Re: [PATCH] Fix bogus -Wstringop-overflow warning

2022-10-14 Thread Martin Jambor 
Hello,

On Fri, Oct 14 2022, Martin Liška wrote:
> On 10/14/22 08:12, Richard Biener wrote:
>> On Fri, Oct 14, 2022 at 12:54 AM Eric Botcazou via Gcc-patches
>>  wrote:
>>>
 Not a fan as it could potentially hide a real issue, but I don't really
 have a better solution.
>>>
>>> Thanks.
>>>
 I pondered suggesting "access" affect type identity, but the cases where
 that's really important are probably better handled by the "fn spec"
 attribute, leaving "access" strictly impacting diagnostics.
>>>
>>> I can expand a bit here, because I tried to change the "access" attribute 
>>> that
>>> way and this badly breaks the C compiler, for example:
>>>
>>> int foo (int n, char m[1][n]);
>>>
>>> int foo (int n, char m[1][n]) {}
>>>
>>> no longer compiles with an error about different function types.
>> 
>> Note in discussion with IPA folks we agreed that IPA cloning that modifies
>> arguments either has to remove access attributes, adjust them or refrain
>> from cloning.
>> 
>> Martin - has anything been done to this respect?
>
> I think it's more for Martin Jambor who's the IPA specialist when it comes
> to parameter manipulation.
>

They are being dropped since 2af63f0f53a

Adjusting them accordingly is an item buried quite deep in my TODO list.

>> 
>> I suppose there's also a way to figure if a clone has arguments
>> changed in any way?

Look whether clone_info::get (node) exists and its param_adjustments is
non-NULL.

In theory the param_adjustments could contain description of the very
same signature the original function has but in practice it does not
currently happen and is unlikely to happen ever.

Martin

Re: [PATCH] Fix bogus -Wstringop-overflow warning

2022-10-14 Thread Martin Liška 
On 10/14/22 08:12, Richard Biener wrote:
> On Fri, Oct 14, 2022 at 12:54 AM Eric Botcazou via Gcc-patches
>  wrote:
>>
>>> Not a fan as it could potentially hide a real issue, but I don't really
>>> have a better solution.
>>
>> Thanks.
>>
>>> I pondered suggesting "access" affect type identity, but the cases where
>>> that's really important are probably better handled by the "fn spec"
>>> attribute, leaving "access" strictly impacting diagnostics.
>>
>> I can expand a bit here, because I tried to change the "access" attribute 
>> that
>> way and this badly breaks the C compiler, for example:
>>
>> int foo (int n, char m[1][n]);
>>
>> int foo (int n, char m[1][n]) {}
>>
>> no longer compiles with an error about different function types.
> 
> Note in discussion with IPA folks we agreed that IPA cloning that modifies
> arguments either has to remove access attributes, adjust them or refrain
> from cloning.
> 
> Martin - has anything been done to this respect?

I think it's more for Martin Jambor who's the IPA specialist when it comes
to parameter manipulation.

Martin

> 
> I suppose there's also a way to figure if a clone has arguments
> changed in any way?
> 
> Thanks,
> Richard.
> 
>> --
>> Eric Botcazou
>>
>>

Re: [PATCH] Fix bogus -Wstringop-overflow warning

2022-10-14 Thread Richard Biener via Gcc-patches 
On Fri, Oct 14, 2022 at 12:54 AM Eric Botcazou via Gcc-patches
 wrote:
>
> > Not a fan as it could potentially hide a real issue, but I don't really
> > have a better solution.
>
> Thanks.
>
> > I pondered suggesting "access" affect type identity, but the cases where
> > that's really important are probably better handled by the "fn spec"
> > attribute, leaving "access" strictly impacting diagnostics.
>
> I can expand a bit here, because I tried to change the "access" attribute that
> way and this badly breaks the C compiler, for example:
>
> int foo (int n, char m[1][n]);
>
> int foo (int n, char m[1][n]) {}
>
> no longer compiles with an error about different function types.

