From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 46126 invoked by alias); 21 Feb 2018 02:38:51 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 46109 invoked by uid 89); 21 Feb 2018 02:38:50 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=999999, Hx-languages-length:1877, taught, HContent-Transfer-Encoding:8bit X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 21 Feb 2018 02:38:49 +0000 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C883E80474; Wed, 21 Feb 2018 02:38:47 +0000 (UTC) Received: from localhost.localdomain (ovpn-112-67.rdu2.redhat.com [10.10.112.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id ED10D600D3; Wed, 21 Feb 2018 02:38:46 +0000 (UTC) Subject: Re: [PR middle-end/82123] 00/06 Use EVRP range data in sprintf warnings To: Joseph Myers Cc: gcc-patches References: From: Jeff Law Message-ID: Date: Wed, 21 Feb 2018 02:38:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2018-02/txt/msg01208.txt.bz2 On 02/20/2018 05:00 PM, Joseph Myers wrote: > Does this help with any of the cases in bug 80776 that weren't already > fixed, or are those distinct despite looking similar? > I don't think so. THe __builtin_unreachable markers are removed by vrp1 -- well before the sprintf warning code gets run. So the sprintf warning code never gets to exploit the properties implied by the __builtin_unreachable calls. It doesn't look like VRP records the narrowed ranges implied by the __builtin_unreachable calls. After ASSERT_EXPR insertion we have: ;; basic block 6, loop depth 0, count 1072883002 (estimated locally), maybe hot ;; prev block 5, next block 1, flags: (NEW, REACHABLE, VISITED) ;; pred: 4 [100.0% (guessed)] count:1072883003 (estimated locally) (FALSE_VALUE,EXECUTABLE) i_7 = ASSERT_EXPR ; __builtin___sprintf_chk (&number, 1, 7, "%d", i_7); return; ANd the ranges computed by VRP: i.0_1: [0, 999999] i_4: [0, +INF] i_6: [0, +INF] EQUIVALENCES: { i_4 } (1 elements) i_7: [0, 999999] EQUIVALENCES: { i_4 i_6 } (2 elements) So VRP does identify the narrow range for i_7. But then we remove the ASSERT_EXPRs and we're left with: i_4 = somerandom (); i.0_1 = (unsigned int) i_4; __builtin___sprintf_chk (&number, 1, 7, "%d", i_4); return; Subsequent EVRP analysis will start with the range of i_4 as a seed. BUt there's nothing to further narrow that range. If ASSERT_EXPR removal could be taught to use i_7 I suspect the right things would "just happen". I haven't thought at all about what might be required to have VRP do-the-right-thing. Given the overall desire to drop ASSERT_EXPRs and the range propagation step in VRP in favor of EVRP style analysis I doubt anyone is likely to spend much time on fixing this in the old style VRP analysis. jeff