public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/31715] New: array overflow misdetected
@ 2007-04-26 18:10 marcus at jet dot franken dot de
2007-04-26 18:11 ` [Bug c/31715] " marcus at jet dot franken dot de
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: marcus at jet dot franken dot de @ 2007-04-26 18:10 UTC (permalink / raw)
To: gcc-bugs
following sample testcsae misdetects an array overflow
/home/marcus/projects/gcc/BIN/bin/gcc -c -O2 -Wall x.i
x.i: In function 'f':
x.i:7: warning: array subscript is above array bounds
--
Summary: array overflow misdetected
Product: gcc
Version: 4.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: marcus at jet dot franken dot de
GCC build triplet: x86_64-unknown-linux-gnu
GCC host triplet: x86_64-unknown-linux-gnu
GCC target triplet: x86_64-unknown-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31715
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/31715] array overflow misdetected
2007-04-26 18:10 [Bug c/31715] New: array overflow misdetected marcus at jet dot franken dot de
@ 2007-04-26 18:11 ` marcus at jet dot franken dot de
2007-04-26 18:27 ` [Bug tree-optimization/31715] [4.3 Regression] Array calculation done incorrectly pinskia at gcc dot gnu dot org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: marcus at jet dot franken dot de @ 2007-04-26 18:11 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from marcus at jet dot franken dot de 2007-04-26 19:10 -------
Created an attachment (id=13449)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=13449&action=view)
x.i
gcc -c -O2 -Wall x.i
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31715
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug tree-optimization/31715] [4.3 Regression] Array calculation done incorrectly
2007-04-26 18:10 [Bug c/31715] New: array overflow misdetected marcus at jet dot franken dot de
2007-04-26 18:11 ` [Bug c/31715] " marcus at jet dot franken dot de
@ 2007-04-26 18:27 ` pinskia at gcc dot gnu dot org
2007-04-26 22:22 ` rguenth at gcc dot gnu dot org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2007-04-26 18:27 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from pinskia at gcc dot gnu dot org 2007-04-26 19:27 -------
In final_cleanup we get:
if (arr[1073741827] == 0) goto <L12>; else goto <L4>;
Which is wrong.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Component|c |tree-optimization
Ever Confirmed|0 |1
Keywords| |diagnostic, wrong-code
Last reconfirmed|0000-00-00 00:00:00 |2007-04-26 19:27:07
date| |
Summary|array overflow misdetected |[4.3 Regression] Array
| |calculation done incorrectly
Target Milestone|--- |4.3.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31715
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug tree-optimization/31715] [4.3 Regression] Array calculation done incorrectly
2007-04-26 18:10 [Bug c/31715] New: array overflow misdetected marcus at jet dot franken dot de
2007-04-26 18:11 ` [Bug c/31715] " marcus at jet dot franken dot de
2007-04-26 18:27 ` [Bug tree-optimization/31715] [4.3 Regression] Array calculation done incorrectly pinskia at gcc dot gnu dot org
@ 2007-04-26 22:22 ` rguenth at gcc dot gnu dot org
2007-04-27 9:42 ` rguenth at gcc dot gnu dot org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2007-04-26 22:22 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from rguenth at gcc dot gnu dot org 2007-04-26 23:22 -------
That's probably exposed by Honzas struct/array_ref folding changes.
