public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "aldyh at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/110603] [14 Regression] GCC, ICE: internal compiler error: in verify_range, at value-range.cc:1104 since r14-255
Date: Wed, 10 Jan 2024 10:31:28 +0000 [thread overview]
Message-ID: <bug-110603-4-Nt5h5orSSi@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-110603-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110603
Aldy Hernandez <aldyh at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |amacleod at redhat dot com
--- Comment #4 from Aldy Hernandez <aldyh at gcc dot gnu.org> ---
(In reply to wierton from comment #0)
> The testing program:
> ```
> typedef long unsigned int size_t;
> void *memcpy(void *, const void *, size_t);
> int snprintf(char *restrict, size_t, const char *restrict, ...);
>
> extern char a[2];
> void test_func_on_line_62(void) {
> memcpy(a, "12", sizeof("12") - 1);
> const int res = snprintf(0, 0, "%s", a);
> if (res <= 3)
> do {
> extern void f(void);
> f();
> } while (0);
> }
The sprintf pass is ICEing because it's trying to build a nonsensical range of
[2,1]. Legacy irange tried harder with swapped ranges, but in the above case
it would actually drop to VARYING:
- /* There's one corner case, if we had [C+1, C] before we now have
- that again. But this represents an empty value range, so drop
- to varying in this case. */
Which would cause the sprintf pass to set a global range of VARYING. I can't
remember whether this meant nuking the known global range, or ignoring it
altogether (the semantics changed in the last release or two). My guess is the
later, since set_range_info() improves ranges, never pessimizes them.
Now the reason we're passing swapped endpoints seems to originate in
get_range_strlen_dynamic(). It is setting a min of 2, courtesy of the nonzero
characters in the memcpy:
memcpy(a, "12", sizeof("12") - 1);
This comes from tree-ssa-strlen.c:
if (!pdata->minlen && si->nonzero_chars)
{
if (TREE_CODE (si->nonzero_chars) == INTEGER_CST)
pdata->minlen = si->nonzero_chars;
Further down we set a max of 1, stemming from the size of a[2] minus 1 for the
terminating null:
if (TREE_CODE (size) == INTEGER_CST)
{
++off; /* Increment for the terminating nul. */
tree toffset = build_int_cst (size_type_node, off);
pdata->maxlen = fold_build2 (MINUS_EXPR, size_type_node,
size,
toffset);
pdata->maxbound = pdata->maxlen;
}
I don't understand this code enough to opine, but at the worst we could bail if
the ends are swapped. It's no worse than what we had before.
next prev parent reply other threads:[~2024-01-10 10:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-09 11:34 [Bug c/110603] New: GCC, ICE: internal compiler error: in verify_range, at value-range.cc:1104 141242068 at smail dot nju.edu.cn
2023-07-09 14:57 ` [Bug tree-optimization/110603] [14 Regression] " pinskia at gcc dot gnu.org
2023-07-10 6:36 ` rguenth at gcc dot gnu.org
2023-10-17 12:10 ` rguenth at gcc dot gnu.org
2024-01-02 20:39 ` doko at gcc dot gnu.org
2024-01-09 18:06 ` [Bug tree-optimization/110603] [14 Regression] GCC, ICE: internal compiler error: in verify_range, at value-range.cc:1104 since r14-255 jakub at gcc dot gnu.org
2024-01-10 10:31 ` aldyh at gcc dot gnu.org [this message]
2024-01-23 11:16 ` jakub at gcc dot gnu.org
2024-01-27 12:48 ` jakub at gcc dot gnu.org
2024-01-29 9:21 ` cvs-commit at gcc dot gnu.org
2024-01-29 9:30 ` jakub at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-110603-4-Nt5h5orSSi@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).