This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PING 2][PATCH] enhance -Wrestrict to handle string built-ins (PR 78918)
- From: Richard Biener <richard dot guenther at gmail dot com>
- To: Martin Sebor <msebor at gmail dot com>
- Cc: Jeff Law <law at redhat dot com>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>
- Date: Mon, 27 Nov 2017 13:44:36 +0100
- Subject: Re: [PING 2][PATCH] enhance -Wrestrict to handle string built-ins (PR 78918)
- Authentication-results: sourceware.org; auth=none
- References: <8a0de82f-d68e-9c37-0406-f216e3f92884@gmail.com> <aa0b1fc4-4e97-3856-20ca-b3bbe0b0243d@gmail.com> <cb445bea-f9aa-fb96-dcd0-c8b444abd7f0@gmail.com> <a3277cea-f520-32c6-52bf-3a8693b9fb91@gmail.com> <CAFiYyc2SfpGqbMMJwLApTXJ3bwV5BbSP8k62rznRr_uTdwT6bQ@mail.gmail.com> <CAFiYyc1NiQQZ-n22FpJrnBbSqd-CYpOSJqrGf0=HoUDVCG9RFw@mail.gmail.com> <a6dfe657-9ef9-a915-dfc5-157612fdbd91@redhat.com> <CAFiYyc20GFHnT2r5ZACLxaeuMOgu6oLEvR97qXxsOgBigkVY2w@mail.gmail.com> <703424cb-db8c-8aae-9bd2-cece5883a5de@gmail.com> <0266f22c-6ac1-f676-123f-c028905519e5@redhat.com> <d76c8b0b-8fbc-8b4e-fe6d-acdaf9efd81b@gmail.com> <CAFiYyc3xAW=4EeAwqrNRx01_8PTq=a3wdsteqMyx_P2qz+SBRw@mail.gmail.com> <1574f108-5456-711e-6533-73c4711c26f2@gmail.com> <CAFiYyc1Hxfn-8PoTkrsNPSerk-c34deM-zO94if4xVcCxe5kDQ@mail.gmail.com> <40984eff-b156-3315-7bb5-558e9e83bf6c@gmail.com> <ea60148d-4e53-2434-7c9f-c6dd26d3363f@gmail.com> <86344144-d7de-9a92-2e65-9d43536c312b@gmail.com> <11adcf4e-2ed0-c441-2ea7-538fb453b956@gmail.com>
On Thu, Nov 16, 2017 at 10:29 PM, Martin Sebor <msebor@gmail.com> wrote:
> Ping.
>
> I've fixed the outstanding false positive exposed by the Linux
> kernel. The kernel builds with four instances of the warning,
> all of them valid (perfect overlap in memcpy).
>
> I also built Glibc. It shows one instance of the warning, also
> a true positive (cause by calling a restrict-qualified function
> with two copies of the same argument).
>
> Finally, I built Binutils and GDB with no warnings.
>
> The attached patch includes just that one fix, with everything
> else being the same.
+ /* Detect invalid bounds and overlapping copies and issue
+ either -Warray-bounds or -Wrestrict. */
+ if (check_bounds_or_overlap (stmt, dest, src, len, len))
+ gimple_set_no_warning (stmt, true);
if (! gimple_no_warning (stmt)
&& ...)
to avoid repeated work if this call doesn't get folded.
@@ -7295,3 +7342,4 @@ gimple_stmt_integer_valued_real_p (gimple *stmt,
int depth)
return false;
}
}
+
please don't do unrelated whitespace changes.
+
+ if (const strinfo *chksi = olddsi ? olddsi : dsi)
+ if (si
+ && !check_bounds_or_overlap (stmt, chksi->ptr, si->ptr, NULL_TREE, len))
+ /* Avoid transforming strcpy when out-of-bounds offsets or
+ overlapping access is detected. */
+ return;
as I said elsewhere diagnostics should not prevent optimization. Your warning
code isn't optimization-grade (that is, false positives are possible).
+ if (!check_bounds_or_overlap (stmt, dst, sptr, NULL_TREE, slen))
+ /* Avoid transforming strcat when out-of-bounds offsets or
+ overlapping access is detected. */
+ return;
+ }
Likewise.
+ if (!check_bounds_or_overlap (stmt, dst, sptr, dstlen, srcsize))
+ /* Avoid transforming strcat when out-of-bounds offsets or
+ overlapping access is detected. */
+ return;
Likewise.
I have no strong opinion against the "code duplication" Jeff mentions with
regarding to builtin_access and friends. The relation to ao_ref and friends
could be documented a bit and how builtin_memref/builtin_access are
not suitable for optimization.
Thanks,
Richard.
>
> On 11/09/2017 04:57 PM, Martin Sebor wrote:
>>
>> Ping:
>>
>> https://gcc.gnu.org/ml/gcc-patches/2017-10/msg01642.html
>>
>> On 10/23/2017 08:42 PM, Martin Sebor wrote:
>>>
>>> Attached is a reworked solution to enhance -Wrestrict while
>>> avoiding changing tree-vrp.c or any other VRP machinery. Richard,
>>> in considering you suggestions I realized that the ao_ref struct
>>> isn't general enough to detect the kinds of problems I needed to
>>> etect (storing bit-offsets in HOST_WIDE_INT means out-of-bounds
>>> offsets cannot be represented or detected, leading to either false
>>> positives or false negatives).
>>>
>>> Instead, the solution adds a couple of small classes to builtins.c
>>> to overcome this limitation (I'm contemplating moving them along
>>> with -Wstringop-overflow to a separate file to keep builtins.c
>>> from getting too much bigger).
>>>
>>> The detection of out-of-bounds offsets and overlapping accesses
>>> is relatively simple but the rest of the changes are somewhat
>>> involved because of the computation of the offsets and sizes of
>>> the overlaps.
>>>
>>> Jeff, as per your suggestion/request in an earlier review (bug
>>> 81117) I've renamed some of the existing functions to better
>>> reflect their new function (including renaming strlen_optimize_stmt
>>> in tree-ssa-strlen.c to strlen_check_and_optimize_stmt). There's
>>> quite a bit of churn due to some of this renaming. I don't think
>>> this renaming makes the review too difficult but if you feel
>>> differently I can [be persuaded to] split it out into a separate
>>> patch.
>>>
>>> To validate the patch I compiled the Linux kernel and Binutils/GDB.
>>> There's one false positive I'm working on resolving that's caused
>>> by an incorrect interpretation of an offset in a range whose lower
>>> bound is greater than its upper bound. This it so say that while
>>> I'm aware the patch isn't perfect it already works reasonably well
>>> in practice and I think it's close enough to review.
>>>
>>> Thanks
>>> Martin
>>
>>
>