tree-object-size: Always set computed bit for bdos [PR113012]

It is always safe to set the computed bit for dynamic object sizes at
the end of collect_object_sizes_for because even in case of a dependency
loop encountered in nested calls, we have an SSA temporary to actually
finish the object size expression.  The reexamine pass for dynamic
object sizes is only for propagation of unknowns and gimplification of
the size expressions, not for loop resolution as in the case of static
object sizes.

gcc/ChangeLog:

	PR tree-optimization/113012
	* tree-object-size.cc (compute_builtin_object_size): Expand
	comment for dynamic object sizes.
	(collect_object_sizes_for): Always set COMPUTED bitmap for
	dynamic object sizes.

gcc/testsuite/ChangeLog:

	PR tree-optimization/113012
	* gcc.dg/ubsan/pr113012.c: New test case.

Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>
(cherry picked from commit 576c1fc4401a9dae9757ac2e4fa37d05e130fa3d)

diff --git a/gcc/testsuite/gcc.dg/ubsan/pr113012.c b/gcc/testsuite/gcc.dg/ubsan/pr113012.c
new file mode 100644 (file)
index 0000000..4fc38cd
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/pr113012.c
@@ -0,0 +1,17 @@
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=undefined" } */
+
+int *
+foo (int x, int y, int z, int w)
+{
+  int *p = __builtin_malloc (z * sizeof (int));
+  int *q = p - 1;
+  while (--x > 0)
+    {
+      if (w + 1 > y)
+       q = p - 1;
+      ++*q;
+      ++q;
+    }
+  return p;
+}

diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 64b530bbbf94aa9ebf094cfe0525348c1b110b34..6891dfc0e1e049836bf0a6104310aeb4d8bf272a 100644 (file)
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -1176,10 +1176,12 @@ compute_builtin_object_size (tree ptr, int object_size_type,
          osi.tos = NULL;
        }
 
-      /* First pass: walk UD chains, compute object sizes that
-        can be computed.  osi.reexamine bitmap at the end will
-        contain what variables were found in dependency cycles
-        and therefore need to be reexamined.  */
+      /* First pass: walk UD chains, compute object sizes that can be computed.
+        osi.reexamine bitmap at the end will contain versions of SSA_NAMES
+        that need to be reexamined.  For both static and dynamic size
+        computation, reexamination is for propagation across dependency loops.
+        The dynamic case has the additional use case where the computed
+        expression needs to be gimplified.  */
       osi.pass = 0;
       osi.changed = false;
       collect_object_sizes_for (&osi, ptr);
@@ -1810,11 +1812,16 @@ collect_object_sizes_for (struct object_size_info *osi, tree var)
       gcc_unreachable ();
     }
 
-  if (! reexamine || object_sizes_unknown_p (object_size_type, varno))
+  /* Dynamic sizes use placeholder temps to return an answer, so it is always
+     safe to set COMPUTED for them.  */
+  if ((object_size_type & OST_DYNAMIC)
+      || !reexamine || object_sizes_unknown_p (object_size_type, varno))
     {
       bitmap_set_bit (computed[object_size_type], varno);
       if (!(object_size_type & OST_DYNAMIC))
        bitmap_clear_bit (osi->reexamine, varno);
+      else if (reexamine)
+       bitmap_set_bit (osi->reexamine, varno);
     }
   else
     {