0, reversep, unsignedp = 0;
tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset, &mode,
		    &unsignedp, &reversep, &volatilep);
tree moff = NULL_TREE(tree) nullptr;

bool decl_p = DECL_P (inner)(tree_code_type_tmpl <0>::tree_code_type[(int) (((enum tree_code
) (inner)->base.code))] == tcc_declaration);
tree base;
if (decl_p)
  {
    if ((VAR_P (inner)(((enum tree_code) (inner)->base.code) == VAR_DECL)
  || TREE_CODE (inner)((enum tree_code) (inner)->base.code) == PARM_DECL
  || TREE_CODE (inner)((enum tree_code) (inner)->base.code) == RESULT_DECL)
 && DECL_REGISTER (inner)((contains_struct_check ((inner), (TS_DECL_WRTL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1464, __FUNCTION__))->decl_common.decl_flag_0))
return;
    base = inner;
    /* If BASE is a fixed size automatic variable or
global variable defined in the current TU and bitpos
fits, don't instrument anything.  */
    poly_int64 base_size;
    if (offset == NULL_TREE(tree) nullptr
 && maybe_ne (bitpos, 0)
 && (VAR_P (base)(((enum tree_code) (base)->base.code) == VAR_DECL)
     || TREE_CODE (base)((enum tree_code) (base)->base.code) == PARM_DECL
     || TREE_CODE (base)((enum tree_code) (base)->base.code) == RESULT_DECL)
 && poly_int_tree_p (DECL_SIZE (base)((contains_struct_check ((base), (TS_DECL_COMMON), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1476, __FUNCTION__))->decl_common.size), &base_size)
 && known_ge (base_size, bitpos)(!maybe_lt (base_size, bitpos))
 && (!is_global_var (base) || decl_binds_to_current_def_p (base)))
return;
  }
else if (TREE_CODE (inner)((enum tree_code) (inner)->base.code) == MEM_REF)
  {
    base = TREE_OPERAND (inner, 0)(*((const_cast<tree*> (tree_operand_check ((inner), (0)
, "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1483, __FUNCTION__)))));
    if (TREE_CODE (base)((enum tree_code) (base)->base.code) == ADDR_EXPR
 && DECL_P (TREE_OPERAND (base, 0))(tree_code_type_tmpl <0>::tree_code_type[(int) (((enum tree_code
) ((*((const_cast<tree*> (tree_operand_check ((base), (
0), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1485, __FUNCTION__))))))->base.code))] == tcc_declaration
)
 && !TREE_ADDRESSABLE (TREE_OPERAND (base, 0))(((*((const_cast<tree*> (tree_operand_check ((base), (0
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1486, __FUNCTION__))))))->base.addressable_flag)
 && !is_global_var (TREE_OPERAND (base, 0)(*((const_cast<tree*> (tree_operand_check ((base), (0),
 "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1487, __FUNCTION__)))))))
return;
    moff = TREE_OPERAND (inner, 1)(*((const_cast<tree*> (tree_operand_check ((inner), (1)
, "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1489, __FUNCTION__)))));
    if (integer_zerop (moff))
moff = NULL_TREE(tree) nullptr;
  }
else
  return;

if (!POINTER_TYPE_P (TREE_TYPE (base))(((enum tree_code) (((contains_struct_check ((base), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1496, __FUNCTION__))->typed.type))->base.code) == POINTER_TYPE
 || ((enum tree_code) (((contains_struct_check ((base), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1496, __FUNCTION__))->typed.type))->base.code) == REFERENCE_TYPE
) && !DECL_P (base)(tree_code_type_tmpl <0>::tree_code_type[(int) (((enum tree_code
) (base)->base.code))] == tcc_declaration))
  return;
bytepos = bits_to_bytes_round_down (bitpos)force_align_down_and_div (bitpos, (8));
if (offset == NULL_TREE(tree) nullptr && known_eq (bytepos, 0)(!maybe_ne (bytepos, 0)) && moff == NULL_TREE(tree) nullptr)
  return;

tree base_addr = base;
if (decl_p)
  base_addr = build1 (ADDR_EXPR,
	build_pointer_type (TREE_TYPE (base)((contains_struct_check ((base), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1505, __FUNCTION__))->typed.type)), base);
t = offset;
if (maybe_ne (bytepos, 0))
  {
    if (t)
t = fold_build2 (PLUS_EXPR, TREE_TYPE (t), t,fold_build2_loc (((location_t) 0), PLUS_EXPR, ((contains_struct_check
 ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1510, __FUNCTION__))->typed.type), t, build_int_cst (((contains_struct_check
 ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1511, __FUNCTION__))->typed.type), bytepos) )
	 build_int_cst (TREE_TYPE (t), bytepos))fold_build2_loc (((location_t) 0), PLUS_EXPR, ((contains_struct_check
 ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1510, __FUNCTION__))->typed.type), t, build_int_cst (((contains_struct_check
 ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1511, __FUNCTION__))->typed.type), bytepos) );
    else
t = size_int (bytepos)size_int_kind (bytepos, stk_sizetype);
  }
if (moff)
  {
    if (t)
t = fold_build2 (PLUS_EXPR, TREE_TYPE (t), t,fold_build2_loc (((location_t) 0), PLUS_EXPR, ((contains_struct_check
 ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1518, __FUNCTION__))->typed.type), t, fold_convert_loc (
((location_t) 0), ((contains_struct_check ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1519, __FUNCTION__))->typed.type), moff) )
	 fold_convert (TREE_TYPE (t), moff))fold_build2_loc (((location_t) 0), PLUS_EXPR, ((contains_struct_check
 ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1518, __FUNCTION__))->typed.type), t, fold_convert_loc (
((location_t) 0), ((contains_struct_check ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1519, __FUNCTION__))->typed.type), moff) );
    else
t = fold_convert (sizetype, moff)fold_convert_loc (((location_t) 0), sizetype_tab[(int) stk_sizetype
], moff);
  }
t = force_gimple_operand_gsi (gsi, t, true, NULL_TREE(tree) nullptr, true,
		GSI_SAME_STMT);
base_addr = force_gimple_operand_gsi (gsi, base_addr, true, NULL_TREE(tree) nullptr, true,
			GSI_SAME_STMT);
instrument_pointer_overflow (gsi, base_addr, t);
1528}

1530/* Build an ubsan builtin call for the signed-integer-overflow
 sanitization.  CODE says what kind of builtin are we building,
 LOC is a location, LHSTYPE is the type of LHS, OP0 and OP1
 are operands of the binary operation.  */

1535tree
1536ubsan_build_overflow_builtin (tree_code code, location_t loc, tree lhstype,
	      tree op0, tree op1, tree *datap)
1538{
if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_SI_OVERFLOW)
  return build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);

tree data;
if (datap && *datap)
  data = *datap;
else
  data = ubsan_create_data ("__ubsan_overflow_data", 1, &loc,
	      ubsan_type_descriptor (lhstype), NULL_TREE(tree) nullptr,
	      NULL_TREE(tree) nullptr);
if (datap)
  *datap = data;
enum built_in_function fn_code;

switch (code)
  {
  case PLUS_EXPR:
    fn_code = (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
? BUILT_IN_UBSAN_HANDLE_ADD_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_ADD_OVERFLOW_ABORT;
    break;
  case MINUS_EXPR:
    fn_code = (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
? BUILT_IN_UBSAN_HANDLE_SUB_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_SUB_OVERFLOW_ABORT;
    break;
  case MULT_EXPR:
    fn_code = (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
? BUILT_IN_UBSAN_HANDLE_MUL_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_MUL_OVERFLOW_ABORT;
    break;
  case NEGATE_EXPR:
    fn_code = (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
? BUILT_IN_UBSAN_HANDLE_NEGATE_OVERFLOW
: BUILT_IN_UBSAN_HANDLE_NEGATE_OVERFLOW_ABORT;
    break;
  default:
    gcc_unreachable ()(fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1576, __FUNCTION__));
  }
tree fn = builtin_decl_explicit (fn_code);
return build_call_expr_loc (loc, fn, 2 + (code != NEGATE_EXPR),
	      build_fold_addr_expr_loc (loc, data),
	      ubsan_encode_value (op0, UBSAN_ENCODE_VALUE_RTL),
	      op1
	      ? ubsan_encode_value (op1,
				    UBSAN_ENCODE_VALUE_RTL)
	      : NULL_TREE(tree) nullptr);
1586}

