https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81601
Jeffrey A. Law <law at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |law at redhat dot com
--- Comment #8 from Jeffrey A. Law <law at redhat dot com> ---
The two key blocks are:
bb2:
_3 = __builtin_object_size (tp_2(D), 0);
_4 = &tp_2(D)->D.2254;
GIMPLE_NOP
_5 = tp_2(D)->chrono_type;
if (_5 == 0)
goto <bb 3>; [50.00%]
else
goto <bb 6>; [50.00%]
bb3:
now_6 = tcp_jiffies32;
_7 = BIT_FIELD_REF <*tp_2(D), 8, 128>;
_8 = _7 & 3;
if (_8 != 0)
goto <bb 4>; [50.00%]
else
goto <bb 5>; [50.00%]
Where the out of bounds access occurs in BB4 which can only be reached via BB3.
We essentially need to prove that _5 and _8 are equivalent. The only good news
is that the edge 2->3 dominates bb3 so this could (in theory) be handled with
good equivalence processing without jump threading.
Are we allowed to use types like this in a gimple conditional?
<unnamed-unsigned:2> _5;
If so, then one approach would be first focus on BB3. We'd want to combine the
BIT_FIELD_REF and masking into a single BIT_FIELD_REF and test the result of
that without conversion. Could forwprop handle that perhaps?
Once the BIT_FIELD_REF just reads two bits, then we'd have a fighting chance of
realizing that the BIT_FIELD_REF is just a reference to tp_2->chrono_type.
Which we could lookup in the hash table has _5 which has a known constant value
of zero.
Not working on this, but figured I'd at least chime in with some thoughts on
how we might be able to approach...
