/* Test exercising -Wrawmem-overflow and -Wstringop-overflow warnings.  */
/* { dg-do compile } */
/* { dg-options "-O2 -Wstringop-overflow=2" } */

#define offsetof(type, mem)   __builtin_offsetof (type, mem)

/* Return the number of bytes from member MEM of TYPE to the end
   of object OBJ.  */
#define offsetfrom(type, obj, mem) (sizeof (obj) - offsetof (type, mem))


typedef __SIZE_TYPE__ size_t;
extern void* memcpy (void*, const void*, size_t);
extern void* memset (void*, int, __SIZE_TYPE__);


struct A { char a, b; };
struct B { struct A a; char c, d; };

/* Function to call to "escape" pointers from tests below to prevent
   GCC from assuming the values of the objects they point to stay
   the unchanged.  */
void escape (void*, ...);

/* Function to "generate" a random number each time it's called.  Declared
   (but not defined) and used to prevent GCC from making assumptions about
   their values based on the variables uses in the tested expressions.  */
size_t random_unsigned_value (void);

/* Return a random unsigned value between MIN and MAX.  */

static inline size_t
range (size_t min, size_t max)
{
  const size_t val = random_unsigned_value ();
  return val < min || max < val ? min : val;
}


void test_memop_warn_object (const void *src)
{
  unsigned n = range (17, 29);

  struct A a[2];

  /* At both -Wstringop-overflow=2, like at 1, the destination of functions
     that operate on raw memory is considered to be the whole array and its
     size is therefore sizeof a.  */
  memcpy (&a[0], src, n);   /* { dg-warning "writing between 17 and 29 bytes into a region of size 4 overflows the destination" } */
  escape (a);
}

void test_memop_warn_subobject (const void *src)
{
  unsigned n = range (17, 31);

  struct B b[2];

  /* At -Wrawmem-overflow=2 the destination is considered to be
     the member sobobject of the first array element and its size
     is therefore sizeof b[0].a.  */
  memcpy (&b[0].a, src, n);   /* { dg-warning "writing between 17 and 31 bytes into a region of size 8 overflows the destination" } */

  escape (b);
}

void test_memop_nowarn_subobject (void)
{
  struct B b[2];

  /* The following idiom of clearing multiple members of a struct
     has been seen in a few places in the Linux kernel.  Verify
     that a warning is not issued for it.  */
  memset (&b[0].c, 0, sizeof b[0] - offsetof (struct B, c));

  escape (b);
}

struct C { char a[3], b; };
struct D { struct C c; char d, e; };

extern char* strncpy (char*, const char*, __SIZE_TYPE__);

void test_stringop_warn_object (const char *str)
{
  unsigned n = range (2 * sizeof (struct D), 32);

  struct C c[2];

  /* Similarly, at -Wstringop-overflow=2 the destination is considered
     to be the array member of the first element of the array c and its
     size is therefore sizeof c[0].a.  */
  strncpy (c[0].a, "123", n);   /* { dg-warning "writing between 12 and 32 bytes into a region of size 3 overflows the destination" } */
  escape (c);

  strncpy (c[0].a, str, n);   /* { dg-warning "writing between 12 and 32 bytes into a region of size 3 overflows the destination" } */
  escape (c);
}

void test_stringop_warn_subobject (const char *src)
{
  unsigned n = range (2 * sizeof (struct D), 32);

  struct D d[2];

  /* Same as above.  */
  strncpy (d[0].c.a, "123", n);   /* { dg-warning "writing between 12 and 32 bytes into a region of size 3 overflows the destination" } */
  escape (d);

  strncpy (d[0].c.a, src, n);   /* { dg-warning "writing between 12 and 32 bytes into a region of size 3 overflows the destination" } */
  escape (d);
}