From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) by sourceware.org (Postfix) with ESMTPS id 390A93858D28 for ; Mon, 6 Dec 2021 17:31:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 390A93858D28 Received: by mail-ot1-x331.google.com with SMTP id i5-20020a05683033e500b0057a369ac614so14529525otu.10 for ; Mon, 06 Dec 2021 09:31:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=mGWhyToW8VPs8TAlWjoZB3bX46ZQol26aIEZ3vbBm7c=; b=jtEK1gQS2mbRP6J4HelkMDww+Etd+9MGYg0NMSVgKFhDnOG8GOihY6bAkGXNuBs1EJ OFnQwJBMNwCt728cZBSjEQCIEBNE0nZ8dBTtUAqUXn4aHM6QzSP+pgedGkAZ30V+9ctR KC7Fovypn8d/R6BBtNo7zrBGN48lxB8JWWMw8ZabNuaGgcW36+Xa7/VPVKTu3BI1xBvd Z6fUpeorLM//cu0Re816fJB2UhaYE/lCNV6gIWbXaap7uIhrlDTPlyzfY4bFqmsre/tr 3Ci6+F89W0rludvznqfJ1deCbazSQ9lsyBppSP94y3GmbkDvZxwFyj3EhbldR5NwEKU/ Q3Eg== X-Gm-Message-State: AOAM532PmT9Cf5T9OwiIgoDz8XXn4BkMGKGc+X0U3Gn1glLwActrW7ub MzbeKOiLbONglBHxwmsEm8UDaETqDEI= X-Google-Smtp-Source: ABdhPJy219gg1SyJu3YLUng5VshibgKCWbQY/kRhvW7JXx5yJe11kTA+Ujz7PREL84l5WZxsgdgyXQ== X-Received: by 2002:a9d:69ce:: with SMTP id v14mr30537539oto.312.1638811884449; Mon, 06 Dec 2021 09:31:24 -0800 (PST) Received: from [192.168.0.41] (184-96-227-137.hlrn.qwest.net. [184.96.227.137]) by smtp.gmail.com with ESMTPSA id k14sm2823923oil.38.2021.12.06.09.31.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 06 Dec 2021 09:31:24 -0800 (PST) Subject: [PATCH v2] fix PR 103143 To: Jeff Law , gcc-patches References: <65d1e530-a4cc-de27-1198-0dcaa08274bd@gmail.com> From: Martin Sebor Message-ID: Date: Mon, 6 Dec 2021 10:31:23 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="------------53948E597D80AB81B7A3C06D" Content-Language: en-US X-Spam-Status: No, score=-10.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_NUMSUBJECT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Dec 2021 17:31:27 -0000 This is a multi-part message in MIME format. --------------53948E597D80AB81B7A3C06D Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit I have broken up the patch into a series of six. Attached is part (1), the fix for the typo that causes PR 103143. On 12/3/21 5:00 PM, Jeff Law wrote: > > > On 11/8/2021 7:34 PM, Martin Sebor via Gcc-patches wrote: >> The pointer-query code that implements compute_objsize() that's >> in turn used by most middle end access warnings now has a few >> warts in it and (at least) one bug.  With the exception of >> the bug the warts aren't behind any user-visible bugs that >> I know of but they do cause problems in new code I've been >> implementing on top of it.  Besides fixing the one bug (just >> a typo) the attached patch cleans up these latent issues: >> >> 1) It moves the bndrng member from the access_ref class to >>    access_data.  As a FIXME in the code notes, the member never >>    did belong in the former and only takes up space in the cache. >> >> 2) The compute_objsize_r() function is big, unwieldy, and tedious >>    to step through because of all the if statements that are better >>    coded as one switch statement.  This change factors out more >>    of its code into smaller handler functions as has been suggested >>    and done a few times before. >> >> 3) (2) exposed a few places where I fail to pass the current >>    GIMPLE statement down to ranger.  This leads to worse quality >>    range info, including possible false positives and negatives. >>    I just spotted these problems in code review but I haven't >>    taken the time to come up with test cases.  This change fixes >>    these oversights as well. >> >> 4) The handling of PHI statements is also in one big, hard-to- >>    follow function.  This change moves the handling of each PHI >>    argument into its own handler which merges it into the previous >>    argument.  This makes the code easier to work with and opens it >>    to reuse also for MIN_EXPR and MAX_EXPR.  (This is primarily >>    used to print informational notes after warnings.) >> >> 5) Finally, the patch factors code to dump each access_ref >>    cached by the pointer_query cache out of pointer_query::dump >>    and into access_ref::dump.  This helps with debugging. >> >> These changes should have no user-visible effect and other than >> a regression test for the typo (PR 103143) come with no tests. >> They've been tested on x86_64-linux. > Sigh.  You've identified 6 distinct changes above.  The 5 you've > enumerated plus a typo fix somewhere.  There's no reason why they need > to be a single patch and many reasons why they should be a series of > independent patches.    Combining them into a single patch isn't how we > do things and it hides the actual bugfix in here. > > Please send a fix for the typo first since that should be able to > trivially go forward.  Then  a patch for item #1.  That should be > trivial to review when it's pulled out from teh rest of the patch. > Beyond that, your choice on ordering, but you need to break this down. > > > > > Jeff > --------------53948E597D80AB81B7A3C06D Content-Type: text/x-patch; charset=UTF-8; name="gcc-103413.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="gcc-103413.diff" commit 9a5bb7a2b0cdb8654061d9cba543c1408fa7adc9 Author: Martin Sebor Date: Sat Dec 4 16:22:07 2021 -0700 Use the recursive form of compute_objsize [PR 103143]. gcc/ChangeLog: PR middle-end/103143 * pointer-query.cc (gimple_call_return_array): Call compute_objsize_r. gcc/testsuite/ChangeLog: PR middle-end/103143 * gcc.dg/Wstringop-overflow-83.c: New test. diff --git a/gcc/pointer-query.cc b/gcc/pointer-query.cc index 2ead0271617..25ce4303849 100644 --- a/gcc/pointer-query.cc +++ b/gcc/pointer-query.cc @@ -199,7 +199,7 @@ gimple_call_return_array (gimple *stmt, offset_int offrng[2], bool *past_end, of the source object. */ access_ref aref; tree src = gimple_call_arg (stmt, 1); - if (compute_objsize (src, stmt, 1, &aref, qry) + if (compute_objsize_r (src, stmt, 1, &aref, snlim, qry) && aref.sizrng[1] < offrng[1]) offrng[1] = aref.sizrng[1]; } diff --git a/gcc/testsuite/gcc.dg/Wstringop-overflow-83.c b/gcc/testsuite/gcc.dg/Wstringop-overflow-83.c new file mode 100644 index 00000000000..6928ee4d559 --- /dev/null +++ b/gcc/testsuite/gcc.dg/Wstringop-overflow-83.c @@ -0,0 +1,19 @@ +/* PR middle-end/103143 - ICE due to infinite recursion in pointer-query.cc + { dg-do compile } + { dg-options "-O2 -Wall" } */ + +typedef __SIZE_TYPE__ size_t; + +void foo (size_t x) +{ + struct T { char buf[64]; char buf2[64]; } t; + char *p = &t.buf[8]; + char *r = t.buf2; + size_t i; + + for (i = 0; i < x; i++) + { + r = __builtin_mempcpy (r, p, i); + p = r + 1; + } +} --------------53948E597D80AB81B7A3C06D--