tree-ssa-strlen: Fix up handling of conditionally zero memcpy [PR110914]

Message ID ZO8AwqFXrkBrCAOV@tucnak
State Unresolved
Headers
Series tree-ssa-strlen: Fix up handling of conditionally zero memcpy [PR110914] |

Checks

Context Check Description
snail/gcc-patch-check warning Git am fail log

Commit Message

Jakub Jelinek Aug. 30, 2023, 8:41 a.m. UTC
  Hi!

The following testcase is miscompiled since r279392 aka r10-5451-gef29b12cfbb4979
The strlen pass has adjust_last_stmt function, which performs mainly strcat
or strcat-like optimizations (say strcpy (x, "abcd"); strcat (x, p);
or equivalent memcpy (x, "abcd", strlen ("abcd") + 1); char *q = strchr (x, 0);
memcpy (x, p, strlen (p)); etc. where the first stmt stores '\0' character
at the end but next immediately overwrites it and so the first memcpy can be
adjusted to store 1 fewer bytes.  handle_builtin_memcpy called this function
in two spots, the first one guarded like:
  if (olddsi != NULL
      && tree_fits_uhwi_p (len)
      && !integer_zerop (len))
    adjust_last_stmt (olddsi, stmt, false);
i.e. only for constant non-zero length.  The other spot can call it even
for non-constant length but in that case we punt before that if that length
isn't length of some string + 1, so again non-zero.
The r279392 change I assume wanted to add some warning stuff and changed it
like
   if (olddsi != NULL
-      && tree_fits_uhwi_p (len)
       && !integer_zerop (len))
-    adjust_last_stmt (olddsi, stmt, false);
+    {
+      maybe_warn_overflow (stmt, len, rvals, olddsi, false, true);
+      adjust_last_stmt (olddsi, stmt, false);
+    }
While maybe_warn_overflow possibly handles non-constant length fine,
adjust_last_stmt really relies on length to be non-zero, which
!integer_zerop (len) alone doesn't guarantee.  While we could for
len being SSA_NAME ask the ranger or tree_expr_nonzero_p, I think
adjust_last_stmt will not benefit from it much, so the following patch
just restores the above condition/previous behavior for the adjust_last_stmt
call only.

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2023-08-30  Jakub Jelinek  <jakub@redhat.com>

	PR tree-optimization/110914
	* tree-ssa-strlen.cc (strlen_pass::handle_builtin_memcpy): Don't call
	adjust_last_stmt unless len is known constant.

	* gcc.c-torture/execute/pr110914.c: New test.


	Jakub
  

Comments

Richard Biener Aug. 30, 2023, 8:46 a.m. UTC | #1
On Wed, 30 Aug 2023, Jakub Jelinek wrote:

> Hi!
> 
> The following testcase is miscompiled since r279392 aka r10-5451-gef29b12cfbb4979
> The strlen pass has adjust_last_stmt function, which performs mainly strcat
> or strcat-like optimizations (say strcpy (x, "abcd"); strcat (x, p);
> or equivalent memcpy (x, "abcd", strlen ("abcd") + 1); char *q = strchr (x, 0);
> memcpy (x, p, strlen (p)); etc. where the first stmt stores '\0' character
> at the end but next immediately overwrites it and so the first memcpy can be
> adjusted to store 1 fewer bytes.  handle_builtin_memcpy called this function
> in two spots, the first one guarded like:
>   if (olddsi != NULL
>       && tree_fits_uhwi_p (len)
>       && !integer_zerop (len))
>     adjust_last_stmt (olddsi, stmt, false);
> i.e. only for constant non-zero length.  The other spot can call it even
> for non-constant length but in that case we punt before that if that length
> isn't length of some string + 1, so again non-zero.
> The r279392 change I assume wanted to add some warning stuff and changed it
> like
>    if (olddsi != NULL
> -      && tree_fits_uhwi_p (len)
>        && !integer_zerop (len))
> -    adjust_last_stmt (olddsi, stmt, false);
> +    {
> +      maybe_warn_overflow (stmt, len, rvals, olddsi, false, true);
> +      adjust_last_stmt (olddsi, stmt, false);
> +    }
> While maybe_warn_overflow possibly handles non-constant length fine,
> adjust_last_stmt really relies on length to be non-zero, which
> !integer_zerop (len) alone doesn't guarantee.  While we could for
> len being SSA_NAME ask the ranger or tree_expr_nonzero_p, I think
> adjust_last_stmt will not benefit from it much, so the following patch
> just restores the above condition/previous behavior for the adjust_last_stmt
> call only.
> 
> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

OK.

