This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
- From: "hubicka at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 11 Jan 2008 15:25:44 -0000
- Subject: [Bug middle-end/32135] [4.3 Regression] bogus array-ref fold triggering array overflow warning
- References: <bug-32135-12049@http.gcc.gnu.org/bugzilla/>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Comment #4 from hubicka at gcc dot gnu dot org 2008-01-11 15:25 -------
I am testing the attached patch. It disables the transformation and produce:
in_cols.0 = (char *) in_cols;
D.1180 = in_cols.0 + 500;
perhaps more canonical way would be
in_cols.0 = in_cols + 500;
d.1180 = (char *)in_cost.0
or for nonzero offset in the second index
in_cols.0 = in_cols + 500;
d.1180 = &in_cost.0[nonzero_offset];
But it would need maybe_fold... to produce non-gimple or we would need to do
the transform in gimplifier itself.
Honza
Index: tree-ssa-ccp.c
===================================================================
--- tree-ssa-ccp.c (revision 131461)
+++ tree-ssa-ccp.c (working copy)
@@ -1588,6 +1588,7 @@ maybe_fold_offset_to_array_ref (tree bas
{
tree min_idx, idx, idx_type, elt_offset = integer_zero_node;
tree array_type, elt_type, elt_size;
+ tree domain_type;
/* If BASE is an ARRAY_REF, we can pick up another offset (this time
measured in units of the size of elements type) from that ARRAY_REF).
@@ -1659,9 +1660,10 @@ maybe_fold_offset_to_array_ref (tree bas
low bound, if any, convert the index into that type, and add the
low bound. */
min_idx = build_int_cst (idx_type, 0);
- if (TYPE_DOMAIN (array_type))
+ domain_type = TYPE_DOMAIN (TREE_TYPE (base));
+ if (domain_type)
{
- idx_type = TYPE_DOMAIN (array_type);
+ idx_type = domain_type;
if (TYPE_MIN_VALUE (idx_type))
min_idx = TYPE_MIN_VALUE (idx_type);
else
@@ -1681,6 +1683,24 @@ maybe_fold_offset_to_array_ref (tree bas
/* Make sure to possibly truncate late after offsetting. */
idx = fold_convert (idx_type, idx);
+ /* We don't want to construct access past array bounds. For example
+ char *(c[4]);
+
+ c[3][2]; should not be simplified into (*c)[14] or tree-vrp will give
false
+ warning. */
+ if (domain_type && TYPE_MAX_VALUE (domain_type)
+ && TREE_CODE (TYPE_MAX_VALUE (domain_type)) == INTEGER_CST)
+ {
+ tree up_bound = TYPE_MAX_VALUE (domain_type);
+
+ if (tree_int_cst_lt (up_bound, idx)
+ /* Accesses after the end of arrays of size 0 (gcc
+ extension) and 1 are likely intentional ("struct
+ hack"). */
+ || compare_tree_int (up_bound, 1) > 0)
+ return NULL_TREE;
+ }
+
return build4 (ARRAY_REF, elt_type, base, idx, NULL_TREE, NULL_TREE);
}
--
hubicka at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed|2008-01-11 14:12:54 |2008-01-11 15:25:44
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32135