Note in discussion with IPA folks we agreed that IPA cloning that modifies
arguments either has to remove access attributes, adjust them or refrain
from cloning.

Martin - has anything been done to this respect?

I suppose there's also a way to figure if a clone has arguments
changed in any way?

Thanks,
Richard.

> --
> Eric Botcazou
>
>

Re: [PATCH] Fix bogus -Wstringop-overflow warning

2022-10-13 Thread Eric Botcazou via Gcc-patches 
> Not a fan as it could potentially hide a real issue, but I don't really
> have a better solution.

Thanks.

> I pondered suggesting "access" affect type identity, but the cases where
> that's really important are probably better handled by the "fn spec"
> attribute, leaving "access" strictly impacting diagnostics.

I can expand a bit here, because I tried to change the "access" attribute that 
way and this badly breaks the C compiler, for example:

int foo (int n, char m[1][n]);

int foo (int n, char m[1][n]) {}

no longer compiles with an error about different function types.

-- 
Eric Botcazou

Re: [PATCH] Fix bogus -Wstringop-overflow warning

2022-10-13 Thread Jeff Law via Gcc-patches 



On 10/13/22 06:06, Eric Botcazou via Gcc-patches wrote:

Hi,

if you compile the attached testcase with -O2 -fno-inline -Wall, you get:

In function 'process_array3':
cc1: warning: 'process_array4' accessing 4 bytes in a region of size 3 [-
Wstringop-overflow=]
cc1: note: referencing argument 1 of type 'char[4]'
t.c:6:6: note: in a call to function 'process_array4'
 6 | void process_array4 (char a[4], int n)
   |  ^~
cc1: warning: 'process_array4' accessing 4 bytes in a region of size 3 [-
Wstringop-overflow=]
cc1: note: referencing argument 1 of type 'char[4]'
t.c:6:6: note: in a call to function 'process_array4'

That's because the ICF IPA pass has identified the two functions and turned
process_array3 into a wrapper of process_array4.  This looks sensible to me
given that the only difference between them is an "access" attribute on their
type describing the access size of the parameter and the "access" attribute
does not affect type identity (struct attribute_spec.affects_type_identity).

Hence the proposed fix, tested on x86-64/Linux, OK for the mainline?


2022-10-13  Eric Botcazou  

* gimple-ssa-warn-access.cc (pass_waccess::check_call): Return
early for calls made from thunks.


2022-10-13  Eric Botcazou  

* gcc.dg/Wstringop-overflow-89.c: New test.


Not a fan as it could potentially hide a real issue, but I don't really 
have a better solution.  I pondered suggesting "access" affect type 
identity, but the cases where that's really important are probably 
better handled by the "fn spec" attribute, leaving "access" strictly 
impacting diagnostics.


OK

jeff

Re: [PATCH] Fix bogus -Wstringop-overflow warning in Ada

2022-08-19 Thread Richard Biener via Gcc-patches 
On Thu, Aug 18, 2022 at 4:46 PM Eric Botcazou  wrote:
>
> > Hmm :/  But that means we _should_ force a sign extension but only
> > from ptrofftype_p ()?  That is, your test above should maybe read
> >
> >signop sgn = TYPE_SIGN (type);
> >if (ptrofftype_p (type))
> >  sgn = SIGNED;
> >
> > assuming 'type' is the type of lowbnd
>
> Yes, that's essentially equivalent to what get_offset_range does, but I'm not
> sure why having two slightly different ways of doing it would be better than a
> single one here,   Maybe replace the call to get_precision in both places with
> TYPE_PRECSION (type) then?

