From patchwork Mon Aug 24 15:07:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Jambor X-Patchwork-Id: 1350436 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BZwVC6Wtmz9sT6 for ; Tue, 25 Aug 2020 01:08:02 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9D2943844013; Mon, 24 Aug 2020 15:07:59 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) by sourceware.org (Postfix) with ESMTPS id A2BB23857C43 for ; Mon, 24 Aug 2020 15:07:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A2BB23857C43 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=mjambor@suse.cz X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 7DDD9AB8B for ; Mon, 24 Aug 2020 15:08:26 +0000 (UTC) From: Martin Jambor To: GCC Patches Subject: [PATCH] sra: Bail out when encountering accesses with negative offsets (PR 96730) User-Agent: Notmuch/0.30 (https://notmuchmail.org) Emacs/26.3 (x86_64-suse-linux-gnu) Date: Mon, 24 Aug 2020 17:07:56 +0200 Message-ID: MIME-Version: 1.0 X-Spam-Status: No, score=-3038.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Biener Errors-To: gcc-patches-bounces@gcc.gnu.org Sender: "Gcc-patches" Hi, I must admit I was quite surprised to see that SRA does not disqualify an aggregate from any transformations when it encounters an offset for which get_ref_base_and_extent returns a negative offset. It may not matter too much because I sure hope such programs always have undefined behavior (SRA candidates are local variables on stack) but it is probably better not to perform weird transformations on them as build ref model with the new build_reconstructed_reference function currently happily do for negative offsets (they just copy the existing expression which is then used as the expression of a "propagated" access) and of course the compiler must not ICE (as it currently does because the SRA forest verifier does not like the expression). Fixed with the following patch which also passed bootstrap and testing on an x86_64-linux. OK for master and later on for the gcc-10 branch? Thanks, Martin gcc/ChangeLog: 2020-08-24 Martin Jambor PR tree-optimization/96730 * tree-sra.c (create_access): Disqualify any aggregate with negative offset access. (build_ref_for_model): Add assert that offset is non-negative. gcc/testsuite/ChangeLog: 2020-08-24 Martin Jambor PR tree-optimization/96730 * gcc.dg/tree-ssa/pr96730.c: New test. --- gcc/testsuite/gcc.dg/tree-ssa/pr96730.c | 13 +++++++++++++ gcc/tree-sra.c | 6 ++++++ 2 files changed, 19 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/tree-ssa/pr96730.c diff --git a/gcc/testsuite/gcc.dg/tree-ssa/pr96730.c b/gcc/testsuite/gcc.dg/tree-ssa/pr96730.c new file mode 100644 index 00000000000..39a06846529 --- /dev/null +++ b/gcc/testsuite/gcc.dg/tree-ssa/pr96730.c @@ -0,0 +1,13 @@ +/* { dg-do compile } */ +/* { dg-options "-O1" } */ + +struct a { + int b; + int c; +} d() { + struct a e[9]; + int f = 3362953455; + e[f] = e[6]; + e[6].c = 1; +} +int main() {} diff --git a/gcc/tree-sra.c b/gcc/tree-sra.c index fcba7fbdd31..754f41302fc 100644 --- a/gcc/tree-sra.c +++ b/gcc/tree-sra.c @@ -931,6 +931,11 @@ create_access (tree expr, gimple *stmt, bool write) } if (size == 0) return NULL; + if (offset < 0) + { + disqualify_candidate (base, "Encountered a negative offset access."); + return NULL; + } if (size < 0) { disqualify_candidate (base, "Encountered an unconstrained access."); @@ -1667,6 +1672,7 @@ build_ref_for_model (location_t loc, tree base, HOST_WIDE_INT offset, struct access *model, gimple_stmt_iterator *gsi, bool insert_after) { + gcc_assert (offset >= 0); if (TREE_CODE (model->expr) == COMPONENT_REF && DECL_BIT_FIELD (TREE_OPERAND (model->expr, 1))) {