On 2/26/19 6:32 PM, Martin Sebor wrote: > Please disregard the original patch and consider the attached > version instead. > > On 2/26/19 5:03 PM, Martin Sebor wrote: >> The false positive in PR89350 is due to -Wstringop-overflow >> trusting that the sizetype offset in POINTER_PLUS_EXPR means >> the offset is, in fact, unsigned. Avoiding the false positive >> in the cases when this isn't so is trivial but comes at a cost >> of false negatives. Avoiding those will, I expect, require >> enhancing the compute_builtin_object_size() function and that >> seems risky at this stage so I would like to defer that until >> stage 1. Except in the instance of memset, the false positives >> also aren't too serious because the same problem is also >> diagnosed by the -Warray-bounds warning in the wrestrict pass. >> Unfortunately, the wrestrict pass only handles copy functions >> and not memset. >> >> With that as background, the attached patch avoids >> the -Wstringop-overflow false positive by disabling the warning >> for offsets whose lower bound is positive and upper bound negative. >> To avoid the false negatives for memset the patch lets the wrestrict >> pass handle the function (for the bounds checking only). While >> testing this I noticed that the wrestrict pass makes the same >> assumption about offsets, so it too is susceptible to similar >> false positives. The rest of the patch corrects this problem >> n the wrestrict pass. Because the pass doesn't depend on >> the compute_builtin_object_size() function as much as >> -Wstringop-overflow, the fix does not cause false positives (at >> least none that I came across). >> >> Tested on x86_64-linux. >> >> Martin > > > gcc-89350.diff > > PR tree-optimization/89350 - Wrong -Wstringop-overflow= warning since r261518 > > gcc/ChangeLog: > > PR tree-optimization/89350 > * builtins.c (compute_objsize): Also ignore offsets whose upper > bound is negative. > * gimple-ssa-warn-restrict.c (builtin_memref): Add new member. > (builtin_memref::builtin_memref): Initialize new member. > Allow EXPR to be null. > (builtin_memref::extend_offset_range): Replace local with a member. > Avoid assuming pointer offsets are unsigned. > (builtin_memref::set_base_and_offset): Determine base object > before computing offset range. > (builtin_access::builtin_access): Handle memset. > (builtin_access::generic_overlap): Replace local with a member. > (builtin_access::strcat_overlap): Same. > (builtin_access::overlap): Same. > (maybe_diag_overlap): Same. > (maybe_diag_access_bounds): Same. > (wrestrict_dom_walker::check_call): Handle memset. > (check_bounds_or_overlap): Same. > > gcc/testsuite/ChangeLog: > > PR tree-optimization/89350 > * gcc.dg/Wstringop-overflow.c: Xfail overly ambitious tests. > * gcc.dg/Wstringop-overflow-10.c: New test. > * gcc.dg/Wstringop-overflow-11.c: New test. > * gcc.dg/pr89350.c: New test. > * gcc.dg/pr40340-1.c: Adjust expected warning. > * gcc.dg/pr40340-2.c: Same. > * gcc.dg/pr40340-4.c: Same. > * gcc.dg/pr40340-5.c: Same. OK. And just to be clear, totally agree with not trying to change c_b_o_s to return a range at this point in the release cycle.
jeff