I wasn't aware of the copy in get_offset_range.  To cite:

  wide_int wr[2];
  if (!get_range (x, stmt, wr, rvals))
return false;

  signop sgn = SIGNED;
  /* Only convert signed integers or unsigned sizetype to a signed
 offset and avoid converting large positive values in narrower
 types to negative offsets.  */
  if (TYPE_UNSIGNED (type)
  && wr[0].get_precision () < TYPE_PRECISION (sizetype))
sgn = UNSIGNED;

  r[0] = offset_int::from (wr[0], sgn);
  r[1] = offset_int::from (wr[1], sgn);

I guess the main issue here is that the machinery converts to offset_int
prematurely and thus needs to do it even when it's not clear in what context
(POINTER_PLUS_EXPR offset or not) it is used.  The code unfortunately
is a bit of a mess and I'm not too familiar with it.  I'm OK with your
original patch, given the above it's consistent (even if maybe broken).

Thanks,
Richard.

>
> --
> Eric Botcazou
>
>
>

Re: [PATCH] Fix bogus -Wstringop-overflow warning in Ada

2022-08-18 Thread Eric Botcazou via Gcc-patches 
> Hmm :/  But that means we _should_ force a sign extension but only
> from ptrofftype_p ()?  That is, your test above should maybe read
> 
>signop sgn = TYPE_SIGN (type);
>if (ptrofftype_p (type))
>  sgn = SIGNED;
> 
> assuming 'type' is the type of lowbnd

Yes, that's essentially equivalent to what get_offset_range does, but I'm not 
sure why having two slightly different ways of doing it would be better than a 
single one here,   Maybe replace the call to get_precision in both places with 
TYPE_PRECSION (type) then?

-- 
Eric Botcazou

Re: [PATCH] Fix bogus -Wstringop-overflow warning in Ada

2022-08-18 Thread Richard Biener via Gcc-patches 
On Thu, Aug 18, 2022 at 9:54 AM Eric Botcazou  wrote:
>
> > Meh.  OK, eventually would need "indirection" through a wide-int then.
> > Like
> >
> >   offset_int::from (wi::to_wide (lowbnd), TYPE_SIGN (TREE_TYPE (lowbnd)))
>
> That would be OK if get_offset_range did the same, but it does not since it
> forces a sign-extension whatever the sign of a large type:
>
>   signop sgn = SIGNED;
>   /* Only convert signed integers or unsigned sizetype to a signed
>  offset and avoid converting large positive values in narrower
>  types to negative offsets.  */
>   if (TYPE_UNSIGNED (type)
>   && wr[0].get_precision () < TYPE_PRECISION (sizetype))
> sgn = UNSIGNED;
>
> > I think it should extend according to sing of lowbnd?  Or does Ada
> > use an unsigned lowbnd to represent a signed value here?  At least
> > that's what I had issues with with your patch.
>
> It uses sizetype like everyone else and the signedness was forced on it
> because of the POINTER_PLUS_EXPR thing, i.e. it was signed before.

Hmm :/  But that means we _should_ force a sign extension but only
from ptrofftype_p ()?  That is, your test above should maybe read

   signop sgn = TYPE_SIGN (type);
   if (ptrofftype_p (type))
 sgn = SIGNED;

assuming 'type' is the type of lowbnd
> --
> Eric Botcazou
>
>

Re: [PATCH] Fix bogus -Wstringop-overflow warning in Ada

2022-08-18 Thread Eric Botcazou via Gcc-patches 
> Meh.  OK, eventually would need "indirection" through a wide-int then.
> Like
> 
>   offset_int::from (wi::to_wide (lowbnd), TYPE_SIGN (TREE_TYPE (lowbnd)))

That would be OK if get_offset_range did the same, but it does not since it 
forces a sign-extension whatever the sign of a large type:

  signop sgn = SIGNED;
  /* Only convert signed integers or unsigned sizetype to a signed
 offset and avoid converting large positive values in narrower
 types to negative offsets.  */
  if (TYPE_UNSIGNED (type)
  && wr[0].get_precision () < TYPE_PRECISION (sizetype))
sgn = UNSIGNED;

> I think it should extend according to sing of lowbnd?  Or does Ada
> use an unsigned lowbnd to represent a signed value here?  At least
> that's what I had issues with with your patch.

