unsigned long * sat_add(unsigned long *ptr, unsigned long i, unsigned long *end) { if ((unsigned long)ptr + i * sizeof(*ptr) > (unsigned long)ptr) return ptr + i; else return end; } is folded to if (ptr + (long unsigned int) (i * 8) > ptr) { return ptr + (long unsigned int) (i * 8); } else { return end; }
Err - only with volatiles ... !? volatile unsigned long * sat_add(volatile unsigned long *ptr, unsigned long i, volatile unsigned long *end) { if ((unsigned long)ptr + i * sizeof(*ptr) > (unsigned long)ptr) return ptr + i; else return end; }
Part of the fix is Index: fold-const.c =================================================================== --- fold-const.c (revision 135255) +++ fold-const.c (working copy) @@ -6831,7 +6831,8 @@ fold_sign_changed_comparison (enum tree_ && TREE_TYPE (TREE_OPERAND (arg1, 0)) == inner_type)) return NULL_TREE; - if (TYPE_UNSIGNED (inner_type) != TYPE_UNSIGNED (outer_type) + if ((TYPE_UNSIGNED (inner_type) != TYPE_UNSIGNED (outer_type) + || POINTER_TYPE_P (inner_type) != POINTER_TYPE_P (outer_type)) && code != NE_EXPR && code != EQ_EXPR) return NULL_TREE; but the question is if the folding to POINTER_PLUS is correct at all.
Subject: Bug 36227 Author: rguenth Date: Tue May 13 14:01:53 2008 New Revision: 135260 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=135260 Log: 2008-05-13 Richard Guenther <rguenther@suse.de> PR middle-end/36227 * fold-const.c (fold_sign_changed_comparison): Do not allow changes in pointer-ness. * gcc.dg/pr36227.c: New testcase. Added: trunk/gcc/testsuite/gcc.dg/pr36227.c Modified: trunk/gcc/ChangeLog trunk/gcc/fold-const.c trunk/gcc/testsuite/ChangeLog
Subject: Bug 36227 Author: rguenth Date: Tue May 13 14:04:40 2008 New Revision: 135261 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=135261 Log: 2008-05-13 Richard Guenther <rguenther@suse.de> PR middle-end/36227 * fold-const.c (fold_sign_changed_comparison): Do not allow changes in pointer-ness. * gcc.dg/pr36227.c: New testcase. Added: branches/gcc-4_3-branch/gcc/testsuite/gcc.dg/pr36227.c - copied unchanged from r135260, trunk/gcc/testsuite/gcc.dg/pr36227.c Modified: branches/gcc-4_3-branch/gcc/ChangeLog branches/gcc-4_3-branch/gcc/fold-const.c branches/gcc-4_3-branch/gcc/testsuite/ChangeLog
Only the theoretical problem remains. We still fold (unsigned long)ptr + (unsigned long)i to (unsigned long)(ptr + (unsigned long)i) where the inner POINTER_PLUS_EXPR now may invoke undefined behavior on overflow. No testcase is known where that results in a wrong-code bug.
4.3.1 is being released, adjusting target milestone.
4.3.2 is released, changing milestones to 4.3.3.
Now it does. See PR38835.
Mine.
C testcase, fails with 4.3 and 4.4 with -O2 --param max-fields-for-field-sensitive=0 #include <stdint.h> extern void abort (void); int main() { int i = 1; int *p = &i; uintptr_t iptr; iptr = (uintptr_t)p - (uintptr_t)&iptr; p = (int *)((uintptr_t)&iptr + iptr); if (*p != 1) abort (); return 0; }
*** Bug 38835 has been marked as a duplicate of this bug. ***
Subject: Bug 36227 Author: rguenth Date: Fri Jan 16 19:18:18 2009 New Revision: 143442 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=143442 Log: 2009-01-16 Richard Guenther <rguenther@suse.de> PR tree-optimization/38835 PR middle-end/36227 * fold-const.c (fold_binary): Remove PTR + INT -> (INT)(PTR p+ INT) and INT + PTR -> (INT)(PTR p+ INT) folding. * tree-ssa-address.c (create_mem_ref): Properly use POINTER_PLUS_EXPR. java/ * builtins.c (build_addr_sum): Use POINTER_PLUS_EXPR. * gcc.c-torture/execute/pr36227.c: New testcase. * gcc.dg/tree-ssa/foldaddr-1.c: XFAIL. * g++.dg/init/const7.C: Likewise. Added: trunk/gcc/testsuite/gcc.c-torture/execute/pr36227.c Modified: trunk/gcc/ChangeLog trunk/gcc/fold-const.c trunk/gcc/java/ChangeLog trunk/gcc/java/builtins.c trunk/gcc/testsuite/ChangeLog trunk/gcc/testsuite/g++.dg/init/const7.C trunk/gcc/testsuite/gcc.dg/tree-ssa/foldaddr-1.c trunk/gcc/tree-ssa-address.c
Fixed on the trunk. Also fails with plain -O for 4.3.2.
New test fails on hpux: Executing on host: /test/gnu/gcc/objdir/gcc/xgcc -B/test/gnu/gcc/objdir/gcc/ /te st/gnu/gcc/gcc/gcc/testsuite/gcc.c-torture/execute/pr36227.c -w -O0 -lm -o /test/gnu/gcc/objdir/gcc/testsuite/gcc/pr36227.x0 (timeout = 300) /test/gnu/gcc/gcc/gcc/testsuite/gcc.c-torture/execute/pr36227.c:1:20: error: std int.h: No such file or directory
Subject: Re: [4.3 Regression] POINTER_PLUS folding introduces undefined overflow On Mon, 19 Jan 2009, danglin at gcc dot gnu dot org wrote: > ------- Comment #14 from danglin at gcc dot gnu dot org 2009-01-19 16:14 ------- > New test fails on hpux: > > Executing on host: /test/gnu/gcc/objdir/gcc/xgcc -B/test/gnu/gcc/objdir/gcc/ > /te > st/gnu/gcc/gcc/gcc/testsuite/gcc.c-torture/execute/pr36227.c -w -O0 -lm > -o > /test/gnu/gcc/objdir/gcc/testsuite/gcc/pr36227.x0 (timeout = 300) > /test/gnu/gcc/gcc/gcc/testsuite/gcc.c-torture/execute/pr36227.c:1:20: error: > std > int.h: No such file or directory Ah, needs { target { stdint_types } } Richard.
Should be fixed now.
GCC 4.3.3 is being released, adjusting target milestone.
Backporting requires revs 143442, 143455 and 143509 and then still regresses gcc.target/i386/pr37101.c gfortran.dg/array_constructor_12.f90 all pointer-plus ICEs.
WONTFIX for 4.3.