1588/* Perform the signed integer instrumentation.  GSI is the iterator
 pointing at statement we are trying to instrument.  */

1591static void
1592instrument_si_overflow (gimple_stmt_iterator gsi)
1593{
gimple *stmt = gsi_stmt (gsi);
tree_code code = gimple_assign_rhs_code (stmt);
tree lhs = gimple_assign_lhs (stmt);
tree lhstype = TREE_TYPE (lhs)((contains_struct_check ((lhs), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1597, __FUNCTION__))->typed.type);
tree lhsinner = VECTOR_TYPE_P (lhstype)(((enum tree_code) (lhstype)->base.code) == VECTOR_TYPE) ? TREE_TYPE (lhstype)((contains_struct_check ((lhstype), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1598, __FUNCTION__))->typed.type) : lhstype;
tree a, b;
gimple *g;

/* If this is not a signed operation, don't instrument anything here.
   Also punt on bit-fields.  */
if (!INTEGRAL_TYPE_P (lhsinner)(((enum tree_code) (lhsinner)->base.code) == ENUMERAL_TYPE
 || ((enum tree_code) (lhsinner)->base.code) == BOOLEAN_TYPE
 || ((enum tree_code) (lhsinner)->base.code) == INTEGER_TYPE
)
    || TYPE_OVERFLOW_WRAPS (lhsinner)((((enum tree_code) (lhsinner)->base.code) == POINTER_TYPE
 || ((enum tree_code) (lhsinner)->base.code) == REFERENCE_TYPE
) ? global_options.x_flag_wrapv_pointer : ((any_integral_type_check
 ((lhsinner), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1605, __FUNCTION__))->base.u.bits.unsigned_flag || global_options
.x_flag_wrapv))
    || maybe_ne (GET_MODE_BITSIZE (TYPE_MODE (lhsinner)((((enum tree_code) ((tree_class_check ((lhsinner), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1606, __FUNCTION__)))->base.code) == VECTOR_TYPE) ? vector_type_mode
 (lhsinner) : (lhsinner)->type_common.mode)),
   TYPE_PRECISION (lhsinner)((tree_class_check ((lhsinner), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1607, __FUNCTION__))->type_common.precision)))
  return;

switch (code)
  {
  case MINUS_EXPR:
  case PLUS_EXPR:
  case MULT_EXPR:
    /* Transform
i = u {+,-,*} 5;
into
i = UBSAN_CHECK_{ADD,SUB,MUL} (u, 5);  */
    a = gimple_assign_rhs1 (stmt);
    b = gimple_assign_rhs2 (stmt);
    g = gimple_build_call_internal (code == PLUS_EXPR
		      ? IFN_UBSAN_CHECK_ADD
		      : code == MINUS_EXPR
		      ? IFN_UBSAN_CHECK_SUB
		      : IFN_UBSAN_CHECK_MUL, 2, a, b);
    gimple_call_set_lhs (g, lhs);
    gsi_replace (&gsi, g, true);
    break;
  case NEGATE_EXPR:
    /* Represent i = -u;
as
i = UBSAN_CHECK_SUB (0, u);  */
    a = build_zero_cst (lhstype);
    b = gimple_assign_rhs1 (stmt);
    g = gimple_build_call_internal (IFN_UBSAN_CHECK_SUB, 2, a, b);
    gimple_call_set_lhs (g, lhs);
    gsi_replace (&gsi, g, true);
    break;
  case ABS_EXPR:
    /* Transform i = ABS_EXPR<u>;
into
_N = UBSAN_CHECK_SUB (0, u);
i = ABS_EXPR<_N>;  */
    a = build_zero_cst (lhstype);
    b = gimple_assign_rhs1 (stmt);
    g = gimple_build_call_internal (IFN_UBSAN_CHECK_SUB, 2, a, b);
    a = make_ssa_name (lhstype);
    gimple_call_set_lhs (g, a);
    gimple_set_location (g, gimple_location (stmt));
    gsi_insert_before (&gsi, g, GSI_SAME_STMT);
    gimple_assign_set_rhs1 (stmt, a);
    update_stmt (stmt);
    break;
  default:
    break;
  }
1657}

1659/* Instrument loads from (non-bitfield) bool and C++ enum values
 to check if the memory value is outside of the range of the valid
 type values.  */

1663static void
1664instrument_bool_enum_load (gimple_stmt_iterator *gsi)
1665{
gimple *stmt = gsi_stmt (*gsi);
tree rhs = gimple_assign_rhs1 (stmt);
tree type = TREE_TYPE (rhs)((contains_struct_check ((rhs), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1668, __FUNCTION__))->typed.type);
tree minv = NULL_TREE(tree) nullptr, maxv = NULL_TREE(tree) nullptr;

if (TREE_CODE (type)((enum tree_code) (type)->base.code) == BOOLEAN_TYPE
    && sanitize_flags_p (SANITIZE_BOOL))
  {
    minv = boolean_false_nodeglobal_trees[TI_BOOLEAN_FALSE];
    maxv = boolean_true_nodeglobal_trees[TI_BOOLEAN_TRUE];
  }
else if (TREE_CODE (type)((enum tree_code) (type)->base.code) == ENUMERAL_TYPE
  && sanitize_flags_p (SANITIZE_ENUM)
  && TREE_TYPE (type)((contains_struct_check ((type), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1679, __FUNCTION__))->typed.type) != NULL_TREE(tree) nullptr
  && TREE_CODE (TREE_TYPE (type))((enum tree_code) (((contains_struct_check ((type), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1680, __FUNCTION__))->typed.type))->base.code) == INTEGER_TYPE
  && (TYPE_PRECISION (TREE_TYPE (type))((tree_class_check ((((contains_struct_check ((type), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1681, __FUNCTION__))->typed.type)), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1681, __FUNCTION__))->type_common.precision)
      < GET_MODE_PRECISION (SCALAR_INT_TYPE_MODE (type)(as_a <scalar_int_mode> ((tree_class_check ((type), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1682, __FUNCTION__))->type_common.mode)))))
  {
    minv = TYPE_MIN_VALUE (TREE_TYPE (type))((tree_check5 ((((contains_struct_check ((type), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1684, __FUNCTION__))->typed.type)), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1684, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.minval
);
    maxv = TYPE_MAX_VALUE (TREE_TYPE (type))((tree_check5 ((((contains_struct_check ((type), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1685, __FUNCTION__))->typed.type)), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1685, __FUNCTION__, (INTEGER_TYPE), (ENUMERAL_TYPE), (BOOLEAN_TYPE
), (REAL_TYPE), (FIXED_POINT_TYPE)))->type_non_common.maxval
);
  }
else
  return;

int modebitsize = GET_MODE_BITSIZE (SCALAR_INT_TYPE_MODE (type)(as_a <scalar_int_mode> ((tree_class_check ((type), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1690, __FUNCTION__))->type_common.mode)));
poly_int64 bitsize, bitpos;
tree offset;
machine_mode mode;
int volatilep = 0, reversep, unsignedp = 0;
tree base = get_inner_reference (rhs, &bitsize, &bitpos, &offset, &mode,
		   &unsignedp, &reversep, &volatilep);
tree utype = build_nonstandard_integer_type (modebitsize, 1);

