From: Jeff Law <law@redhat.com>
To: Jakub Jelinek <jakub@redhat.com>
Cc: Martin Sebor <msebor@gmail.com>,
Gcc Patch List <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH] avoid calling memset et al. with excessively large sizes (PR 79095)
Date: Sat, 21 Jan 2017 00:19:00 -0000 [thread overview]
Message-ID: <546d43ce-ae6f-a58e-9b0b-3e4009702927@redhat.com> (raw)
In-Reply-To: <20170120233432.GY1867@tucnak>
On 01/20/2017 04:34 PM, Jakub Jelinek wrote:
> On Fri, Jan 20, 2017 at 04:32:19PM -0700, Jeff Law wrote:
>>> then the loop does the same thing as will memset (p, 6, 3U * 1024 * 1024 * 1024);
>>> do. On such large objects some operations may not work properly, e.g.
>>> &p[i] - &p[0] might be negative etc., but that is not something the above
>>> loop does or memset will do internally. If the loop doesn't use just 3/4 of
>>> the address space, but much more, e.g. more than whole address space minus
>>> one page, which is what happens in the testcase, it is indeed quite sure it
>>> will crash if invoked, but the problem with the warning is the same with
>>> many other late warnings or warnings excessively using VRP etc.
>> Not in my mind, it's different. It's not triggered by path isolation. It's
>> standard const propagation + simplification.
>
> So where does the constant -1 length appear there? The test clearly just
> attempts to clear some variable length - 1. I admit I haven't looked at the
> dumps in detail, I should...
At least in Martin's simplified test it's just a series of standard
constant propagations and obvious simplifications. No threading, no
path isolation.
;; basic block 2, loop depth 0, count 0, freq 10000, maybe hot
;; prev block 0, next block 3, flags: (NEW, REACHABLE, VISITED)
;; pred: ENTRY [100.0%] (FALLTHRU,EXECUTABLE)
_7 = MEM[(int * *)s_5(D)];
_8 = MEM[(int * *)s_5(D) + 8B];
_9 = (long int) _8;
_10 = (long int) _7;
_11 = _9 - _10;
_12 = _11 /[ex] 4;
_13 = (long unsigned int) _12;
_1 = _13 + 18446744073709551614;
if (_1 <= 2)
goto <bb 3>; [36.64%]
else
goto <bb 8>; [63.36%]
;; succ: 3 [36.6%] (TRUE_VALUE,EXECUTABLE)
;; 8 [63.4%] (FALSE_VALUE,EXECUTABLE)
;; basic block 3, loop depth 0, count 0, freq 3664, maybe hot
;; prev block 2, next block 4, flags: (NEW, REACHABLE, VISITED)
;; pred: 2 [36.6%] (TRUE_VALUE,EXECUTABLE)
_2 = _13 + 18446744073709551615;
_14 = MEM[(int * *)s_5(D)];
_15 = MEM[(int * *)s_5(D) + 8B];
_16 = (long int) _15;
_17 = (long int) _14;
_18 = _16 - _17;
_19 = _18 /[ex] 4;
_20 = (long unsigned int) _19;
if (_2 > _20)
goto <bb 4>; [50.00%]
else
goto <bb 6>; [50.00%]
;; succ: 4 [50.0%] (TRUE_VALUE,EXECUTABLE)
;; 6 [50.0%] (FALSE_VALUE,EXECUTABLE)
;; basic block 4, loop depth 0, count 0, freq 1832, maybe hot
;; prev block 3, next block 5, flags: (NEW, REACHABLE, VISITED)
;; pred: 3 [50.0%] (TRUE_VALUE,EXECUTABLE)
_21 = _2 - _20;
_22 = MEM[(int * *)s_5(D) + 16B];
_23 = (long int) _22;
_24 = _23 - _16;
_25 = _24 /[ex] 4;
left_26 = (size_t) _25;
if (_21 <= left_26)
goto <bb 5>; [33.00%]
else
goto <bb 8>; [67.00%]
;; succ: 5 [33.0%] (TRUE_VALUE,EXECUTABLE)
;; 8 [67.0%] (FALSE_VALUE,EXECUTABLE)
;; basic block 5, loop depth 0, count 0, freq 605, maybe hot
;; prev block 4, next block 6, flags: (NEW, REACHABLE, VISITED)
;; pred: 4 [33.0%] (TRUE_VALUE,EXECUTABLE)
_27 = _21 * 4;
__builtin_memset (_22, 0, _27);
goto <bb 8>; [100.00%]
;; succ: 8 [100.0%] (FALLTHRU,EXECUTABLE)
In particular look at _27, which is _21 * 4.
_21 is _2 - _20
If you follow things though the use-def chains and simplify you'll see
that _2 - 20 is always -1.
Jeff
next prev parent reply other threads:[~2017-01-20 23:56 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-17 0:06 Martin Sebor
2017-01-17 7:38 ` Jakub Jelinek
2017-01-18 3:38 ` Martin Sebor
2017-01-18 7:54 ` Jeff Law
2017-01-18 8:55 ` Jakub Jelinek
2017-01-18 18:08 ` Martin Sebor
2017-01-20 23:32 ` Jeff Law
2017-01-21 6:42 ` A + B CMP A -> A CMP' CST' match.pd patterns [was [PATCH] avoid calling memset et al. with excessively large sizes (PR 79095)] Jeff Law
2017-01-21 8:18 ` Marc Glisse
2017-01-24 0:21 ` Jeff Law
2017-01-24 10:49 ` Richard Biener
2017-01-24 14:46 ` Marc Glisse
2017-01-24 15:21 ` Jeff Law
2017-01-24 16:02 ` Marc Glisse
2017-01-24 16:28 ` Richard Biener
2017-01-25 10:36 ` Richard Biener
2017-01-25 17:45 ` Jeff Law
2017-01-23 9:14 ` Richard Biener
2017-01-23 21:13 ` Jeff Law
2017-01-20 23:32 ` [PATCH] avoid calling memset et al. with excessively large sizes (PR 79095) Jeff Law
2017-01-20 23:39 ` Jakub Jelinek
2017-01-21 0:19 ` Jeff Law [this message]
2017-01-17 15:26 ` Jeff Law
2017-01-17 16:14 ` Martin Sebor
2017-01-17 18:00 ` Jeff Law
2017-01-18 3:19 ` Martin Sebor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=546d43ce-ae6f-a58e-9b0b-3e4009702927@redhat.com \
--to=law@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
--cc=msebor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).