public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/32135] New: bogus array-ref fold triggering array overflow warning
@ 2007-05-29 0:02 mueller at gcc dot gnu dot org
2007-05-29 0:11 ` [Bug middle-end/32135] [4.3 Regression] " pinskia at gcc dot gnu dot org
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: mueller at gcc dot gnu dot org @ 2007-05-29 0:02 UTC (permalink / raw)
To: gcc-bugs
Hi,
-O2 Warray-bounds:
=== Cut ===
struct PhaseEntryType
{
char raw_field[50 + 1];
};
int
ParsePhase (char in_cols[15][250], struct PhaseEntryType *P)
{
__builtin_strncpy (P->raw_field, in_cols[2], 50);
}
~
=== Cut ===
triggered by
__builtin_strncpy ((char *) &P->raw_field, (const char *) (char *) in_cols +
500B, 50);
being gimplified to:
D.1970 = &(*in_cols)[500];
D.1971 = &P->raw_field[0];
__builtin_strncpy (D.1971, D.1970, 50)
--
Summary: bogus array-ref fold triggering array overflow warning
Product: gcc
Version: 4.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: mueller at gcc dot gnu dot org
GCC host triplet: i686-suse-linux
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
@ 2007-05-29 0:11 ` pinskia at gcc dot gnu dot org
2007-05-29 9:21 ` rguenth at gcc dot gnu dot org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2007-05-29 0:11 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from pinskia at gcc dot gnu dot org 2007-05-29 00:10 -------
The bug is in maybe_fold_offset_to_array_ref.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|c |middle-end
Summary|bogus array-ref fold |[4.3 Regression] bogus
|triggering array overflow |array-ref fold triggering
|warning |array overflow warning
Target Milestone|--- |4.3.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
2007-05-29 0:11 ` [Bug middle-end/32135] [4.3 Regression] " pinskia at gcc dot gnu dot org
@ 2007-05-29 9:21 ` rguenth at gcc dot gnu dot org
2007-06-29 18:38 ` mmitchel at gcc dot gnu dot org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2007-05-29 9:21 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from rguenth at gcc dot gnu dot org 2007-05-29 09:21 -------
Confirmed.
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed|0 |1
Last reconfirmed|0000-00-00 00:00:00 |2007-05-29 09:21:36
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
2007-05-29 0:11 ` [Bug middle-end/32135] [4.3 Regression] " pinskia at gcc dot gnu dot org
2007-05-29 9:21 ` rguenth at gcc dot gnu dot org
@ 2007-06-29 18:38 ` mmitchel at gcc dot gnu dot org
2007-10-19 23:01 ` janis at gcc dot gnu dot org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mmitchel at gcc dot gnu dot org @ 2007-06-29 18:38 UTC (permalink / raw)
To: gcc-bugs
--
mmitchel at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P3 |P2
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
` (2 preceding siblings ...)
2007-06-29 18:38 ` mmitchel at gcc dot gnu dot org
@ 2007-10-19 23:01 ` janis at gcc dot gnu dot org
2008-01-11 14:51 ` hubicka at gcc dot gnu dot org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: janis at gcc dot gnu dot org @ 2007-10-19 23:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from janis at gcc dot gnu dot org 2007-10-19 23:00 -------
The failure also shows up on powerpc-linux, where a regression hunt identified:
http://gcc.gnu.org/viewcvs?view=rev&rev=124403
r124403 | hubicka | 2007-05-04 00:40:20 +0000 (Fri, 04 May 2007)
--
janis at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hubicka at gcc dot gnu dot
| |org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
` (3 preceding siblings ...)
2007-10-19 23:01 ` janis at gcc dot gnu dot org
@ 2008-01-11 14:51 ` hubicka at gcc dot gnu dot org
2008-01-11 15:59 ` hubicka at gcc dot gnu dot org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: hubicka at gcc dot gnu dot org @ 2008-01-11 14:51 UTC (permalink / raw)
To: gcc-bugs
--
hubicka at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |hubicka at gcc dot gnu dot
|dot org |org
Status|NEW |ASSIGNED
Last reconfirmed|2007-05-29 09:21:36 |2008-01-11 14:12:54
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
` (4 preceding siblings ...)
2008-01-11 14:51 ` hubicka at gcc dot gnu dot org
@ 2008-01-11 15:59 ` hubicka at gcc dot gnu dot org
2008-01-13 12:38 ` hubicka at gcc dot gnu dot org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: hubicka at gcc dot gnu dot org @ 2008-01-11 15:59 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from hubicka at gcc dot gnu dot org 2008-01-11 15:25 -------
I am testing the attached patch. It disables the transformation and produce:
in_cols.0 = (char *) in_cols;
D.1180 = in_cols.0 + 500;
perhaps more canonical way would be
in_cols.0 = in_cols + 500;
d.1180 = (char *)in_cost.0
or for nonzero offset in the second index
in_cols.0 = in_cols + 500;
d.1180 = &in_cost.0[nonzero_offset];
But it would need maybe_fold... to produce non-gimple or we would need to do
the transform in gimplifier itself.
