c++: Fix ICEs with OBJ_TYPE_REF pretty printing [PR101597]
Commit Message
Hi!
The following testcase ICEs, because middle-end uses the C++ FE pretty
printing code through langhooks in the diagnostics.
The FE expects OBJ_TYPE_REF_OBJECT's type to be useful (pointer to the
class type it is called on), but in the middle-end conversions between
pointer types are useless, so the actual type can be some random
unrelated pointer type (in the testcase void * pointer). The pretty
printing code then ICEs on it.
The following patch fixes that by sticking the original
OBJ_TYPE_REF_OBJECT's also as type of OBJ_TYPE_REF_TOKEN operand.
That one must be an INTEGER_CST, all the current uses of
OBJ_TYPE_REF_TOKEN just use tree_to_uhwi or tree_to_shwi on it,
and because it is constant, there is no risk of the middle-end propagating
into it some other pointer type. So, approach similar to how MEM_REF
treats its second operand or a couple of internal functions (e.g.
IFN_VA_ARG) some of its parameters.
Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
2021-12-30 Jakub Jelinek <jakub@redhat.com>
PR c++/101597
gcc/cp/
* class.c (build_vfn_ref): Build OBJ_TYPE_REF with INTEGER_CST
OBJ_TYPE_REF_TOKEN with type equal to OBJ_TYPE_REF_OBJECT type.
* error.c (resolve_virtual_fun_from_obj_type_ref): Use type of
OBJ_TYPE_REF_TOKEN rather than type of OBJ_TYPE_REF_OBJECT as
obj_type.
gcc/objc/
* objc-act.c (objc_rewrite_function_call): Build OBJ_TYPE_REF
with INTEGER_CST OBJ_TYPE_REF_TOKEN with type equal to
OBJ_TYPE_REF_OBJECT type.
* objc-next-runtime-abi-01.c (build_objc_method_call): Likewise.
* objc-gnu-runtime-abi-01.c (build_objc_method_call): Likewise.
* objc-next-runtime-abi-02.c (build_v2_objc_method_fixup_call,
build_v2_build_objc_method_call): Likewise.
gcc/testsuite/
* g++.dg/opt/pr101597.C: New test.
Jakub
Comments
On 12/31/21 04:13, Jakub Jelinek wrote:
> Hi!
>
> The following testcase ICEs, because middle-end uses the C++ FE pretty
> printing code through langhooks in the diagnostics.
> The FE expects OBJ_TYPE_REF_OBJECT's type to be useful (pointer to the
> class type it is called on), but in the middle-end conversions between
> pointer types are useless, so the actual type can be some random
> unrelated pointer type (in the testcase void * pointer). The pretty
> printing code then ICEs on it.
>
> The following patch fixes that by sticking the original
> OBJ_TYPE_REF_OBJECT's also as type of OBJ_TYPE_REF_TOKEN operand.
> That one must be an INTEGER_CST, all the current uses of
> OBJ_TYPE_REF_TOKEN just use tree_to_uhwi or tree_to_shwi on it,
> and because it is constant, there is no risk of the middle-end propagating
> into it some other pointer type. So, approach similar to how MEM_REF
> treats its second operand or a couple of internal functions (e.g.
> IFN_VA_ARG) some of its parameters.
>
> Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
This new expectation needs to be documented in tree.def. OK with that
change.
> 2021-12-30 Jakub Jelinek <jakub@redhat.com>
>
> PR c++/101597
> gcc/cp/
> * class.c (build_vfn_ref): Build OBJ_TYPE_REF with INTEGER_CST
> OBJ_TYPE_REF_TOKEN with type equal to OBJ_TYPE_REF_OBJECT type.
> * error.c (resolve_virtual_fun_from_obj_type_ref): Use type of
> OBJ_TYPE_REF_TOKEN rather than type of OBJ_TYPE_REF_OBJECT as
> obj_type.
> gcc/objc/
> * objc-act.c (objc_rewrite_function_call): Build OBJ_TYPE_REF
> with INTEGER_CST OBJ_TYPE_REF_TOKEN with type equal to
> OBJ_TYPE_REF_OBJECT type.
> * objc-next-runtime-abi-01.c (build_objc_method_call): Likewise.
> * objc-gnu-runtime-abi-01.c (build_objc_method_call): Likewise.
> * objc-next-runtime-abi-02.c (build_v2_objc_method_fixup_call,
> build_v2_build_objc_method_call): Likewise.
> gcc/testsuite/
> * g++.dg/opt/pr101597.C: New test.
