From patchwork Fri Jan 17 21:43:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 1225003 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-517625-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha1 header.s=default header.b=cluqEmk2; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=fjavaotm; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47zvh33mdzz9sSH for ; Sat, 18 Jan 2020 08:43:29 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=QttxWPUDrnGZDo0N /ulxhBhMIc+PmPAiLlTXjjLvXUON68S2o3bb+HYhBTKeMaS/K5Ex5iPLjMMpmwEJ lwrScF7nMxvrb445sEZekQE9K/TEJWKX2+p4kUSClyf/ry+wf+qsae45XHit1jWV dl90BAgq5FqcEjH23dhtjvOlKvY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=default; bh=6O8zLHA9eDXUsyENRaXyBo TykU0=; b=cluqEmk2zVUfkWcMTXNzZl0c51PqTM6uYiuGeq7zI0z1DlyQJEJXiz zyY3ryiMxZ+QQ4noWA+JMFeVIVrCPnycZwzlB2b14ceMOoEB3vqlL0yJQ3GBzvjw jyRjeMv+NOWAVVDOjxc84kBWK90vJjOwFFoH09+iWdu0kZnHQT524= Received: (qmail 89004 invoked by alias); 17 Jan 2020 21:43:21 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 88995 invoked by uid 89); 17 Jan 2020 21:43:21 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-23.2 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy= X-HELO: us-smtp-delivery-1.mimecast.com Received: from us-smtp-2.mimecast.com (HELO us-smtp-delivery-1.mimecast.com) (205.139.110.61) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 17 Jan 2020 21:43:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579297398; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U6RoqC5C8u6zqYGBr+W0/k56ON1uIRGJXdC1UXT8G58=; b=fjavaotmbKlWNHJFZmO8njXB2N1oWP9ocosCS5o9fMoEqXkNMdK7UPQUoKIbHAOqnJGvQo T0Q5Uy7pxm5X0MogvYcoW0/DEiUuLnkDSR9TtOEM/gaATUcw1XTFyP+RpVJNPCbWESGcj2 qwjTl1F2ECr9x+6+5JqqSUJTPJqV+qg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-224-6s5WjDw-NKC68KhrgG4bIA-1; Fri, 17 Jan 2020 16:43:16 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E7E608017CC for ; Fri, 17 Jan 2020 21:43:15 +0000 (UTC) Received: from t470.redhat.com (ovpn-117-41.phx2.redhat.com [10.3.117.41]) by smtp.corp.redhat.com (Postfix) with ESMTP id 87157845B8; Fri, 17 Jan 2020 21:43:15 +0000 (UTC) From: David Malcolm To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed] analyzer: prevent ICE on isnan (PR 93290) Date: Fri, 17 Jan 2020 16:43:11 -0500 Message-Id: <20200117214311.6604-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-IsSubscribed: yes PR analyzer/93290 reports an ICE on calls to isnan(). The root cause is that an UNORDERED_EXPR is passed to region_model::eval_condition_without_cm, and there's a stray gcc_unreachable () in the case where we're comparing an svalue against itself. I attempted a more involved patch that properly handled NaN in general but it seems I've baked the assumption of reflexivity too deeply into the constraint_manager code. For now, this patch avoids the ICE and documents the limitation. Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to master as 07c86323a199ca15177d99ad6c488b8f5fb5c729. gcc/analyzer/ChangeLog: PR analyzer/93290 * region-model.cc (region_model::eval_condition_without_cm): Avoid gcc_unreachable for unexpected operations for the case where we're comparing an svalue against itself. gcc/ChangeLog * doc/analyzer.texi (Limitations): Add note about NaN. gcc/testsuite/ChangeLog: PR analyzer/93290 * gcc.dg/analyzer/pr93290.c: New test. --- gcc/analyzer/region-model.cc | 10 ++++++---- gcc/doc/analyzer.texi | 3 +++ gcc/testsuite/gcc.dg/analyzer/pr93290.c | 9 +++++++++ 3 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93290.c diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index f67572e2d45..1e0be312e03 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -5189,13 +5189,11 @@ region_model::eval_condition_without_cm (svalue_id lhs_sid, { if (lhs == rhs) { - /* If we have the same svalue, then we have equality. + /* If we have the same svalue, then we have equality + (apart from NaN-handling). TODO: should this definitely be the case for poisoned values? */ switch (op) { - default: - gcc_unreachable (); - case EQ_EXPR: case GE_EXPR: case LE_EXPR: @@ -5205,6 +5203,10 @@ region_model::eval_condition_without_cm (svalue_id lhs_sid, case GT_EXPR: case LT_EXPR: return tristate::TS_FALSE; + + default: + /* For other ops, use the logic below. */ + break; } } diff --git a/gcc/doc/analyzer.texi b/gcc/doc/analyzer.texi index b4e9b01da2e..81acdd8998b 100644 --- a/gcc/doc/analyzer.texi +++ b/gcc/doc/analyzer.texi @@ -388,6 +388,9 @@ The implementation of call summaries is currently very simplistic. @item Lack of function pointer analysis @item +The constraint-handling code assumes reflexivity in some places +(that values are equal to themselves), which is not the case for NaN. +@item The region model code creates lots of little mutable objects at each @code{region_model} (and thus per @code{exploded_node}) rather than sharing immutable objects and having the mutable state in the diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93290.c b/gcc/testsuite/gcc.dg/analyzer/pr93290.c new file mode 100644 index 00000000000..fa35629d955 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/pr93290.c @@ -0,0 +1,9 @@ +#include + +int test_1 (void) +{ + float foo = 42.; + if (isnan (foo)) + return 1; + return 0; +}