if ((VAR_P (base)(((enum tree_code) (base)->base.code) == VAR_DECL) && DECL_HARD_REGISTER (base)((tree_check ((base), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1699, __FUNCTION__, (VAR_DECL)))->decl_with_vis.hard_register
))
    || !multiple_p (bitpos, modebitsize)
    || maybe_ne (bitsize, modebitsize)
    || GET_MODE_BITSIZE (SCALAR_INT_TYPE_MODE (utype)(as_a <scalar_int_mode> ((tree_class_check ((utype), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1702, __FUNCTION__))->type_common.mode))) != modebitsize
    || TREE_CODE (gimple_assign_lhs (stmt))((enum tree_code) (gimple_assign_lhs (stmt))->base.code) != SSA_NAME)
  return;

bool ends_bb = stmt_ends_bb_p (stmt);
location_t loc = gimple_location (stmt);
tree lhs = gimple_assign_lhs (stmt);
tree ptype = build_pointer_type (TREE_TYPE (rhs)((contains_struct_check ((rhs), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1709, __FUNCTION__))->typed.type));
tree atype = reference_alias_ptr_type (rhs);
gimple *g = gimple_build_assign (make_ssa_name (ptype),
		  build_fold_addr_expr (rhs)build_fold_addr_expr_loc (((location_t) 0), (rhs)));
gimple_set_location (g, loc);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
tree mem = build2 (MEM_REF, utype, gimple_assign_lhs (g),
     build_int_cst (atype, 0));
tree urhs = make_ssa_name (utype);
if (ends_bb)
  {
    gimple_assign_set_lhs (stmt, urhs);
    g = gimple_build_assign (lhs, NOP_EXPR, urhs);
    gimple_set_location (g, loc);
    edge e = find_fallthru_edge (gimple_bb (stmt)->succs);
    gsi_insert_on_edge_immediate (e, g);
    gimple_assign_set_rhs_from_tree (gsi, mem);
    update_stmt (stmt);
    *gsi = gsi_for_stmt (g);
    g = stmt;
  }
else
  {
    g = gimple_build_assign (urhs, mem);
    gimple_set_location (g, loc);
    gsi_insert_before (gsi, g, GSI_SAME_STMT);
  }
minv = fold_convert (utype, minv)fold_convert_loc (((location_t) 0), utype, minv);
maxv = fold_convert (utype, maxv)fold_convert_loc (((location_t) 0), utype, maxv);
if (!integer_zerop (minv))
  {
    g = gimple_build_assign (make_ssa_name (utype), MINUS_EXPR, urhs, minv);
    gimple_set_location (g, loc);
    gsi_insert_before (gsi, g, GSI_SAME_STMT);
  }

gimple_stmt_iterator gsi2 = *gsi;
basic_block then_bb, fallthru_bb;
*gsi = create_cond_insert_point (gsi, true, false, true,
		   &then_bb, &fallthru_bb);
g = gimple_build_cond (GT_EXPR, gimple_assign_lhs (g),
	 int_const_binop (MINUS_EXPR, maxv, minv),
	 NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
gimple_set_location (g, loc);
gsi_insert_after (gsi, g, GSI_NEW_STMT);

if (!ends_bb)
  {
    gimple_assign_set_rhs_with_ops (&gsi2, NOP_EXPR, urhs);
    update_stmt (stmt);
  }

gsi2 = gsi_after_labels (then_bb);
if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & (TREE_CODE (type)((enum tree_code) (type)->base.code) == BOOLEAN_TYPE
	    ? SANITIZE_BOOL : SANITIZE_ENUM))
  g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
else
  {
    tree data = ubsan_create_data ("__ubsan_invalid_value_data", 1, &loc,
		     ubsan_type_descriptor (type), NULL_TREE(tree) nullptr,
		     NULL_TREE(tree) nullptr);
    data = build_fold_addr_expr_loc (loc, data);
    enum built_in_function bcode
= (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & (TREE_CODE (type)((enum tree_code) (type)->base.code) == BOOLEAN_TYPE
		    ? SANITIZE_BOOL : SANITIZE_ENUM))
 ? BUILT_IN_UBSAN_HANDLE_LOAD_INVALID_VALUE
 : BUILT_IN_UBSAN_HANDLE_LOAD_INVALID_VALUE_ABORT;
    tree fn = builtin_decl_explicit (bcode);

    tree val = ubsan_encode_value (urhs, UBSAN_ENCODE_VALUE_GIMPLE);
    val = force_gimple_operand_gsi (&gsi2, val, true, NULL_TREE(tree) nullptr, true,
		      GSI_SAME_STMT);
    g = gimple_build_call (fn, 2, data, val);
  }
gimple_set_location (g, loc);
gsi_insert_before (&gsi2, g, GSI_SAME_STMT);
ubsan_create_edge (g);
*gsi = gsi_for_stmt (stmt);
1787}

1789/* Determine if we can propagate given LOCATION to ubsan_data descriptor to use
 new style handlers.  Libubsan uses heuristics to destinguish between old and
 new styles and relies on these properties for filename:

 a) Location's filename must not be NULL.
 b) Location's filename must not be equal to "".
 c) Location's filename must not be equal to "\1".
 d) First two bytes of filename must not contain '\xff' symbol.  */

1798static bool
1799ubsan_use_new_style_p (location_t loc)
1800{
if (loc == UNKNOWN_LOCATION((location_t) 0))
  return false;

expanded_location xloc = expand_location (loc);
if (xloc.file == NULLnullptr || startswith (xloc.file, "\1")
    || xloc.file[0] == '\0' || xloc.file[0] == '\xff'
    || xloc.file[1] == '\xff')
  return false;

return true;
1811}

1813/* Instrument float point-to-integer conversion.  TYPE is an integer type of
 destination, EXPR is floating-point expression.  */

1816tree
1817ubsan_instrument_float_cast (location_t loc, tree type, tree expr)
1818{
tree expr_type = TREE_TYPE (expr)((contains_struct_check ((expr), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1819, __FUNCTION__))->typed.type);
tree t, tt, fn, min, max;
machine_mode mode = TYPE_MODE (expr_type)((((enum tree_code) ((tree_class_check ((expr_type), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1821, __FUNCTION__)))->base.code) == VECTOR_TYPE) ? vector_type_mode
 (expr_type) : (expr_type)->type_common.mode);
int prec = TYPE_PRECISION (type)((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1822, __FUNCTION__))->type_common.precision);
bool uns_p = TYPE_UNSIGNED (type)((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1823, __FUNCTION__))->base.u.bits.unsigned_flag);
if (loc == UNKNOWN_LOCATION((location_t) 0))
  loc = input_location;

/* Float to integer conversion first truncates toward zero, so
   even signed char c = 127.875f; is not problematic.
   Therefore, we should complain only if EXPR is unordered or smaller
   or equal than TYPE_MIN_VALUE - 1.0 or greater or equal than
   TYPE_MAX_VALUE + 1.0.  */
if (REAL_MODE_FORMAT (mode)(real_format_for_mode[(((enum mode_class) mode_class[mode]) ==
 MODE_DECIMAL_FLOAT) ? (((mode) - MIN_MODE_DECIMAL_FLOAT) + (
MAX_MODE_FLOAT - MIN_MODE_FLOAT + 1)) : ((enum mode_class) mode_class
[mode]) == MODE_FLOAT ? ((mode) - MIN_MODE_FLOAT) : ((fancy_abort
 ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1832, __FUNCTION__)), 0)])->b == 2)
  {
    /* For maximum, TYPE_MAX_VALUE might not be representable
in EXPR_TYPE, e.g. if TYPE is 64-bit long long and
EXPR_TYPE is IEEE single float, but TYPE_MAX_VALUE + 1.0 is
either representable or infinity.  */
    REAL_VALUE_TYPEstruct real_value maxval = dconst1;
    SET_REAL_EXP (&maxval, REAL_EXP (&maxval) + prec - !uns_p)((&maxval)->uexp = ((unsigned int)(((int)((&maxval
)->uexp ^ (unsigned int)(1 << ((32 - 6) - 1))) - (1 <<
 ((32 - 6) - 1))) + prec - !uns_p) & (unsigned int)((1 <<
 (32 - 6)) - 1)));
    real_convert (&maxval, mode, &maxval);
    max = build_real (expr_type, maxval);

