https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117912

--- Comment #25 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-14 branch has been updated by Richard Biener
<rgue...@gcc.gnu.org>:

https://gcc.gnu.org/g:02b1172dad4c444953868f411fc8dd4483f320e7

commit r14-11196-g02b1172dad4c444953868f411fc8dd4483f320e7
Author: Richard Biener <rguent...@suse.de>
Date:   Thu Dec 5 10:47:13 2024 +0100

    tree-optimization/117912 - bogus address equivalences for
__builtin_object_size

    VN again is the culprit for exploiting address equivalences before
    __builtin_object_size got the chance to do its job.  This time
    it isn't about union members but adjacent structure fields where
    an address to one after the last element of an array field can
    spill over to the next field.

    The following protects all out-of-bound accesses on the upper bound
    side (singling out TYPE_MAX_VALUE + 1 is more expensive).  It
    ignores other out-of-bound addresses that would invoke UB.

    Zero-sized arrays are a bit awkward because the C++ represents them
    with a -1U upper bound.

    There's a similar issue for zero-sized components whose address can
    be the same as the adjacent field in C.

            PR tree-optimization/117912
            * tree-ssa-sccvn.cc (copy_reference_ops_from_ref): For addresses
            of zero-sized components do not set ->off if the object size pass
            didn't run.
            For OOB ARRAY_REF accesses in address expressions avoid setting
            ->off if the object size pass didn't run.
            (valueize_refs_1): Likewise.

            * c-c++-common/torture/pr117912-1.c: New testcase.
            * c-c++-common/torture/pr117912-2.c: Likewise.
            * c-c++-common/torture/pr117912-3.c: Likewise.

    (cherry picked from commit 233972ab3b5338d7a5d1d7af9108c1f366170e44)

Reply via email to