From patchwork Fri Jun 17 10:40:58 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom de Vries <vries@codesourcery.com>
X-Patchwork-Id: 100792
Return-Path: 
 <gcc-patches-return-294641-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	by ozlabs.org (Postfix) with SMTP id 06345B6F7C
	for <incoming@patchwork.ozlabs.org>;
	Fri, 17 Jun 2011 20:40:02 +1000 (EST)
Received: (qmail 2962 invoked by alias); 17 Jun 2011 10:40:00 -0000
Received: (qmail 2950 invoked by uid 22791); 17 Jun 2011 10:39:59 -0000
X-SWARE-Spam-Status: No, hits=-1.7 required=5.0	tests=AWL, BAYES_00,
	RCVD_IN_DNSWL_NONE, SPF_FAIL
X-Spam-Check-By: sourceware.org
Received: from smtp-vbr12.xs4all.nl (HELO smtp-vbr12.xs4all.nl)
	(194.109.24.32) by sourceware.org (qpsmtpd/0.43rc1) with
	ESMTP; Fri, 17 Jun 2011 10:39:45 +0000
Received: from [192.168.1.68] (teejay.xs4all.nl
	[213.84.119.160])	(authenticated bits=0)	by
	smtp-vbr12.xs4all.nl (8.13.8/8.13.8) with ESMTP id
	p5HAdfWK001571	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO);
	Fri, 17 Jun 2011 12:39:43 +0200 (CEST)	(envelope-from
	vries@codesourcery.com)
Message-ID: <4DFB2F3A.3040706@codesourcery.com>
Date: Fri, 17 Jun 2011 12:40:58 +0200
From: Tom de Vries <vries@codesourcery.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Jeff Law <law@redhat.com>
CC: Zdenek Dvorak <rakdver@kam.mff.cuni.cz>, gcc-patches@gcc.gnu.org
Subject: Re: [PATCH PR45098] Disallow NULL pointer in pointer arithmetic
References: <4DF9A526.9060906@codesourcery.com> <4DFA7D1C.9040105@redhat.com>
In-Reply-To: <4DFA7D1C.9040105@redhat.com>
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org

On 06/17/2011 12:01 AM, Jeff Law wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 06/16/11 00:39, Tom de Vries wrote:
>> Hi,
>>
>> Consider the following example.
>>
>> extern unsigned int foo (int*) __attribute__((pure));
>> unsigned int
>> tr (int array[], int n)
>> {
>>   unsigned int i;
>>   unsigned int sum = 0;
>>   for (i = 0; i < n; i++)
>>     sum += foo (&array[i]);
>>   return sum;
>> }
>>
>> For 32-bit pointers, the analysis in infer_loop_bounds_from_pointer_arith
>> currently concludes that the range of valid &array[i] is &array[0x0] to
>> &array[0x3fffffff], meaning 0x40000000 distinct values.
>> This implies that i < n is executed at most 0x40000001 times, and i < n
>> cannot be eliminated by an 32-bit iterator with step 4, since that one has
>> only 0x40000000 distinct values.
>>
>> The patch reasons that NULL cannot be used or produced by pointer
>> arithmetic, and that we can exclude the possibility of the NULL pointer in the
>> range. So the range of valid &array[i] is &array[0] to &array[0x3ffffffe],
>> meaning 0x3fffffff distinct values.
>> This implies that i < n is executed at most 0x40000000 times and i < n can be
>> eliminated.
>>
>> The patch implements this new limitation by changing the (low, high, step)
>> triplet in infer_loop_bounds_from_pointer_arith from (0x0, 0xffffffff, 0x4)
>> to (0x4, 0xffffffff, 0x4).
>>
>> I'm not too happy about the test for C-like language: ptrdiff_type_node !=
>> NULL_TREE, but I'm not sure how else to test for this.
>>
>> Bootstrapped and reg-tested on x86_64.
>>
>> I will sent the adapted test cases in a separate email.

> Interesting.  I'd never thought about the generation/use angle to prove
> a pointer was non-null.  ISTM we could use that same logic to infer that
> more pointers are non-null in extract_range_from_binary_expr.
> 
> Interested in tackling that improvement, obviously as an independent patch?
> 

I'm not familiar with vrp code, but.. something like this?


Thanks,
- Tom

Index: tree-vrp.c
===================================================================
--- tree-vrp.c	(revision 173703)
+++ tree-vrp.c	(working copy)
@@ -2273,7 +2273,12 @@ extract_range_from_binary_expr (value_ra
 	{
 	  /* For pointer types, we are really only interested in asserting
 	     whether the expression evaluates to non-NULL.  */
-	  if (range_is_nonnull (&vr0) || range_is_nonnull (&vr1))
+	  if (flag_delete_null_pointer_checks && nowrap_type_p (expr_type))
+	    {
+	      set_value_range_to_nonnull (vr, expr_type);
+	      set_value_range_to_nonnull (&vr0, expr_type);
+	    }
+	  else if (range_is_nonnull (&vr0) || range_is_nonnull (&vr1))
 	    set_value_range_to_nonnull (vr, expr_type);
 	  else if (range_is_null (&vr0) && range_is_null (&vr1))
 	    set_value_range_to_null (vr, expr_type);