    /* For unsigned, assume -1.0 is always representable.  */
    if (uns_p)
min = build_minus_one_cst (expr_type);
    else
{
 /* TYPE_MIN_VALUE is generally representable (or -inf),
    but TYPE_MIN_VALUE - 1.0 might not be.  */
 REAL_VALUE_TYPEstruct real_value minval = dconstm1, minval2;
 SET_REAL_EXP (&minval, REAL_EXP (&minval) + prec - 1)((&minval)->uexp = ((unsigned int)(((int)((&minval
)->uexp ^ (unsigned int)(1 << ((32 - 6) - 1))) - (1 <<
 ((32 - 6) - 1))) + prec - 1) & (unsigned int)((1 <<
 (32 - 6)) - 1)));
 real_convert (&minval, mode, &minval);
 real_arithmetic (&minval2, MINUS_EXPR, &minval, &dconst1);
 real_convert (&minval2, mode, &minval2);
 if (real_compare (EQ_EXPR, &minval, &minval2)
     && !real_isinf (&minval))
   {
     /* If TYPE_MIN_VALUE - 1.0 is not representable and
 rounds to TYPE_MIN_VALUE, we need to subtract
 more.  As REAL_MODE_FORMAT (mode)->p is the number
 of base digits, we want to subtract a number that
 will be 1 << (REAL_MODE_FORMAT (mode)->p - 1)
 times smaller than minval.  */
     minval2 = dconst1;
     gcc_assert (prec > REAL_MODE_FORMAT (mode)->p)((void)(!(prec > (real_format_for_mode[(((enum mode_class)
 mode_class[mode]) == MODE_DECIMAL_FLOAT) ? (((mode) - MIN_MODE_DECIMAL_FLOAT
) + (MAX_MODE_FLOAT - MIN_MODE_FLOAT + 1)) : ((enum mode_class
) mode_class[mode]) == MODE_FLOAT ? ((mode) - MIN_MODE_FLOAT)
 : ((fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1865, __FUNCTION__)), 0)])->p) ? fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1865, __FUNCTION__), 0 : 0));
     SET_REAL_EXP (&minval2,((&minval2)->uexp = ((unsigned int)(((int)((&minval2
)->uexp ^ (unsigned int)(1 << ((32 - 6) - 1))) - (1 <<
 ((32 - 6) - 1))) + prec - 1 - (real_format_for_mode[(((enum mode_class
) mode_class[mode]) == MODE_DECIMAL_FLOAT) ? (((mode) - MIN_MODE_DECIMAL_FLOAT
) + (MAX_MODE_FLOAT - MIN_MODE_FLOAT + 1)) : ((enum mode_class
) mode_class[mode]) == MODE_FLOAT ? ((mode) - MIN_MODE_FLOAT)
 : ((fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1868, __FUNCTION__)), 0)])->p + 1) & (unsigned int)(
(1 << (32 - 6)) - 1)))
	    REAL_EXP (&minval2) + prec - 1((&minval2)->uexp = ((unsigned int)(((int)((&minval2
)->uexp ^ (unsigned int)(1 << ((32 - 6) - 1))) - (1 <<
 ((32 - 6) - 1))) + prec - 1 - (real_format_for_mode[(((enum mode_class
) mode_class[mode]) == MODE_DECIMAL_FLOAT) ? (((mode) - MIN_MODE_DECIMAL_FLOAT
) + (MAX_MODE_FLOAT - MIN_MODE_FLOAT + 1)) : ((enum mode_class
) mode_class[mode]) == MODE_FLOAT ? ((mode) - MIN_MODE_FLOAT)
 : ((fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1868, __FUNCTION__)), 0)])->p + 1) & (unsigned int)(
(1 << (32 - 6)) - 1)))
	    - REAL_MODE_FORMAT (mode)->p + 1)((&minval2)->uexp = ((unsigned int)(((int)((&minval2
)->uexp ^ (unsigned int)(1 << ((32 - 6) - 1))) - (1 <<
 ((32 - 6) - 1))) + prec - 1 - (real_format_for_mode[(((enum mode_class
) mode_class[mode]) == MODE_DECIMAL_FLOAT) ? (((mode) - MIN_MODE_DECIMAL_FLOAT
) + (MAX_MODE_FLOAT - MIN_MODE_FLOAT + 1)) : ((enum mode_class
) mode_class[mode]) == MODE_FLOAT ? ((mode) - MIN_MODE_FLOAT)
 : ((fancy_abort ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1868, __FUNCTION__)), 0)])->p + 1) & (unsigned int)(
(1 << (32 - 6)) - 1)));
     real_arithmetic (&minval2, MINUS_EXPR, &minval, &minval2);
     real_convert (&minval2, mode, &minval2);
   }
 min = build_real (expr_type, minval2);
}
  }
else if (REAL_MODE_FORMAT (mode)(real_format_for_mode[(((enum mode_class) mode_class[mode]) ==
 MODE_DECIMAL_FLOAT) ? (((mode) - MIN_MODE_DECIMAL_FLOAT) + (
MAX_MODE_FLOAT - MIN_MODE_FLOAT + 1)) : ((enum mode_class) mode_class
[mode]) == MODE_FLOAT ? ((mode) - MIN_MODE_FLOAT) : ((fancy_abort
 ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1875, __FUNCTION__)), 0)])->b == 10)
  {
    /* For _Decimal128 up to 34 decimal digits, - sign,
dot, e, exponent.  */
    char buf[64];
    mpfr_t m;
    int p = REAL_MODE_FORMAT (mode)(real_format_for_mode[(((enum mode_class) mode_class[mode]) ==
 MODE_DECIMAL_FLOAT) ? (((mode) - MIN_MODE_DECIMAL_FLOAT) + (
MAX_MODE_FLOAT - MIN_MODE_FLOAT + 1)) : ((enum mode_class) mode_class
[mode]) == MODE_FLOAT ? ((mode) - MIN_MODE_FLOAT) : ((fancy_abort
 ("/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1881, __FUNCTION__)), 0)])->p;
    REAL_VALUE_TYPEstruct real_value maxval, minval;

    /* Use mpfr_snprintf rounding to compute the smallest
representable decimal number greater or equal than
1 << (prec - !uns_p).  */
    mpfr_init2 (m, prec + 2);
    mpfr_set_ui_2exp (m, 1, prec - !uns_p, MPFR_RNDN);
    mpfr_snprintf (buf, sizeof buf, "%.*RUe", p - 1, m);
    decimal_real_from_string (&maxval, buf);
    max = build_real (expr_type, maxval);

