On Fri, 25 Aug 2023 at 18:15, David Malcolm via Gcc-patches
<gcc-patches@gcc.gnu.org> wrote:
>
> Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
> Pushed to trunk as r14-3481-g99a3fcb8ff0bf2.
Hi David,
It seems the new tests FAIL on arm for LTO bootstrap config:
https://ci.linaro.org/job/tcwg_bootstrap_check--master-arm-check_bootstrap_lto-build/263/artifact/artifacts/06-check_regression/fails.sum/*view*/
Please let me know if you need any help in reproducing these failures.

Thanks,
Prathamesh
>
> gcc/analyzer/ChangeLog:
>         * access-diagram.cc (class string_region_spatial_item): Remove
>         assumption that the string is written to the start of the cluster.
>
> gcc/testsuite/ChangeLog:
>         * gcc.dg/analyzer/out-of-bounds-diagram-17.c: New test.
>         * gcc.dg/analyzer/out-of-bounds-diagram-18.c: New test.
>         * gcc.dg/analyzer/out-of-bounds-diagram-19.c: New test.
> ---
>  gcc/analyzer/access-diagram.cc                | 57 ++++++++++++-------
>  .../analyzer/out-of-bounds-diagram-17.c       | 34 +++++++++++
>  .../analyzer/out-of-bounds-diagram-18.c       | 38 +++++++++++++
>  .../analyzer/out-of-bounds-diagram-19.c       | 45 +++++++++++++++
>  4 files changed, 155 insertions(+), 19 deletions(-)
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-17.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-18.c
>  create mode 100644 gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c
>
> diff --git a/gcc/analyzer/access-diagram.cc b/gcc/analyzer/access-diagram.cc
> index d7b669a4e38e..a51d594b5b2c 100644
> --- a/gcc/analyzer/access-diagram.cc
> +++ b/gcc/analyzer/access-diagram.cc
> @@ -1509,10 +1509,16 @@ public:
>        out.add_all_bytes_in_range (m_actual_bits);
>      else
>        {
> -       byte_range head_of_string (0, m_ellipsis_head_len);
> +       byte_range bytes (0, 0);
> +       bool valid = m_actual_bits.as_concrete_byte_range (&bytes);
> +       gcc_assert (valid);
> +       byte_range head_of_string (bytes.get_start_byte_offset (),
> +                                  m_ellipsis_head_len);
>         out.add_all_bytes_in_range (head_of_string);
>         byte_range tail_of_string
> -         (TREE_STRING_LENGTH (string_cst) - m_ellipsis_tail_len,
> +         ((bytes.get_start_byte_offset ()
> +           + TREE_STRING_LENGTH (string_cst)
> +           - m_ellipsis_tail_len),
>            m_ellipsis_tail_len);
>         out.add_all_bytes_in_range (tail_of_string);
>         /* Adding the above pair of ranges will also effectively add
> @@ -1535,11 +1541,14 @@ public:
>      tree string_cst = get_string_cst ();
>      if (m_show_full_string)
>        {
> -       for (byte_offset_t byte_idx = bytes.get_start_byte_offset ();
> -           byte_idx < bytes.get_next_byte_offset ();
> -           byte_idx = byte_idx + 1)
> -        add_column_for_byte (t, btm, sm, byte_idx,
> -                             byte_idx_table_y, byte_val_table_y);
> +       for (byte_offset_t byte_idx_within_cluster
> +             = bytes.get_start_byte_offset ();
> +           byte_idx_within_cluster < bytes.get_next_byte_offset ();
> +           byte_idx_within_cluster = byte_idx_within_cluster + 1)
> +        add_column_for_byte
> +          (t, btm, sm, byte_idx_within_cluster,
> +           byte_idx_within_cluster - bytes.get_start_byte_offset (),
> +           byte_idx_table_y, byte_val_table_y);
>
>         if (m_show_utf8)
>          {
> @@ -1566,10 +1575,13 @@ public:
>                  = decoded_char.m_start_byte - TREE_STRING_POINTER 
> (string_cst);
>                byte_size_t size_in_bytes
>                  = decoded_char.m_next_byte - decoded_char.m_start_byte;
> -              byte_range bytes (start_byte_idx, size_in_bytes);
> +              byte_range cluster_bytes_for_codepoint
> +                (start_byte_idx + bytes.get_start_byte_offset (),
> +                 size_in_bytes);
