[Bug middle-end/108988] New: gimple_fold_builtin_fputs doesn't preserve gimple_builtin_call_types_compatible_p

Wed, 01 Mar 2023 13:56:57 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108988

            Bug ID: 108988
           Summary: gimple_fold_builtin_fputs doesn't preserve
                    gimple_builtin_call_types_compatible_p
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: middle-end
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

Whilst working on PR analyzer/107565, I noticed that in this function:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
typedef struct FILE   FILE;

FILE* fopen (const char*, const char*);
int fprintf (FILE *, const char *, ...);

#define NULL ((void *)0)

void
test_2 (void)
{
  int i;

  for (i = 0; i < 2; ++i) {
    FILE *fp = fopen ("/tmp/test", "w");
    fprintf (fp, "hello");
  }
} // should report a leak here

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

the fprintf (fp, "hello"); is optimized to:

  __builtin_fwrite ("hello", 1, 5, fp);

but this call has:

(gdb) p gimple_builtin_call_types_compatible_p (repl, gimple_call_fndecl
(repl))
$23 = false


Specifically, the fprintf is optimized to:
  __builtin_fputs ("hello", fp);

Within gimple_fold_builtin_fprintf this has:

(gdb) call debug(stmt)
__builtin_fputs ("hello", fp);

(gdb) p gimple_builtin_call_types_compatible_p (stmt, gimple_call_fndecl
(stmt))
$19 = true

which is optimized to:

(gdb) call debug(repl)
__builtin_fwrite ("hello", 1, 5, fp);

(gdb) p gimple_builtin_call_types_compatible_p (repl, gimple_call_fndecl
(repl))
$23 = false

Note how the resulting call has "false" for
gimple_builtin_call_types_compatible_p; this is due to argument idx 2 (the 5):

(gdb) p i
$13 = 2
(gdb) p arg
$14 = <integer_cst 0x7fffea7f9ba0>
(gdb) call debug_tree(arg)
 <integer_cst 0x7fffea7f9ba0 type <integer_type 0x7fffea663150 ssizetype>
constant 5>



In the analyzer I'm checking that gimple_builtin_call_types_compatible_p is
true when handling a builtin that it "knows" how to handle, otherwise the
analyzer falls back to assuming that the call could have arbitrary side-effects
(e.g. fclose-ing the file, hence it stops reporting the leak).

Is this a bug in gimple_fold_builtin_fprintf?

Reply via email to