https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77898
Bug ID: 77898
Summary: VR_RANGE with inverted bounds after evrp and before
vrp1
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The following problem was uncovered during the testing of a patch for bug 77608
and briefly discussed in the thread Re: VR_RANGE with inverted bounds at
https://gcc.gnu.org/ml/gcc/2016-10/msg00054.html.
Given the code below, a call to the get_range_info() function made in
plus_stmt_object_size() in tree-object-size.c yields the VR_RANGE [2147483648,
-2147483649] for the offset i in the (p += i) expression even though the
correct range is [0, 1].
void f (int i)
{
const char *p = "ab";
if (i < 0 || 1 < i)
i = 0;
p += i;
unsigned long n = __builtin_object_size (p, 2);
if (n < 2 || 3 < n)
__builtin_abort ();
}
The .evrp dump for the function shows what looks like an incorrect anti-range.
The .vrp1 dump, however, shows the correct range.
Value ranges after Early VRP:
i.0_1: [0, +INF]
_2: ~[2147483648, 18446744071562067967]
_3: [0, +INF]
i_4: VARYING
i_6(D): VARYING
p_8: VARYING
n_10: VARYING
f (int i)
{
int i_6(D) = i;
long unsigned int n;
const char * p;
unsigned int i.0_1;
sizetype _2;
long unsigned int _3;
<bb 2>:
# RANGE [0, 4294967295]
i.0_1 = (unsigned int) i_6(D);
if (i.0_1 > 1)
goto <bb 3>;
else
goto <bb 4>;
<bb 3>:
<bb 4>:
# i_4 = PHI <i_6(D)(2), 0(3)>
# RANGE ~[2147483648, 18446744071562067967]
_2 = (sizetype) i_4;
# PT =
p_8 = "ab" + _2;
...