>
>                const table::rect_t code_point_table_rect
> -                = btm.get_table_rect (&m_string_reg, bytes,
> +                = btm.get_table_rect (&m_string_reg,
> +                                      cluster_bytes_for_codepoint,
>                                        utf8_code_point_table_y, 1);
>                char buf[100];
>                sprintf (buf, "U+%04x", decoded_char.m_ch);
> @@ -1579,7 +1591,8 @@ public:
>                if (show_unichars)
>                  {
>                    const table::rect_t character_table_rect
> -                    = btm.get_table_rect (&m_string_reg, bytes,
> +                    = btm.get_table_rect (&m_string_reg,
> +                                          cluster_bytes_for_codepoint,
>                                            utf8_character_table_y, 1);
>                    if (cpp_is_printable_char (decoded_char.m_ch))
>                      t.set_cell_span (character_table_rect,
> @@ -1598,12 +1611,14 @@ public:
>        {
>         /* Head of string.  */
>         for (int byte_idx = 0; byte_idx < m_ellipsis_head_len; byte_idx++)
> -         add_column_for_byte (t, btm, sm, byte_idx,
> +         add_column_for_byte (t, btm, sm,
> +                              byte_idx + bytes.get_start_byte_offset (),
> +                              byte_idx,
>                                byte_idx_table_y, byte_val_table_y);
>
>         /* Ellipsis (two rows high).  */
>         const byte_range ellipsis_bytes
> -         (m_ellipsis_head_len,
> +         (m_ellipsis_head_len + bytes.get_start_byte_offset (),
>            TREE_STRING_LENGTH (string_cst)
>            - (m_ellipsis_head_len + m_ellipsis_tail_len));
>         const table::rect_t table_rect
> @@ -1616,7 +1631,9 @@ public:
>                = (TREE_STRING_LENGTH (string_cst) - m_ellipsis_tail_len);
>              byte_idx < TREE_STRING_LENGTH (string_cst);
>              byte_idx++)
> -         add_column_for_byte (t, btm, sm, byte_idx,
> +         add_column_for_byte (t, btm, sm,
> +                              byte_idx + bytes.get_start_byte_offset (),
> +                              byte_idx,
>                                byte_idx_table_y, byte_val_table_y);
>        }
>
> @@ -1660,25 +1677,27 @@ private:
>
>    void add_column_for_byte (table &t, const bit_to_table_map &btm,
>                             style_manager &sm,
> -                           const byte_offset_t byte_idx,
> +                           const byte_offset_t byte_idx_within_cluster,
> +                           const byte_offset_t byte_idx_within_string,
>                             const int byte_idx_table_y,
>                             const int byte_val_table_y) const
>    {
>      tree string_cst = get_string_cst ();
> -    gcc_assert (byte_idx >= 0);
> -    gcc_assert (byte_idx < TREE_STRING_LENGTH (string_cst));
> +    gcc_assert (byte_idx_within_string >= 0);
> +    gcc_assert (byte_idx_within_string < TREE_STRING_LENGTH (string_cst));
>
> -    const byte_range bytes (byte_idx, 1);
> +    const byte_range bytes (byte_idx_within_cluster, 1);
>      if (1) // show_byte_indices
>        {
>         const table::rect_t idx_table_rect
>           = btm.get_table_rect (&m_string_reg, bytes, byte_idx_table_y, 1);
>         t.set_cell_span (idx_table_rect,
>                          fmt_styled_string (sm, "[%li]",
> -                                           byte_idx.ulow ()));
> +                                           byte_idx_within_string.ulow ()));
>        }
>
> -    char byte_val = TREE_STRING_POINTER (string_cst)[byte_idx.ulow ()];
> +    char byte_val
> +      = TREE_STRING_POINTER (string_cst)[byte_idx_within_string.ulow ()];
>      const table::rect_t val_table_rect
>        = btm.get_table_rect (&m_string_reg, bytes, byte_val_table_y, 1);
>      table_cell_content content (make_cell_content_for_byte (sm, byte_val));