Honza
Index: tree-ssa-ccp.c
===================================================================
--- tree-ssa-ccp.c (revision 131461)
+++ tree-ssa-ccp.c (working copy)
@@ -1588,6 +1588,7 @@ maybe_fold_offset_to_array_ref (tree bas
{
tree min_idx, idx, idx_type, elt_offset = integer_zero_node;
tree array_type, elt_type, elt_size;
+ tree domain_type;
/* If BASE is an ARRAY_REF, we can pick up another offset (this time
measured in units of the size of elements type) from that ARRAY_REF).
@@ -1659,9 +1660,10 @@ maybe_fold_offset_to_array_ref (tree bas
low bound, if any, convert the index into that type, and add the
low bound. */
min_idx = build_int_cst (idx_type, 0);
- if (TYPE_DOMAIN (array_type))
+ domain_type = TYPE_DOMAIN (TREE_TYPE (base));
+ if (domain_type)
{
- idx_type = TYPE_DOMAIN (array_type);
+ idx_type = domain_type;
if (TYPE_MIN_VALUE (idx_type))
min_idx = TYPE_MIN_VALUE (idx_type);
else
@@ -1681,6 +1683,24 @@ maybe_fold_offset_to_array_ref (tree bas
/* Make sure to possibly truncate late after offsetting. */
idx = fold_convert (idx_type, idx);
+ /* We don't want to construct access past array bounds. For example
+ char *(c[4]);
+
+ c[3][2]; should not be simplified into (*c)[14] or tree-vrp will give
false
+ warning. */
+ if (domain_type && TYPE_MAX_VALUE (domain_type)
+ && TREE_CODE (TYPE_MAX_VALUE (domain_type)) == INTEGER_CST)
+ {
+ tree up_bound = TYPE_MAX_VALUE (domain_type);
+
+ if (tree_int_cst_lt (up_bound, idx)
+ /* Accesses after the end of arrays of size 0 (gcc
+ extension) and 1 are likely intentional ("struct
+ hack"). */
+ || compare_tree_int (up_bound, 1) > 0)
+ return NULL_TREE;
+ }
+
return build4 (ARRAY_REF, elt_type, base, idx, NULL_TREE, NULL_TREE);
}
--
hubicka at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed|2008-01-11 14:12:54 |2008-01-11 15:25:44
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
` (5 preceding siblings ...)
2008-01-11 15:59 ` hubicka at gcc dot gnu dot org
@ 2008-01-13 12:38 ` hubicka at gcc dot gnu dot org
2008-01-13 12:54 ` hubicka at gcc dot gnu dot org
2008-01-13 14:38 ` ismail at pardus dot org dot tr
8 siblings, 0 replies; 10+ messages in thread
From: hubicka at gcc dot gnu dot org @ 2008-01-13 12:38 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from hubicka at gcc dot gnu dot org 2008-01-13 11:18 -------
Subject: Bug 32135
Author: hubicka
Date: Sun Jan 13 11:18:08 2008
New Revision: 131502
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=131502
Log:
PR middle-end/32135
* tree-ssa-ccp.c (maybe_fold_offset_to_array_ref): Do not construct
references above array bounds. This might trigger bounds checks for
pointers to arrays.
Added:
trunk/gcc/testsuite/gcc.dg/pr32135.c
Modified:
trunk/gcc/ChangeLog
trunk/gcc/testsuite/ChangeLog
trunk/gcc/tree-ssa-ccp.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
` (6 preceding siblings ...)
2008-01-13 12:38 ` hubicka at gcc dot gnu dot org
@ 2008-01-13 12:54 ` hubicka at gcc dot gnu dot org
2008-01-13 14:38 ` ismail at pardus dot org dot tr
8 siblings, 0 replies; 10+ messages in thread
From: hubicka at gcc dot gnu dot org @ 2008-01-13 12:54 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from hubicka at gcc dot gnu dot org 2008-01-13 11:26 -------
Fixed.
--
hubicka at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
` (7 preceding siblings ...)
2008-01-13 12:54 ` hubicka at gcc dot gnu dot org
@ 2008-01-13 14:38 ` ismail at pardus dot org dot tr
8 siblings, 0 replies; 10+ messages in thread
From: ismail at pardus dot org dot tr @ 2008-01-13 14:38 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from ismail at pardus dot org dot tr 2008-01-13 14:01 -------
This is possibly is the reason for new test failures:
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 59)
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 65)
FAIL: gcc.dg/Warray-bounds.c (test for warnings, line 66)
--
ismail at pardus dot org dot tr changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ismail at pardus dot org dot
| |tr
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2008-01-13 14:01 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-05-29 0:02 [Bug c/32135] New: bogus array-ref fold triggering array overflow warning mueller at gcc dot gnu dot org
2007-05-29 0:11 ` [Bug middle-end/32135] [4.3 Regression] " pinskia at gcc dot gnu dot org
2007-05-29 9:21 ` rguenth at gcc dot gnu dot org
2007-06-29 18:38 ` mmitchel at gcc dot gnu dot org
2007-10-19 23:01 ` janis at gcc dot gnu dot org
2008-01-11 14:51 ` hubicka at gcc dot gnu dot org
2008-01-11 15:59 ` hubicka at gcc dot gnu dot org
2008-01-13 12:38 ` hubicka at gcc dot gnu dot org
2008-01-13 12:54 ` hubicka at gcc dot gnu dot org
2008-01-13 14:38 ` ismail at pardus dot org dot tr
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).