From patchwork Mon Jun 14 07:47:18 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Biener <rguenther@suse.de>
X-Patchwork-Id: 1491557
Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org
 (client-ip=8.43.85.97; helo=sourceware.org;
 envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256
 header.s=susede2_rsa header.b=xvyiGgC8;
	dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256
 header.s=susede2_ed25519 header.b=VxivihkY;
	dkim-atps=neutral
Received: from sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4G3NpJ2dNBz9sW6
	for <incoming@patchwork.ozlabs.org>; Mon, 14 Jun 2021 17:47:35 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 4ACD73949097
	for <incoming@patchwork.ozlabs.org>; Mon, 14 Jun 2021 07:47:32 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28])
 by sourceware.org (Postfix) with ESMTPS id 250513851C22
 for <gcc-patches@gcc.gnu.org>; Mon, 14 Jun 2021 07:47:20 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 250513851C22
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=suse.de
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de
Received: from relay2.suse.de (relay2.suse.de [149.44.160.134])
 by smtp-out1.suse.de (Postfix) with ESMTP id DD5452196A;
 Mon, 14 Jun 2021 07:47:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
 t=1623656838;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
 mime-version:mime-version:content-type:content-type;
 bh=sRdngaZhHvoei9d5bbNuNJZxlczC3M0EnI+ooGK3kIQ=;
 b=xvyiGgC8QjACjF3Vk2pmjZB6+mzMDPo1bPzUUpXphROXWgJjtWhkUn5t4nU/HGPWLRp9bt
 K0E9rs3bs7M815IxeVHsPZpqe4UBmOLKd3m7Ub8lBO1/zytkpULePnxA4Ro3o3MNVDRewn
 1DwWuy6WSwE/rsjkmOhjYKlrGDY27Ms=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_ed25519; t=1623656838;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
 mime-version:mime-version:content-type:content-type;
 bh=sRdngaZhHvoei9d5bbNuNJZxlczC3M0EnI+ooGK3kIQ=;
 b=VxivihkYSSNJgAfAOWKbvtbz5QYa5b9eO2icUX+inVydFU4k0F210bMGykYUEu3nriaxhN
 loYLiH9j9yYlpbAQ==
Received: from [10.163.41.62] (unknown [10.163.41.62])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by relay2.suse.de (Postfix) with ESMTPS id C6935A3B8D;
 Mon, 14 Jun 2021 07:47:18 +0000 (UTC)
Date: Mon, 14 Jun 2021 09:47:18 +0200 (CEST)
From: Richard Biener <rguenther@suse.de>
To: gcc-patches@gcc.gnu.org
Subject: [PATCH] tree-optimization/101031 - fix strlen opt invalidation logic
Message-ID: <sp23oq4-pn9-qro2-1s49-n35659o2rs81@fhfr.qr>
MIME-Version: 1.0
X-Spam-Status: No, score=-10.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE,
 SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Cc: jakub@redhat.com
Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>

strlen opt uses ao_ref_init_from_ptr_and_size to prepare alias
queries to invalidate its knowledge about strings.  It constrains
the size using the number of known-nonzero chars and adds one
for a terminating nul - without knowing whether such nul exists
or even fits the object.  The latter is now a problem since the
oracle disambiguates an access of size two (as built so) against
a store to a plain char variable (where a terminating nul does not
fit).  The fix is to instead increment max_size but leave size to
the number of chars we know are accessed.

Bootstrap and regtest running on x86_64-unknown-linux-gnu.

Richard.

2021-06-14  Richard Biener  <rguenther@suse.de>

	PR tree-optimization/101031
	* tree-ssa-strlen.c (maybe_invalidate): Increment max_size
	instead of size when accounting for a possibly string
	terminating nul.

	* gcc.dg/torture/pr101031.c: New testcase.
---
 gcc/testsuite/gcc.dg/torture/pr101031.c | 28 +++++++++++++++++++++++++
 gcc/tree-ssa-strlen.c                   | 19 ++++++++++-------
 2 files changed, 39 insertions(+), 8 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/torture/pr101031.c

diff --git a/gcc/testsuite/gcc.dg/torture/pr101031.c b/gcc/testsuite/gcc.dg/torture/pr101031.c
new file mode 100644
index 00000000000..daf3bcf44eb
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/torture/pr101031.c
@@ -0,0 +1,28 @@
+/* { dg-do run } */
+
+int a;
+char b, e;
+static char *c = &b;
+static long d;
+void f(void);
+void __attribute__((noipa)) h() {
+  int g = 0;
+  for (; g < 2; ++g) {
+    d = *c;
+    *c = 1;
+    b = 0;
+  }
+  f();
+}
+void __attribute__((noipa)) f() {
+  if (d++)
+    c = &e;
+  for (; a;)
+    ;
+}
+int main() {
+  h();
+  if (b != 0)
+    __builtin_abort ();
+  return 0;
+}
diff --git a/gcc/tree-ssa-strlen.c b/gcc/tree-ssa-strlen.c
index 423075b2bd1..6add8c99032 100644
--- a/gcc/tree-ssa-strlen.c
+++ b/gcc/tree-ssa-strlen.c
@@ -1284,16 +1284,19 @@ maybe_invalidate (gimple *stmt, bool zero_write = false)
 	continue;
 
       ao_ref r;
-      tree size = NULL_TREE;
-      if (si->nonzero_chars)
+      tree size = si->nonzero_chars;
+      ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
+      /* Include the terminating nul in the size of the string
+	 to consider when determining possible clobber.  But do not
+	 add it to 'size' since we don't know whether it would
+	 actually fit the allocated area.  */
+      if (known_size_p (r.size))
 	{
-	  /* Include the terminating nul in the size of the string
-	     to consider when determining possible clobber.  */
-	  tree type = TREE_TYPE (si->nonzero_chars);
-	  size = fold_build2 (PLUS_EXPR, type, si->nonzero_chars,
-			      build_int_cst (type, 1));
+	  if (known_le (r.size, HOST_WIDE_INT_MAX - BITS_PER_UNIT))
+	    r.max_size += BITS_PER_UNIT;
+	  else
+	    r.max_size = -1;
 	}
-      ao_ref_init_from_ptr_and_size (&r, si->ptr, size);
       if (stmt_may_clobber_ref_p_1 (stmt, &r))
 	{
 	  if (dump_file && (dump_flags & TDF_DETAILS))