> diff --git a/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-17.c 
> b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-17.c
> new file mode 100644
> index 000000000000..6920e8c776fc
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-17.c
> @@ -0,0 +1,34 @@
> +/* { dg-additional-options "-fdiagnostics-text-art-charset=unicode" } */
> +
> +#include <string.h>
> +
> +void test (void)
> +{
> +  char buf[10];
> +  strcpy (buf, "hello");
> +  strcat (buf, " world!"); /* { dg-warning "stack-based buffer overflow" } */
> +  /* { dg-message "write of 3 bytes to beyond the end of 'buf'" "" { target 
> *-*-* } .-1 } */
> +}
> +
> +/* { dg-begin-multiline-output "" }
> +                           ┌─────┬─────┬────┬────┬────┐┌─────┬─────┬─────┐
> +                           │ [0] │ [1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │
> +                           ├─────┼─────┼────┼────┼────┤├─────┼─────┼─────┤
> +                           │ ' ' │ 'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │
> +                           ├─────┴─────┴────┴────┴────┴┴─────┴─────┴─────┤
> +                           │      string literal (type: 'char[8]')       │
> +                           └─────────────────────────────────────────────┘
> +                              │     │    │    │    │      │     │     │
> +                              │     │    │    │    │      │     │     │
> +                              v     v    v    v    v      v     v     v
> +  ┌─────┬────────────────────────────────────────┬────┐┌─────────────────┐
> +  │ [0] │                  ...                   │[9] ││                 │
> +  ├─────┴────────────────────────────────────────┴────┤│after valid range│
> +  │             'buf' (type: 'char[10]')              ││                 │
> +  └───────────────────────────────────────────────────┘└─────────────────┘
> +  ├─────────────────────────┬─────────────────────────┤├────────┬────────┤
> +                            │                                   │
> +                  ╭─────────┴────────╮                ╭─────────┴─────────╮
> +                  │capacity: 10 bytes│                │overflow of 3 bytes│
> +                  ╰──────────────────╯                ╰───────────────────╯
> +   { dg-end-multiline-output "" } */
> diff --git a/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-18.c 
> b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-18.c
> new file mode 100644
> index 000000000000..ea0b88019cd9
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-18.c
> @@ -0,0 +1,38 @@
> +/* { dg-additional-options "-fdiagnostics-text-art-charset=unicode" } */
> +
> +#include <string.h>
> +
> +void test (void)
> +{
> +  char buf[11];
> +  strcpy (buf, "サツキ");
> +  strcat (buf, "メイ"); /* { dg-warning "stack-based buffer overflow" } */
> +  /* { dg-message "write of 5 bytes to beyond the end of 'buf'" "" { target 
> *-*-* } .-1 } */
> +}
> +
> +/* { dg-begin-multiline-output "" }
> +                             ┌─────┬─────────┐┌────┬────┬────┬────┬──────┐
> +                             │ [0] │   [1]   ││[2] │[3] │[4] │[5] │ [6]  │
> +                             ├─────┼─────────┤├────┼────┼────┼────┼──────┤
> +                             │0xe3 │  0x83   ││0xa1│0xe3│0x82│0xa4│ 0x00 │
> +                             ├─────┴─────────┴┴────┼────┴────┴────┼──────┤
> +                             │       U+30e1        │    U+30a4    │U+0000│
> +                             ├─────────────────────┼──────────────┼──────┤
> +                             │         メ          │      イ      │ NUL  │
> +                             ├─────────────────────┴──────────────┴──────┤
> +                             │     string literal (type: 'char[7]')      │
> +                             └───────────────────────────────────────────┘