    /* For unsigned, assume -1.0 is always representable.  */
    if (uns_p)
min = build_minus_one_cst (expr_type);
    else
{
 /* Use mpfr_snprintf rounding to compute the largest
    representable decimal number less or equal than
    (-1 << (prec - 1)) - 1.  */
 mpfr_set_si_2exp (m, -1, prec - 1, MPFR_RNDN);
 mpfr_sub_ui (m, m, 1, MPFR_RNDN);
 mpfr_snprintf (buf, sizeof buf, "%.*RDe", p - 1, m);
 decimal_real_from_string (&minval, buf);
 min = build_real (expr_type, minval);
}
    mpfr_clear (m);
  }
else
  return NULL_TREE(tree) nullptr;

if (HONOR_NANS (mode))
  {
    t = fold_build2 (UNLE_EXPR, boolean_type_node, expr, min)fold_build2_loc (((location_t) 0), UNLE_EXPR, global_trees[TI_BOOLEAN_TYPE
], expr, min );
    tt = fold_build2 (UNGE_EXPR, boolean_type_node, expr, max)fold_build2_loc (((location_t) 0), UNGE_EXPR, global_trees[TI_BOOLEAN_TYPE
], expr, max );
  }
else
  {
    t = fold_build2 (LE_EXPR, boolean_type_node, expr, min)fold_build2_loc (((location_t) 0), LE_EXPR, global_trees[TI_BOOLEAN_TYPE
], expr, min );
    tt = fold_build2 (GE_EXPR, boolean_type_node, expr, max)fold_build2_loc (((location_t) 0), GE_EXPR, global_trees[TI_BOOLEAN_TYPE
], expr, max );
  }
t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t, tt)fold_build2_loc (((location_t) 0), TRUTH_OR_EXPR, global_trees
[TI_BOOLEAN_TYPE], t, tt );
if (integer_zerop (t))
  return NULL_TREE(tree) nullptr;

if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_FLOAT_CAST)
  fn = build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);
else
  {
    location_t *loc_ptr = NULLnullptr;
    unsigned num_locations = 0;
    /* Figure out if we can propagate location to ubsan_data and use new
       style handlers in libubsan.  */
    if (ubsan_use_new_style_p (loc))
{
 loc_ptr = &loc;
 num_locations = 1;
}
    /* Create the __ubsan_handle_float_cast_overflow fn call.  */
    tree data = ubsan_create_data ("__ubsan_float_cast_overflow_data",
		     num_locations, loc_ptr,
		     ubsan_type_descriptor (expr_type),
		     ubsan_type_descriptor (type), NULL_TREE(tree) nullptr,
		     NULL_TREE(tree) nullptr);
    enum built_in_function bcode
= (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_FLOAT_CAST)
 ? BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW
 : BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW_ABORT;
    fn = builtin_decl_explicit (bcode);
    fn = build_call_expr_loc (loc, fn, 2,
		build_fold_addr_expr_loc (loc, data),
		ubsan_encode_value (expr));
  }

return fold_build3 (COND_EXPR, void_type_node, t, fn, integer_zero_node)fold_build3_loc (((location_t) 0), COND_EXPR, global_trees[TI_VOID_TYPE
], t, fn, global_trees[TI_INTEGER_ZERO] );
1956}

1958/* Instrument values passed to function arguments with nonnull attribute.  */

1960static void
1961instrument_nonnull_arg (gimple_stmt_iterator *gsi)
1962{
gimple *stmt = gsi_stmt (*gsi);
location_t loc[2];
/* infer_nonnull_range needs flag_delete_null_pointer_checks set,
   while for nonnull sanitization it is clear.  */
int save_flag_delete_null_pointer_checks = flag_delete_null_pointer_checksglobal_options.x_flag_delete_null_pointer_checks;
flag_delete_null_pointer_checksglobal_options.x_flag_delete_null_pointer_checks = 1;
loc[0] = gimple_location (stmt);
loc[1] = UNKNOWN_LOCATION((location_t) 0);
for (unsigned int i = 0; i < gimple_call_num_args (stmt); i++)
  {
    tree arg = gimple_call_arg (stmt, i);
    if (POINTER_TYPE_P (TREE_TYPE (arg))(((enum tree_code) (((contains_struct_check ((arg), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1974, __FUNCTION__))->typed.type))->base.code) == POINTER_TYPE
 || ((enum tree_code) (((contains_struct_check ((arg), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1974, __FUNCTION__))->typed.type))->base.code) == REFERENCE_TYPE
)
 && infer_nonnull_range_by_attribute (stmt, arg))
{
 gimple *g;
 if (!is_gimple_val (arg))
   {
     g = gimple_build_assign (make_ssa_name (TREE_TYPE (arg)((contains_struct_check ((arg), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1980, __FUNCTION__))->typed.type)), arg);
     gimple_set_location (g, loc[0]);
     gsi_insert_before (gsi, g, GSI_SAME_STMT);
     arg = gimple_assign_lhs (g);
   }

 basic_block then_bb, fallthru_bb;
 *gsi = create_cond_insert_point (gsi, true, false, true,
			   &then_bb, &fallthru_bb);
 g = gimple_build_cond (EQ_EXPR, arg,
		 build_zero_cst (TREE_TYPE (arg)((contains_struct_check ((arg), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 1990, __FUNCTION__))->typed.type)),
		 NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
 gimple_set_location (g, loc[0]);
 gsi_insert_after (gsi, g, GSI_NEW_STMT);

 *gsi = gsi_after_labels (then_bb);
 if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_NONNULL_ATTRIBUTE)
   g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
 else
   {
     tree data = ubsan_create_data ("__ubsan_nonnull_arg_data",
			     2, loc, NULL_TREE(tree) nullptr,
			     build_int_cst (integer_type_nodeinteger_types[itk_int],
					    i + 1),
			     NULL_TREE(tree) nullptr);
     data = build_fold_addr_expr_loc (loc[0], data);
     enum built_in_function bcode
= (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_NONNULL_ATTRIBUTE)
  ? BUILT_IN_UBSAN_HANDLE_NONNULL_ARG
  : BUILT_IN_UBSAN_HANDLE_NONNULL_ARG_ABORT;
     tree fn = builtin_decl_explicit (bcode);

     g = gimple_build_call (fn, 1, data);
   }
 gimple_set_location (g, loc[0]);
 gsi_insert_before (gsi, g, GSI_SAME_STMT);
 ubsan_create_edge (g);
}
    *gsi = gsi_for_stmt (stmt);
  }
flag_delete_null_pointer_checksglobal_options.x_flag_delete_null_pointer_checks = save_flag_delete_null_pointer_checks;
2021}

2023/* Instrument returns in functions with returns_nonnull attribute.  */

2025static void
2026instrument_nonnull_return (gimple_stmt_iterator *gsi)
2027{
greturn *stmt = as_a <greturn *> (gsi_stmt (*gsi));
location_t loc[2];
tree arg = gimple_return_retval (stmt);
/* infer_nonnull_range needs flag_delete_null_pointer_checks set,
   while for nonnull return sanitization it is clear.  */
int save_flag_delete_null_pointer_checks = flag_delete_null_pointer_checksglobal_options.x_flag_delete_null_pointer_checks;
flag_delete_null_pointer_checksglobal_options.x_flag_delete_null_pointer_checks = 1;
loc[0] = gimple_location (stmt);
loc[1] = UNKNOWN_LOCATION((location_t) 0);
if (arg
    && POINTER_TYPE_P (TREE_TYPE (arg))(((enum tree_code) (((contains_struct_check ((arg), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2038, __FUNCTION__))->typed.type))->base.code) == POINTER_TYPE
 || ((enum tree_code) (((contains_struct_check ((arg), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2038, __FUNCTION__))->typed.type))->base.code) == REFERENCE_TYPE
)
    && is_gimple_val (arg)
    && infer_nonnull_range_by_attribute (stmt, arg))
  {
    basic_block then_bb, fallthru_bb;
    *gsi = create_cond_insert_point (gsi, true, false, true,
		       &then_bb, &fallthru_bb);
    gimple *g = gimple_build_cond (EQ_EXPR, arg,
		    build_zero_cst (TREE_TYPE (arg)((contains_struct_check ((arg), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2046, __FUNCTION__))->typed.type)),
		    NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
    gimple_set_location (g, loc[0]);
    gsi_insert_after (gsi, g, GSI_NEW_STMT);

