(replace gcc@ by gcc-patches@; see
https://gcc.gnu.org/pipermail/gcc/2023-September/242591.html
and other emails in that thread)
On 28.09.23 11:51, Jakub Jelinek wrote:
On Thu, Sep 28, 2023 at 09:29:02AM +0200, Tobias Burnus wrote:
On 28.09.23 08:25, Richard Biener via Fortran wrote:
This particular place in libgfortran has
/* write_z, which calls xtoa_big, is called from transfer.c,
formatted_transfer_scalar_write. There it is passed the kind as
argument, which means a maximum of 16. The buffer is large
enough, but the compiler does not know that, so shut up the
warning here. */
...
I have replaced it now by the assert that "len <= 16", i.e.
+ if (len > 16)
+ __builtin_unreachable ();
Is it just that in correct programs len can't be > 16, or that it is really
impossible for it being > 16? I mean, we have that artificial kind 17 for
powerpc which better should be turned into length of 16, but isn't e.g.
_gfortran_transfer_integer etc.
My understanding is that kind=17 only pops up on PowerPC
for REAL variables as they represent __float128 in multiple ways.
Having said that, the current call tree is:
* xtoa_big: that's where the warning suppression
was replaced by the unreachable.
* Only caller is 'write_z' with calls it by passing its
last argument ('len') as last argument ('len')
* "internal_proto(write_z)" implies that it is not called from
outside libgfortran. The internal only caller is:
* formatted_transfer_scalar_write, which calls it as:
case FMT_Z:
...
#ifdef HAVE_GFC_REAL_17
if (type == BT_REAL && kind == 17)
kind = 16;
#endif
write_z (dtp, f, p, kind);
I am not aware of any logigal/integer/real(+comples)/character kind > 16,
except for this PPC one. And complex numbers are pairs of BT_REAL.
Thus, I think that patch should be fine - except:
Does anything error earlier if it is larger? I mean, say user calling
_gfortan_transfer_integer by hand with kind 1024?
I think this will fail. We have various ways to deal with this in libgfortran;
I see some cases where the switch "default:" sets the length to 0; we have
other places where we use an "assert", I think we have other places were
we run into UB.
Thus, one option would be to either 'assert(len <= 16)' or
'assert((size_t)len < GFC_OTOA_BUF_SIZE - 1)' instead.
Or we could handle it as len=0 and silently ignore the output or ...
I am fine with either of the many options - except that I like something
explicit involving 'len' and a comparison (unreachable, assert, regarding as
len = 0)
better than the existing warning suppression which is too indirect for
me. (Besides: it does not work for LTO.) Preferences? Tobias
-----------------
Siemens Electronic Design Automation GmbH; Anschrift: Arnulfstraße 201, 80634
München; Gesellschaft mit beschränkter Haftung; Geschäftsführer: Thomas
Heurung, Frank Thürauf; Sitz der Gesellschaft: München; Registergericht
München, HRB 106955
