From patchwork Mon Dec 18 16:42:52 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Siddhesh Poyarekar <siddhesh@gotplt.org>
X-Patchwork-Id: 82398
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id E5A1238582BA
	for <patchwork@sourceware.org>; Mon, 18 Dec 2023 16:43:14 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from weasel.tulip.relay.mailchannels.net
 (weasel.tulip.relay.mailchannels.net [23.83.218.247])
 by sourceware.org (Postfix) with ESMTPS id DBFFA38582AE
 for <gcc-patches@gcc.gnu.org>; Mon, 18 Dec 2023 16:42:57 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DBFFA38582AE
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=gotplt.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org DBFFA38582AE
Authentication-Results: server2.sourceware.org;
 arc=pass smtp.remote-ip=23.83.218.247
ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1702917779; cv=pass;
 b=DVCYEJMceAPDmOQ0ySeO3KynSMuY53sg1gFoSFOiJZXzj+1Be/4mDBTMHHrNnt0Bs8Hr/OfzGTDDQIT963mLsPO/plBJKoBrFLkN/oTUvar2LNKasoaY5cIYPQDXmER6fVrBq5M8aQqvaX7uy5uPhAkOtxL+Cs2kcc4WglQgYPU=
ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key;
 t=1702917779; c=relaxed/simple;
 bh=uIl7L4tOGyPSkKuf1JDwXjtqW1+3hoAxGtDf5+1MaQg=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=sxEFmQ1VvC885hXcvtoJHhfEa6h4UynHoOqEU2sBzwRK3IeWeR6mobeDhVhkogO3geClUec08qWn+XheIBBPHPLZqS+ls/lWk2g1LYfzxXkpY8qg9c4SBvb+3xbk2FVhBtbqX3Ek8KwPPKJcAjeHXvrWcAqdeJhkw72wB0cmvVQ=
ARC-Authentication-Results: i=2; server2.sourceware.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
 by relay.mailchannels.net (Postfix) with ESMTP id 09F124C32CE;
 Mon, 18 Dec 2023 16:42:57 +0000 (UTC)
Received: from pdx1-sub0-mail-a239.dreamhost.com (unknown [127.0.0.6])
 (Authenticated sender: dreamhost)
 by relay.mailchannels.net (Postfix) with ESMTPA id 8E0E64C336E;
 Mon, 18 Dec 2023 16:42:56 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1702917776; a=rsa-sha256;
 cv=none;
 b=CEaRrrrRlCcqgg738mmMAWihUJSbrsgJwhUTX8o0WQ2gi22Apf1PTxh6SmmEtMJFI9WFL6
 U2CuqjsSHOwBb2Sp366c2s9hdFRhSeL7/OjjNbNhsuyuEUsjOr9fWGs3LUCG6XB2khhc1Q
 1OBka1c1XVaWhGlSIAkfn8guF+jm1YFVbfAzLV6XztrHOQGGY7x/dKu78iOCFyKKqqfiY7
 vm/AYO0tTDWccsyIQ8K94E6QtiUscbhHbBb+1OAaCIsjoVUKQK+7YXV+MHDZdcaZLRsr73
 WZ1JN8quTDEd18yMT2t1yyFWV6Yc4qv6Js/CfbM2CLMce3iAQAVp+Juv7dqdGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net; s=arc-2022; t=1702917776;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:dkim-signature;
 bh=ioXMR3xyx4PD9MpdMp1mvTKWLEOuNMYT1Jr1THwWuow=;
 b=QO8p3Nt7eZvvBahehS43ltl8KYIXGBrzFCfvzSTSIFUceWu1B9Av+xb1JYnPd07OoELw4D
 rjTsSLCtNEAWC8SBIkYLZNU1WdeA+lvu5TD1cS6pPrpp+ksKz9nghYuJiJ1yOCeH9C4JDC
 8ohKet3bvt2eTnhwyRRGWPqjADX688xt+ef6Y1y/Ku4SM6T9bG8rdGkUq3MX7RcvyimSza
 Jj5rZOdCMK4pjTCpjfHmnjJuoAqYri9sD8jBnLzBxb7xoNZcMsWdpT2SKlGKCnPD5QfvfJ
 Fmq752TfltCG4yWIAgDx2y6X+mA6XudEgCWjSzilXQF1mwyXTOicPQExg65vDg==
ARC-Authentication-Results: i=1; rspamd-856c7f878f-24f59;
 auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Invention-Illegal: 16279fa6073c04a7_1702917776832_2618927665
X-MC-Loop-Signature: 1702917776832:3989353637
X-MC-Ingress-Time: 1702917776832
Received: from pdx1-sub0-mail-a239.dreamhost.com (pop.dreamhost.com
 [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
 by 100.127.58.193 (trex/6.9.2); Mon, 18 Dec 2023 16:42:56 +0000
Received: from fedora.redhat.com
 (bras-vprn-toroon4834w-lp130-02-142-113-138-136.dsl.bell.ca
 [142.113.138.136])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 (Authenticated sender: siddhesh@gotplt.org)
 by pdx1-sub0-mail-a239.dreamhost.com (Postfix) with ESMTPSA id 4Sv5Gm1Ds3zCf;
 Mon, 18 Dec 2023 08:42:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org;
 s=dreamhost; t=1702917776;
 bh=ioXMR3xyx4PD9MpdMp1mvTKWLEOuNMYT1Jr1THwWuow=;
 h=From:To:Cc:Subject:Date:Content-Transfer-Encoding;
 b=iYFzTmoCRA4tcLO+ZYqu8GkZnLRn6IO9pTTu8FZNdbjM1Kiblq69QVffo2tiRhEjf
 W8oSJ0Xj4iKl03zBLH5r509oWeYTBBU323ZnsRpV+D3sRO7zIVp+gsM+PUQ1vS6kEC
 rMPPvk4snRdJVOJ/TAE/Zzh7JIjzCRslHomFrN7wwZWQJ9safGFdvhHMgg4H60B86Y
 6lQ1uIxwqBoqWfU6mAu1bG1ZwE591jViylAPSXZoD+vxoos6MlUTRzcGUsGvBNYX7N
 JMSjLmv3zFI4oBBfRojMzzBuI+Ki2vNt7CwoonWM2YT664CMeGgds2IFWZ3MNrwVBp
 BaaQbnEyXQQZQ==
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: gcc-patches@gcc.gnu.org
Cc: jakub@redhat.com
Subject: [PATCH] tree-object-size: Always set computed bit for bdos [PR113012]
Date: Mon, 18 Dec 2023 11:42:52 -0500
Message-ID: <20231218164252.1963249-1-siddhesh@gotplt.org>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
X-Spam-Status: No, score=-3036.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE,
 RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org