    *gsi = gsi_after_labels (then_bb);
    if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_RETURNS_NONNULL_ATTRIBUTE)
g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
    else
{
 tree data = ubsan_create_data ("__ubsan_nonnull_return_data",
			 1, &loc[1], NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
 data = build_fold_addr_expr_loc (loc[0], data);
 tree data2 = ubsan_create_data ("__ubsan_nonnull_return_data",
			  1, &loc[0], NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
 data2 = build_fold_addr_expr_loc (loc[0], data2);
 enum built_in_function bcode
   = (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_RETURNS_NONNULL_ATTRIBUTE)
     ? BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_V1
     : BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_V1_ABORT;
 tree fn = builtin_decl_explicit (bcode);

 g = gimple_build_call (fn, 2, data, data2);
}
    gimple_set_location (g, loc[0]);
    gsi_insert_before (gsi, g, GSI_SAME_STMT);
    ubsan_create_edge (g);
    *gsi = gsi_for_stmt (stmt);
  }
flag_delete_null_pointer_checksglobal_options.x_flag_delete_null_pointer_checks = save_flag_delete_null_pointer_checks;
2076}

2078/* Instrument memory references.  Here we check whether the pointer
 points to an out-of-bounds location.  */

2081static void
2082instrument_object_size (gimple_stmt_iterator *gsi, tree t, bool is_lhs)
2083{
gimple *stmt = gsi_stmt (*gsi);
location_t loc = gimple_location (stmt);
tree type;
tree index = NULL_TREE(tree) nullptr;
HOST_WIDE_INTlong size_in_bytes;

type = TREE_TYPE (t)((contains_struct_check ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2090, __FUNCTION__))->typed.type);
if (VOID_TYPE_P (type)(((enum tree_code) (type)->base.code) == VOID_TYPE))
  return;

switch (TREE_CODE (t)((enum tree_code) (t)->base.code))
  {
  case COMPONENT_REF:
    if (TREE_CODE (t)((enum tree_code) (t)->base.code) == COMPONENT_REF
 && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1))((tree_check (((*((const_cast<tree*> (tree_operand_check
 ((t), (1), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2098, __FUNCTION__)))))), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2098, __FUNCTION__, (FIELD_DECL)))->field_decl.qualifier
) != NULL_TREE(tree) nullptr)
{
 tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1))((tree_check (((*((const_cast<tree*> (tree_operand_check
 ((t), (1), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2100, __FUNCTION__)))))), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2100, __FUNCTION__, (FIELD_DECL)))->field_decl.qualifier
);
 t = build3 (COMPONENT_REF, TREE_TYPE (repr)((contains_struct_check ((repr), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2101, __FUNCTION__))->typed.type), TREE_OPERAND (t, 0)(*((const_cast<tree*> (tree_operand_check ((t), (0), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2101, __FUNCTION__))))),
      repr, TREE_OPERAND (t, 2)(*((const_cast<tree*> (tree_operand_check ((t), (2), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2102, __FUNCTION__))))));
}
    break;
  case ARRAY_REF:
    index = TREE_OPERAND (t, 1)(*((const_cast<tree*> (tree_operand_check ((t), (1), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2106, __FUNCTION__)))));
    break;
  case INDIRECT_REF:
  case MEM_REF:
  case VAR_DECL:
  case PARM_DECL:
  case RESULT_DECL:
    break;
  default:
    return;
  }

size_in_bytes = int_size_in_bytes (type);
if (size_in_bytes <= 0)
  return;

poly_int64 bitsize, bitpos;
tree offset;
machine_mode mode;
int volatilep = 0, reversep, unsignedp = 0;
tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset, &mode,
		    &unsignedp, &reversep, &volatilep);

if (!multiple_p (bitpos, BITS_PER_UNIT(8))
    || maybe_ne (bitsize, size_in_bytes * BITS_PER_UNIT(8)))
  return;

bool decl_p = DECL_P (inner)(tree_code_type_tmpl <0>::tree_code_type[(int) (((enum tree_code
) (inner)->base.code))] == tcc_declaration);
tree base;
if (decl_p)
  {
    if ((VAR_P (inner)(((enum tree_code) (inner)->base.code) == VAR_DECL)
  || TREE_CODE (inner)((enum tree_code) (inner)->base.code) == PARM_DECL
  || TREE_CODE (inner)((enum tree_code) (inner)->base.code) == RESULT_DECL)
 && DECL_REGISTER (inner)((contains_struct_check ((inner), (TS_DECL_WRTL), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2140, __FUNCTION__))->decl_common.decl_flag_0))
return;
    if (t == inner && !is_global_var (t))
return;
    base = inner;
  }
else if (TREE_CODE (inner)((enum tree_code) (inner)->base.code) == MEM_REF)
  base = TREE_OPERAND (inner, 0)(*((const_cast<tree*> (tree_operand_check ((inner), (0)
, "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2147, __FUNCTION__)))));
else
  return;
tree ptr = build1 (ADDR_EXPR, build_pointer_type (TREE_TYPE (t)((contains_struct_check ((t), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2150, __FUNCTION__))->typed.type)), t);

while (TREE_CODE (base)((enum tree_code) (base)->base.code) == SSA_NAME)
  {
    gimple *def_stmt = SSA_NAME_DEF_STMT (base)(tree_check ((base), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2154, __FUNCTION__, (SSA_NAME)))->ssa_name.def_stmt;
    if (gimple_assign_ssa_name_copy_p (def_stmt)
 || (gimple_assign_cast_p (def_stmt)
     && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (def_stmt)))(((enum tree_code) (((contains_struct_check ((gimple_assign_rhs1
 (def_stmt)), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2157, __FUNCTION__))->typed.type))->base.code) == POINTER_TYPE
 || ((enum tree_code) (((contains_struct_check ((gimple_assign_rhs1
 (def_stmt)), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2157, __FUNCTION__))->typed.type))->base.code) == REFERENCE_TYPE
))
 || (is_gimple_assign (def_stmt)
     && gimple_assign_rhs_code (def_stmt) == POINTER_PLUS_EXPR))
{
 tree rhs1 = gimple_assign_rhs1 (def_stmt);
 if (TREE_CODE (rhs1)((enum tree_code) (rhs1)->base.code) == SSA_NAME
     && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1)(tree_check ((rhs1), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2163, __FUNCTION__, (SSA_NAME)))->base.asm_written_flag)
   break;
 else
   base = rhs1;
}
    else
break;
  }

if (!POINTER_TYPE_P (TREE_TYPE (base))(((enum tree_code) (((contains_struct_check ((base), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2172, __FUNCTION__))->typed.type))->base.code) == POINTER_TYPE
 || ((enum tree_code) (((contains_struct_check ((base), (TS_TYPED
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2172, __FUNCTION__))->typed.type))->base.code) == REFERENCE_TYPE
) && !DECL_P (base)(tree_code_type_tmpl <0>::tree_code_type[(int) (((enum tree_code
) (base)->base.code))] == tcc_declaration))
  return;