Thanks,
Richard.

> 2023-08-30  Jakub Jelinek  <jakub@redhat.com>
> 
> 	PR tree-optimization/110914
> 	* tree-ssa-strlen.cc (strlen_pass::handle_builtin_memcpy): Don't call
> 	adjust_last_stmt unless len is known constant.
> 
> 	* gcc.c-torture/execute/pr110914.c: New test.
> 
> --- gcc/tree-ssa-strlen.cc.jj	2023-04-27 10:17:46.406486796 +0200
> +++ gcc/tree-ssa-strlen.cc	2023-08-29 18:13:38.189327203 +0200
> @@ -3340,7 +3340,8 @@ strlen_pass::handle_builtin_memcpy (buil
>        && !integer_zerop (len))
>      {
>        maybe_warn_overflow (stmt, false, len, olddsi, false, true);
> -      adjust_last_stmt (olddsi, stmt, false);
> +      if (tree_fits_uhwi_p (len))
> +	adjust_last_stmt (olddsi, stmt, false);
>      }
>  
>    int idx = get_stridx (src, stmt);
> --- gcc/testsuite/gcc.c-torture/execute/pr110914.c.jj	2023-08-29 18:38:33.305699206 +0200
> +++ gcc/testsuite/gcc.c-torture/execute/pr110914.c	2023-08-29 18:38:18.678901007 +0200
> @@ -0,0 +1,22 @@
> +/* PR tree-optimization/110914 */
> +
> +__attribute__ ((noipa)) int
> +foo (const char *s, unsigned long l)
> +{
> +  unsigned char r = 0;
> +  __builtin_memcpy (&r, s, l != 0);
> +  return r;
> +}
> +
> +int
> +main ()
> +{
> +  const char *p = "123456";
> +  int a = foo (p, __builtin_strlen (p) - 5);
> +  int b = foo (p, __builtin_strlen (p) - 6);
> +  if (a != '1')
> +    __builtin_abort ();
> +  if (b != 0)
> +    __builtin_abort ();
> +  return 0;
> +}
> 
> 	Jakub
> 
>
  

Patch

--- gcc/tree-ssa-strlen.cc.jj	2023-04-27 10:17:46.406486796 +0200
+++ gcc/tree-ssa-strlen.cc	2023-08-29 18:13:38.189327203 +0200
@@ -3340,7 +3340,8 @@  strlen_pass::handle_builtin_memcpy (buil
       && !integer_zerop (len))
     {
       maybe_warn_overflow (stmt, false, len, olddsi, false, true);
-      adjust_last_stmt (olddsi, stmt, false);
+      if (tree_fits_uhwi_p (len))
+	adjust_last_stmt (olddsi, stmt, false);
     }
 
   int idx = get_stridx (src, stmt);
--- gcc/testsuite/gcc.c-torture/execute/pr110914.c.jj	2023-08-29 18:38:33.305699206 +0200
+++ gcc/testsuite/gcc.c-torture/execute/pr110914.c	2023-08-29 18:38:18.678901007 +0200
@@ -0,0 +1,22 @@ 
+/* PR tree-optimization/110914 */
+
+__attribute__ ((noipa)) int
+foo (const char *s, unsigned long l)
+{
+  unsigned char r = 0;
+  __builtin_memcpy (&r, s, l != 0);
+  return r;
+}
+
+int
+main ()
+{
+  const char *p = "123456";
+  int a = foo (p, __builtin_strlen (p) - 5);
+  int b = foo (p, __builtin_strlen (p) - 6);
+  if (a != '1')
+    __builtin_abort ();
+  if (b != 0)
+    __builtin_abort ();
+  return 0;
+}