>
> --- gcc/cp/class.c.jj 2021-12-30 15:12:42.706157630 +0100
> +++ gcc/cp/class.c 2021-12-30 17:16:23.567589120 +0100
> @@ -778,7 +778,8 @@ build_vfn_ref (tree instance_ptr, tree i
> cp_build_addr_expr (aref, tf_warning_or_error));
>
> /* Remember this as a method reference, for later devirtualization. */
> - aref = build3 (OBJ_TYPE_REF, TREE_TYPE (aref), aref, instance_ptr, idx);
> + aref = build3 (OBJ_TYPE_REF, TREE_TYPE (aref), aref, instance_ptr,
> + fold_convert (TREE_TYPE (instance_ptr), idx));
>
> return aref;
> }
> --- gcc/cp/error.c.jj 2021-12-30 15:12:42.714157519 +0100
> +++ gcc/cp/error.c 2021-12-30 17:16:23.568589106 +0100
> @@ -2149,7 +2149,7 @@ dump_expr_init_vec (cxx_pretty_printer *
> static tree
> resolve_virtual_fun_from_obj_type_ref (tree ref)
> {
> - tree obj_type = TREE_TYPE (OBJ_TYPE_REF_OBJECT (ref));
> + tree obj_type = TREE_TYPE (OBJ_TYPE_REF_TOKEN (ref));
> HOST_WIDE_INT index = tree_to_uhwi (OBJ_TYPE_REF_TOKEN (ref));
> tree fun = BINFO_VIRTUALS (TYPE_BINFO (TREE_TYPE (obj_type)));
> while (index)
> --- gcc/objc/objc-act.c.jj 2021-12-30 15:12:43.159151319 +0100
> +++ gcc/objc/objc-act.c 2021-12-30 17:16:23.569589092 +0100
> @@ -9644,11 +9644,9 @@ objc_rewrite_function_call (tree functio
> && TREE_CODE (TREE_OPERAND (function, 0)) == ADDR_EXPR
> && TREE_CODE (TREE_OPERAND (TREE_OPERAND (function, 0), 0))
> == FUNCTION_DECL)
> - {
> - function = build3 (OBJ_TYPE_REF, TREE_TYPE (function),
> - TREE_OPERAND (function, 0),
> - first_param, size_zero_node);
> - }
> + function = build3 (OBJ_TYPE_REF, TREE_TYPE (function),
> + TREE_OPERAND (function, 0), first_param,
> + build_int_cst (TREE_TYPE (first_param), 0));
>
> return function;
> }
> --- gcc/objc/objc-next-runtime-abi-01.c.jj 2021-12-30 15:12:43.159151319 +0100
> +++ gcc/objc/objc-next-runtime-abi-01.c 2021-12-30 17:16:23.569589092 +0100
> @@ -883,7 +883,7 @@ build_objc_method_call (location_t loc,
>
> /* Build an obj_type_ref, with the correct cast for the method call. */
> t = build3 (OBJ_TYPE_REF, sender_cast, method,
> - lookup_object, size_zero_node);
> + lookup_object, build_int_cst (TREE_TYPE (lookup_object), 0));
> t = build_function_call_vec (loc, vNULL, t, parms, NULL);
> vec_free (parms);
> return t;
> --- gcc/objc/objc-gnu-runtime-abi-01.c.jj 2021-12-30 14:16:42.837908238 +0100
> +++ gcc/objc/objc-gnu-runtime-abi-01.c 2021-12-30 17:16:23.569589092 +0100
> @@ -725,7 +725,8 @@ build_objc_method_call (location_t loc,
> parms->quick_push (TREE_VALUE (method_params));
>
> /* Build an obj_type_ref, with the correct cast for the method call. */
> - t = build3 (OBJ_TYPE_REF, sender_cast, method, lookup_object, size_zero_node);
> + t = build3 (OBJ_TYPE_REF, sender_cast, method, lookup_object,
> + build_int_cst (TREE_TYPE (lookup_object), 0));
> t = build_function_call_vec (loc, vNULL, t, parms, NULL);
> vec_free (parms);
> return t;
> --- gcc/objc/objc-next-runtime-abi-02.c.jj 2021-12-30 15:12:43.159151319 +0100
> +++ gcc/objc/objc-next-runtime-abi-02.c 2021-12-30 17:16:23.570589078 +0100
> @@ -1663,7 +1663,8 @@ build_v2_objc_method_fixup_call (int sup
> method_params = tree_cons (NULL_TREE, lookup_object,
> tree_cons (NULL_TREE, selector,
> method_params));
> - t = build3 (OBJ_TYPE_REF, sender_cast, sender, lookup_object, size_zero_node);
> + t = build3 (OBJ_TYPE_REF, sender_cast, sender, lookup_object,
> + build_int_cst (TREE_TYPE (lookup_object), 0));
> ret_val = build_function_call (input_location, t, method_params);
> if (check_for_nil)
> {
> @@ -1772,7 +1773,7 @@ build_v2_build_objc_method_call (int sup
>
> /* Build an obj_type_ref, with the correct cast for the method call. */
> t = build3 (OBJ_TYPE_REF, sender_cast, method,
> - lookup_object, size_zero_node);
> + lookup_object, build_int_cst (TREE_TYPE (lookup_object), 0));
> tree ret_val = build_function_call_vec (loc, vNULL, t, parms, NULL);
> vec_free (parms);
