This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] relax -Wformat-overflow for precision ranges (PR 79275)

From: Jeff Law <law at redhat dot com>
To: Martin Sebor <msebor at gmail dot com>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>
Date: Tue, 31 Jan 2017 15:33:04 -0700
Subject: Re: [PATCH] relax -Wformat-overflow for precision ranges (PR 79275)
Authentication-results: sourceware.org; auth=none
References: <236621e2-1755-be9f-0b44-0bc9c8356d85@gmail.com>

On 01/30/2017 02:28 PM, Martin Sebor wrote:

Bug 79275 - -Wformat-overflow false positive exceeding INT_MAX in
glibc sysdeps/posix/tempname.c points out a false positive found
during a Glibc build and caused by the checker using the upper
bound of a range of precisions in string directives with string
arguments of non-constant length.  The attached patch relaxes
the checker to use the lower bound instead when appropriate.

Martin

gcc-79275.diff


PR middle-end/79275 -  -Wformat-overflow false positive exceeding INT_MAX in glibc sysdeps/posix/tempname.c

gcc/testsuite/ChangeLog:

	PR middle-end/79275
	* gcc.dg/tree-ssa/builtin-sprintf-warn-11.c: New test.
	* gcc.dg/tree-ssa/pr79275.c: New test.

gcc/ChangeLog:

	PR middle-end/79275
	* gimple-ssa-sprintf.c (get_string_length): Set lower bound to zero.
	(format_string): Tighten up the range of output for non-constant
	strings and correct the expected range for wide non-constant strings.

My general inclination is to ask this to wait for gcc-8 as it is not aregression, but instead a false positive in a new warning.

However, if we see this triggering with any significant frequency, thenwe should reevaluate. Getting Marek's build logs and grepping throughthem might guide us a bit on this...

I'm not sure what the rationale is for length of zero at level 1 andlength of one at higher levels for unknown strings. I guess I cankindof see the former, though I suspect if we looked at the actualstrings, zero length would actually be uncommon.

For level 1 and above assuming a single character seems way tootolerant. We're issuing a "may" warning, so ISTM we ought to beassuming a much larger length here. I realize that makes a lot morenoise for the warning, but doesn't that better reflect what may happen?


diff --git a/gcc/gimple-ssa-sprintf.c b/gcc/gimple-ssa-sprintf.c
index 8261a44..c0c0a5f 100644
--- a/gcc/gimple-ssa-sprintf.c
+++ b/gcc/gimple-ssa-sprintf.c
@@ -1986,43 +1987,89 @@ format_string (const directive &dir, tree arg)
     }
   else
     {
-      /* For a '%s' and '%ls' directive with a non-constant string,
-	 the minimum number of characters is the greater of WIDTH
-	 and either 0 in mode 1 or the smaller of PRECISION and 1
-	 in mode 2, and the maximum is PRECISION or -1 to disable
-	 tracking.  */
+      /* For a '%s' and '%ls' directive with a non-constant string (either
+	 one of a number of strings of known length or an unknown string)
+	 the minimum number of characters is lesser of PRECISION[0] and
+	 the length of the shortest known string or zero, and the maximum
+	 is the lessser of the length of the longest known string or

s/lessser/lesser/

Jeff

Follow-Ups:
- Re: [PATCH] relax -Wformat-overflow for precision ranges (PR 79275)
  - From: Jakub Jelinek
- Re: [PATCH] relax -Wformat-overflow for precision ranges (PR 79275)
  - From: Joseph Myers

References:
- [PATCH] relax -Wformat-overflow for precision ranges (PR 79275)
  - From: Martin Sebor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]