It is always safe to set the computed bit for dynamic object sizes at
the end of collect_object_sizes_for because even in case of a dependency
loop encountered in nested calls, we have an SSA temporary to actually
finish the object size expression.  The reexamine pass for dynamic
object sizes is only for propagation of unknowns and gimplification of
the size expressions, not for loop resolution as in the case of static
object sizes.

gcc/ChangeLog:

	PR tree-optimization/113012
	* gcc.dg/ubsan/pr113012.c: New test case.

gcc/testsuite/ChangeLog:

	PR tree-optimization/113012
	* tree-object-size.cc (compute_builtin_object_size): Expand
	comment for dynamic object sizes.
	(collect_object_sizes_for): Always set COMPUTED bitmap for
	dynamic object sizes.

Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>
---
Testing:

- Bootstrapped x86_64 and config=ubsan
- Tested i686

OK for trunk and backport to gcc 13 branch?

 gcc/testsuite/gcc.dg/ubsan/pr113012.c | 17 +++++++++++++++++
 gcc/tree-object-size.cc               | 17 ++++++++++++-----
 2 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/ubsan/pr113012.c

diff --git a/gcc/testsuite/gcc.dg/ubsan/pr113012.c b/gcc/testsuite/gcc.dg/ubsan/pr113012.c
new file mode 100644
index 00000000000..4fc38cd1171
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/ubsan/pr113012.c
@@ -0,0 +1,17 @@
+/* { dg-do compile } */
+/* { dg-options "-fsanitize=undefined" } */
+
+int *
+foo (int x, int y, int z, int w)
+{
+  int *p = __builtin_malloc (z * sizeof (int));
+  int *q = p - 1;
+  while (--x > 0)
+    {
+      if (w + 1 > y)
+	q = p - 1;
+      ++*q;
+      ++q;
+    }
+  return p;
+}
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 28f27adf9ca..434b2fc0bf5 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -1185,10 +1185,12 @@ compute_builtin_object_size (tree ptr, int object_size_type,
 	  osi.tos = NULL;
 	}
 
-      /* First pass: walk UD chains, compute object sizes that
-	 can be computed.  osi.reexamine bitmap at the end will
-	 contain what variables were found in dependency cycles
-	 and therefore need to be reexamined.  */
+      /* First pass: walk UD chains, compute object sizes that can be computed.
+	 osi.reexamine bitmap at the end will contain what variables that need
+	 to be reexamined.  For both static and dynamic size computation,
+	 reexamination is for propagation across dependency loops. The dynamic
+	 case has the additional use case where the computed expression needs
+	 to be gimplified.  */
       osi.pass = 0;
       osi.changed = false;
       collect_object_sizes_for (&osi, ptr);
@@ -1823,11 +1825,16 @@ collect_object_sizes_for (struct object_size_info *osi, tree var)
       gcc_unreachable ();
     }
 
-  if (! reexamine || object_sizes_unknown_p (object_size_type, varno))
+  /* Dynamic sizes use placeholder temps to return an answer, so it is always
+   * safe to set COMPUTED for them.  */
+  if ((object_size_type & OST_DYNAMIC)
+      || !reexamine || object_sizes_unknown_p (object_size_type, varno))
     {
       bitmap_set_bit (computed[object_size_type], varno);
       if (!(object_size_type & OST_DYNAMIC))
 	bitmap_clear_bit (osi->reexamine, varno);
+      else if (reexamine)
+	bitmap_set_bit (osi->reexamine, varno);
     }
   else
     {