This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

C++ PATCH to fix a crash in cxx_fold_indirect_ref (PR c++/83996)

From: Marek Polacek <polacek at redhat dot com>
To: GCC Patches <gcc-patches at gcc dot gnu dot org>, Jason Merrill <jason at redhat dot com>
Date: Mon, 29 Jan 2018 19:12:57 +0100
Subject: C++ PATCH to fix a crash in cxx_fold_indirect_ref (PR c++/83996)
Authentication-results: sourceware.org; auth=none

The crash here is caused by size_binop_loc getting operands of different types:
sizetype and ssizetype.  Fixed by performing the computation in offset_int,
much as we do in fold_indirect_ref_1 (fixed in middle-end/81695).

Bootstrapped/regtested on x86_64-linux, ok for trunk?

2018-01-29  Marek Polacek  <polacek@redhat.com>

	PR c++/83996
	* constexpr.c (cxx_fold_indirect_ref): Compute ((foo *)&fooarray)[1]
	=> fooarray[1] in offset_int.

	* g++.dg/ext/pr83996.C: New test.

diff --git gcc/cp/constexpr.c gcc/cp/constexpr.c
index 4d2ee4a28fc..0a1944f6dad 100644
--- gcc/cp/constexpr.c
+++ gcc/cp/constexpr.c
@@ -3143,11 +3143,17 @@ cxx_fold_indirect_ref (location_t loc, tree type, tree op0, bool *empty_base)
 	      tree min_val = size_zero_node;
 	      if (type_domain && TYPE_MIN_VALUE (type_domain))
 		min_val = TYPE_MIN_VALUE (type_domain);
-	      op01 = size_binop_loc (loc, EXACT_DIV_EXPR, op01,
-				     TYPE_SIZE_UNIT (type));
-	      op01 = size_binop_loc (loc, PLUS_EXPR, op01, min_val);
-	      return build4_loc (loc, ARRAY_REF, type, op00, op01,
-				 NULL_TREE, NULL_TREE);
+	      offset_int off = wi::to_offset (op01);
+	      offset_int el_sz = wi::to_offset (TYPE_SIZE_UNIT (type));
+	      offset_int remainder;
+	      off = wi::divmod_trunc (off, el_sz, SIGNED, &remainder);
+	      if (remainder == 0 && TREE_CODE (min_val) == INTEGER_CST)
+		{
+		  off = off + wi::to_offset (min_val);
+		  op01 = wide_int_to_tree (sizetype, off);
+		  return build4_loc (loc, ARRAY_REF, type, op00, op01,
+				     NULL_TREE, NULL_TREE);
+		}
 	    }
 	  /* Also handle conversion to an empty base class, which
 	     is represented with a NOP_EXPR.  */
diff --git gcc/testsuite/g++.dg/ext/pr83996.C gcc/testsuite/g++.dg/ext/pr83996.C
index e69de29bb2d..e663d728349 100644
--- gcc/testsuite/g++.dg/ext/pr83996.C
+++ gcc/testsuite/g++.dg/ext/pr83996.C
@@ -0,0 +1,11 @@
+// PR c++/83996
+// { dg-do compile }
+// { dg-options "" }
+
+int z[] = { };
+
+int
+main (void)
+{
+  __builtin_printf ("%d\n", *(z + 1));
+}

	Marek

Follow-Ups:
- Re: C++ PATCH to fix a crash in cxx_fold_indirect_ref (PR c++/83996)
  - From: Jason Merrill

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]