From cf3aa538317d6c525739f339b79010ae82dc20f5 Mon Sep 17 00:00:00 2001 From: Jakub Jelinek Date: Wed, 30 Aug 2023 11:21:45 +0200 Subject: [PATCH] tree-ssa-strlen: Fix up handling of conditionally zero memcpy [PR110914] The following testcase is miscompiled since r279392 aka r10-5451-gef29b12cfbb4979 The strlen pass has adjust_last_stmt function, which performs mainly strcat or strcat-like optimizations (say strcpy (x, "abcd"); strcat (x, p); or equivalent memcpy (x, "abcd", strlen ("abcd") + 1); char *q = strchr (x, 0); memcpy (x, p, strlen (p)); etc. where the first stmt stores '\0' character at the end but next immediately overwrites it and so the first memcpy can be adjusted to store 1 fewer bytes. handle_builtin_memcpy called this function in two spots, the first one guarded like: if (olddsi != NULL && tree_fits_uhwi_p (len) && !integer_zerop (len)) adjust_last_stmt (olddsi, stmt, false); i.e. only for constant non-zero length. The other spot can call it even for non-constant length but in that case we punt before that if that length isn't length of some string + 1, so again non-zero. The r279392 change I assume wanted to add some warning stuff and changed it like if (olddsi != NULL - && tree_fits_uhwi_p (len) && !integer_zerop (len)) - adjust_last_stmt (olddsi, stmt, false); + { + maybe_warn_overflow (stmt, len, rvals, olddsi, false, true); + adjust_last_stmt (olddsi, stmt, false); + } While maybe_warn_overflow possibly handles non-constant length fine, adjust_last_stmt really relies on length to be non-zero, which !integer_zerop (len) alone doesn't guarantee. While we could for len being SSA_NAME ask the ranger or tree_expr_nonzero_p, I think adjust_last_stmt will not benefit from it much, so the following patch just restores the above condition/previous behavior for the adjust_last_stmt call only. 2023-08-30 Jakub Jelinek PR tree-optimization/110914 * tree-ssa-strlen.c (strlen_pass::handle_builtin_memcpy): Don't call adjust_last_stmt unless len is known constant. * gcc.c-torture/execute/pr110914.c: New test. (cherry picked from commit 398842e7038ea0f34054f0f694014d0ecd656846) --- .../gcc.c-torture/execute/pr110914.c | 22 +++++++++++++++++++ gcc/tree-ssa-strlen.c | 3 ++- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/gcc.c-torture/execute/pr110914.c diff --git a/gcc/testsuite/gcc.c-torture/execute/pr110914.c b/gcc/testsuite/gcc.c-torture/execute/pr110914.c new file mode 100644 index 000000000000..ccc04e1bdd41 --- /dev/null +++ b/gcc/testsuite/gcc.c-torture/execute/pr110914.c @@ -0,0 +1,22 @@ +/* PR tree-optimization/110914 */ + +__attribute__ ((noipa)) int +foo (const char *s, unsigned long l) +{ + unsigned char r = 0; + __builtin_memcpy (&r, s, l != 0); + return r; +} + +int +main () +{ + const char *p = "123456"; + int a = foo (p, __builtin_strlen (p) - 5); + int b = foo (p, __builtin_strlen (p) - 6); + if (a != '1') + __builtin_abort (); + if (b != 0) + __builtin_abort (); + return 0; +} diff --git a/gcc/tree-ssa-strlen.c b/gcc/tree-ssa-strlen.c index 9f317a190ee1..cfffc220073a 100644 --- a/gcc/tree-ssa-strlen.c +++ b/gcc/tree-ssa-strlen.c @@ -3231,7 +3231,8 @@ handle_builtin_memcpy (enum built_in_function bcode, gimple_stmt_iterator *gsi, && !integer_zerop (len)) { maybe_warn_overflow (stmt, len, ptr_qry, olddsi, false, true); - adjust_last_stmt (olddsi, stmt, false, ptr_qry); + if (tree_fits_uhwi_p (len)) + adjust_last_stmt (olddsi, stmt, false, ptr_qry); } int idx = get_stridx (src); -- 2.47.2