On 2/26/19 6:32 PM, Martin Sebor wrote:
> Please disregard the original patch and consider the attached
> version instead.
> 
> On 2/26/19 5:03 PM, Martin Sebor wrote:
>> The false positive in PR89350 is due to -Wstringop-overflow
>> trusting that the sizetype offset in POINTER_PLUS_EXPR means
>> the offset is, in fact, unsigned.  Avoiding the false positive
>> in the cases when this isn't so is trivial but comes at a cost
>> of false negatives.  Avoiding those will, I expect, require
>> enhancing the compute_builtin_object_size() function and that
>> seems risky at this stage so I would like to defer that until
>> stage 1.  Except in the instance of memset, the false positives
>> also aren't too serious because the same problem is also
>> diagnosed by the -Warray-bounds warning in the wrestrict pass.
>> Unfortunately, the wrestrict pass only handles copy functions
>> and not memset.
>>
>> With that as background, the attached patch avoids
>> the -Wstringop-overflow false positive by disabling the warning
>> for offsets whose lower bound is positive and upper bound negative.
>> To avoid the false negatives for memset the patch lets the wrestrict
>> pass handle the function (for the bounds checking only).  While
>> testing this I noticed that the wrestrict pass makes the same
>> assumption about offsets, so it too is susceptible to similar
>> false positives.  The rest of the patch corrects this problem
>> n the wrestrict pass.  Because the pass doesn't depend on
>> the compute_builtin_object_size() function as much as
>> -Wstringop-overflow, the fix does not cause false positives (at
>> least none that I came across).
>>
>> Tested on x86_64-linux.
>>
>> Martin
> 
> 
> gcc-89350.diff
> 
> PR tree-optimization/89350 - Wrong -Wstringop-overflow= warning since r261518
> 
> gcc/ChangeLog:
> 
>       PR tree-optimization/89350
>       * builtins.c (compute_objsize): Also ignore offsets whose upper
>       bound is negative.
>       * gimple-ssa-warn-restrict.c (builtin_memref): Add new member.
>       (builtin_memref::builtin_memref): Initialize new member.
>       Allow EXPR to be null.
>       (builtin_memref::extend_offset_range): Replace local with a member.
>       Avoid assuming pointer offsets are unsigned.
>       (builtin_memref::set_base_and_offset): Determine base object
>       before computing offset range.
>       (builtin_access::builtin_access): Handle memset.
>       (builtin_access::generic_overlap): Replace local with a member.
>       (builtin_access::strcat_overlap): Same.
>       (builtin_access::overlap): Same.
>       (maybe_diag_overlap): Same.
>       (maybe_diag_access_bounds): Same.
>       (wrestrict_dom_walker::check_call): Handle memset.
>       (check_bounds_or_overlap): Same.
> 
> gcc/testsuite/ChangeLog:
> 
>       PR tree-optimization/89350
>       * gcc.dg/Wstringop-overflow.c: Xfail overly ambitious tests.
>       * gcc.dg/Wstringop-overflow-10.c: New test.
>       * gcc.dg/Wstringop-overflow-11.c: New test.
>       * gcc.dg/pr89350.c: New test.
>       * gcc.dg/pr40340-1.c: Adjust expected warning.
>       * gcc.dg/pr40340-2.c: Same.
>       * gcc.dg/pr40340-4.c: Same.
>       * gcc.dg/pr40340-5.c: Same.
OK.  And just to be clear, totally agree with not trying to change
c_b_o_s to return a range at this point in the release cycle.

jeff

Reply via email to