[Bug tree-optimization/92868] [10 Regression] ICE: tree check: expected integer_cst, have ssa_name in to_wide, at tree.h:5855
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92868 Martin Sebor changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #7 from Martin Sebor --- Fixed by r279392.
[Bug tree-optimization/92868] [10 Regression] ICE: tree check: expected integer_cst, have ssa_name in to_wide, at tree.h:5855
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92868 --- Comment #6 from Martin Sebor --- Author: msebor Date: Sat Dec 14 00:52:46 2019 New Revision: 279392 URL: https://gcc.gnu.org/viewcvs?rev=279392&root=gcc&view=rev Log: PR middle-end/91582 - missing heap overflow detection for strcpy PR middle-end/92868 - ICE: tree check: expected integer_cst, have ssa_name gcc/ChangeLog: PR middle-end/91582 PR middle-end/92868 * builtins.c (addr_decl_size): New function. (gimple_call_alloc_size): Add arguments. (compute_objsize): Add an argument. Set *PDECL even for allocated objects. Correct checking for negative wide_int. Correct handling of negative outer offsets into unknown regions or with unknown inner offsets. Extend offsets to at most sizetype precision. Only handle constant subobject sizes. * builtins.h (gimple_call_alloc_size): Add arguments. * tree.c (component_ref_size): Always return sizetype. * tree-ssa-strlen.c (strinfo::alloc): New member. (get_addr_stridx): Add argument. (get_stridx): Use ptrdiff_t. Add argument. (new_strinfo): Set new member. (get_string_length): Handle alloca and VLA. (dump_strlen_info): Dump more state. (maybe_invalidate): Print more info. Decrease indentation. (unshare_strinfo): Set new member. (valid_builtin_call): Handle alloca and VLA. (maybe_warn_overflow): Check and set no-warning bit. Improve handling of offsets. Print allocated objects. (handle_builtin_strlen): Handle strinfo records with null lengths. (handle_builtin_strcpy): Add argument. Call maybe_warn_overflow. (is_strlen_related_p): Handle dynamically allocated objects. (get_range): Add argument. (handle_builtin_malloc): Rename... (handle_alloc): ...to this and handle all allocation functions. (handle_builtin_memset): Call maybe_warn_overflow. (count_nonzero_bytes): Handle more MEM_REF forms. (strlen_check_and_optimize_call): Call handle_alloc_call. Pass arguments to more callees. (handle_integral_assign): Add argument. Create strinfo entries for MEM_REF assignments. (check_and_optimize_stmt): Handle more MEM_REF forms. gcc/testsuite/ChangeLog: PR middle-end/91582 * c-c++-common/Wrestrict.c: Adjust expected warnings. * gcc/testsuite/c-c++-common/Wstringop-truncation-4.c: Enable more warnings. * gcc/testsuite/c-c++-common/Wstringop-truncation.c: Remove an xfail. * gcc.dg/Warray-bounds-46.c: Disable -Wstringop-overflow. * gcc.dg/Warray-bounds-47.c: Same. * gcc.dg/Warray-bounds-52.c: New test. * gcc.dg/Wstringop-overflow-27.c: New test. * gcc.dg/Wstringop-overflow-28.c: New test. * gcc.dg/Wstringop-overflow-29.c: New test. * gcc.dg/attr-alloc_size.c (test): Disable -Warray-bounds. * gcc.dg/attr-copy-2.c: Adjust expected warnings. * gcc.dg/builtin-stringop-chk-5.c: Adjust text of expected messages. * gcc.dg/strlenopt-86.c: Relax test. * gcc.target/i386/pr82002-1.c: Prune expected warnings. Added: trunk/gcc/testsuite/gcc.dg/Warray-bounds-52.c trunk/gcc/testsuite/gcc.dg/Wstringop-overflow-27.c trunk/gcc/testsuite/gcc.dg/Wstringop-overflow-28.c trunk/gcc/testsuite/gcc.dg/Wstringop-overflow-29.c Modified: trunk/gcc/ChangeLog trunk/gcc/builtins.c trunk/gcc/builtins.h trunk/gcc/testsuite/ChangeLog trunk/gcc/testsuite/c-c++-common/Wrestrict.c trunk/gcc/testsuite/c-c++-common/Wstringop-truncation-4.c trunk/gcc/testsuite/c-c++-common/Wstringop-truncation.c trunk/gcc/testsuite/g++.dg/warn/Wstringop-overflow-3.C trunk/gcc/testsuite/gcc.dg/Warray-bounds-46.c trunk/gcc/testsuite/gcc.dg/Warray-bounds-47.c trunk/gcc/testsuite/gcc.dg/attr-alloc_size.c trunk/gcc/testsuite/gcc.dg/attr-copy-2.c trunk/gcc/testsuite/gcc.dg/builtin-stringop-chk-5.c trunk/gcc/testsuite/gcc.dg/strlenopt-86.c trunk/gcc/testsuite/gcc.target/i386/pr82002-1.c trunk/gcc/tree-ssa-strlen.c trunk/gcc/tree-ssa-strlen.h trunk/gcc/tree.c