It uses sizetype like everyone else and the signedness was forced on it 
because of the POINTER_PLUS_EXPR thing, i.e. it was signed before.

-- 
Eric Botcazou

Re: [PATCH] Fix bogus -Wstringop-overflow warning in Ada

2022-08-18 Thread Richard Biener via Gcc-patches 
On Wed, Aug 17, 2022 at 3:38 PM Eric Botcazou  wrote:
>
> > Hmm, can we instead do
> >
> >   if (!integer_zerop (lowbnd) && tree_fits_shwi_p (lowbnd))
> >{
> >   const offset_int lb = offset_int::from (lowbnd, SIGNED);
> > ...
> >
> > ?
>
> Apparently not:
>
> In file included from /home/eric/cvs/gcc/gcc/coretypes.h:460,
>  from /home/eric/cvs/gcc/gcc/pointer-query.cc:23:
> /home/eric/cvs/gcc/gcc/wide-int.h: In instantiation of
> 'wide_int_ref_storage::wide_int_ref_storage(const T&) [with T =
> tree_node*; bool SE = false; bool HDP = true]':
> /home/eric/cvs/gcc/gcc/wide-int.h:782:15:   required from
> 'generic_wide_int::generic_wide_int(const T&) [with T = tree_node*; storage
> = wide_int_ref_storage]'
> /home/eric/cvs/gcc/gcc/pointer-query.cc:1803:46:   required from here
> /home/eric/cvs/gcc/gcc/wide-int.h:1024:48: error: incomplete type
> 'wi::int_traits' used in nested name specifier
>  1024 |   : storage_ref (wi::int_traits ::decompose (scratch,
>   |  ~~^
>  1025 | wi::get_precision (x),
> x))
>   |
> ~
>
> And:
>
>   const offset_int lb = wi::to_offset (lowbnd);
>
> compiles but does *not* fix the problem since it does a zero-extension.

Meh.  OK, eventually would need "indirection" through a wide-int then.
Like

  offset_int::from (wi::to_wide (lowbnd), TYPE_SIGN (TREE_TYPE (lowbnd)))

?

> [Either extension is fine, as long as it's the same in get_offset_range].

I think it should extend according to sing of lowbnd?  Or does Ada
use an unsigned lowbnd to represent a signed value here?  At least
that's what I had issues with with your patch.

> > In particular interpreting the unsigned lowbnd as SIGNED when
> > not wlb.get_precision () < TYPE_PRECISION (sizetype), offset_int
> > should handle all positive and negative byte offsets since it can
> > also represent them measured in bits.  Unfortunately the
> > wide_int classes do not provide the maximum precision they can
> > handle.  That said, the check, if any, should guard the whole
> > orng adjustment, no?  (in fact I wonder why we just ignore lowbnd
> > if it doesn't fit or is variable...)
>
> Yes, tree_fits_uhwi_p (or tree_fits_shwi_p) is bogus here, but the test
> against INTEGER_CST is used everywhere else and should be good enough.
>
> --
> Eric Botcazou
>
>

Re: [PATCH] Fix bogus -Wstringop-overflow warning in Ada

2022-08-17 Thread Eric Botcazou via Gcc-patches 
> Hmm, can we instead do
> 
>   if (!integer_zerop (lowbnd) && tree_fits_shwi_p (lowbnd))
>{
>   const offset_int lb = offset_int::from (lowbnd, SIGNED);
> ...
> 
> ?

