[Bug testsuite/91258] [10 regression] g++.dg/ubsan/vla-1.C and gcc.dg/strlenopt-70.c fail starting with r273783

Mon, 29 Jul 2019 10:21:07 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91258

--- Comment #7 from Martin Sebor <msebor at gcc dot gnu.org> ---
We need to put a breakpoint in the block below in
strlen_check_and_optimize_stmt and print the lhs node and its type (p
debug_tree (lhs)) to explain how is_char_store is set to true for the
unexpected argument (i.e., for int).  I tried it on my powerpc64 machine but
could reproduce it there.  My powerpc64le machine is unreachable and I'm not
sure when I'll have access to it.

    else if (TREE_CODE (lhs) != SSA_NAME && !TREE_SIDE_EFFECTS (lhs))
      {
        tree type = TREE_TYPE (lhs);
        if (TREE_CODE (type) == ARRAY_TYPE)
          type = TREE_TYPE (type);

        bool is_char_store = is_char_type (type);
        if (!is_char_store && TREE_CODE (lhs) == MEM_REF)
          {
            /* To consider stores into char objects via integer types
               other than char but not those to non-character objects,
               determine the type of the destination rather than just
               the type of the access.  */
            tree ref = TREE_OPERAND (lhs, 0);
            type = TREE_TYPE (ref);
            if (TREE_CODE (type) == POINTER_TYPE)
              type = TREE_TYPE (type);
            if (TREE_CODE (type) == ARRAY_TYPE)
              type = TREE_TYPE (type);
            if (is_char_type (type))
              is_char_store = true;
          }

        /* Handle a single or multibyte assignment.  */
        if (is_char_store && !handle_store (gsi))
          return false;
      }


When I print LHS I get something like this:

 <mem_ref 0x3fffaf491fb8
    type <integer_type 0x3fffaf230738 int sizes-gimplified public type_6 SI
        size <integer_cst 0x3fffaf201320 constant 32>
        unit-size <integer_cst 0x3fffaf201338 constant 4>
        align:32 warn_if_not_align:0 symtab:0 alias-set 1 canonical-type
0x3fffaf230738 precision:32 min <integer_cst 0x3fffaf2012d8 -2147483648> max
<integer_cst 0x3fffaf2012f0 2147483647>
        pointer_to_this <pointer_type 0x3fffaf231998>>

    arg:0 <ssa_name 0x3fffaf2b16c8
        type <pointer_type 0x3fffaf429d80 type <array_type 0x3fffaf429cd8>
            public unsigned DI
            size <integer_cst 0x3fffaf2010e0 constant 64>
            unit-size <integer_cst 0x3fffaf2010f8 constant 8>
            align:64 warn_if_not_align:0 symtab:0 alias-set -1
structural-equality>
        visited var <var_decl 0x3fffb7f80bd0 ar.0>
        def_stmt ar.0_18 = __builtin_alloca_with_align (_16, 32);
        version:18
        ptr-info 0x3fffaf20ab00>
    arg:1 <integer_cst 0x3fffaf20a9b0 type <pointer_type 0x3fffaf231998>
constant 0>
    /src/gcc/trunk/gcc/testsuite/g++.dg/ubsan/vla-1.C:6:24 start:
/src/gcc/trunk/gcc/testsuite/g++.dg/ubsan/vla-1.C:6:24 finish:
/src/gcc/trunk/gcc/testsuite/g++.dg/ubsan/vla-1.C:6:24>


The first call to is_char_type() returns false and it's a MEM_REF so the code
tries to look at the first operand.  That's a pointer to an array, so the code
extracts the type of the array element which is int, and calls is_char_store()
with it again, and it again returns false, so handle_store() is not called.

Reply via email to