following sample testcsae misdetects an array overflow /home/marcus/projects/gcc/BIN/bin/gcc -c -O2 -Wall x.i x.i: In function 'f': x.i:7: warning: array subscript is above array bounds
Created attachment 13449 [details] x.i gcc -c -O2 -Wall x.i
In final_cleanup we get: if (arr[1073741827] == 0) goto <L12>; else goto <L4>; Which is wrong.
That's probably exposed by Honzas struct/array_ref folding changes. we have after inlining p_4(D) = &arr; D.1631_5 = p_4(D) + -4B; n.0_6 = 4; D.1633_7 = n.0_6 * 4; D.1634_8 = (DWORD *) D.1633_7; D.1635_9 = D.1631_5 + D.1634_8; D.1636_10 = *D.1635_9; and fold the reference to arr[1073741823] from within maybe_fold_offset_to_array_ref. In the index calculation if (TREE_CODE (elt_size) != INTEGER_CST || div_and_round_double (TRUNC_DIV_EXPR, 1, TREE_INT_CST_LOW (offset), TREE_INT_CST_HIGH (offset), TREE_INT_CST_LOW (elt_size), TREE_INT_CST_HIGH (elt_size), &lquo, &hquo, &lrem, &hrem) || lrem || hrem) return NULL_TREE; idx = build_int_cst_wide (TREE_TYPE (offset), lquo, hquo); we need to treat offset as signed for the division. For this we first need to sign extend offset and then do the division. Like with the following Index: tree-ssa-ccp.c =================================================================== *** tree-ssa-ccp.c (revision 124201) --- tree-ssa-ccp.c (working copy) *************** maybe_fold_offset_to_array_ref (tree bas *** 1593,1605 **** } else { ! unsigned HOST_WIDE_INT lquo, lrem; ! HOST_WIDE_INT hquo, hrem; if (TREE_CODE (elt_size) != INTEGER_CST ! || div_and_round_double (TRUNC_DIV_EXPR, 1, ! TREE_INT_CST_LOW (offset), ! TREE_INT_CST_HIGH (offset), TREE_INT_CST_LOW (elt_size), TREE_INT_CST_HIGH (elt_size), &lquo, &hquo, &lrem, &hrem) --- 1593,1606 ---- } else { ! unsigned HOST_WIDE_INT lquo, lrem, lsoff; ! HOST_WIDE_INT hquo, hrem, hsoff; + fit_double_type (TREE_INT_CST_LOW (offset), + TREE_INT_CST_HIGH (offset), &lsoff, &hsoff, + signed_type_for (TREE_TYPE (offset))); if (TREE_CODE (elt_size) != INTEGER_CST ! || div_and_round_double (TRUNC_DIV_EXPR, 0, lsoff, hsoff, TREE_INT_CST_LOW (elt_size), TREE_INT_CST_HIGH (elt_size), &lquo, &hquo, &lrem, &hrem)
Mine.
Subject: Bug 31715 Author: rguenth Date: Fri Apr 27 12:42:43 2007 New Revision: 124216 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=124216 Log: 2007-04-27 Richard Guenther <rguenther@suse.de> PR tree-optimization/31715 * tree-ssa-ccp.c (maybe_fold_offset_to_array_ref): Make sure to do computation on the offset in an appropriate signed type. * gcc.dg/Warray-bounds-4.c: New testcase. Added: trunk/gcc/testsuite/gcc.dg/Warray-bounds-4.c Modified: trunk/gcc/ChangeLog trunk/gcc/testsuite/ChangeLog trunk/gcc/tree-ssa-ccp.c
Fixed.