On Wed, 30 Aug 2023, Jakub Jelinek wrote:
> Hi!
>
> The following testcase is miscompiled since r279392 aka
> r10-5451-gef29b12cfbb4979
> The strlen pass has adjust_last_stmt function, which performs mainly strcat
> or strcat-like optimizations (say strcpy (x, "abcd"); strcat (x, p);
> or equivalent memcpy (x, "abcd", strlen ("abcd") + 1); char *q = strchr (x,
> 0);
> memcpy (x, p, strlen (p)); etc. where the first stmt stores '\0' character
> at the end but next immediately overwrites it and so the first memcpy can be
> adjusted to store 1 fewer bytes. handle_builtin_memcpy called this function
> in two spots, the first one guarded like:
> if (olddsi != NULL
> && tree_fits_uhwi_p (len)
> && !integer_zerop (len))
> adjust_last_stmt (olddsi, stmt, false);
> i.e. only for constant non-zero length. The other spot can call it even
> for non-constant length but in that case we punt before that if that length
> isn't length of some string + 1, so again non-zero.
> The r279392 change I assume wanted to add some warning stuff and changed it
> like
> if (olddsi != NULL
> - && tree_fits_uhwi_p (len)
> && !integer_zerop (len))
> - adjust_last_stmt (olddsi, stmt, false);
> + {
> + maybe_warn_overflow (stmt, len, rvals, olddsi, false, true);
> + adjust_last_stmt (olddsi, stmt, false);
> + }
> While maybe_warn_overflow possibly handles non-constant length fine,
> adjust_last_stmt really relies on length to be non-zero, which
> !integer_zerop (len) alone doesn't guarantee. While we could for
> len being SSA_NAME ask the ranger or tree_expr_nonzero_p, I think
> adjust_last_stmt will not benefit from it much, so the following patch
> just restores the above condition/previous behavior for the adjust_last_stmt
> call only.
>
> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
OK.
Thanks,
Richard.
> 2023-08-30 Jakub Jelinek <ja...@redhat.com>
>
> PR tree-optimization/110914
> * tree-ssa-strlen.cc (strlen_pass::handle_builtin_memcpy): Don't call
> adjust_last_stmt unless len is known constant.
>
> * gcc.c-torture/execute/pr110914.c: New test.
>
> --- gcc/tree-ssa-strlen.cc.jj 2023-04-27 10:17:46.406486796 +0200
> +++ gcc/tree-ssa-strlen.cc 2023-08-29 18:13:38.189327203 +0200
> @@ -3340,7 +3340,8 @@ strlen_pass::handle_builtin_memcpy (buil
> && !integer_zerop (len))
> {
> maybe_warn_overflow (stmt, false, len, olddsi, false, true);
> - adjust_last_stmt (olddsi, stmt, false);
> + if (tree_fits_uhwi_p (len))
> + adjust_last_stmt (olddsi, stmt, false);
> }
>
> int idx = get_stridx (src, stmt);
> --- gcc/testsuite/gcc.c-torture/execute/pr110914.c.jj 2023-08-29
> 18:38:33.305699206 +0200
> +++ gcc/testsuite/gcc.c-torture/execute/pr110914.c 2023-08-29
> 18:38:18.678901007 +0200
> @@ -0,0 +1,22 @@
> +/* PR tree-optimization/110914 */
> +
> +__attribute__ ((noipa)) int
> +foo (const char *s, unsigned long l)
> +{
> + unsigned char r = 0;
> + __builtin_memcpy (&r, s, l != 0);
> + return r;
> +}
> +
> +int
> +main ()
> +{
> + const char *p = "123456";
> + int a = foo (p, __builtin_strlen (p) - 5);
> + int b = foo (p, __builtin_strlen (p) - 6);
> + if (a != '1')
> + __builtin_abort ();
> + if (b != 0)
> + __builtin_abort ();
> + return 0;
> +}
>
> Jakub
>
>
--
Richard Biener <rguent...@suse.de>
SUSE Software Solutions Germany GmbH,
Frankenstrasse 146, 90461 Nuernberg, Germany;
GF: Ivo Totev, Andrew McDonald, Werner Knoblich; (HRB 36809, AG Nuernberg)