> if (check_for_nil)
> --- gcc/testsuite/g++.dg/opt/pr101597.C.jj 2021-12-30 17:10:59.606117614 +0100
> +++ gcc/testsuite/g++.dg/opt/pr101597.C 2021-12-30 17:10:33.856477558 +0100
> @@ -0,0 +1,13 @@
> +// PR c++/101597
> +// { dg-do compile }
> +// { dg-options "-O2 -Warray-bounds" }
> +
> +typedef __SIZE_TYPE__ size_t;
> +struct S { virtual void *foo (size_t) __attribute__((alloc_size (2))); };
> +
> +int
> +foo (void *p)
> +{
> + char *q = static_cast<char *> (static_cast<S *> (p)->foo (32));
> + return q[64]; // { dg-warning "array subscript 64 is outside array bounds of" }
> +}
>
> Jakub
>
@@ -778,7 +778,8 @@ build_vfn_ref (tree instance_ptr, tree i
cp_build_addr_expr (aref, tf_warning_or_error));
/* Remember this as a method reference, for later devirtualization. */
- aref = build3 (OBJ_TYPE_REF, TREE_TYPE (aref), aref, instance_ptr, idx);
+ aref = build3 (OBJ_TYPE_REF, TREE_TYPE (aref), aref, instance_ptr,
+ fold_convert (TREE_TYPE (instance_ptr), idx));
return aref;
}
@@ -2149,7 +2149,7 @@ dump_expr_init_vec (cxx_pretty_printer *
static tree
resolve_virtual_fun_from_obj_type_ref (tree ref)
{
- tree obj_type = TREE_TYPE (OBJ_TYPE_REF_OBJECT (ref));
+ tree obj_type = TREE_TYPE (OBJ_TYPE_REF_TOKEN (ref));
HOST_WIDE_INT index = tree_to_uhwi (OBJ_TYPE_REF_TOKEN (ref));
tree fun = BINFO_VIRTUALS (TYPE_BINFO (TREE_TYPE (obj_type)));
while (index)
@@ -9644,11 +9644,9 @@ objc_rewrite_function_call (tree functio
&& TREE_CODE (TREE_OPERAND (function, 0)) == ADDR_EXPR
&& TREE_CODE (TREE_OPERAND (TREE_OPERAND (function, 0), 0))
== FUNCTION_DECL)
- {
- function = build3 (OBJ_TYPE_REF, TREE_TYPE (function),
- TREE_OPERAND (function, 0),
- first_param, size_zero_node);
- }
+ function = build3 (OBJ_TYPE_REF, TREE_TYPE (function),
+ TREE_OPERAND (function, 0), first_param,
+ build_int_cst (TREE_TYPE (first_param), 0));
return function;
}
@@ -883,7 +883,7 @@ build_objc_method_call (location_t loc,
/* Build an obj_type_ref, with the correct cast for the method call. */
t = build3 (OBJ_TYPE_REF, sender_cast, method,
- lookup_object, size_zero_node);
+ lookup_object, build_int_cst (TREE_TYPE (lookup_object), 0));
t = build_function_call_vec (loc, vNULL, t, parms, NULL);
vec_free (parms);
return t;
@@ -725,7 +725,8 @@ build_objc_method_call (location_t loc,
parms->quick_push (TREE_VALUE (method_params));
/* Build an obj_type_ref, with the correct cast for the method call. */
- t = build3 (OBJ_TYPE_REF, sender_cast, method, lookup_object, size_zero_node);
+ t = build3 (OBJ_TYPE_REF, sender_cast, method, lookup_object,
+ build_int_cst (TREE_TYPE (lookup_object), 0));
t = build_function_call_vec (loc, vNULL, t, parms, NULL);
vec_free (parms);
return t;
@@ -1663,7 +1663,8 @@ build_v2_objc_method_fixup_call (int sup
method_params = tree_cons (NULL_TREE, lookup_object,
tree_cons (NULL_TREE, selector,
method_params));
- t = build3 (OBJ_TYPE_REF, sender_cast, sender, lookup_object, size_zero_node);
+ t = build3 (OBJ_TYPE_REF, sender_cast, sender, lookup_object,
+ build_int_cst (TREE_TYPE (lookup_object), 0));
ret_val = build_function_call (input_location, t, method_params);
if (check_for_nil)
{
@@ -1772,7 +1773,7 @@ build_v2_build_objc_method_call (int sup
/* Build an obj_type_ref, with the correct cast for the method call. */
t = build3 (OBJ_TYPE_REF, sender_cast, method,
- lookup_object, size_zero_node);
+ lookup_object, build_int_cst (TREE_TYPE (lookup_object), 0));
tree ret_val = build_function_call_vec (loc, vNULL, t, parms, NULL);
vec_free (parms);
if (check_for_nil)
@@ -0,0 +1,13 @@
+// PR c++/101597
+// { dg-do compile }
+// { dg-options "-O2 -Warray-bounds" }
+
+typedef __SIZE_TYPE__ size_t;
+struct S { virtual void *foo (size_t) __attribute__((alloc_size (2))); };
+
+int
+foo (void *p)
+{
+ char *q = static_cast<char *> (static_cast<S *> (p)->foo (32));
+ return q[64]; // { dg-warning "array subscript 64 is outside array bounds of" }
+}