From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-485813-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 116073 invoked by alias); 17 Sep 2018 21:16:10 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 115819 invoked by uid 89); 17 Sep 2018 21:15:44 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mail-qk1-f196.google.com
Received: from mail-qk1-f196.google.com (HELO mail-qk1-f196.google.com) (209.85.222.196) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 17 Sep 2018 21:15:42 +0000
Received: by mail-qk1-f196.google.com with SMTP id b19-v6so9834396qkc.6        for <gcc-patches@gcc.gnu.org>; Mon, 17 Sep 2018 14:15:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=subject:to:references:cc:from:message-id:date:user-agent         :mime-version:in-reply-to:content-transfer-encoding;        bh=S1SjwmjWlPCfDyCj63+oOE0BQmHDuTYf/1LXYkiVPVA=;        b=ha1mJ9EIPcETX9M6zf7XhoTxFjCO5tUw1EnZ+kQp+bIZIz4naDvg4+xAyjr1D43ty2         XbypRQnzUSh6d+7qzO1Jye+PI41bFFwzpP3GNzfd2myjn27CobiERLnVAcxiPUFtrEqH         iFVH5n0ovDZY4QIAIgBkBqtjxjoBkvzVy75cA1nYYojr4k+x9mEwqaQN+Jsg1+dEBRtY         FkFKgs1GZAl00E3jDWjFtBq1wRVj6tGVmCg/n0TqbS8m3F1dlHtjTnc/LjIrtUG9wAUu         qJQ16Q8+KcajZTvmMZniSuvPjErweYzmf3n5m/W31aYOd4X5fJVKEhV0IrEoaD6RC0I5         jjAg==
Return-Path: <msebor@gmail.com>
Received: from localhost.localdomain (97-118-105-75.hlrn.qwest.net. [97.118.105.75])        by smtp.gmail.com with ESMTPSA id p1-v6sm2565954qke.26.2018.09.17.14.15.38        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);        Mon, 17 Sep 2018 14:15:39 -0700 (PDT)
Subject: Re: [PATCH] look harder for MEM_REF operand equality to avoid -Wstringop-truncation (PR 84561)
To: Richard Biener <richard.guenther@gmail.com>, Jeff Law <law@redhat.com>, Bernd Edlinger <bernd.edlinger@hotmail.de>
References: <VI1PR0701MB286216FB1370E54471D47D6FE4180@VI1PR0701MB2862.eurprd07.prod.outlook.com> <84559a68-1a5c-45e8-b6f1-7eb86ae12e3e@redhat.com> <A38C4345-1EDB-4D3E-AC8C-F5877C8D408A@gmail.com>
Cc: "gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>
From: Martin Sebor <msebor@gmail.com>
Message-ID: <cdfd1e23-ad45-f5cd-2e20-f798d09c793f@gmail.com>
Date: Mon, 17 Sep 2018 21:18:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <A38C4345-1EDB-4D3E-AC8C-F5877C8D408A@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2018-09/txt/msg00916.txt.bz2

On 09/17/2018 11:35 AM, Richard Biener wrote:
> On September 17, 2018 7:24:16 PM GMT+02:00, Jeff Law <law@redhat.com> wrote:
>> On 9/15/18 2:14 AM, Bernd Edlinger wrote:
>>> On 9/14/18, Martin Sebor wrote:
>>>> As I said above, this happens during the dom walk in the ccp
>>>> pass:
>>>>
>>>>   substitute_and_fold_dom_walker walker (CDI_DOMINATORS, this);
>>>>   walker.walk (ENTRY_BLOCK_PTR_FOR_FN (cfun));
>>>>
>>>> The warning is issued during the walker.walk() call as
>>>> strncpy is being folded into memcpy.  The prior assignments are
>>>> only propagated later, when the next statement after the strncpy
>>>> call is reached.  It happens in
>>>> substitute_and_fold_dom_walker::before_dom_children(). So during
>>>> the strncpy folding we see the next statement as:
>>>>
>>>>   MEM[(struct S *)_1].a[n_7] = 0;
>>>>
>>>> After the strncpy call is transformed to memcpy, the assignment
>>>> above is transformed to
>>>>
>>>>   MEM[(struct S *)_8].a[3] = 0;
>>>>
>>>>
>>>>>     If they're only discovered as copies within the pass where
>> you're trying
>>>>>     to issue the diagnostic, then you'd want to see if the pass has
>> any
>>>>>     internal structures that tell you about equivalences.
>>>>
>>>>
>>>> I don't know if this is possible.  I don't see any APIs in
>>>> tree-ssa-propagate.h that would let me query the internal data
>>>> somehow to find out during folding (when the warning is issued).
>>>
>>>
>>> Well,
>>>
>>> if I see this right, the CCP is doing tree transformations
>>> while from the folding of strncpy the predicate
>> maybe_diag_stxncpy_trunc
>>> is called, and sees inconsistent information, in the tree,
>>> and therefore it issues a warning.
>>>
>>> I understand that walking the references is fragile at least
>>> in this state.
>>>
>>> But why not just prevent warnings when this is called from CCP?
>>>
>>>
>>> Like this?
>>>
>>> Bootstrapped and reg-tested on x86_64-pc-linux-gnu.
>>> Is it OK for trunk?
>> No.  That's just hacking around the real problem.
>
> The real problem is emitting diagnostics from folding code.

Strncpy is a particularly dangerous function that's often
misunderstood and misused.  IMO, it would be a worthwhile
tradeoff to move the strncpy to memcpy transformation to
the strlen pass where these bugs could be detected more
reliably, and with fewer false positives.  I would not
expect it to have a noticeable impact on code efficiency.

I'd be happy to modify the patch to do that if you find it
acceptable.

Martin