On 20 November 2017 at 16:19, Jakub Jelinek <ja...@redhat.com> wrote:
> On Mon, Nov 20, 2017 at 04:13:49PM +0530, Prathamesh Kulkarni wrote:
>> Hi,
>> The attached patch tries to fix PR82665 by adding value-range for 'n'
>> to [0, PTRDIFF_MAX - 1] in the following case:
>> def = memchr(arg, 0, sz);
>> n = def - arg
>>
>> where def and arg are char *. I suppose it's safe to assume that if
>> arg is char *, then
>> memchr(arg, 0, sz) would return a non NULL pointer ?
>
> I don't think it is safe, at least not until we have the POINTER_DIFF_EXPR.
> Because
> char *def = memchr (arg, 0, sz);
> uintptr_t n = (uintptr_t) def - (uintptr_t) arg;
> is valid even if def is NULL and you can't differentiate between original
> pointer difference which would invoke UB if def was NULL and the case where
> user did the subtraction in an integral type.
Hi,
I updated the patch based on POINTER_DIFF_EXPR.
Bootstrapped and tested on x86_64-unknown-linux-gnu.
Does it look OK ?
Thanks,
Prathamesh
>
> Jakub
diff --git a/gcc/testsuite/gcc.dg/tree-ssa/pr82665.c
b/gcc/testsuite/gcc.dg/tree-ssa/pr82665.c
new file mode 100644
index 00000000000..17be6ec4e4b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/tree-ssa/pr82665.c
@@ -0,0 +1,22 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fdump-tree-optimized" } */
+
+void f1 (char *p, __SIZE_TYPE__ sz)
+{
+ char *q = __builtin_memchr (p, 0, sz);
+ long n = q - p;
+
+ if (n >= __PTRDIFF_MAX__)
+ __builtin_abort ();
+}
+
+void f2 (unsigned char *p, __SIZE_TYPE__ sz)
+{
+ unsigned char *q = __builtin_memchr (p, 0, sz);
+ long n = q - p;
+
+ if (n >= __PTRDIFF_MAX__)
+ __builtin_abort ();
+}
+
+/* { dg-final { scan-tree-dump-times "memchr" 1 "optimized" } } */
diff --git a/gcc/vr-values.c b/gcc/vr-values.c
index 794b4635f9e..5385c91f1ec 100644
--- a/gcc/vr-values.c
+++ b/gcc/vr-values.c
@@ -793,6 +793,42 @@ vr_values::extract_range_from_binary_expr (value_range *vr,
extract_range_from_binary_expr_1 (vr, code, expr_type, &vr0, &vr1);
+ /* Set value_range for n in following sequence:
+ def = __builtin_memchr (arg, 0, sz)
+ n = def - arg
+ Here the range for n can be set to [0, PTRDIFF_MAX - 1]. */
+
+ if (vr->type == VR_VARYING
+ && (code == POINTER_DIFF_EXPR)
+ && (TREE_CODE (op0) == SSA_NAME)
+ && (TREE_CODE (op1) == SSA_NAME))
+ {
+ tree def = op0;
+ tree arg = op1;
+
+ gcall *call_stmt = NULL;
+ if (def && arg
+ && (TREE_CODE (def) == SSA_NAME)
+ && ((TREE_CODE (TREE_TYPE (def)) == POINTER_TYPE)
+ && (TREE_TYPE (TREE_TYPE (def)) == char_type_node))
+ && (TREE_CODE (arg) == SSA_NAME)
+ && ((TREE_CODE (TREE_TYPE (arg)) == POINTER_TYPE)
+ && (TREE_TYPE (TREE_TYPE (arg)) == char_type_node))
+ && (call_stmt = dyn_cast<gcall *>(SSA_NAME_DEF_STMT (def)))
+ && (gimple_call_combined_fn (call_stmt) == CFN_BUILT_IN_MEMCHR)
+ && operand_equal_p (def, gimple_call_lhs (call_stmt), 0)
+ && operand_equal_p (arg, gimple_call_arg (call_stmt, 0), 0)
+ && integer_zerop (gimple_call_arg (call_stmt, 1)))
+ {
+ tree max = vrp_val_max (ptrdiff_type_node);
+ wide_int wmax = wi::to_wide (max, TYPE_PRECISION (TREE_TYPE
(max)));
+ tree range_min = build_zero_cst (expr_type);
+ tree range_max = wide_int_to_tree (expr_type, wmax - 1);
+ set_value_range (vr, VR_RANGE, range_min, range_max, NULL);
+ return;
+ }
+ }
+
/* Try harder for PLUS and MINUS if the range of one operand is symbolic
and based on the other operand, for example if it was deduced from a
symbolic comparison. When a bound of the range of the first operand
