tree-optimization/93381 fix integer offsetting in points-to analysis
authorRichard Biener <rguenther@suse.de>
Wed, 22 Jan 2020 11:38:12 +0000 (12:38 +0100)
committerRichard Biener <rguenther@suse.de>
Wed, 22 Jan 2020 11:38:12 +0000 (12:38 +0100)
We were incorrectly assuming a merge operation is conservative enough
for not explicitely handled operations but we also need to consider
offsetting within fields when field-sensitive analysis applies.

2020-01-22  Richard Biener  <rguenther@suse.de>

PR tree-optimization/93381
* tree-ssa-structalias.c (find_func_aliases): Assume offsetting
throughout, handle all conversions the same.

* gcc.dg/torture/pr93381.c: New testcase.

gcc/ChangeLog
gcc/testsuite/ChangeLog
gcc/testsuite/gcc.dg/torture/pr93381.c [new file with mode: 0644]
gcc/tree-ssa-structalias.c

index e2111a00ce4c40849d62082ca9cb35360fc5c448..2f229b92d7ae695afe01e6576b3affa21fe2e8fe 100644 (file)
@@ -1,3 +1,9 @@
+2020-01-22  Richard Biener  <rguenther@suse.de>
+
+       PR tree-optimization/93381
+       * tree-ssa-structalias.c (find_func_aliases): Assume offsetting
+       throughout, handle all conversions the same.
+
 2020-01-22  Jakub Jelinek  <jakub@redhat.com>
 
        PR target/93335
index a2d70f5829aa6e29015acb8721a6f6e600245b85..a1828a14f10f4390f57afdb02501fb419d182b58 100644 (file)
@@ -1,3 +1,8 @@
+2020-01-22  Richard Biener  <rguenther@suse.de>
+
+       PR tree-optimization/93381
+       * gcc.dg/torture/pr93381.c: New testcase.
+
 2020-01-22  Jakub Jelinek  <jakub@redhat.com>
 
        PR target/93335
diff --git a/gcc/testsuite/gcc.dg/torture/pr93381.c b/gcc/testsuite/gcc.dg/torture/pr93381.c
new file mode 100644 (file)
index 0000000..cec4b5d
--- /dev/null
@@ -0,0 +1,25 @@
+/* { dg-do run } */
+
+static struct S { int *p1; int *p2; } s;
+typedef __UINTPTR_TYPE__ uintptr_t;
+int foo()
+{
+  int i = 1, j = 2;
+  struct S s;
+  int **p;
+  s.p1 = &i;
+  s.p2 = &j;
+  p = &s.p1;
+  uintptr_t pi = (uintptr_t)p;
+  pi = pi + sizeof (int *);
+  p = (int **)pi;
+  **p = 3;
+  return j;
+}
+
+int main()
+{
+  if (foo () != 3)
+    __builtin_abort ();
+  return 0;
+}
index f189f7562611ffced109702cb182968f303f3876..416a26c996cc2300115047aec56fd0bda1e13375 100644 (file)
@@ -5008,11 +5008,12 @@ find_func_aliases (struct function *fn, gimple *origt)
                   || code == FLOOR_MOD_EXPR
                   || code == ROUND_MOD_EXPR)
            /* Division and modulo transfer the pointer from the LHS.  */
-           get_constraint_for_rhs (gimple_assign_rhs1 (t), &rhsc);
-         else if ((CONVERT_EXPR_CODE_P (code)
-                   && !(POINTER_TYPE_P (gimple_expr_type (t))
-                        && !POINTER_TYPE_P (TREE_TYPE (rhsop))))
+           get_constraint_for_ptr_offset (gimple_assign_rhs1 (t),
+                                          NULL_TREE, &rhsc);
+         else if (CONVERT_EXPR_CODE_P (code)
                   || gimple_assign_single_p (t))
+           /* See through conversions, single RHS are handled by
+              get_constraint_for_rhs.  */
            get_constraint_for_rhs (rhsop, &rhsc);
          else if (code == COND_EXPR)
            {
@@ -5031,14 +5032,16 @@ find_func_aliases (struct function *fn, gimple *origt)
            ;
          else
            {
-             /* All other operations are merges.  */
+             /* All other operations are possibly offsetting merges.  */
              auto_vec<ce_s, 4> tmp;
              struct constraint_expr *rhsp;
              unsigned i, j;
-             get_constraint_for_rhs (gimple_assign_rhs1 (t), &rhsc);
+             get_constraint_for_ptr_offset (gimple_assign_rhs1 (t),
+                                            NULL_TREE, &rhsc);
              for (i = 2; i < gimple_num_ops (t); ++i)
                {
-                 get_constraint_for_rhs (gimple_op (t, i), &tmp);
+                 get_constraint_for_ptr_offset (gimple_op (t, i),
+                                                NULL_TREE, &tmp);
                  FOR_EACH_VEC_ELT (tmp, j, rhsp)
                    rhsc.safe_push (*rhsp);
                  tmp.truncate (0);