On 9/16/2021 6:28 PM, Martin Sebor via Gcc-patches wrote:
When computing the size of an object pointed to by the result of
a MIN/MAX_EXPR, the handle_min_max_size() function tries to deal
gracefully with operands that designate distinct objects. But
the handling fails to consider an edge case when one of
the operands is a PHI one of whose operands references the same
MIN/MAX_EXPR. This ultimately results in attempting to cache
as the result of the MIN/MAX_EXPR two different object references,
which triggers an ICE in the cache consistency checking.
The attached fix avoids the problem by instead caching the SSA_NAME
that's the result of the MIN/MAX_EXPR when its operands might
reference distinct objects, and by enhancing the infor_access()
function to handle this case. Besides the absence if the ICE
the two additional tests verify that the right subobject of
the MIN/MAX_EXPR is used under the various combinations
of conditions.
Tested on x86_64-linux.
Martin
gcc-102200.diff
PR middle-end/102200 - ICE on a min of a decl and pointer in a loop
gcc/ChangeLog:
PR middle-end/102200
* pointer-query.cc (access_ref::inform_access): Handle MIN/MAX_EXPR.
(handle_min_max_size): Change argument. Store original SSA_NAME for
operands to potentially distinct (sub)objects.
(compute_objsize_r): Adjust call to the above.
gcc/testsuite/ChangeLog:
PR middle-end/102200
* gcc.dg/Wstringop-overflow-62.c: Adjust text of an expected note.
* gcc.dg/Warray-bounds-89.c: New test.
* gcc.dg/Wstringop-overflow-74.c: New test.
* gcc.dg/Wstringop-overflow-75.c: New test.
* gcc.dg/Wstringop-overflow-76.c: New test.
OK. And just for the record, I was initially concerned that we might be
focused too much on trying to issue an access diagnostic for invalid
code. But we could have pointers to different subjects or pointers to
different elements within an array and the like. So there's value for
valid code as well.
jeff
