diff mbox series

tree-optimization/104475 - improve access diagnostics

Message ID 20221206095020.A865B13326@imap1.suse-dmz.suse.de
State Committed
Commit 926f5059bb8d295e2b68cea7c9af53606946eb1a
Headers
Series tree-optimization/104475 - improve access diagnostics |

Commit Message

Richard Biener Dec. 6, 2022, 9:50 a.m. UTC 
  When we end up isolating a nullptr path it happens we diagnose
accesses to offsetted nullptr objects.  The current diagnostics
have no good indication that this happens so the following records
the fact that our heuristic detected a nullptr based access in
the access_ref structure and sets up diagnostics to inform
of that detail.  The diagnostic itself could probably be
improved here but its API is twisted and the necessary object
isn't passed around.

Instead of just

...bits/atomic_base.h:655:34: warning: 'unsigned int __atomic_fetch_and_4(volatile void*, unsigned int, int)' writing 4 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]

we now add

In member function 'void QFutureInterfaceBase::setThrottled(bool)':
cc1plus: note: destination object is likely at address zero

Bootstrapped on x86_64-unknown-linux-gnu, testing in progress.

I think it's an improvement - do you agree that it's enough of it?

Thanks,
Richard.

	PR tree-optimization/104475
	* pointer-query.h (access_ref::ref_nullptr_p): New flag.
	* pointer-query.cc (access_ref::access_ref): Initialize
	ref_nullptr_p.
	(compute_objsize_r): Set ref_nullptr_p if we treat it that way.
	(access_ref::inform_access): If ref was treated as nullptr
	based, indicate that.
---
 gcc/pointer-query.cc | 20 ++++++++++++++++----
 gcc/pointer-query.h  |  5 ++++-
 2 files changed, 20 insertions(+), 5 deletions(-)

Comments

Jakub Jelinek Dec. 6, 2022, 10:06 a.m. UTC | #1 
On Tue, Dec 06, 2022 at 10:50:20AM +0100, Richard Biener wrote:
> When we end up isolating a nullptr path it happens we diagnose
> accesses to offsetted nullptr objects.  The current diagnostics
> have no good indication that this happens so the following records
> the fact that our heuristic detected a nullptr based access in
> the access_ref structure and sets up diagnostics to inform
> of that detail.  The diagnostic itself could probably be
> improved here but its API is twisted and the necessary object
> isn't passed around.
> 
> Instead of just
> 
> ...bits/atomic_base.h:655:34: warning: 'unsigned int __atomic_fetch_and_4(volatile void*, unsigned int, int)' writing 4 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
> 
> we now add
> 
> In member function 'void QFutureInterfaceBase::setThrottled(bool)':
> cc1plus: note: destination object is likely at address zero
> 
> Bootstrapped on x86_64-unknown-linux-gnu, testing in progress.
> 
> I think it's an improvement - do you agree that it's enough of it?
> 
> Thanks,
> Richard.
> 
> 	PR tree-optimization/104475
> 	* pointer-query.h (access_ref::ref_nullptr_p): New flag.
> 	* pointer-query.cc (access_ref::access_ref): Initialize
> 	ref_nullptr_p.
> 	(compute_objsize_r): Set ref_nullptr_p if we treat it that way.
> 	(access_ref::inform_access): If ref was treated as nullptr
> 	based, indicate that.

LGTM.

	Jakub
diff mbox series

Patch

diff --git a/gcc/pointer-query.cc b/gcc/pointer-query.cc
index 95565fd6005..ea6ca684d93 100644
--- a/gcc/pointer-query.cc
+++ b/gcc/pointer-query.cc
@@ -600,8 +600,8 @@  gimple_parm_array_size (tree ptr, wide_int rng[2],
 /* Initialize the object.  */
 
 access_ref::access_ref ()
-  : ref (), eval ([](tree x){ return x; }), deref (), trail1special (true),
-    base0 (true), parmarray ()
+  : ref (), eval ([](tree x){ return x; }), deref (), ref_nullptr_p (false),
+    trail1special (true), base0 (true), parmarray ()
 {
   /* Set to valid.  */
   offrng[0] = offrng[1] = 0;
@@ -1193,7 +1193,16 @@  access_ref::inform_access (access_mode mode, int ostype /* = 1 */) const
     loc = EXPR_LOCATION (ref);
   else if (TREE_CODE (ref) != IDENTIFIER_NODE
 	   && TREE_CODE (ref) != SSA_NAME)
-    return;
+    {
+      if (TREE_CODE (ref) == INTEGER_CST && ref_nullptr_p)
+	{
+	  if (mode == access_read_write || mode == access_write_only)
+	    inform (loc, "destination object is likely at address zero");
+	  else
+	    inform (loc, "source object is likely at address zero");
+	}
+      return;
+    }
 
   if (mode == access_read_write || mode == access_write_only)
     {
@@ -2280,7 +2289,10 @@  compute_objsize_r (tree ptr, gimple *stmt, bool addr, int ostype,
 	  if (targetm.addr_space.zero_address_valid (as))
 	    pref->set_max_size_range ();
 	  else
-	    pref->sizrng[0] = pref->sizrng[1] = 0;
+	    {
+	      pref->sizrng[0] = pref->sizrng[1] = 0;
+	      pref->ref_nullptr_p = true;
+	    }
 	}
       else
 	pref->sizrng[0] = pref->sizrng[1] = 0;
diff --git a/gcc/pointer-query.h b/gcc/pointer-query.h
index 801a240c38d..19a6f15aab2 100644
--- a/gcc/pointer-query.h
+++ b/gcc/pointer-query.h
@@ -88,7 +88,7 @@  struct access_ref
      argument to the minimum.  */
   offset_int size_remaining (offset_int * = nullptr) const;
 
-/* Return true if the offset and object size are in range for SIZE.  */
+  /* Return true if the offset and object size are in range for SIZE.  */
   bool offset_in_range (const offset_int &) const;
 
   /* Return true if *THIS is an access to a declared object.  */
@@ -141,6 +141,9 @@  struct access_ref
   /* Positive when REF is dereferenced, negative when its address is
      taken.  */
   int deref;
+  /* The following indicates if heuristics interpreted 'ref' is interpreted
+     as (offsetted) nullptr.  */
+  bool ref_nullptr_p;
   /* Set if trailing one-element arrays should be treated as flexible
      array members.  */
   bool trail1special;