tree sizet;
tree base_addr = base;
gimple *bos_stmt = NULLnullptr;
if (decl_p)
  base_addr = build1 (ADDR_EXPR,
	build_pointer_type (TREE_TYPE (base)((contains_struct_check ((base), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2180, __FUNCTION__))->typed.type)), base);
if (compute_builtin_object_size (base_addr, OST_DYNAMIC, &sizet))
  ;
else if (optimizeglobal_options.x_optimize)
  {
    if (LOCATION_LOCUS (loc)((IS_ADHOC_LOC (loc)) ? get_location_from_adhoc_loc (line_table
, loc) : (loc)) == UNKNOWN_LOCATION((location_t) 0))
loc = input_location;
    /* Generate __builtin_dynamic_object_size call.  */
    sizet = builtin_decl_explicit (BUILT_IN_DYNAMIC_OBJECT_SIZE);
    sizet = build_call_expr_loc (loc, sizet, 2, base_addr,
		   integer_zero_nodeglobal_trees[TI_INTEGER_ZERO]);
    sizet = force_gimple_operand_gsi (gsi, sizet, false, NULL_TREE(tree) nullptr, true,
			GSI_SAME_STMT);
    /* If the call above didn't end up being an integer constant, go one
statement back and get the __builtin_object_size stmt.  Save it,
we might need it later.  */
    if (SSA_VAR_P (sizet)(((enum tree_code) (sizet)->base.code) == VAR_DECL || ((enum
 tree_code) (sizet)->base.code) == PARM_DECL || ((enum tree_code
) (sizet)->base.code) == RESULT_DECL || ((enum tree_code) (
sizet)->base.code) == SSA_NAME))
{
 gsi_prev (gsi);
 bos_stmt = gsi_stmt (*gsi);

 /* Move on to where we were.  */
 gsi_next (gsi);
}
  }
else
  return;

/* Generate UBSAN_OBJECT_SIZE (ptr, ptr+sizeof(*ptr)-base, objsize, ckind)
   call.  */
/* ptr + sizeof (*ptr) - base */
t = fold_build2 (MINUS_EXPR, sizetype,fold_build2_loc (((location_t) 0), MINUS_EXPR, sizetype_tab[(
int) stk_sizetype], fold_convert_loc (((location_t) 0), global_trees
[TI_POINTER_SIZED_TYPE], ptr), fold_convert_loc (((location_t
) 0), global_trees[TI_POINTER_SIZED_TYPE], base_addr) )
   fold_convert (pointer_sized_int_node, ptr),fold_build2_loc (((location_t) 0), MINUS_EXPR, sizetype_tab[(
int) stk_sizetype], fold_convert_loc (((location_t) 0), global_trees
[TI_POINTER_SIZED_TYPE], ptr), fold_convert_loc (((location_t
) 0), global_trees[TI_POINTER_SIZED_TYPE], base_addr) )
   fold_convert (pointer_sized_int_node, base_addr))fold_build2_loc (((location_t) 0), MINUS_EXPR, sizetype_tab[(
int) stk_sizetype], fold_convert_loc (((location_t) 0), global_trees
[TI_POINTER_SIZED_TYPE], ptr), fold_convert_loc (((location_t
) 0), global_trees[TI_POINTER_SIZED_TYPE], base_addr) );
t = fold_build2 (PLUS_EXPR, sizetype, t, TYPE_SIZE_UNIT (type))fold_build2_loc (((location_t) 0), PLUS_EXPR, sizetype_tab[(int
) stk_sizetype], t, ((tree_class_check ((type), (tcc_type), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2214, __FUNCTION__))->type_common.size_unit) );

/* Perhaps we can omit the check.  */
if (TREE_CODE (t)((enum tree_code) (t)->base.code) == INTEGER_CST
    && TREE_CODE (sizet)((enum tree_code) (sizet)->base.code) == INTEGER_CST
    && tree_int_cst_le (t, sizet))
  return;

if (index != NULL_TREE(tree) nullptr
    && TREE_CODE (index)((enum tree_code) (index)->base.code) == SSA_NAME
    && TREE_CODE (sizet)((enum tree_code) (sizet)->base.code) == INTEGER_CST)
  {
    gimple *def = SSA_NAME_DEF_STMT (index)(tree_check ((index), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2226, __FUNCTION__, (SSA_NAME)))->ssa_name.def_stmt;
    if (is_gimple_assign (def)
 && gimple_assign_rhs_code (def) == BIT_AND_EXPR
 && TREE_CODE (gimple_assign_rhs2 (def))((enum tree_code) (gimple_assign_rhs2 (def))->base.code) == INTEGER_CST)
{
 tree cst = gimple_assign_rhs2 (def);
 tree sz = fold_build2 (EXACT_DIV_EXPR, sizetype, sizet,fold_build2_loc (((location_t) 0), EXACT_DIV_EXPR, sizetype_tab
[(int) stk_sizetype], sizet, ((tree_class_check ((type), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2233, __FUNCTION__))->type_common.size_unit) )
		 TYPE_SIZE_UNIT (type))fold_build2_loc (((location_t) 0), EXACT_DIV_EXPR, sizetype_tab
[(int) stk_sizetype], sizet, ((tree_class_check ((type), (tcc_type
), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2233, __FUNCTION__))->type_common.size_unit) );
 if (tree_int_cst_sgn (cst) >= 0
     && tree_int_cst_lt (cst, sz))
   return;
}
  }

if (DECL_P (base)(tree_code_type_tmpl <0>::tree_code_type[(int) (((enum tree_code
) (base)->base.code))] == tcc_declaration)
    && decl_function_context (base) == current_function_decl
    && !TREE_ADDRESSABLE (base)((base)->base.addressable_flag))
  mark_addressable (base);

if (bos_stmt
    && gimple_call_builtin_p (bos_stmt, BUILT_IN_DYNAMIC_OBJECT_SIZE))
  ubsan_create_edge (bos_stmt);

/* We have to emit the check.  */
t = force_gimple_operand_gsi (gsi, t, true, NULL_TREE(tree) nullptr, true,
		GSI_SAME_STMT);
ptr = force_gimple_operand_gsi (gsi, ptr, true, NULL_TREE(tree) nullptr, true,
		  GSI_SAME_STMT);
tree ckind = build_int_cst (unsigned_char_type_nodeinteger_types[itk_unsigned_char],
	      is_lhs ? UBSAN_STORE_OF : UBSAN_LOAD_OF);
gimple *g = gimple_build_call_internal (IFN_UBSAN_OBJECT_SIZE, 4,
			 ptr, t, sizet, ckind);
gimple_set_location (g, loc);
gsi_insert_before (gsi, g, GSI_SAME_STMT);
2260}

2262/* Instrument values passed to builtin functions.  */

2264static void
2265instrument_builtin (gimple_stmt_iterator *gsi)
2266{
gimple *stmt = gsi_stmt (*gsi);
location_t loc = gimple_location (stmt);
tree arg;
enum built_in_function fcode
  = DECL_FUNCTION_CODE (gimple_call_fndecl (stmt));
int kind = 0;
switch (fcode)
  {
  CASE_INT_FN (BUILT_IN_CLZ)case BUILT_IN_CLZ: case BUILT_IN_CLZL: case BUILT_IN_CLZLL: case
 BUILT_IN_CLZIMAX:
    kind = 1;
    gcc_fallthrough ();
  CASE_INT_FN (BUILT_IN_CTZ)case BUILT_IN_CTZ: case BUILT_IN_CTZL: case BUILT_IN_CTZLL: case
 BUILT_IN_CTZIMAX:
    arg = gimple_call_arg (stmt, 0);
    if (!integer_nonzerop (arg))
{
 gimple *g;
 if (!is_gimple_val (arg))
   {
     g = gimple_build_assign (make_ssa_name (TREE_TYPE (arg)((contains_struct_check ((arg), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2285, __FUNCTION__))->typed.type)), arg);
     gimple_set_location (g, loc);
     gsi_insert_before (gsi, g, GSI_SAME_STMT);
     arg = gimple_assign_lhs (g);
   }

 basic_block then_bb, fallthru_bb;
 *gsi = create_cond_insert_point (gsi, true, false, true,
			   &then_bb, &fallthru_bb);
 g = gimple_build_cond (EQ_EXPR, arg,
		 build_zero_cst (TREE_TYPE (arg)((contains_struct_check ((arg), (TS_TYPED), "/buildworker/marxinbox-gcc-clang-static-analyzer/build/gcc/ubsan.cc"
, 2295, __FUNCTION__))->typed.type)),
		 NULL_TREE(tree) nullptr, NULL_TREE(tree) nullptr);
 gimple_set_location (g, loc);
 gsi_insert_after (gsi, g, GSI_NEW_STMT);

