This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH] Fix PR41395
- From: Richard Guenther <rguenther at suse dot de>
- To: gcc-patches at gcc dot gnu dot org
- Cc: Martin Jambor <mjambor at suse dot de>
- Date: Tue, 22 Sep 2009 14:37:02 +0200 (CEST)
- Subject: [PATCH] Fix PR41395
This tries to fix PR41395, an issue with get_ref_base_and_extent and
trailing arrays (again).
Bootstrap and regtest running on x86_64-unknown-linux-gnu (but without
re-enabling IPA-SRA).
Richard.
2009-09-22 Richard Guenther <rguenther@suse.de>
PR middle-end/41395
* tree-dfa.c (get_ref_base_and_extent): Handle trailing
arrays really properly.
* gcc.c-torture/execute/pr41395-1.c: New testcase.
* gcc.c-torture/execute/pr41395-2.c: Likewise.
Index: gcc/testsuite/gcc.c-torture/execute/pr41395-1.c
===================================================================
*** gcc/testsuite/gcc.c-torture/execute/pr41395-1.c (revision 0)
--- gcc/testsuite/gcc.c-torture/execute/pr41395-1.c (revision 0)
***************
*** 0 ****
--- 1,28 ----
+ struct VEC_char_base
+ {
+ unsigned num;
+ unsigned alloc;
+ short vec[1];
+ };
+
+ short __attribute__((noinline))
+ foo (struct VEC_char_base *p, int i)
+ {
+ short *q;
+ p->vec[i] = 0;
+ q = &p->vec[8];
+ *q = 1;
+ return p->vec[i];
+ }
+
+ extern void abort (void);
+ extern void *malloc (__SIZE_TYPE__);
+
+ int
+ main()
+ {
+ struct VEC_char_base *p = malloc (sizeof (struct VEC_char_base) + 256);
+ if (foo (p, 8) != 1)
+ abort ();
+ return 0;
+ }
Index: gcc/testsuite/gcc.c-torture/execute/pr41395-2.c
===================================================================
*** gcc/testsuite/gcc.c-torture/execute/pr41395-2.c (revision 0)
--- gcc/testsuite/gcc.c-torture/execute/pr41395-2.c (revision 0)
***************
*** 0 ****
--- 1,35 ----
+ struct VEC_char_base
+ {
+ unsigned num;
+ unsigned alloc;
+ union {
+ short vec[1];
+ struct {
+ int i;
+ int j;
+ int k;
+ } a;
+ } u;
+ };
+
+ short __attribute__((noinline))
+ foo (struct VEC_char_base *p, int i)
+ {
+ short *q;
+ p->u.vec[i] = 0;
+ q = &p->u.vec[16];
+ *q = 1;
+ return p->u.vec[i];
+ }
+
+ extern void abort (void);
+ extern void *malloc (__SIZE_TYPE__);
+
+ int
+ main()
+ {
+ struct VEC_char_base *p = malloc (sizeof (struct VEC_char_base) + 256);
+ if (foo (p, 16) != 1)
+ abort ();
+ return 0;
+ }
Index: gcc/tree-dfa.c
===================================================================
*** gcc/tree-dfa.c (revision 151967)
--- gcc/tree-dfa.c (working copy)
*************** get_ref_base_and_extent (tree exp, HOST_
*** 752,758 ****
tree size_tree = NULL_TREE;
HOST_WIDE_INT bit_offset = 0;
bool seen_variable_array_ref = false;
- bool seen_union = false;
/* First get the final access size from just the outermost expression. */
if (TREE_CODE (exp) == COMPONENT_REF)
--- 752,757 ----
*************** get_ref_base_and_extent (tree exp, HOST_
*** 794,802 ****
tree field = TREE_OPERAND (exp, 1);
tree this_offset = component_ref_field_offset (exp);
- if (TREE_CODE (TREE_TYPE (TREE_OPERAND (exp, 0))) == UNION_TYPE)
- seen_union = true;
-
if (this_offset
&& TREE_CODE (this_offset) == INTEGER_CST
&& host_integerp (this_offset, 0))
--- 793,798 ----
*************** get_ref_base_and_extent (tree exp, HOST_
*** 849,854 ****
--- 845,884 ----
