diff mbox series

[committed] avoid handling anti-ranges when checking built-in pointers (PR 88273)

Message ID 62f463bc-b9b0-49e5-865b-5ba443f6af1a@gmail.com
State New
Headers show
Series [committed] avoid handling anti-ranges when checking built-in pointers (PR 88273) | expand

Commit Message

Martin Sebor Jan. 17, 2019, 10:57 p.m. UTC 
The code that detects out-of-bounds pointers in calls to built-ins
like memcpy with POINTER_PLUS_EXPR arguments tried a little too
hard to detect out-of-bounds offsets and didn't handle anti-ranges
correctly.  I don't see how it could have ever worked and there
were no tests for it in the test suite.  PR 88273, however, has
a test case that triggers the bug and causes a false positive.
The attached patch removes the incorrect anti-range handling and
replaces it with the varying fallback when no range info is
available.

Removing my own buggy code seems like an obviously correct and safe
solution so I committed it in r268048 after testing on x86_64-linux
and verifying the test case with a powerpc-linux cross (with which
the bug was first discovered).  Since this regression affects both
GCC 9 and 8 I will backport it to 8 as well.

Martin
diff mbox series

Patch

PR middle-end/88273 - [8/9 Regression] warning: 'memcpy' offset [-527, -529] is out of the bounds [0, 16]

gcc/ChangeLog:

	PR middle-end/88273
	* gimple-ssa-warn-restrict.c (builtin_memref::extend_offset_range):
	Handle anti-ranges the same as no range at all.

gcc/testsuite/ChangeLog:

	PR middle-end/88273
	* gcc.dg/Warray-bounds-38.c: New test.

Index: gcc/gimple-ssa-warn-restrict.c
===================================================================
--- gcc/gimple-ssa-warn-restrict.c	(revision 268037)
+++ gcc/gimple-ssa-warn-restrict.c	(working copy)
@@ -319,13 +319,9 @@  builtin_memref::extend_offset_range (tree offset)
 	  offrange[0] += offset_int::from (min, SIGNED);
 	  offrange[1] += offset_int::from (max, SIGNED);
 	}
-      else if (rng == VR_ANTI_RANGE)
-	{
-	  offrange[0] += offset_int::from (max + 1, SIGNED);
-	  offrange[1] += offset_int::from (min - 1, SIGNED);
-	}
       else
 	{
+	  /* Handle an anti-range the same as no range at all.  */
 	  gimple *stmt = SSA_NAME_DEF_STMT (offset);
 	  tree type;
 	  if (is_gimple_assign (stmt)
Index: gcc/testsuite/gcc.dg/Warray-bounds-38.c
===================================================================
--- gcc/testsuite/gcc.dg/Warray-bounds-38.c	(nonexistent)
+++ gcc/testsuite/gcc.dg/Warray-bounds-38.c	(working copy)
@@ -0,0 +1,30 @@ 
+/* PR middle-end/88273 - bogus warning: 'memcpy' offset [-527, -529]
+   is out of the bounds [0, 16]
+   { dg-do compile }
+   { dg-options "-O2 -Wall" }  */
+
+typedef __SIZE_TYPE__ size_t;
+
+void *q;
+
+size_t x, y;
+
+inline void f (char *p, int i, size_t j)
+{
+  size_t n = y ? y : j;
+
+  p += x - i;
+
+  __builtin_memcpy (q, p, n);   /* { dg-bogus "bounds" } */
+
+  x = n;
+}
+
+void g (void)
+{
+  struct { char a[16]; } s;
+
+  f (q, 0, sizeof s);
+
+  f (s.a, 33 * sizeof s, 1);
+}