[Bug tree-optimization/92868] [10 Regression] ICE: tree check: expected integer_cst, have ssa_name in to_wide, at tree.h:5855
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92868 --- Comment #5 from Jakub Jelinek --- (In reply to Martin Sebor from comment #4) > The problem is fixed by the patch for PR 91582: > https://gcc.gnu.org/ml/gcc-patches/2019-12/msg00478.html That patch doesn't even mention the compute_objsize changes that matter most for this in the ChangeLog entry. The sign_mask > 0 case which is never possible is still in there etc.
[Bug tree-optimization/92868] [10 Regression] ICE: tree check: expected integer_cst, have ssa_name in to_wide, at tree.h:5855
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92868 Martin Sebor changed: What|Removed |Added Keywords||patch --- Comment #4 from Martin Sebor --- The problem is fixed by the patch for PR 91582: https://gcc.gnu.org/ml/gcc-patches/2019-12/msg00478.html
[Bug tree-optimization/92868] [10 Regression] ICE: tree check: expected integer_cst, have ssa_name in to_wide, at tree.h:5855
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92868 --- Comment #3 from Martin Sebor --- Martin, thanks for CC'ing me on bugs I cause, but please leave assigning them to me or whoever might choose to come up with a fix before I get to it.
[Bug tree-optimization/92868] [10 Regression] ICE: tree check: expected integer_cst, have ssa_name in to_wide, at tree.h:5855
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92868
Jakub Jelinek changed:
What|Removed |Added
CC||jakub at gcc dot gnu.org
--- Comment #2 from Jakub Jelinek ---
That code has lots of issues. Some in patch form as I was going through them:
gimple_call_alloc_size: for the case when size is INTEGER_CST and it is the one
argument alloc_size, I don't see a reason not to return size earlier, there is
no need to wi::to_wide. I don't see a point in computing rng1[0] and rng2[0]
when nothing really uses it (write-only element). Some formatting and typo in
comment.
I don't understand why you are using wi::sign_mask, the normal test for
negative wide_int when it is treated as signed integer of the corresponding
precision is wi::neg_p, that is more readable and descriptive. If something is
tested on the wide ints with extra precision and the ::from was UNSIGNED, that
is of course not possible, but sign_mask will not work in that case either.
And if it is ::from with SIGNED, neg_p should work fine too.
There is a weird:
wide_int declsize = wi::to_wide (size);
if (wi::sign_mask (dstoffrng[0]) > 0)
declsize += dstoffrng[0];
that condition is never true, sign_mask will only ever return 0 or -1:
return (HOST_WIDE_INT) (high) < 0 ? -1 : 0;
None of this fixes the ICE. How exactly to fix that depends on whether *poff
can be something other than INTEGER_CST or not. If it can be only INTEGER_CST,
then whatever code is setting *poff to non-INTEGER_CST should instead punt or
set to some safe value, whatever, if it can be anything, then while it is fine
to call functions like integer_zerop etc. on that, tree_int_cst_sgn requires
the argument to be INTEGER_CST only, so there needs to be TREE_CODE (*poff) ==
INTEGER_CST && tree_int_csgn (*poff) < 0 instead. Or perhaps you want
!tree_expr_nonnegative_p (*poff) instead?
