https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84732
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
Reduced test-case:
$ cat ~/Programming/testcases/ice.i
char *arg;
struct buffer{
char a[16];
};
struct buffer a, b;
void e(void) {
if (__builtin_strlen(arg) > 1)
__builtin_strncpy(a.a, arg, sizeof(struct buffer));
}
Without coverage sanitization:
$ ./xgcc -B. ~/Programming/testcases/ice.i -c -O2 -Wall
-fdump-tree-strlen=/dev/stdout
;; Function e (e, funcdef_no=0, decl_uid=1962, cgraph_uid=0, symbol_order=3)
e ()
{
char * arg.0_1;
long unsigned int _2;
<bb 2> [local count: 1073741825]:
arg.0_1 = arg;
_2 = __builtin_strlen (arg.0_1);
if (_2 > 1)
goto <bb 3>; [41.48%]
else
goto <bb 4>; [58.52%]
<bb 3> [local count: 445388109]:
__builtin_strncpy (&a.a, arg.0_1, 16);
<bb 4> [local count: 1073741825]:
return;
}
With:
./xgcc -B. ~/Programming/testcases/ice.i -c -O2 -fsanitize-coverage=trace-pc
-fdump-tree-strlen=/dev/stdout
;; Function e (e, funcdef_no=0, decl_uid=2322, cgraph_uid=0, symbol_order=3)
e ()
{
char * arg.0_1;
long unsigned int _2;
<bb 2> [local count: 1073741825]:
__builtin___sanitizer_cov_trace_pc ();
arg.0_1 = arg;
_2 = __builtin_strlen (arg.0_1);
if (_2 > 1)
goto <bb 3>; [41.48%]
else
goto <bb 4>; [58.52%]
<bb 3> [local count: 445388109]:
__builtin___sanitizer_cov_trace_pc ();
__builtin_strncpy (&a.a, arg.0_1, 16);
<bb 4> [local count: 1073741825]:
__builtin___sanitizer_cov_trace_pc ();
return;
}
I guess it somehow confuses VRP, Martin can you please take a look? Note that
__builtin___sanitizer_cov_trace_pc is pure function, can't modify memory in
original program.
