From: Jeff Law <law@redhat.com>
To: Martin Sebor <msebor@gmail.com>,
"gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH] correct handling of offsets in bounds warnings (PR 89350)
Date: Wed, 20 Mar 2019 19:40:00 -0000 [thread overview]
Message-ID: <758c679a-2ac9-8f88-24b8-2e5435e19f77@redhat.com> (raw)
In-Reply-To: <c76f9442-4c89-fc05-7a79-aecc0f6ebdfe@gmail.com>
On 2/26/19 6:32 PM, Martin Sebor wrote:
> Please disregard the original patch and consider the attached
> version instead.
>
> On 2/26/19 5:03 PM, Martin Sebor wrote:
>> The false positive in PR89350 is due to -Wstringop-overflow
>> trusting that the sizetype offset in POINTER_PLUS_EXPR means
>> the offset is, in fact, unsigned.  Avoiding the false positive
>> in the cases when this isn't so is trivial but comes at a cost
>> of false negatives.  Avoiding those will, I expect, require
>> enhancing the compute_builtin_object_size() function and that
>> seems risky at this stage so I would like to defer that until
>> stage 1.  Except in the instance of memset, the false positives
>> also aren't too serious because the same problem is also
>> diagnosed by the -Warray-bounds warning in the wrestrict pass.
>> Unfortunately, the wrestrict pass only handles copy functions
>> and not memset.
>>
>> With that as background, the attached patch avoids
>> the -Wstringop-overflow false positive by disabling the warning
>> for offsets whose lower bound is positive and upper bound negative.
>> To avoid the false negatives for memset the patch lets the wrestrict
>> pass handle the function (for the bounds checking only).  While
>> testing this I noticed that the wrestrict pass makes the same
>> assumption about offsets, so it too is susceptible to similar
>> false positives.  The rest of the patch corrects this problem
>> n the wrestrict pass.  Because the pass doesn't depend on
>> the compute_builtin_object_size() function as much as
>> -Wstringop-overflow, the fix does not cause false positives (at
>> least none that I came across).
>>
>> Tested on x86_64-linux.
>>
>> Martin
>
>
> gcc-89350.diff
>
> PR tree-optimization/89350 - Wrong -Wstringop-overflow= warning since r261518
>
> gcc/ChangeLog:
>
> PR tree-optimization/89350
> * builtins.c (compute_objsize): Also ignore offsets whose upper
> bound is negative.
> * gimple-ssa-warn-restrict.c (builtin_memref): Add new member.
> (builtin_memref::builtin_memref): Initialize new member.
> Allow EXPR to be null.
> (builtin_memref::extend_offset_range): Replace local with a member.
> Avoid assuming pointer offsets are unsigned.
> (builtin_memref::set_base_and_offset): Determine base object
> before computing offset range.
> (builtin_access::builtin_access): Handle memset.
> (builtin_access::generic_overlap): Replace local with a member.
> (builtin_access::strcat_overlap): Same.
> (builtin_access::overlap): Same.
> (maybe_diag_overlap): Same.
> (maybe_diag_access_bounds): Same.
> (wrestrict_dom_walker::check_call): Handle memset.
> (check_bounds_or_overlap): Same.
>
> gcc/testsuite/ChangeLog:
>
> PR tree-optimization/89350
> * gcc.dg/Wstringop-overflow.c: Xfail overly ambitious tests.
> * gcc.dg/Wstringop-overflow-10.c: New test.
> * gcc.dg/Wstringop-overflow-11.c: New test.
> * gcc.dg/pr89350.c: New test.
> * gcc.dg/pr40340-1.c: Adjust expected warning.
> * gcc.dg/pr40340-2.c: Same.
> * gcc.dg/pr40340-4.c: Same.
> * gcc.dg/pr40340-5.c: Same.
OK. And just to be clear, totally agree with not trying to change
c_b_o_s to return a range at this point in the release cycle.
jeff
prev parent reply other threads:[~2019-03-20 19:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-27 0:23 Martin Sebor
2019-02-27 3:00 ` Martin Sebor
2019-03-06 22:05 ` PING " Martin Sebor
2019-03-12 3:19 ` PING #2 " Martin Sebor
2019-03-18 16:59 ` PING #3 " Martin Sebor
2019-03-20 19:40 ` Jeff Law [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=758c679a-2ac9-8f88-24b8-2e5435e19f77@redhat.com \
--to=law@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=msebor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).