Howdy!
I'm working on enhancements to our out-of-bounds warnings in VRP, such
that we can warn and isolate conditionally out-of-bound accesses
(similar to what we do in gimple-ssa-isolate-paths.c for NULL accesses).
With my WIP I have found the following out of bounds in the array access
at the end of maximal_insn_latency:
int
maximal_insn_latency (rtx insn)
{
int insn_code;
if (insn == 0)
insn_code = DFA__ADVANCE_CYCLE;
else
{
insn_code = dfa_insn_code (as_a <rtx_insn *> (insn));
if (insn_code > DFA__ADVANCE_CYCLE)
return 0;
}
return internal_maximal_insn_latency (insn_code, insn);
}
In the case where insn==0, insn_code is set to the size of
default_latencies[] which will get accessed in the return.
Does insn==0 never happen? Are we reading past the end of
default_latencies[]? What am I missing?
Perhaps we can do:
if (insn == 0) {
gcc_unreachable();
return 1;
}
Or is insn==0? In which case, what should we return?
Aldy
