Hi.
There's one false positive I've noticed:
$ cat /tmp/ptr-cmp.c
int
__attribute__((noinline))
foo(char *p1, char *p2)
{
if (p2 != 0 && p1 > p2)
return 0;
return 1;
}
int main(int argc, char **argv)
{
return foo(argv[0], 0);
}
$ gcc /tmp/ptr-cmp.c -fsanitize=address,pointer-compare -O2
-fdump-tree-asan1=/dev/stdout && ./a.out
__attribute__((noinline))
foo (char * p1, char * p2)
{
_Bool _1;
_Bool _2;
_Bool _3;
_Bool _8;
int _9;
<bb 2> [100.00%] [count: INV]:
_1 = p2_5(D) != 0B;
__builtin___sanitizer_ptr_cmp (p2_5(D), p1_6(D));
_2 = p2_5(D) < p1_6(D);
_3 = _1 & _2;
_8 = ~_3;
_9 = (int) _8;
return _9;
}
==31859==ERROR: AddressSanitizer: invalid-pointer-pair: 0x000000000000
0x7ffccadb4ff9
#0 0x400756 in foo
(/home/marxin/Programming/postgres/src/pl/plpgsql/src/a.out+0x400756)
#1 0x1513cde71f49 in __libc_start_main (/lib64/libc.so.6+0x20f49)
#2 0x400689 in _start
(/home/marxin/Programming/postgres/src/pl/plpgsql/src/a.out+0x400689)
As I've been reading dump files, it's already in gimple dump:
cat ptr-cmp.c.004t.gimple
__attribute__((noinline))
foo (char * p1, char * p2)
{
int D.2181;
_1 = p2 != 0B;
_2 = p1 > p2;
_3 = _1 & _2;
if (_3 != 0) goto <D.2179>; else goto <D.2180>;
...
Thoughts?
Martin
