Hi!

The following testcase is miscompiled since r279392 aka 
r10-5451-gef29b12cfbb4979
The strlen pass has adjust_last_stmt function, which performs mainly strcat
or strcat-like optimizations (say strcpy (x, "abcd"); strcat (x, p);
or equivalent memcpy (x, "abcd", strlen ("abcd") + 1); char *q = strchr (x, 0);
memcpy (x, p, strlen (p)); etc. where the first stmt stores '\0' character
at the end but next immediately overwrites it and so the first memcpy can be
adjusted to store 1 fewer bytes.  handle_builtin_memcpy called this function
in two spots, the first one guarded like:
  if (olddsi != NULL
      && tree_fits_uhwi_p (len)
      && !integer_zerop (len))
    adjust_last_stmt (olddsi, stmt, false);
i.e. only for constant non-zero length.  The other spot can call it even
for non-constant length but in that case we punt before that if that length
isn't length of some string + 1, so again non-zero.
The r279392 change I assume wanted to add some warning stuff and changed it
like
   if (olddsi != NULL
-      && tree_fits_uhwi_p (len)
       && !integer_zerop (len))
-    adjust_last_stmt (olddsi, stmt, false);
+    {
+      maybe_warn_overflow (stmt, len, rvals, olddsi, false, true);
+      adjust_last_stmt (olddsi, stmt, false);
+    }
While maybe_warn_overflow possibly handles non-constant length fine,
adjust_last_stmt really relies on length to be non-zero, which
!integer_zerop (len) alone doesn't guarantee.  While we could for
len being SSA_NAME ask the ranger or tree_expr_nonzero_p, I think
adjust_last_stmt will not benefit from it much, so the following patch
just restores the above condition/previous behavior for the adjust_last_stmt
call only.

Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?

2023-08-30  Jakub Jelinek  <ja...@redhat.com>

        PR tree-optimization/110914
        * tree-ssa-strlen.cc (strlen_pass::handle_builtin_memcpy): Don't call
        adjust_last_stmt unless len is known constant.

        * gcc.c-torture/execute/pr110914.c: New test.

--- gcc/tree-ssa-strlen.cc.jj   2023-04-27 10:17:46.406486796 +0200
+++ gcc/tree-ssa-strlen.cc      2023-08-29 18:13:38.189327203 +0200
@@ -3340,7 +3340,8 @@ strlen_pass::handle_builtin_memcpy (buil
       && !integer_zerop (len))
     {
       maybe_warn_overflow (stmt, false, len, olddsi, false, true);
-      adjust_last_stmt (olddsi, stmt, false);
+      if (tree_fits_uhwi_p (len))
+       adjust_last_stmt (olddsi, stmt, false);
     }
 
   int idx = get_stridx (src, stmt);
--- gcc/testsuite/gcc.c-torture/execute/pr110914.c.jj   2023-08-29 
18:38:33.305699206 +0200
+++ gcc/testsuite/gcc.c-torture/execute/pr110914.c      2023-08-29 
18:38:18.678901007 +0200
@@ -0,0 +1,22 @@
+/* PR tree-optimization/110914 */
+
+__attribute__ ((noipa)) int
+foo (const char *s, unsigned long l)
+{
+  unsigned char r = 0;
+  __builtin_memcpy (&r, s, l != 0);
+  return r;
+}
+
+int
+main ()
+{
+  const char *p = "123456";
+  int a = foo (p, __builtin_strlen (p) - 5);
+  int b = foo (p, __builtin_strlen (p) - 6);
+  if (a != '1')
+    __builtin_abort ();
+  if (b != 0)
+    __builtin_abort ();
+  return 0;
+}

        Jakub

Reply via email to