> +                                │       │       │    │    │    │     │
> +                                │       │       │    │    │    │     │
> +                                v       v       v    v    v    v     v
> +  ┌────┬───────────────────────────┬─────────┐┌──────────────────────────┐
> +  │[0] │            ...            │  [10]   ││                          │
> +  ├────┴───────────────────────────┴─────────┤│    after valid range     │
> +  │         'buf' (type: 'char[11]')         ││                          │
> +  └──────────────────────────────────────────┘└──────────────────────────┘
> +  ├────────────────────┬─────────────────────┤├────────────┬─────────────┤
> +                       │                                   │
> +             ╭─────────┴────────╮                ╭─────────┴─────────╮
> +             │capacity: 11 bytes│                │overflow of 5 bytes│
> +             ╰──────────────────╯                ╰───────────────────╯
> +   { dg-end-multiline-output "" } */
> diff --git a/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c 
> b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c
> new file mode 100644
> index 000000000000..35ab72b6efc2
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c
> @@ -0,0 +1,45 @@
> +/* { dg-additional-options "-fdiagnostics-text-art-charset=unicode 
> -Wno-stringop-overflow" } */
> +/* { dg-skip-if "" { powerpc-ibm-aix* } } */
> +
> +#include <string.h>
> +
> +#define LOREM_IPSUM \
> +  "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod" \
> +  " tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim" \
> +  " veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea" 
> \
> +  " commodo consequat. Duis aute irure dolor in reprehenderit in voluptate" \
> +  " velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint" \
> +  " occaecat cupidatat non proident, sunt in culpa qui officia deserunt" \
> +  " mollit anim id est laborum."
> +
> +void
> +test_long_string ()
> +{
> +  char buf[100];
> +  strcpy (buf, "abc ");
> +  strcat (buf, LOREM_IPSUM); /* { dg-warning "stack-based buffer overflow" } 
> */
> +  /* { dg-message "write of 350 bytes to beyond the end of 'buf'" "" { 
> target *-*-* } .-1 } */
> +}
> +
> +/* { dg-begin-multiline-output "" }
> +        ┌───┬───┬───┬───┬───┬───┬───────┬─────┬─────┬─────┬─────┬─────┬─────┐
> +        │[0]│[1]│[2]│[3]│[4]│[5]│       │[440]│[441]│[442]│[443]│[444]│[445]│
> +        ├───┼───┼───┼───┼───┼───┤  ...  ├─────┼─────┼─────┼─────┼─────┼─────┤
> +        │'L'│'o'│'r'│'e'│'m'│' '│       │ 'o' │ 'r' │ 'u' │ 'm' │ '.' │ NUL │
> +        ├───┴───┴───┴───┴───┴───┴───────┴─────┴─────┴─────┴─────┴─────┴─────┤
> +        │                string literal (type: 'char[446]')                 │
> +        └───────────────────────────────────────────────────────────────────┘
> +          │   │   │   │   │   │ │  │   │   │     │     │     │     │     │
> +          │   │   │   │   │   │ │  │   │   │     │     │     │     │     │
> +          v   v   v   v   v   v v  v   v   v     v     v     v     v     v
> +  ┌───┬──────────────────────────┬────┐┌────────────────────────────────────┐
> +  │[0]│           ...            │[99]││                                    │
> +  ├───┴──────────────────────────┴────┤│         after valid range          │
> +  │     'buf' (type: 'char[100]')     ││                                    │
> +  └───────────────────────────────────┘└────────────────────────────────────┘
> +  ├─────────────────┬─────────────────┤├─────────────────┬──────────────────┤
> +                    │                                    │
> +          ╭─────────┴─────────╮               ╭──────────┴──────────╮
> +          │capacity: 100 bytes│               │overflow of 350 bytes│
> +          ╰───────────────────╯               ╰─────────────────────╯
> +   { dg-end-multiline-output "" } */
> --
> 2.26.3
>

Reply via email to