else
{
tree asize = TYPE_SIZE (TREE_TYPE (TREE_OPERAND (exp, 0)));
+ /* Get at the array size but include trailing padding if
+ the array is the last element of a struct or union. */
+ if (maxsize != -1
+ && TREE_CODE (TREE_OPERAND (exp, 0)) == COMPONENT_REF)
+ {
+ tree cref = TREE_OPERAND (exp, 0);
+ tree field = TREE_OPERAND (cref, 1);
+ tree stype = TREE_TYPE (TREE_OPERAND (cref, 0));
+ tree next = TREE_CHAIN (field);
+ while (next && TREE_CODE (next) != FIELD_DECL)
+ next = TREE_CHAIN (next);
+ if (!next
+ || TREE_CODE (stype) != RECORD_TYPE)
+ {
+ /* The size including padding is the size of
+ the whole structure minus the offset of the
+ array in it. */
+ tree field_offset = component_ref_field_offset (cref);
+ if (field_offset
+ && host_integerp (field_offset, 0)
+ && host_integerp (TYPE_SIZE_UNIT (stype), 0))
+ {
+ unsigned HOST_WIDE_INT as;
+ as = (((TREE_INT_CST_LOW (TYPE_SIZE_UNIT (stype))
+ - TREE_INT_CST_LOW (field_offset))
+ * BITS_PER_UNIT)
+ - TREE_INT_CST_LOW
+ (DECL_FIELD_BIT_OFFSET (field)));
+ asize = build_int_cstu (sizetype, as);
+ }
+ else
+ asize = NULL_TREE;
+ }
+ }
/* We need to adjust maxsize to the whole array bitsize.
But we can subtract any constant offset seen so far,
because that would get us outside of the array otherwise. */
*************** get_ref_base_and_extent (tree exp, HOST_
*** 887,911 ****
struct { int length; int a[1]; } x; x.a[d]
struct { struct { int a; int b; } a[1]; } x; x.a[d].a
struct { struct { int a[1]; } a[1]; } x; x.a[0][d], x.a[d][0]
where we do not know maxsize for variable index accesses to
the array. The simplest way to conservatively deal with this
is to punt in the case that offset + maxsize reaches the
! base type boundary.
!
! Unfortunately this is difficult to determine reliably when unions are
! involved and so we are conservative in such cases.
!
! FIXME: This approach may be too conservative, we probably want to at least
! check that the union is the last field/element at its level or even
! propagate the calculated offsets back up the access chain and check
! there. */
if (seen_variable_array_ref
! && (seen_union
! || (maxsize != -1
! && host_integerp (TYPE_SIZE (TREE_TYPE (exp)), 1)
! && bit_offset + maxsize
! == (signed) TREE_INT_CST_LOW (TYPE_SIZE (TREE_TYPE (exp))))))
maxsize = -1;
/* ??? Due to negative offsets in ARRAY_REF we can end up with
--- 917,934 ----
struct { int length; int a[1]; } x; x.a[d]
struct { struct { int a; int b; } a[1]; } x; x.a[d].a
struct { struct { int a[1]; } a[1]; } x; x.a[0][d], x.a[d][0]
+ struct { int len; union { int a[1]; struct X x; } u; } x; x.u.a[d]
where we do not know maxsize for variable index accesses to
the array. The simplest way to conservatively deal with this
is to punt in the case that offset + maxsize reaches the
! base type boundary. This needs to include possible trailing padding
! that is there for alignment purposes. */
if (seen_variable_array_ref
! && (maxsize != -1
! && host_integerp (TYPE_SIZE (TREE_TYPE (exp)), 1)
! && bit_offset + maxsize
! == (signed) TREE_INT_CST_LOW (TYPE_SIZE (TREE_TYPE (exp)))))
maxsize = -1;
/* ??? Due to negative offsets in ARRAY_REF we can end up with