we have after inlining
p_4(D) = &arr;
D.1631_5 = p_4(D) + -4B;
n.0_6 = 4;
D.1633_7 = n.0_6 * 4;
D.1634_8 = (DWORD *) D.1633_7;
D.1635_9 = D.1631_5 + D.1634_8;
D.1636_10 = *D.1635_9;
and fold the reference to arr[1073741823] from within
maybe_fold_offset_to_array_ref. In the index calculation
if (TREE_CODE (elt_size) != INTEGER_CST
|| div_and_round_double (TRUNC_DIV_EXPR, 1,
TREE_INT_CST_LOW (offset),
TREE_INT_CST_HIGH (offset),
TREE_INT_CST_LOW (elt_size),
TREE_INT_CST_HIGH (elt_size),
&lquo, &hquo, &lrem, &hrem)
|| lrem || hrem)
return NULL_TREE;
idx = build_int_cst_wide (TREE_TYPE (offset), lquo, hquo);
we need to treat offset as signed for the division. For this we first
need to sign extend offset and then do the division. Like with the
following
Index: tree-ssa-ccp.c
===================================================================
*** tree-ssa-ccp.c (revision 124201)
--- tree-ssa-ccp.c (working copy)
*************** maybe_fold_offset_to_array_ref (tree bas
*** 1593,1605 ****
}
else
{
! unsigned HOST_WIDE_INT lquo, lrem;
! HOST_WIDE_INT hquo, hrem;
if (TREE_CODE (elt_size) != INTEGER_CST
! || div_and_round_double (TRUNC_DIV_EXPR, 1,
! TREE_INT_CST_LOW (offset),
! TREE_INT_CST_HIGH (offset),
TREE_INT_CST_LOW (elt_size),
TREE_INT_CST_HIGH (elt_size),
&lquo, &hquo, &lrem, &hrem)
--- 1593,1606 ----
}
else
{
! unsigned HOST_WIDE_INT lquo, lrem, lsoff;
! HOST_WIDE_INT hquo, hrem, hsoff;
+ fit_double_type (TREE_INT_CST_LOW (offset),
+ TREE_INT_CST_HIGH (offset), &lsoff, &hsoff,
+ signed_type_for (TREE_TYPE (offset)));
if (TREE_CODE (elt_size) != INTEGER_CST
! || div_and_round_double (TRUNC_DIV_EXPR, 0, lsoff, hsoff,
TREE_INT_CST_LOW (elt_size),
TREE_INT_CST_HIGH (elt_size),
&lquo, &hquo, &lrem, &hrem)
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rguenth at gcc dot gnu dot
| |org, hubicka at gcc dot gnu
| |dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31715
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug tree-optimization/31715] [4.3 Regression] Array calculation done incorrectly
2007-04-26 18:10 [Bug c/31715] New: array overflow misdetected marcus at jet dot franken dot de
` (2 preceding siblings ...)
2007-04-26 22:22 ` rguenth at gcc dot gnu dot org
@ 2007-04-27 9:42 ` rguenth at gcc dot gnu dot org
2007-04-27 11:43 ` rguenth at gcc dot gnu dot org
2007-04-27 11:43 ` rguenth at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2007-04-27 9:42 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from rguenth at gcc dot gnu dot org 2007-04-27 10:42 -------
Mine.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |rguenth at gcc dot gnu dot
|dot org |org
Status|NEW |ASSIGNED
Last reconfirmed|2007-04-26 19:27:07 |2007-04-27 10:42:12
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31715
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug tree-optimization/31715] [4.3 Regression] Array calculation done incorrectly
2007-04-26 18:10 [Bug c/31715] New: array overflow misdetected marcus at jet dot franken dot de
` (4 preceding siblings ...)
2007-04-27 11:43 ` rguenth at gcc dot gnu dot org
@ 2007-04-27 11:43 ` rguenth at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2007-04-27 11:43 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from rguenth at gcc dot gnu dot org 2007-04-27 12:42 -------
Subject: Bug 31715
Author: rguenth
Date: Fri Apr 27 12:42:43 2007
New Revision: 124216
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=124216
Log:
2007-04-27 Richard Guenther <rguenther@suse.de>
PR tree-optimization/31715
* tree-ssa-ccp.c (maybe_fold_offset_to_array_ref): Make
sure to do computation on the offset in an appropriate
signed type.
* gcc.dg/Warray-bounds-4.c: New testcase.
Added:
trunk/gcc/testsuite/gcc.dg/Warray-bounds-4.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/testsuite/ChangeLog
trunk/gcc/tree-ssa-ccp.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31715
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug tree-optimization/31715] [4.3 Regression] Array calculation done incorrectly
2007-04-26 18:10 [Bug c/31715] New: array overflow misdetected marcus at jet dot franken dot de
` (3 preceding siblings ...)
2007-04-27 9:42 ` rguenth at gcc dot gnu dot org
@ 2007-04-27 11:43 ` rguenth at gcc dot gnu dot org
2007-04-27 11:43 ` rguenth at gcc dot gnu dot org
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2007-04-27 11:43 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from rguenth at gcc dot gnu dot org 2007-04-27 12:43 -------
Fixed.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31715
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-04-27 11:43 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-04-26 18:10 [Bug c/31715] New: array overflow misdetected marcus at jet dot franken dot de
2007-04-26 18:11 ` [Bug c/31715] " marcus at jet dot franken dot de
2007-04-26 18:27 ` [Bug tree-optimization/31715] [4.3 Regression] Array calculation done incorrectly pinskia at gcc dot gnu dot org
2007-04-26 22:22 ` rguenth at gcc dot gnu dot org
2007-04-27 9:42 ` rguenth at gcc dot gnu dot org
2007-04-27 11:43 ` rguenth at gcc dot gnu dot org
2007-04-27 11:43 ` rguenth at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).