--- gcc/builtins.c.jj 2019-12-05 09:47:23.178710510 +0100
+++ gcc/builtins.c 2019-12-09 15:52:55.951404452 +0100
@@ -3746,36 +3746,33 @@ gimple_call_alloc_size (gimple *stmt)
}
tree size = gimple_call_arg (stmt, argidx1);
+ if (argidx2 > nargs && TREE_CODE (size) == INTEGER_CST)
+return size;
wide_int rng1[2];
if (TREE_CODE (size) == INTEGER_CST)
-rng1[0] = rng1[1] = wi::to_wide (size);
+rng1[1] = wi::to_wide (size);
else if (TREE_CODE (size) != SSA_NAME
|| get_range_info (size, rng1, rng1 + 1) != VR_RANGE)
return NULL_TREE;
- if (argidx2 > nargs && TREE_CODE (size) == INTEGER_CST)
-return size;
-
/* To handle ranges do the math in wide_int and return the product
of the upper bounds as a constant. Ignore anti-ranges. */
- tree n = argidx2 < nargs ? gimple_call_arg (stmt, argidx2) :
integer_one_node;
+ tree n
+= argidx2 < nargs ? gimple_call_arg (stmt, argidx2) : integer_one_node;
wide_int rng2[2];
if (TREE_CODE (n) == INTEGER_CST)
-rng2[0] = rng2[1] = wi::to_wide (n);
+rng2[1] = wi::to_wide (n);
else if (TREE_CODE (n) != SSA_NAME
|| get_range_info (n, rng2, rng2 + 1) != VR_RANGE)
return NULL_TREE;
- /* Extend to the maximum precsion to avoid overflow. */
+ /* Extend to the maximum precision to avoid overflow. */
const int prec = ADDR_MAX_PRECISION;
- rng1[0] = wide_int::from (rng1[0], prec, UNSIGNED);
rng1[1] = wide_int::from (rng1[1], prec, UNSIGNED);
- rng2[0] = wide_int::from (rng2[0], prec, UNSIGNED);
rng2[1] = wide_int::from (rng2[1], prec, UNSIGNED);
/* Return the lesser of SIZE_MAX and the product of the upper bounds. */
- rng1[0] = rng1[0] * rng2[0];
rng1[1] = rng1[1] * rng2[1];
tree size_max = TYPE_MAX_VALUE (sizetype);
if (wi::gtu_p (rng1[1], wi::to_wide (size_max, prec)))
@@ -3853,7 +3850,7 @@ compute_objsize (tree dest, int ostype,
/* Ignore negative offsets for now. For others,
use the lower bound as the most optimistic
estimate of the (remaining) size. */
- if (wi::sign_mask (wioff))
+ if (wi::neg_p (wioff))
;
else if (wi::ltu_p (wioff, wisiz))
{
@@ -3882,9 +3879,8 @@ compute_objsize (tree dest, int ostype,
/* Ignore negative offsets for now. For others,
use the lower bound as the most optimistic
-estimate of the (remaining)size. */
- if (wi::sign_mask (min)
- || wi::sign_mask (max))
+estimate of the (remaining) size. */
+ if (wi::neg_p (min) || wi::neg_p (max))
;
else if (wi::ltu_p (min, wisiz))
{
@@ -3912,8 +3908,7 @@ compute_objsize (tree dest, int ostype,
if (!ostype)
return
[Bug tree-optimization/92868] [10 Regression] ICE: tree check: expected integer_cst, have ssa_name in to_wide, at tree.h:5855
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92868 Martin Liška changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2019-12-09 CC||marxin at gcc dot gnu.org Known to work||9.2.0 Assignee|unassigned at gcc dot gnu.org |msebor at gcc dot gnu.org Ever confirmed|0 |1 Known to fail||10.0 --- Comment #1 from Martin Liška --- Confirmed, started with r278983.
[Bug tree-optimization/92868] [10 Regression] ICE: tree check: expected integer_cst, have ssa_name in to_wide, at tree.h:5855
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92868 Richard Biener changed: What|Removed |Added CC||msebor at gcc dot gnu.org Target Milestone|--- |10.0