Apparently not:

In file included from /home/eric/cvs/gcc/gcc/coretypes.h:460,
 from /home/eric/cvs/gcc/gcc/pointer-query.cc:23:
/home/eric/cvs/gcc/gcc/wide-int.h: In instantiation of 
'wide_int_ref_storage::wide_int_ref_storage(const T&) [with T = 
tree_node*; bool SE = false; bool HDP = true]':
/home/eric/cvs/gcc/gcc/wide-int.h:782:15:   required from 
'generic_wide_int::generic_wide_int(const T&) [with T = tree_node*; storage 
= wide_int_ref_storage]'
/home/eric/cvs/gcc/gcc/pointer-query.cc:1803:46:   required from here
/home/eric/cvs/gcc/gcc/wide-int.h:1024:48: error: incomplete type 
'wi::int_traits' used in nested name specifier
 1024 |   : storage_ref (wi::int_traits ::decompose (scratch,
  |  ~~^
 1025 | wi::get_precision (x), 
x))
  | 
~

And:
 
  const offset_int lb = wi::to_offset (lowbnd);

compiles but does *not* fix the problem since it does a zero-extension.

[Either extension is fine, as long as it's the same in get_offset_range].

> In particular interpreting the unsigned lowbnd as SIGNED when
> not wlb.get_precision () < TYPE_PRECISION (sizetype), offset_int
> should handle all positive and negative byte offsets since it can
> also represent them measured in bits.  Unfortunately the
> wide_int classes do not provide the maximum precision they can
> handle.  That said, the check, if any, should guard the whole
> orng adjustment, no?  (in fact I wonder why we just ignore lowbnd
> if it doesn't fit or is variable...)

Yes, tree_fits_uhwi_p (or tree_fits_shwi_p) is bogus here, but the test 
against INTEGER_CST is used everywhere else and should be good enough.

-- 
Eric Botcazou

Re: [PATCH] Fix bogus -Wstringop-overflow warning in Ada

2022-08-17 Thread Richard Biener via Gcc-patches 
On Tue, Aug 16, 2022 at 3:57 PM Eric Botcazou via Gcc-patches
 wrote:
>
> Hi,
>
> the following bogus warning:
>
> In function 'lto26',
> inlined from 'main' at /home/eric/gnat/bugs/V721-018/b~lto26.adb:237:7:
> lto26.adb:11:13: warning: writing 1 byte into a region of size 0 [-Wstringop-
> overflow=]
>11 | Set (R, (7, 0, 84, Stream_Element (I), 0, 0, 0), 1);
>   | ^
> lto26.adb: In function 'main':
> lto26.adb:11:50: note: at offset -9223372036854775808 into destination object
> 'A.0' of size 7
>11 | Set (R, (7, 0, 84, Stream_Element (I), 0, 0, 0), 1);
>   |  ^
>
> comes from a discrepancy between get_offset_range, which uses a signed type,
> and handle_array_ref, which uses an unsigned one, to do offset computations.
>
> Tested on x86-64/Linux, OK for the mainline?

Hmm, can we instead do

  if (!integer_zerop (lowbnd) && tree_fits_shwi_p (lowbnd))
   {
  const offset_int lb = offset_int::from (lowbnd, SIGNED);
...

?  In particular interpreting the unsigned lowbnd as SIGNED when
not wlb.get_precision () < TYPE_PRECISION (sizetype), offset_int
should handle all positive and negative byte offsets since it can
also represent them measured in bits.  Unfortunately the
wide_int classes do not provide the maximum precision they can
handle.  That said, the check, if any, should guard the whole
orng adjustment, no?  (in fact I wonder why we just ignore lowbnd
if it doesn't fit or is variable...)

>
>
> 2022-08-16  Eric Botcazou  
>
> * pointer-query.cc (handle_array_ref): Fix handling of low bound.
>
>
> 2022-08-16  Eric Botcazou  
>
> * gnat.dg/lto26.adb: New test.
> * gnat.dg/lto26_pkg1.ads, gnat.dg/lto26_pkg1.adb: New helper.
> * gnat.dg/lto26_pkg2.ads, gnat.dg/lto26_pkg2.adb: Likewise.
>
> --
> Eric Botcazou