From patchwork Tue Dec  6 09:50:20 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Biener <rguenther@suse.de>
X-Patchwork-Id: 61494
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 9CD9F3949F28
	for <patchwork@sourceware.org>; Tue,  6 Dec 2022 09:50:49 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9CD9F3949F28
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1670320249;
	bh=EHTKKeqVNO3Oj8t3uCy1UyYfFtow1vYm8hl9oSCQZQU=;
	h=Date:To:cc:Subject:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From:Reply-To:From;
	b=wQlMhnNZCsMdPCYlTQzqKPi9Rw/lkKl3UzwL7lb4FpuEcA4JnyIGvF4ZVwwpovwAj
	 5CThxJLee4osGe31eOGqsP67M0YsSeHNOU9LVtSzUigO3Qr/H+6fiFj4Rno1nuboMd
	 8zLM0+3lMpTh4mQRwydr+mBbAoDXfuFNBHO8xaZg=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from smtp-out1.suse.de (smtp-out1.suse.de
 [IPv6:2001:67c:2178:6::1c])
 by sourceware.org (Postfix) with ESMTPS id 9AFC13954C78
 for <gcc-patches@gcc.gnu.org>; Tue,  6 Dec 2022 09:50:21 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9AFC13954C78
Received: from imap1.suse-dmz.suse.de (imap1.suse-dmz.suse.de
 [192.168.254.73])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
 (No client certificate requested)
 by smtp-out1.suse.de (Postfix) with ESMTPS id BEEAE21C2D;
 Tue,  6 Dec 2022 09:50:20 +0000 (UTC)
Received: from imap1.suse-dmz.suse.de (imap1.suse-dmz.suse.de
 [192.168.254.73])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
 (No client certificate requested)
 by imap1.suse-dmz.suse.de (Postfix) with ESMTPS id A865B13326;
 Tue,  6 Dec 2022 09:50:20 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
 by imap1.suse-dmz.suse.de with ESMTPSA id QlL0J1wQj2PHGQAAGKfGzw
 (envelope-from <rguenther@suse.de>); Tue, 06 Dec 2022 09:50:20 +0000
Date: Tue, 6 Dec 2022 10:50:20 +0100 (CET)
To: gcc-patches@gcc.gnu.org
cc: Jakub Jelinek <jakub@redhat.com>
Subject: [PATCH] tree-optimization/104475 - improve access diagnostics
MIME-Version: 1.0
Message-Id: <20221206095020.A865B13326@imap1.suse-dmz.suse.de>
X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE,
 SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: Richard Biener via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: Richard Biener <rguenther@suse.de>
Reply-To: Richard Biener <rguenther@suse.de>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

When we end up isolating a nullptr path it happens we diagnose
accesses to offsetted nullptr objects.  The current diagnostics
have no good indication that this happens so the following records
the fact that our heuristic detected a nullptr based access in
the access_ref structure and sets up diagnostics to inform
of that detail.  The diagnostic itself could probably be
improved here but its API is twisted and the necessary object
isn't passed around.

Instead of just

...bits/atomic_base.h:655:34: warning: 'unsigned int __atomic_fetch_and_4(volatile void*, unsigned int, int)' writing 4 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]

we now add

In member function 'void QFutureInterfaceBase::setThrottled(bool)':
cc1plus: note: destination object is likely at address zero

Bootstrapped on x86_64-unknown-linux-gnu, testing in progress.

I think it's an improvement - do you agree that it's enough of it?

Thanks,
Richard.

	PR tree-optimization/104475
	* pointer-query.h (access_ref::ref_nullptr_p): New flag.
	* pointer-query.cc (access_ref::access_ref): Initialize
	ref_nullptr_p.
	(compute_objsize_r): Set ref_nullptr_p if we treat it that way.
	(access_ref::inform_access): If ref was treated as nullptr
	based, indicate that.
---
 gcc/pointer-query.cc | 20 ++++++++++++++++----
 gcc/pointer-query.h  |  5 ++++-
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/gcc/pointer-query.cc b/gcc/pointer-query.cc
index 95565fd6005..ea6ca684d93 100644
--- a/gcc/pointer-query.cc
+++ b/gcc/pointer-query.cc
@@ -600,8 +600,8 @@ gimple_parm_array_size (tree ptr, wide_int rng[2],
 /* Initialize the object.  */
 
 access_ref::access_ref ()
-  : ref (), eval ([](tree x){ return x; }), deref (), trail1special (true),
-    base0 (true), parmarray ()
+  : ref (), eval ([](tree x){ return x; }), deref (), ref_nullptr_p (false),
+    trail1special (true), base0 (true), parmarray ()
 {
   /* Set to valid.  */
   offrng[0] = offrng[1] = 0;
@@ -1193,7 +1193,16 @@ access_ref::inform_access (access_mode mode, int ostype /* = 1 */) const
     loc = EXPR_LOCATION (ref);
   else if (TREE_CODE (ref) != IDENTIFIER_NODE
 	   && TREE_CODE (ref) != SSA_NAME)
-    return;
+    {
+      if (TREE_CODE (ref) == INTEGER_CST && ref_nullptr_p)
+	{
+	  if (mode == access_read_write || mode == access_write_only)
+	    inform (loc, "destination object is likely at address zero");
+	  else
+	    inform (loc, "source object is likely at address zero");
+	}
+      return;
+    }
 
   if (mode == access_read_write || mode == access_write_only)
     {
@@ -2280,7 +2289,10 @@ compute_objsize_r (tree ptr, gimple *stmt, bool addr, int ostype,
 	  if (targetm.addr_space.zero_address_valid (as))
 	    pref->set_max_size_range ();
 	  else
-	    pref->sizrng[0] = pref->sizrng[1] = 0;
+	    {
+	      pref->sizrng[0] = pref->sizrng[1] = 0;
+	      pref->ref_nullptr_p = true;
+	    }
 	}
       else
 	pref->sizrng[0] = pref->sizrng[1] = 0;
diff --git a/gcc/pointer-query.h b/gcc/pointer-query.h
index 801a240c38d..19a6f15aab2 100644
--- a/gcc/pointer-query.h
+++ b/gcc/pointer-query.h
@@ -88,7 +88,7 @@ struct access_ref
      argument to the minimum.  */
   offset_int size_remaining (offset_int * = nullptr) const;
 
-/* Return true if the offset and object size are in range for SIZE.  */
+  /* Return true if the offset and object size are in range for SIZE.  */
   bool offset_in_range (const offset_int &) const;
 
   /* Return true if *THIS is an access to a declared object.  */
@@ -141,6 +141,9 @@ struct access_ref
   /* Positive when REF is dereferenced, negative when its address is
      taken.  */
   int deref;
+  /* The following indicates if heuristics interpreted 'ref' is interpreted
+     as (offsetted) nullptr.  */
+  bool ref_nullptr_p;
   /* Set if trailing one-element arrays should be treated as flexible
      array members.  */
   bool trail1special;