tree-optimization/104475 - improve access diagnostics
Commit Message
When we end up isolating a nullptr path it happens we diagnose
accesses to offsetted nullptr objects. The current diagnostics
have no good indication that this happens so the following records
the fact that our heuristic detected a nullptr based access in
the access_ref structure and sets up diagnostics to inform
of that detail. The diagnostic itself could probably be
improved here but its API is twisted and the necessary object
isn't passed around.
Instead of just
...bits/atomic_base.h:655:34: warning: 'unsigned int __atomic_fetch_and_4(volatile void*, unsigned int, int)' writing 4 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
we now add
In member function 'void QFutureInterfaceBase::setThrottled(bool)':
cc1plus: note: destination object is likely at address zero
Bootstrapped on x86_64-unknown-linux-gnu, testing in progress.
I think it's an improvement - do you agree that it's enough of it?
Thanks,
Richard.
PR tree-optimization/104475
* pointer-query.h (access_ref::ref_nullptr_p): New flag.
* pointer-query.cc (access_ref::access_ref): Initialize
ref_nullptr_p.
(compute_objsize_r): Set ref_nullptr_p if we treat it that way.
(access_ref::inform_access): If ref was treated as nullptr
based, indicate that.
---
gcc/pointer-query.cc | 20 ++++++++++++++++----
gcc/pointer-query.h | 5 ++++-
2 files changed, 20 insertions(+), 5 deletions(-)
Comments
On Tue, Dec 06, 2022 at 10:50:20AM +0100, Richard Biener wrote:
> When we end up isolating a nullptr path it happens we diagnose
> accesses to offsetted nullptr objects. The current diagnostics
> have no good indication that this happens so the following records
> the fact that our heuristic detected a nullptr based access in
> the access_ref structure and sets up diagnostics to inform
> of that detail. The diagnostic itself could probably be
> improved here but its API is twisted and the necessary object
> isn't passed around.
>
> Instead of just
>
> ...bits/atomic_base.h:655:34: warning: 'unsigned int __atomic_fetch_and_4(volatile void*, unsigned int, int)' writing 4 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
>
> we now add
>
> In member function 'void QFutureInterfaceBase::setThrottled(bool)':
> cc1plus: note: destination object is likely at address zero
>
> Bootstrapped on x86_64-unknown-linux-gnu, testing in progress.
>
> I think it's an improvement - do you agree that it's enough of it?
>
> Thanks,
> Richard.
>
> PR tree-optimization/104475
> * pointer-query.h (access_ref::ref_nullptr_p): New flag.
> * pointer-query.cc (access_ref::access_ref): Initialize
> ref_nullptr_p.
> (compute_objsize_r): Set ref_nullptr_p if we treat it that way.
> (access_ref::inform_access): If ref was treated as nullptr
> based, indicate that.
LGTM.
Jakub
@@ -600,8 +600,8 @@ gimple_parm_array_size (tree ptr, wide_int rng[2],
/* Initialize the object. */
access_ref::access_ref ()
- : ref (), eval ([](tree x){ return x; }), deref (), trail1special (true),
- base0 (true), parmarray ()
+ : ref (), eval ([](tree x){ return x; }), deref (), ref_nullptr_p (false),
+ trail1special (true), base0 (true), parmarray ()
{
/* Set to valid. */
offrng[0] = offrng[1] = 0;
@@ -1193,7 +1193,16 @@ access_ref::inform_access (access_mode mode, int ostype /* = 1 */) const
loc = EXPR_LOCATION (ref);
else if (TREE_CODE (ref) != IDENTIFIER_NODE
&& TREE_CODE (ref) != SSA_NAME)
- return;
+ {
+ if (TREE_CODE (ref) == INTEGER_CST && ref_nullptr_p)
+ {
+ if (mode == access_read_write || mode == access_write_only)
+ inform (loc, "destination object is likely at address zero");
+ else
+ inform (loc, "source object is likely at address zero");
+ }
+ return;
+ }
if (mode == access_read_write || mode == access_write_only)
{
@@ -2280,7 +2289,10 @@ compute_objsize_r (tree ptr, gimple *stmt, bool addr, int ostype,
if (targetm.addr_space.zero_address_valid (as))
pref->set_max_size_range ();
else
- pref->sizrng[0] = pref->sizrng[1] = 0;
+ {
+ pref->sizrng[0] = pref->sizrng[1] = 0;
+ pref->ref_nullptr_p = true;
+ }
}
else
pref->sizrng[0] = pref->sizrng[1] = 0;
@@ -88,7 +88,7 @@ struct access_ref
argument to the minimum. */
offset_int size_remaining (offset_int * = nullptr) const;
-/* Return true if the offset and object size are in range for SIZE. */
+ /* Return true if the offset and object size are in range for SIZE. */
bool offset_in_range (const offset_int &) const;
/* Return true if *THIS is an access to a declared object. */
@@ -141,6 +141,9 @@ struct access_ref
/* Positive when REF is dereferenced, negative when its address is
taken. */
int deref;
+ /* The following indicates if heuristics interpreted 'ref' is interpreted
+ as (offsetted) nullptr. */
+ bool ref_nullptr_p;
/* Set if trailing one-element arrays should be treated as flexible
array members. */
bool trail1special;