 *gsi = gsi_after_labels (then_bb);
 if (flag_sanitize_trapglobal_options.x_flag_sanitize_trap & SANITIZE_BUILTIN)
   g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
 else
   {
     tree t = build_int_cst (unsigned_char_type_nodeinteger_types[itk_unsigned_char], kind);
     tree data = ubsan_create_data ("__ubsan_builtin_data",
			     1, &loc, NULL_TREE(tree) nullptr, t, NULL_TREE(tree) nullptr);
     data = build_fold_addr_expr_loc (loc, data);
     enum built_in_function bcode
= (flag_sanitize_recoverglobal_options.x_flag_sanitize_recover & SANITIZE_BUILTIN)
  ? BUILT_IN_UBSAN_HANDLE_INVALID_BUILTIN
  : BUILT_IN_UBSAN_HANDLE_INVALID_BUILTIN_ABORT;
     tree fn = builtin_decl_explicit (bcode);

     g = gimple_build_call (fn, 1, data);
   }
 gimple_set_location (g, loc);
 gsi_insert_before (gsi, g, GSI_SAME_STMT);
 ubsan_create_edge (g);
}
    *gsi = gsi_for_stmt (stmt);
    break;
  default:
    break;
  }
2326}

2328namespace {

2330const pass_data pass_data_ubsan =
2331{
GIMPLE_PASS, /* type */
"ubsan", /* name */
OPTGROUP_NONE, /* optinfo_flags */
TV_TREE_UBSAN, /* tv_id */
( PROP_cfg(1 << 3) | PROP_ssa(1 << 5) ), /* properties_required */
0, /* properties_provided */
0, /* properties_destroyed */
0, /* todo_flags_start */
TODO_update_ssa(1 << 11), /* todo_flags_finish */
2341};

2343class pass_ubsan : public gimple_opt_pass
2344{
2345public:
pass_ubsan (gcc::context *ctxt)
  : gimple_opt_pass (pass_data_ubsan, ctxt)
{}

/* opt_pass methods: */
bool gate (function *) final override
  {
    return sanitize_flags_p ((SANITIZE_NULL | SANITIZE_SI_OVERFLOW
		| SANITIZE_BOOL | SANITIZE_ENUM
		| SANITIZE_ALIGNMENT
		| SANITIZE_NONNULL_ATTRIBUTE
		| SANITIZE_RETURNS_NONNULL_ATTRIBUTE
		| SANITIZE_OBJECT_SIZE
		| SANITIZE_POINTER_OVERFLOW
		| SANITIZE_BUILTIN));
  }

unsigned int execute (function *) final override;

2365}; // class pass_ubsan

2367unsigned int
2368pass_ubsan::execute (function *fun)
2369{
basic_block bb;
gimple_stmt_iterator gsi;
unsigned int ret = 0;

initialize_sanitizer_builtins ();

FOR_EACH_BB_FN (bb, fun)for (bb = (fun)->cfg->x_entry_block_ptr->next_bb; bb
 != (fun)->cfg->x_exit_block_ptr; bb = bb->next_bb)
  {
    for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi);)
{
 gimple *stmt = gsi_stmt (gsi);
 if (is_gimple_debug (stmt) || gimple_clobber_p (stmt))
   {
     gsi_next (&gsi);
     continue;
   }

 if ((sanitize_flags_p (SANITIZE_SI_OVERFLOW, fun->decl))
     && is_gimple_assign (stmt))
   instrument_si_overflow (gsi);

 if (sanitize_flags_p (SANITIZE_NULL | SANITIZE_ALIGNMENT, fun->decl))
   {
     if (gimple_store_p (stmt))
instrument_null (gsi, gimple_get_lhs (stmt), true);
     if (gimple_assign_single_p (stmt))
instrument_null (gsi, gimple_assign_rhs1 (stmt), false);
     if (is_gimple_call (stmt))
{
  unsigned args_num = gimple_call_num_args (stmt);
  for (unsigned i = 0; i < args_num; ++i)
    {
      tree arg = gimple_call_arg (stmt, i);
      if (is_gimple_reg (arg) || is_gimple_min_invariant (arg))
	continue;
      instrument_null (gsi, arg, false);
    }
}
   }

 if (sanitize_flags_p (SANITIZE_BOOL | SANITIZE_ENUM, fun->decl)
     && gimple_assign_load_p (stmt))
   {
     instrument_bool_enum_load (&gsi);
     bb = gimple_bb (stmt);
   }

 if (sanitize_flags_p (SANITIZE_NONNULL_ATTRIBUTE, fun->decl)
     && is_gimple_call (stmt)
     && !gimple_call_internal_p (stmt))
   {
     instrument_nonnull_arg (&gsi);
     bb = gimple_bb (stmt);
   }

 if (sanitize_flags_p (SANITIZE_BUILTIN, fun->decl)
     && gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
   {
     instrument_builtin (&gsi);
     bb = gimple_bb (stmt);
   }

 if (sanitize_flags_p (SANITIZE_RETURNS_NONNULL_ATTRIBUTE, fun->decl)
     && gimple_code (stmt) == GIMPLE_RETURN)
   {
     instrument_nonnull_return (&gsi);
     bb = gimple_bb (stmt);
   }

 if (sanitize_flags_p (SANITIZE_OBJECT_SIZE, fun->decl))
   {
     if (gimple_store_p (stmt))
instrument_object_size (&gsi, gimple_get_lhs (stmt), true);
     if (gimple_assign_load_p (stmt))
instrument_object_size (&gsi, gimple_assign_rhs1 (stmt),
			false);
     if (is_gimple_call (stmt))
{
  unsigned args_num = gimple_call_num_args (stmt);
  for (unsigned i = 0; i < args_num; ++i)
    {
      tree arg = gimple_call_arg (stmt, i);
      if (is_gimple_reg (arg) || is_gimple_min_invariant (arg))
	continue;
      instrument_object_size (&gsi, arg, false);
    }
}
   }

 if (sanitize_flags_p (SANITIZE_POINTER_OVERFLOW, fun->decl))
   {
     if (is_gimple_assign (stmt)
  && gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
instrument_pointer_overflow (&gsi,
			     gimple_assign_rhs1 (stmt),
			     gimple_assign_rhs2 (stmt));
     if (gimple_store_p (stmt))
maybe_instrument_pointer_overflow (&gsi,
				   gimple_get_lhs (stmt));
     if (gimple_assign_single_p (stmt))
maybe_instrument_pointer_overflow (&gsi,
				   gimple_assign_rhs1 (stmt));
     if (is_gimple_call (stmt))
{
  unsigned args_num = gimple_call_num_args (stmt);
  for (unsigned i = 0; i < args_num; ++i)
    {
      tree arg = gimple_call_arg (stmt, i);
      if (is_gimple_reg (arg))
	continue;
      maybe_instrument_pointer_overflow (&gsi, arg);
    }
}
   }

 gsi_next (&gsi);
}
    if (gimple_purge_dead_eh_edges (bb))
ret = TODO_cleanup_cfg(1 << 5);
  }
return ret;
2491}

2493} // anon namespace

2495gimple_opt_pass *
2496make_pass_ubsan (gcc::context *ctxt)
2497{
return new pass_ubsan (ctxt);
2499}

2501#include "gt-ubsan.h"