From 3097760b308aff6ac9f037495a1ea06255409e15 Mon Sep 17 00:00:00 2001 From: Jan Hubicka Date: Sun, 13 Jan 2008 12:18:08 +0100 Subject: [PATCH] re PR middle-end/32135 (bogus array-ref fold triggering array overflow warning) PR middle-end/32135 * tree-ssa-ccp.c (maybe_fold_offset_to_array_ref): Do not construct references above array bounds. This might trigger bounds checks for pointers to arrays. From-SVN: r131502 --- gcc/ChangeLog | 7 +++++++ gcc/testsuite/ChangeLog | 5 +++++ gcc/testsuite/gcc.dg/pr32135.c | 11 +++++++++++ gcc/tree-ssa-ccp.c | 24 ++++++++++++++++++++++-- 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/pr32135.c diff --git a/gcc/ChangeLog b/gcc/ChangeLog index 045118afb49e..6cd0af8b5323 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,10 @@ +2008-01-12 Jan Hubicka + + PR middle-end/32135 + * tree-ssa-ccp.c (maybe_fold_offset_to_array_ref): Do not construct + references above array bounds. This might trigger bounds checks for + pointers to arrays. + 2008-01-12 Sebastian Pop * tree-ssa-ter.c (free_temp_expr_table): Free num_in_part and diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index 34b4ec115802..b067970ec88d 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,8 @@ +2008-01-13 Jan Hubicka + + PR middle-end/32135 + * gcc.dg/pr32135.c: new. + 2008-01-12 Doug Kwan * gcc.dg/qual-return-1.c: Add -Wignored-qualifiers. diff --git a/gcc/testsuite/gcc.dg/pr32135.c b/gcc/testsuite/gcc.dg/pr32135.c new file mode 100644 index 000000000000..445965644127 --- /dev/null +++ b/gcc/testsuite/gcc.dg/pr32135.c @@ -0,0 +1,11 @@ +/* { dg-do compile } */ +/* { dg-options "-Warray-bounds -O2" } */ +struct PhaseEntryType +{ + char raw_field[50 + 1]; +}; +int +ParsePhase (char in_cols[15][250], struct PhaseEntryType *P) +{ + __builtin_strncpy (P->raw_field, in_cols[2], 50); +} diff --git a/gcc/tree-ssa-ccp.c b/gcc/tree-ssa-ccp.c index 15f14c4c6085..f9f1217c5fc0 100644 --- a/gcc/tree-ssa-ccp.c +++ b/gcc/tree-ssa-ccp.c @@ -1588,6 +1588,7 @@ maybe_fold_offset_to_array_ref (tree base, tree offset, tree orig_type) { tree min_idx, idx, idx_type, elt_offset = integer_zero_node; tree array_type, elt_type, elt_size; + tree domain_type; /* If BASE is an ARRAY_REF, we can pick up another offset (this time measured in units of the size of elements type) from that ARRAY_REF). @@ -1659,9 +1660,10 @@ maybe_fold_offset_to_array_ref (tree base, tree offset, tree orig_type) low bound, if any, convert the index into that type, and add the low bound. */ min_idx = build_int_cst (idx_type, 0); - if (TYPE_DOMAIN (array_type)) + domain_type = TYPE_DOMAIN (array_type); + if (domain_type) { - idx_type = TYPE_DOMAIN (array_type); + idx_type = domain_type; if (TYPE_MIN_VALUE (idx_type)) min_idx = TYPE_MIN_VALUE (idx_type); else @@ -1681,6 +1683,24 @@ maybe_fold_offset_to_array_ref (tree base, tree offset, tree orig_type) /* Make sure to possibly truncate late after offsetting. */ idx = fold_convert (idx_type, idx); + /* We don't want to construct access past array bounds. For example + char *(c[4]); + + c[3][2]; should not be simplified into (*c)[14] or tree-vrp will give false + warning. */ + if (domain_type && TYPE_MAX_VALUE (domain_type) + && TREE_CODE (TYPE_MAX_VALUE (domain_type)) == INTEGER_CST) + { + tree up_bound = TYPE_MAX_VALUE (domain_type); + + if (tree_int_cst_lt (up_bound, idx) + /* Accesses after the end of arrays of size 0 (gcc + extension) and 1 are likely intentional ("struct + hack"). */ + && compare_tree_int (up_bound, 1) > 0) + return NULL_TREE; + } + return build4 (ARRAY_REF, elt_type, base, idx, NULL_TREE, NULL_TREE); } -- 2.47.2