From: Jeff Law <law@redhat.com>
To: Richard Biener <richard.guenther@gmail.com>,
Martin Sebor <msebor@gmail.com>
Cc: Gcc Patch List <gcc-patches@gcc.gnu.org>
Subject: Re: [PING #2] [PATCH] enhance -Wrestrict to handle string built-ins (PR 78918)
Date: Thu, 24 Aug 2017 22:36:00 -0000 [thread overview]
Message-ID: <f207c4a2-3abd-ae26-978e-c1eaa2a01e73@redhat.com> (raw)
In-Reply-To: <CAFiYyc3xAW=4EeAwqrNRx01_8PTq=a3wdsteqMyx_P2qz+SBRw@mail.gmail.com>
On 08/22/2017 02:45 AM, Richard Biener wrote:
> On Mon, Aug 21, 2017 at 10:10 PM, Martin Sebor <msebor@gmail.com> wrote:
>> On 08/09/2017 10:14 AM, Jeff Law wrote:
>>>
>>> On 08/06/2017 05:08 PM, Martin Sebor wrote:
>>>
>>>>>
>>>>> Well, simply because the way as implemented isn't a must-alias query
>>>>> but maybe one that's good enough for warnings (reduces false positives
>>>>> but surely doesn't eliminate them).
>>>>
>>>>
>>>> I'm very interested in reducing the rate of false positives in
>>>> these and all other warnings. As I mentioned in my comments,
>>>> I did my best to weed them out of the implementation by building
>>>> GDB, Glibc, Busybox, and the Linux kernel. That of course isn't
>>>> a guarantee that there aren't any. But the first implementation
>>>> of any non-trivial feature is never perfect, and hardly any
>>>> warning of sufficient complexity is free of false positives, no
>>>> matter here it's implemented (the middle-end, front-end, or
>>>> a standalone static analysis tool). If you spotted some cases
>>>> I had missed I'd certainly be grateful for examples. Otherwise,
>>>> they will undoubtedly be reported as more software is exposed
>>>> to the warning and, if possible, fixed, as happens with all
>>>> other warnings.
>>>
>>> I think Richi is saying that the must alias query you've built isn't
>>> proper/correct. It's less about false positives for Richi and more
>>> about building a proper must alias query if I understand him correctly.
>>>
>>> I suspect he's also saying that you can't reasonably build must-alias on
>>> top of a may-alias query framework. They're pretty different queries.
>>>
>>> If you need something that is close to, but not quite a must alias
>>> query, then you're going to have to make a argument for that and you
>>> can't call it a must alias query.
>>
>>
>> Attached is an updated and simplified patch that avoids making
>> changes to any of the may-alias functions. It turns out that
>> all the information the logic needs to determine the overlap
>> is already in the ao_ref structures populated by
>> ao_ref_init_from_ptr_and_size. The only changes to the pass
>> are the enhancement to ao_ref_init_from_ptr_and_size to make
>> use of range info and the addition of the two new functions
>> used by the -Wrestrict clients outside the pass.
>
> Warning for memcpy (p, p, ...) is going to fire false positives all around
> given the C++ FE emits those in some cases and optimization can
> expose that we are dealing with self-assignments. And *p = *p is
> valid.
Correct. I wound my way through this mess a while back. Essentially
Red Hat had a customer with code that had overlapped memcpy arguments.
We had them use the memstomp interposition library to start tracking
these problems down.
One of the things that popped up was structure/class copies which were
implemented via calls to memcpy. In the case of self assignment, the
interposition library would note the overlap and (rightly IMHO) complain.
One could argue that GCC should emit memmove by default for structure
assignments, only using memcpy when it knows its not doing self
assignment (which may be hard to determine). Furthermore, GCC should
eliminate self structure/class assignment.
>
> @@ -1028,6 +1066,10 @@ gimple_fold_builtin_memory_op (gimple_stmt_iterator *gsi,
> }
> }
>
> + /* Avoid folding the call if overlap is detected. */
> + if (check_overlap && detect_overlap (loc, stmt, dest, src, len))
> + return false;
> +
>
> no, please not. You diagnosed the call (which might be a false positive)
> so why keep it undefined? The folded stmt will either have the same
> semantics (aggregate copies expanded as memcpy) or have all reads
> performed before writes.
So can we distinguish here between overlap and the self-copy case?
A self-copy should just be folded away. It's no different than x = x on
scalars except that we've dropped it to a memcpy in the IL. Doing so
makes the code more efficient and removes false positives from tools
like the memstomp interposition library, making those tools more useful.
Jeff
next prev parent reply other threads:[~2017-08-24 22:09 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-16 23:47 Martin Sebor
2017-07-20 20:46 ` Martin Sebor
2017-07-25 3:13 ` [PING] " Martin Sebor
2017-08-01 2:27 ` [PING #2] " Martin Sebor
2017-08-01 9:23 ` Richard Biener
2017-08-01 9:25 ` Richard Biener
2017-08-02 17:10 ` Jeff Law
2017-08-03 8:46 ` Richard Biener
2017-08-06 23:08 ` Martin Sebor
2017-08-08 13:08 ` Richard Biener
2017-08-09 16:14 ` Jeff Law
2017-08-22 2:04 ` Martin Sebor
2017-08-22 9:17 ` Richard Biener
2017-08-24 22:36 ` Jeff Law [this message]
2017-08-29 3:42 ` Martin Sebor
2017-09-01 15:15 ` Jeff Law
2017-08-29 2:35 ` Martin Sebor
2017-08-29 11:32 ` Richard Biener
[not found] ` <40984eff-b156-3315-7bb5-558e9e83bf6c@gmail.com>
2017-10-24 6:40 ` Martin Sebor
2017-11-10 0:28 ` [PING][PATCH] " Martin Sebor
2017-11-16 22:24 ` [PING 2][PATCH] " Martin Sebor
2017-11-23 0:16 ` Jeff Law
2017-11-26 9:12 ` Martin Sebor
2017-11-30 0:56 ` Martin Sebor
2017-12-07 21:14 ` Jeff Law
2017-12-07 21:28 ` Martin Sebor
2017-12-07 21:48 ` Jeff Law
2017-12-07 22:23 ` Jeff Law
2017-12-08 0:44 ` Martin Sebor
2017-12-08 19:19 ` Martin Sebor
2017-12-11 22:27 ` Jeff Law
2017-12-17 0:02 ` Martin Sebor
2017-12-17 13:32 ` H.J. Lu
2018-01-08 9:56 ` Tom de Vries
2017-12-07 20:16 ` Jeff Law
2017-11-27 12:45 ` Richard Biener
2017-11-30 1:19 ` Martin Sebor
2017-12-07 20:20 ` Jeff Law
2017-08-09 16:09 ` [PING #2] [PATCH] " Jeff Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f207c4a2-3abd-ae26-978e-c1eaa2a01e73@redhat.com \
--to=law@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=msebor@gmail.com \
--cc=richard.guenther@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).